Evaluating Internal Controls
Running Head: EVALUATING INTERNAL CONTROLS
Evaluating Internal Controls
Internal Control Systems – ACC/544
Stephanie Booth
Robert Cornett
University of Phoenix
September 29, 2014
Evaluating Internal Controls
An organization’s internal controls are comprised of five components, which include: the control environment, risk assessment, control activities, monitoring, and information and communication. The five components of internal control are considered to be criteria for evaluating an organization’s financial reporting controls and the bases for auditors’ assessment of control risk as it relates to an organization’s financial statements (Lowers, et. al., 2007). “Thus, auditors must consider the five components in terms of (1) understanding a client’s financial reporting controls and documenting that understanding, (2) preliminarily assessing the control risk, and (3) testing the controls, reassessing control risk, and using that assessment to plan the remainder of the audit work” (Lowers, et.al., 2007, p. 161).
Phase I – Understanding Throughout the course of Phase I an audit team will work to obtain a clear understanding of a company’s internal control environment and management’s risk assessment. The audit team will review the flow of transactions through the company’s accounting system, and the design of some client control procedures (Lowers, et.al., 2007). In this step the audit team will perform their assessments in a top-down risk-based manner that first examines company-level controls (CLCs) and then controls of significant business units within the company (Lowers, et.al., 2007).
Controls within the control environment and companywide programs include:
• Management’s risk assessment
• Centralized processing and controls including shared service environments
• Period-end financial reporting process
• Controls to monitor results of operations
• Controls to
Evaluating Internal Controls
Internal Control Systems – ACC/544
Stephanie Booth
Robert Cornett
University of Phoenix
September 29, 2014
Evaluating Internal Controls
An organization’s internal controls are comprised of five components, which include: the control environment, risk assessment, control activities, monitoring, and information and communication. The five components of internal control are considered to be criteria for evaluating an organization’s financial reporting controls and the bases for auditors’ assessment of control risk as it relates to an organization’s financial statements (Lowers, et. al., 2007). “Thus, auditors must consider the five components in terms of (1) understanding a client’s financial reporting controls and documenting that understanding, (2) preliminarily assessing the control risk, and (3) testing the controls, reassessing control risk, and using that assessment to plan the remainder of the audit work” (Lowers, et.al., 2007, p. 161).
Phase I – Understanding Throughout the course of Phase I an audit team will work to obtain a clear understanding of a company’s internal control environment and management’s risk assessment. The audit team will review the flow of transactions through the company’s accounting system, and the design of some client control procedures (Lowers, et.al., 2007). In this step the audit team will perform their assessments in a top-down risk-based manner that first examines company-level controls (CLCs) and then controls of significant business units within the company (Lowers, et.al., 2007).
Controls within the control environment and companywide programs include:
• Management’s risk assessment
• Centralized processing and controls including shared service environments
• Period-end financial reporting process
• Controls to monitor results of operations
• Controls to
References: Lowers, T.J., Ramsay, R.J., Sinason, D. H., Strawser, J.R. (2007). Internal Control and Evaluation. Auditing and Assurance Services. 2nd ed. The McGraw-Hill Companies. New York City, NY.