Evaluating Internal Controls
Checklist for Evaluating Internal Controls
ACC/544
April 29, 2013
Christine Errico
Checklist for Evaluating Internal Controls
Internal controls are methods a company implements to safeguard and protect the company in its day-to-day operations as well as its financial information. To ensure these controls are effective and performing properly a company must evaluate these controls. In performing this evaluation a company should use the three phases of the control evaluation. These phases consist of understanding the documenting of internal control, assessing the control risks, and performing tests of the controls and reassessing control risks. Phase One: Understanding and Documenting Internal Controls
This phase of the control evaluation allows one to grasp a general understanding of a company’s internal controls. A company’s internal controls consist of five control objectives, which are control environment, risk assessment, control activities, monitoring, and information and communications. The most effective way for one to gather information and evidence about these control objectives is to conduct an interview with the company’s managers “using a checklist type of internal control questionnaire” (Louwers, Ramsey, Sinason, & Strawser, 2007, p. 164). The checklist one uses should include questions about each control objective. This helps one to obtain evidence about the control environment along with the accounting and control procedures the company has in place (Louwers et al., 2007, p. 164). Answers to the internal control questionnaire are in the form of yes or no answers. Usually no answers indicate some form of “weakness or control deficiency” (Louwers et al., 2007, p. 165). The following example survey can help one gather evidence on which control objectives is at risk and requires more review. Control Environment Evaluation | | Yes | No | 1. Is ethical tone communicated in words and deeds at the top of the organization? | | |
ACC/544
April 29, 2013
Christine Errico
Checklist for Evaluating Internal Controls
Internal controls are methods a company implements to safeguard and protect the company in its day-to-day operations as well as its financial information. To ensure these controls are effective and performing properly a company must evaluate these controls. In performing this evaluation a company should use the three phases of the control evaluation. These phases consist of understanding the documenting of internal control, assessing the control risks, and performing tests of the controls and reassessing control risks. Phase One: Understanding and Documenting Internal Controls
This phase of the control evaluation allows one to grasp a general understanding of a company’s internal controls. A company’s internal controls consist of five control objectives, which are control environment, risk assessment, control activities, monitoring, and information and communications. The most effective way for one to gather information and evidence about these control objectives is to conduct an interview with the company’s managers “using a checklist type of internal control questionnaire” (Louwers, Ramsey, Sinason, & Strawser, 2007, p. 164). The checklist one uses should include questions about each control objective. This helps one to obtain evidence about the control environment along with the accounting and control procedures the company has in place (Louwers et al., 2007, p. 164). Answers to the internal control questionnaire are in the form of yes or no answers. Usually no answers indicate some form of “weakness or control deficiency” (Louwers et al., 2007, p. 165). The following example survey can help one gather evidence on which control objectives is at risk and requires more review. Control Environment Evaluation | | Yes | No | 1. Is ethical tone communicated in words and deeds at the top of the organization? | | |