EVALUATION OF INTERNAL CONTROL

EVALUATION OF INTERNAL CONTROL

The evaluation of internal control within a system comes from:
a. System documentation: i.e. deciding how the system works, and describing this on paper.

b. Identification of potential errors: i.e. recognizing what can go wrong in this system.

Potential errors can arise whenever the is a chance that one of the following objectives might not be achieved or satisfy:

i. Existence or occurrence – i.e. proof that something exists or has happened.

ii. Completeness – which an account balances contains every item that it should.

iii. Valuation or measurement – that a proper system of valuation has been used.

iv. Ownership – proof of ownership of assets.

v. Disclosure – those items that are disclosed whenever disclosure is appropriate.

vi. Identification of controls- recognizing the controls within the system they are designed to detect or prevent errors in the system.
Having identified potential errors and the controls detect or prevent them, the auditor can assess whether the controls appear to be good enough to do their job sufficiently well.

When a control is evaluated, the auditor must assess the level of risk that the control is inadequate or might not be properly applied. Factors to consider:

a. The nature of the control itself.

b. The timing and frequency of the internal check.

c. Who performs the control taking into consideration the competence, experience and integrity of staff, and the degree of supervision;

d. What errors the control has succeeded in identifying and eliminating in the past.

e. Whether there have been changes in the system or in staff, bearing in mind that control procedures might weaken and become slack in the early period of a new system or just after a change of staff.

f. The attitude of management to control.