Chapter 16
Audit and Financial Control
Internal control:
The policies, processes, tasks, behaviours and other aspects of
an organisation that are taken together.
Why internal controls ?
Facilitating efficient operations implies improvement, and,
properly applied, internal control processes add value to an
organisation by considering outcomes against original plans and
then proposing ways in which they might be addressed.
Purpose of internal controls
 Efficient conduct of business:
 Safeguarding assets:
 Preventing and detecting fraud and other unlawful
acts:
 Completeness and accuracy of financial records:
 Timely preparation of financial statements:
Discussion :
What type of assurance any control system
provide to the system and why ?
i) Reasonable
ii) Conditional
iii) Limited assurance
iv) Complete assurance
Who are responsible for making,
Maintaining and placing internal control ?
i) BOD
ii) Internal auditor
iii) ED
iv)External auditor
The components of internal control
 the control environment: Overall attitude
 the entity’s risk assessment process:Identification of significant risks to the
organisation, and monitoring risk management policy and risk
management strategies
 the information system relevant to financial reporting
 control activities
 Monitoring of Controls
Control activites
 Authorisation
 Comparison
 Computer controls
 Arithmetical controls :Minor errors and
frauds that could have been
prevented if controls were placed in
right place.
 Maintaining a trial balance and
control accounts
 Accounting reconciliations
 Physical controls
 Segregation of duties
(Use the mnemonic ACCA MAPS)
S Segregation of duties
P Physical
A Authorisation and
approval
M Management(Top level
reviews, Activity controls)
S Supervision
O Organisation(Organisation
controls refer to the controls provided
by the organisation's structure)
A Arithmetic and
accounting
P Personnel
Alternative analysis of internal controls
Preventive controls
Detective controls
Corrective controls
Mandated VS Voluntary
Manual or automated
Computer controls:
 General controls(Mostly output related)








Physical controls
Hardware and software configuration
Logical access
Discretionary control
Non- Discretionary control
Disaster recovery
Output controls : Complete and secure
Technical support : Technology needs competence
Application controls
 completeness – has all necessary data been input?
 authorisation – is the person inputting the data authorised to do so?
 identification – can the person inputting the information be uniquely
identified?

validity – is the information being input by the user valid?
 forensic checks – is the information being input by the user mathematically
accurate?
From the list below separate general
controls and Application controls:
 Edit checks
 Regular back up
 Sequence Check
 Batch total check
 Existence Checks
 Arthmetic checks
 Software system change and acquisition
 Password system
Internal check
Internal check is a system through which the accounting
procedures of an organisation are so laid out that the
accounts procedures are not under the absolute and
independent control of any person. The work of one
employee is complementary of that of another, enabling a
continuous audit of the business to be made.
The essential elements of an internal check are:
i) checks are implemented on day-to-day transactions
ii) checks operate continuously as a part of the system
iii) the work of each person is complementary to the work
of another.
By allocating duties in this way, no one person has
exclusive control over any transaction.
Internal and external Auditing
Objectives of internal audit
 Review of accounting and internal control systems
 examination of financial and operating information
 review of the ‘three E’s (economy, efficiency and effectiveness)
 review of compliance with laws and regulations
 review of arrangements for the safeguarding of assets
 review of implementation of corporate goals and objectives
 identification of significant risks to the organisation, and monitoring risk
management policy and risk management strategies
 special investigations as required.
What determines the need of internal audit?
 the scale, diversity and complexity of the organisation’s activities
 the number of employees – the need for an internal audit function
increases as the number of employees increases, or if employee
interrelationships become more complex
 where the benefits of such a function will outweigh the costs of
implementation and operation
 when changes occur over time in the organisation’s structures, reporting
processes or underlying information systems
 the nature of risks, changes to risks and emerging risks
 problems and issues arising with internal control systems, both actual and
perceived
 the occurrence of an increasing number of unexplained or unacceptable
events.
Limitations of internal audit
 Independence
 Proper resource and staff
 Fear of Repercussions
These limitations can be reduced if an audit committee:
 sets the work agenda for internal audit
 receives internal audit reports
 is able to ensure the internal audit is properly resourced
 has a ‘voice’ at main board level.
Advantages of an external audit
 Disputes between management may be more easily settled
 Major changes in ownership may be facilitated
 Consumer Confidence
 In depth Examinations
Disadvantages of an external audit
 The audit fee!
 Management Time
Discussion:
1)Why internal control interests the external
auditor?
2)Why internal control interests the internal
auditor ?
Types of audit
 Operational audits may be concerned with the efficiency of the
organisation’s activities. They consider performance relative to predetermined criteria.
 Systems audits are used to test and evaluate controls .

Compliance test: Verify compliances

Substantive Test: Accuracy of figures
 A transactions or probity audit is concerned with detecting fraud and other
types of criminal or unlawful behaviour.