University administration is responsible for developing a strong internal control system that will ensure compliance with applicable laws, policies and procedures, adequately safeguard University assets, and ensure proper and accurate reporting of University activities. It is important to note that an audit does not relieve University administrators and employees of assigned responsibilities. Therefore, University management should not place reliance on an audit as an oversight control in lieu of management’s supervisory oversight responsibilities. Show
Internal Control DefinitionInternal control is a process designed by a college or university’s governing board, administration, faculty and staff to provide reasonable assurance regarding the achievement of objectives in the following categories:
This definition reflects certain fundamental concepts:
Internal Control Benefits
Key Internal Control ActivitiesSegregation of DutiesDuties are divided, or segregated, among different people to reduce the risk of error or inappropriate actions. For example, responsibilities for receiving cash or checks, preparing the deposit to the Cashier’s Office, and reconciling the deposit to the cashier’s receipt and Balances should be separated. StructureOrganizational structure – lines of authority and responsibility – should be clearly defined so that employees know where to go to report performance of duties, problems and questions related to position and the organization as a whole. An organization chart is a good means of defining this structure as long as it is kept up to date. Part of the structure is also the rules that employees must abide by. Written policies and procedures provide guidance to employees in carrying out their duties, provide for clear rules on allowable and expected activity, as well as provide means for enforcement. The department’s lines of authority and policies and procedures should be reviewed periodically to ensure they are in agreement with the organization’s strategic mission. Authorization and ApprovalTransactions should be authorized and approved to help ensure the activity is consistent with departmental or institutional goals and objectives. For example, a department may have a policy that all purchase requisitions and invoice vouchers must be approved by the director. The important thing is that the person who approves transactions must have the authority to do so and the necessary knowledge to make informed decisions. Reconciliation and ReviewPerformance reviews of specific functions or activities may focus on compliance, financial or operational issues. Reconciliation involves comparing transactions or activity recorded to other sources to help ensure that the information reported is accurate. For example, revenue and expense activity recorded on accounting reports should be reconciled or compared to supporting documents to ensure that the transactions are recorded timely, in the correct account, and for the right amount. SecuritySecurity may be physical, electronic (information system controls) or both. Equipment, inventories, cash, checks and other assets should be secured physically and periodically counted and compared with amounts shown on control records. For example, the periodic physical confirmation of equipment by individual departments is a physical security control. Virus detection software should be current and updated regularly to help protect integrity of systems. Hardware and access controls (passwords) should be changed periodically and rigorously safeguarded to protect from unauthorized access to database, computer systems, etc. Special physical and software controls (such as encryption software) should be developed for systems containing sensitive and/or confidential information. Control LimitationsInternal controls, no matter how well designed and operated, can provide only reasonable assurance regarding the achievement of objectives. The concept of reasonable assurance recognizes the cost of internal controls should not exceed the benefits derived and also recognizes evaluation of these factors requires estimates and judgment by management. For objectives related to the effectiveness and efficiency of operations, internal controls can only help to ensure management is aware of the entity’s progress or lack of it. Limitations which may hinder the effectiveness of an otherwise adequate system of internal controls include:
Additionally, controls can be circumvented by collusion of two or more people. Even more important to recognize, management has the ability to override the internal control system. These factors, combined with changing needs and personnel, make it risky to project any evaluation of internal control to future periods. On an ongoing basis, management must evaluate business risks and the controls needed to manage those risks and keep existing controls effective. Management evaluation generally leads to periodic adjustments and corrective action, which also helps assure the continuing effectiveness of the internal control system (see Risk Assessment). What is reasonable assurance in internal control system?Management's assessment of the effectiveness of internal control over financial reporting is expressed at the level of reasonable assurance . . . Reasonable assurance includes the understanding that there is a remote likelihood that material misstatements will not be prevented or detected on a timely basis.
What is meant by the concept of reasonable assurance in terms of internal control What are the inherent limitations of internal control?6-7 The concept of reasonable assurance recognizes that the cost of an entity's internal control system should not exceed the benefits that are expected to be derived from the system. Thus, an internal control system will not detect every error that might occur because it would be too costly to design such a system.
When considering internal control an auditor should be aware of the concept of reasonable assurance which recognizes that?When considering internal control, an auditor must be aware of the concept of reasonable assurance, which recognizes that the: Cost of internal control should not exceed the benefits expected to be derived therefrom.
What are the four things required of an auditor to obtain reasonable assurance?The auditor uses judgment when coming up with the audit evidence and conclusions. Other limitations may exist, like parties related to reasonable assurance.. The materiality of the items. Related article What is Going Concern? ... . Auditor risk assessment. ... . Audit objective.. |