 |
 |
Home |
 |
 |
 |
 |
Controls Controls are used to Prevent, Detect, and Correct errors and fraud. Classification of controls Preventive, detective, and corrective controls. Discretionary and non-discretionary controls. Voluntary and mandated controls. Manual and automated controls. Application and general IS controls
|
 |
 |
||
 |
Internal Control System |
Internal Control System
System of Internal Controls
An organization’s system of internal control includes the means established to provide reasonable assurance that the overall objectives and goals of the organization are achieved in an efficient, effective, and economical manner. The system of internal control is defined as a set of processes, functions, activities, subsystems, and people who are grouped together or consciously segregated to ensure the effective achievement of objectives and goals.
Key concepts:
 |
Reasonable assurance is provided when cost-effective controls are established to reduce the risk that overall objectives and goals will not be met to an acceptable level. The term “reasonable assurance” does not mean that assurance is absolute; it implies that a reasoned judgment has been made by balancing the cost of potential loss or risk against the cost of actions that must be taken to control the risk. For example, the theft of large pieces of computer equipment results in an obvious loss that would be immediately detected, and corrective action would be quickly taken. Careful evaluation of the business risk and the potential loss must be made in relation to the cost of the recommended control. |
|
Objectives are defined as a statement of the desired accomplishments of the organization. They must be established before goals can be set or systems can be designed, implemented, and maintained to achieve those goals. |
|
Goals are specific targets that should be identifiable, measurable, attainable, and consistent with objectives. Goals include operating targets, performance objectives, and expected results. The risks of not achieving such goals should be clearly recognized. |
When functions, subsystems, activities, and people successfully work together to provide reasonable assurance that the organization’s objectives and goals are efficiently and economically achieved, the design and implementation of the system of internal control have been effective.
The system of internal control can be thought of as a filtering device that prevents actions or events from leading to organizational problems. Events that are in accordance with organizational objectives and goals are processed through the system of internal control to provide reasonable assurance that order is maintained
Audit and the System of Internal Controls:
Auditors conduct "test of controls" in order to determine the reliability of the system of internal controls used in the organization. This determination forms the basis upon which the audit work is conducted.