Assess the key elements of internal control systems and evaluate the extent to which auditors should rely on those systems. Use appropriate academic and professional journal references.
The key elements of the Internal Control system operate at various level of the organizations effectiveness (Aguolu 2009). These elements could be determine in order to understand, whether these specific internal control system is effective. These factors could be accessed through five components, such as control activities, monitoring, risk assessment, and information and Communication, which are even functioning (Aldridge and Colbert 1994). These effective internal control offers assurance regarding how to accomplish the set up objectives (Arena and Azzone 2009).
Control Environment- According to the administration of organization, for establishing the control environment the tine of the institution is required, as it creates influence over the people control consciousness (Aguolu 2009). Leaders from every department or activities should try to set up the local control environment (Arena and Azzone 2009). This is considered as the base for every element of the internal control that offers both structure and discipline (Aldridge and Colbert 1994). Factors of control environment cover up: Commitment towards competence, ethical values and integrity, leadership operating style and philosophy, and the way in which management assign the responsibility and authority and try to develop the individuals (Aguolu 2009).
Policies and procedures- An objective of financial reporting tries for preparation of the relevant financial statement, including the prevention of the fraudulent reporting of finance (Bota and Palfi 2009). Compliance objectives pertain towards the laws and regulations that set up required behavioral standards (Aldridge and Colbert 1994).
Risk Assessment- The process of risk exploring and analyzing is the ongoing process and is considered as the critical element in the effective internal control system (Candreva 2006). It’s important as it stress is placed on all levels of risk (Aldridge and Colbert 1994). Risk pertaining to the external and internal factors should be explored and needs to be evaluated (Arena and Azzone 2009). It’s noted that managing the risk needs a constant risk assessment and analysis of its impact on the internal controls (Chaveerug 2011). It’s noted that industry, economic, and regulatory changes in the environment also involve the activities of entities (Aldridge and Colbert 1994). Mechanism is also required for exploring and reacting towards the changing conditions (Aldridge and Colbert 1994).
Control Activities- Control activities are the procedures and policies that support in ensuring the directives of management (Aldridge and Colbert 1994). They even support in ensuring about the required actions that are actually taken for addressing the risk for achieving the objectives of entity (Chaveerug 2011). It’s noted that most of the control activities occur in all levels of organization (Aldridge and Colbert 1994). This includes the diverse range of activities for verifications, approvals, operating performance review, reconciliations, duties segregation and assets security (Chenhall 2003). Control activity includes two components like setting up policy for what can be done and the procedures that impact the policy (Arena and Azzone 2009). It’s important that policies should be implemented both consistently and conscientiously (Chenhall 2003).
Information and Communication- It’s noted that pertinent information need to be explored, communicated and captured within the time frame, which tries to enable the people to take on their responsibilities (Aldridge and Colbert 1994). Effective communication need to be occurred in broad way in all over the organization (Chenhall 2003). It’s also important that personnel should receive the message from the top level, which is responsible for internal control (Amudo and Inanga 2009). They need to understand the role of internal control system along with individual activities, which links with the work of other, and should follow the way of communication that is important in upstream of information (Chenhall 2003).
Monitoring- It’s important that internal control system should be monitored, in which a process could be followed that could assess the system performance quality over the period of time (Dittenhofer 2001). Ongoing monitoring usually occurs in the operations ordinary course and also covers up the supervisory activities and daily management along with other personnel actions that are taken for performing the duties, and for assessing the internal control system quality performance (Dittenhofer 2001). The frequency and scope of the different evaluation relies on the risk assessment and the effectiveness of the ongoing procedure of monitoring (Amudo and Inanga 2009). Deficiencies of internal control need to be reported upstream, in which serious matters should be reported immediately to the governing boards and top administration (Dittenhofer 2001). It’s noted that internal control system can change over the period of time. Once the procedure gets ineffective due to the coming of new personnel it gets vary in training and supervision, resources and time constraints, along with additional pressure (Amudo and Inanga 2009). Furthermore, the circumstances in which the internal control system was designed might get change (Church and Schneider 2008). Due to the changes in the conditions, management requires to determine the internal control system to become appropriate and also address all the risk factors (Church and Schneider 2008).
It’s noted that government agencies and ministries should try to enhance their internal control effectiveness, along with organization commitment and functions of internal audit, due to the improvement in the good governance, along with this internal control system can also offer the information to the organizational management related to the progress of the entity and its lack of progress in achieving the objectives (Church and Schneider 2008). Therefore, Arena and Azzone (2009) has tried to observe that through setting up the internal control system along with audit practices at the level of local government (Arena and Azzone 2009).
It is noted that without setting up the effective internal control system at the level of local government, the control and the detection of the local government misconduct wouldn’t be possible (Arena and Azzone 2009). It’s noted that internal control system is important element in the process of management within the public sector that could set up for offering the assurance of the operations for understanding its effectiveness (Arena and Azzone 2009). Effective internal control is important for the local government operations and for the auditors in order to deal with the procedures for giving assurance of operations as per the plan and for creating the influence of the internal audit (Arena and Azzone 2009). Organizations also offer core principles in order to represent the basic concepts of internal control framework. Through the arguments of Arena and Azzone (2009) it is noted that weakness of the organization mechanism is the failure in exploring the information technology as the key control element of the internal control system.
Different entities come across different risks from both the internal and external sources that could be assessed (Bota and Palfi 2009). The preconditions of assessing the risk could be set up through objectives and could be linked with various levels (Aldridge and Colbert 1994). Assessment of risk is the exploration and analysis of the appropriate risks for achieving the objectives. This is undertaken through forming the core to explore the risk and ways through which these risk need to be managed (Aldridge and Colbert 1994). As regulatory, economics and operating situations will most likely to get change; therefore, mechanism is required for exploring and dealing with the particular risks related to the change (Bota and Palfi 2009). It is important to set up the objectives before the administrators could explore and required steps should be taken for managing the risks (Arena and Azzone 2009). It’s noted that operations objectives could be related with the efficiency and effectiveness of the operations that includes the financial and performance goals along with resource safeguarding against the loss (Aldridge and Colbert 1994). Auditors make use of audit risk model in the organizations for managing the audit risks. In this auditors proceed through examining all the inherent as well as control risk that pertain within the audit engagement through gaining the entity understanding as well as its environment. They also make use of detection risk that helps in forming the residual risk and considering the inherent as well as control risk.
While evaluating the internal control, there is certain extent to which the auditors can rely over this system, and this could be determine through the nature and timing of the audit procedure. When the auditors depend on this system, their substantive procedure is usually less extensive, that could otherwise be needed and might get differ in terms of time and nature (Dittenhofer 2001). If the auditors find that the internal control system is working inadequately in certain areas, they might decide to apply towards more effective substantive procedures or they might change the timing of tests and the extent to which the audit is tested could be carried out through examination of all the unsatisfactory aspects of internal control system. For instance, if they explore about the ledger of debtors is not maintained in proper way and the debtors internal control system is weak; they might decide to depend over the direct confirmations through the debtors (Dittenhofer 2001). On the other side, if the auditors are satisfied with the system for preparing the invoice of sale, they might examine only few invoice samples.
Aguolu, O. 2009. Designing an effective internal audit group. Association of Accountancy Bodies in West Africa, 1(4), pp. 60-76
Aldridge, R. and Colbert, J. 1994. Management's report on internal control, and the Accountant's response. Managerial Auditing Journal, 9(7), pp. 21-28.
Amudo, A. and Inanga, E. L. 2009. Evaluation of internal control systems: A case study from Uganda. International Research Journal of Finance and Economics, 3, pp. 124 –144.
Arena, M. and Azzone, G. 2009. Identifying organizational drivers of internal audit effectiveness. International Journal of Auditing, 13, pp. 43–60.
Bota, C. and Palfi, C. 2009. Measuring and assessment of internal audit’s effectiveness. Economic Science Series, 18(3), pp. 784-790.
Candreva, P. J. 2006. Controlling internal controls. Public Administration Review, 66(3), pp. 463-465.
Chaveerug, A. 2011. The role of accounting information system knowledge on audit effectiveness of CPAS in Thailand. International journal of business strategy, 11, pp. 78 – 89.
Chenhall, R. H. 2003. Management control systems design within its organizational context: Findings from contingency-based research and directions for the future. Accounting Organizations and Society, 28, pp. 127–168.
Church, B. K. and Schneider, A. 2008.The effect of auditors’ internal control opinions on loan decisions. Journal of Accounting and Public Policy, 27, pp. 1–18.
Dittenhofer, M. 2001. Internal auditing effectiveness: An expansion of present methods. Managerial Auditing Journal, 16(8), pp. 443 – 450.