Love the importance of internal control in auditing - Research Paper Example

?IMPORTANCE OF INTERNAL CONTROLS IN AUDITING INTRODUCTION: Audit is defined as the objective evaluation of the organization processes, systems and accounts. The person conducting and carrying out the work of audit is called auditor. The basic objective of an auditor is to obtain audit evidence which is sufficient and appropriate in the circumstances that the financial statements are free from material misstatement. These misstatements may occur due to fraud or error. The auditor obtains this audit evidence by obtaining an appropriate level of assurance that financial statements are not materially misstated. The audit evidence thus obtained allows the auditor to report on the financial statements. The auditor may obtain this level of assurance by performing audit procedures. The audit procedures to be performed are designed in the light of size and complexity of the entity. These are also affected by the auditor’s assessment of the risk of material misstatement and the auditor focuses on the areas where the risk of material misstatement may be present. The risk of material misstatement is the function of the inherent risk and the control risk. Inherent risk is defined as the susceptibility of financial statements and assertions therein to misstatements which are material in the context of the financial statements. On the other hand, control risk is defined as a risk that the financial statements and assertion therein may susceptible to a material misstatement which are not prevented, or remain undetected and uncorrected by the internal controls of the entity. To respond to the assessed control risks, the auditor performs test of controls. The understanding of the designed suitability and functioning of the internal controls helps the auditor in responding to those risks. It also helps the auditor to obtain reasonable assurance that the entity is achieving the financial reporting objectives. Thus, to assess the risk of material misstatement at overall financial statements level and at assertion level, it is essential for the auditor to obtain an understanding of the internal controls of the entity. INTERNAL CONROLS IN AN ENTITY: Internal control is defined as a process designed to provide the auditor, whether internal or external to the firm, with a reasonable assurance that the company is achieving its objectives. The internal controls are affected by management, those charged with governance and other personnel of the entity. (Koutoupis & Andreas, 2007, p. 23, 25, 27). The implementation and maintenance of effective internal controls is the responsibility of the management. It is also the responsibility of the management to ensure that the controls designed and implemented by the management are achieving the desired objectives. The management should also assess whether the controls over financial reporting are reliable and whether any frauds may be detected by the internal controls in operation. The management shall also assess whether the employees of the organization comply with laws and regulations relevant to the entity. This usefulness of internal controls makes it necessary for the entity to continuously and consciously evaluate the effectiveness and appropriateness of internal controls. A good and effective management always assess the effectiveness of internal controls on a periodic basis. Such evaluations help to pinpoint any deficiencies occurred in the controls during the period. It also helps to improve the internal controls efficiency and effectiveness in the changing circumstances. The practice of self-assessment of controls has emerged in the past decade. (Dietz & Donna & Snyder & Herbert, 2011, p. 35-40). Through this tool, the management has taken the responsibility for evaluating and improving internal controls. This evaluation is also considered important while designing new or additional internal controls. However, the method of designing of new controls is more or less same with the evaluation of the entity’s existing controls. Firstly, the entity identifies the reporting objectives that are relevant to it. Then, the entity identifies the events, circumstances or other significant risks that prevent or deter the company from achieving its overall objectives. This evaluation is very important as the subsequent designing of internal controls is dependent on this evaluation. The company and its management take into consideration all the events and circumstances which are faced by them, including changes from prior periods. The management should also evaluate the risks that may affect the performance of internal controls significantly. Finally, based on the above evaluations, the management designs controls that are efficient in avoiding, or identifying and correcting material errors or misstatements in the monetary statements at overall financial statements level as well as at assertions level. The management also monitors the effectiveness of the internal controls on a regular basis. IMPORTANCE OF INTERNAL CONTROLS: The internal controls of an entity bring a number of benefits for the entity. Some benefits are associated to the internal functioning of the entity while other bring benefits that are external to the entity but play a significant role in the entity’s success. (Lopis & Juan & Tari, 2003, p. 304-324). The effect of internal controls on the entity’s future viability is so significant that the determination of the quality of internal controls of the entity is considered to be a significant component of the risk assessment procedures. This importance has actuated the governing bodies to formulate rules and regulations that place a great emphasis on the quality of internal controls. Besides the responsibility of management to design effective and efficient internal controls, it is also imposed on the management to make assessment about the internal controls on regular basis and also report the deficiencies in the internal controls to appropriate authorities. The quality of internal controls is also related with the credit rating of the company. Credit rating of an entity is the assessment of an entity to be able to fulfill its financial obligations in the future. This assessment is made external to the firm. The assessment closely relates to the perceived risks of the company which depends on the adequacy of the internal controls. The internal controls may damage the financial position of the firm and also the interests of the company’s creditors. It also brings into question the interests of the shareholders which are closely connected to the future operations of the company. (Elbannan & Mohamed, 2009, p. 127-149) Inappropriate internal controls may also cause the company to go into deficit. The case of Violet Bay in 2005 highlighted this problem. The company had been gaining surplus for many years but in 2005, the company amassed a great deficit. The company constructed a jury to investigate the reasons for the reasons. The company finally concluded that, among other factors, internal control weakness was the main factor that contributed to the company’s deficit. The case also focused on the importance of effective internal controls and their continuous evaluation. IMPORTANCE OF INTERNAL CONTROLS IN AUDITING: With the emerging importance of internal controls and their significant effects on the financial position and operating efficiency of the business, a significant focus has been diverted by the companies to design efficient and effective internal controls. The management intends to design and implement internal controls which are free from weaknesses and which cannot by bypassed easily. The use of internal controls brings efficiency in the business and thus, has been adopted by many businesses. The internal controls have also received a great attention from the auditors. Now, the internal controls effectiveness and efficiency as well as weaknesses are greatly focused by the auditors. The understanding of the internal controls of the entity is considered as a significant part of the process of auditor understanding of the business of the entity and the environment in which the business is being conducted. The innovation and development in communication and record-keeping patterns and processing data electronically, the nature of the structure of the internal controls has also changed significantly. The auditor is required to understand such controls along with the adequacy and reasonableness of such complex controls. (Davis & Jefferson, 1996, p. 16-32, 35-37) The auditor primary objective is to obtain a sensible and logical assurance that the monetary or financial statements are free from errors and material misstatement, that may occur due to fraud or human error. The auditor, after performing the audit work and obtaining the audit evidence which is sufficient and appropriate in the circumstances, reports on the financial statements whether they are free from misstatements. In forming that opinion, the auditor is greatly concerned with the risk that the financial could be misstated due to any fraudulent acts done by the management. The auditor is concerned with the situations in which there is any indication that the controls are circumvented by the management or other personnel of the entity. In most situations the controls are bypassed by the personnel in the entity who are not accountants. But these people override the controls quite easily. The auditor is required to remain alert to all such situations which may indicate that the controls are circumvented by the persons within the entity. (Hayes & Arthur, 2003, p. 16-20). The auditor is significantly concerned with two types of errors which may cause misstatements in the financial statements. The first is Fraudulent Financial Reporting and the second is Misappropriation of Assets. Fraudulent Financial Reporting represents the circumstances in which the management with the responsibilities of preparing financial statements either does not prepare and present these in accordance with the applicable Financial Reporting Framework or the entries appearing in the financial statements are such that these may mislead the users of the Financial Statements. The auditor has to obtain reasonable assurance that the financial statements have been prepared in accordance with the applicable Financial Reporting Framework, in all material respects. The auditor is also required to obtain audit evidence that the financial statements are not misleading the users. The auditor performs a number of substantive procedures to obtain audit evidence regarding the fraudulent financial reporting. However, the extent of the substantive procedures may be reduced if the auditor performs procedures over the controls designed by the entity over the financial reporting and evaluate their reasonableness and adequacy. The auditor shall analyze whether there are any weaknesses in the internal controls which may allow the management to bypass such controls. The auditor shall also assess whether the controls have the ability to restrict management to countermand them and in case of any overriding of controls, how such event and circumstances of departure are recorded and evidenced. (Gramling & Audrey & O’Donnell & Vandervelde & Scott D., 2010, p. 175-187). In case of effective controls, the auditor may reduce his assessment of risk of material misstatements and may also reduce and modify audit procedures accordingly. Misappropriation of assets is also a major risk that affects the auditor assessment that the financial statements may be susceptible to material misstatement. The misappropriation involves the theft of the assets of an entity. Misappropriation of assets is usually perpetrated by employees of small entities. It has significant effects on the entity’s financial statements. The misappropriation of assets may be prevented by the entity by designing effective internal controls over the record of the assets. The entity should give more concentration on internal controls relevant to current assets such as cash and inventory as they have more chances of misappropriation. The auditor is required to identify whether any misappropriation of assets has taken place. The auditor may evaluate such events through performing substantive procedures. However, the auditor should assess the controls relevant to the safeguard of assets. If auditor identifies that the control over assets are effective, he may assess that the misappropriation of assets has not taken place. Accordingly, the auditor may reduce the assessment of the risk of material misstatement as low and accordingly, reduce the audit procedures. The understanding of the internal controls of the entity is performed as a risk assessment procedure by the auditor. The identification of internal control weaknesses assists the auditor in forming an overall conclusion whether the entity has achieved its stated objectives and achieves them by the particular methods as devised by the management or owners of the entity. The conclusions resulting from such procedures help the auditor in determining the materiality level and the audit procedures to be performed subsequently by the auditor. The auditor is also required under some regulations to comment on the effectiveness and efficiency of the internal controls implemented over the financial reporting of the entity. (Schneider & Arnold, 2009, p. 709-723) This requirement inevitably adds the responsibility of the auditor to evaluate the appropriateness and adequacy of internal controls of the entity. If any weakness of internal controls has come to the knowledge of the auditor, the auditor shall also report such weakness along with the effect that this may have on the auditor’s assessment of the risk of material misstatement. The internal audit function of the entity also focuses to a great extent on the functioning and the adequacy of the internal controls. (Ratliff & Richard & Beckstead & Stephen, 1994, p. 38) PROCEDURES PERFORMED IN AUDITING TO EVALUATE INTERNAL CONTROLS: Due to increased importance of the internal controls of an entity in auditing, the auditor is required to obtain a desired level of understanding of the internal controls. In obtaining such understanding the auditor performs different procedures at planning as well as performance stage of the audit. However, the extent of these procedures varies according to the auditor’s assessment of the risk of material misstatement relevant to the internal controls of the entity. The following procedures are usually performed by the auditor in assessing the risk associated with the internal controls of the entity. Inquiries of management at appropriate level or other persons within the entity. Such inquiries provide the auditor with a reasonable basis whether the persons in the entity are familiar with the internal controls of the entity. The auditor shall also assess the reliance the entity personnel place on the entity’s internal controls in performing their procedures. The auditor shall also evaluate the compliance of management with the internal controls of the entity. This evaluation assists the auditor in determining whether the financial statements could be susceptible to material misstatements whether due to fraud or error. Observation and Inspection. The auditor may also assess the risk of material misstatement associated with internal controls through inspection and observation. In carrying out those procedures, the auditor inspects the documents of the entity which contains the guidelines concerning compliance with the internal controls. The auditor shall also inspect the documents and shall find out the deviations from prescribed controls that have occurred during the period. The auditor shall also identify the procedures undertaken by the management in case of deviations from prescribed controls. To test the compliance of management and other personnel within the entity with the prescribed controls, the auditor may also observe the processes in which the business objectives are achieved. This observation and inspection assists the auditor in achieving reasonable assurance that the internal controls designed by the entity over financial reporting are effective and efficient. Analytical Procedures. The auditor shall perform analytical procedures to assess whether there are any significant changes that have occurred during the reporting period. If any such changes are identified, the auditor shall evaluate whether the financial statements could be indicative of material misstatements. If the misstatements are identified, the auditor shall assess whether such misstatements have occurred due to management override of controls. (International Federation of Accountants, 2007, pg. 347) CONCLUSION: The internal controls of the entity are instrumental in carrying out the desired objectives of the entity. They also affect the credit rating of a company. From auditing point of view, the internal controls of the entity provide a sufficient basis to the auditor on which the auditor plan and perform the audit. The adequacy and appropriateness of the internal controls provide the auditor with a reasonable basis on which the auditor may evaluate the fair presentation of the financial statements. Moreover, the internal controls also provide the auditor with a reasonable basis on which to make the judgment whether the business has been conducted in accordance with the desired objectives of the shareholders or those charged with governance. Moreover, it also helps the auditor to identify any significant transactions which are outside the entity’s normal course of business and to evaluate the business rationale thereof. Thus, the internal controls affect the audit significantly and assist the auditor in determining the direction and scope of the audit, the nature of misstatements expected and the direction, scope and extent of the audit procedures to be performed. REFERENCES: 1. Davis, Jefferson. (1996). Experience and auditors’ selection of relevant information for preliminary control risk assessment. Auditing. 15(1). 16-32, 35-37. 2. Dietz, D. Snyder, Herbert. (2011). Assessing Internal Controls: Do Management and Staff Agree? Management Accounting Quarterly, 12 (2), 35-40. 3. Elbannan, Mohamed. (2009). Quality of internal control over financial reporting, corporate governance and credit ratings. International Journal of Disclosure and Governance, 6 (2), 127-149. 4. Gramling, Audrey, A. O’Donnell. Vandervelde, Scott. (2010). Audit partner evaluation of compensation controls: A focus on design effectiveness and extent of auditor testing. Auditing. 29 (2). 175-187. 5. Hand Book of International Auditing and Assurance Pronouncements and Code of Ethics for Chartered Accountants. (2007). the Institute of International Federation of Accountants (IFAC).347- 370. 6. Hayes, A. (2003). One easy (but long) step to more effective internal controls or, what are the consequences of considering internal controls as consequences? The Journal of Government Financial Management. 52 (1). 16-20. 7. Koutoupis, A. (2007). Documenting internal controls. The Internal Auditor. 64 (5). 23, 25, 27. 8. Llopis, J. Tari, Juan, J. (2003). The importance of internal aspects in quality improvement. The International Journal of Quality and Reliability Management, 20. 2/3, 304-324. 9. Ratliff, Richard, L. Beckstead, Stephen, M. (1994). How world-class management is changing internal auditing. The Internal Auditor. 51(6). 38. 10. Schneider, A. (2009). Auditors’ internal control opinions: Do they influence judgments about investments? Managerial Auditing Journal. 24 (8). 709-723. Read More