Evaluating The Internal Control Process Essay


Discuss about the Evaluating The Internal Control Process.



Understanding and evaluating the internal control process of the entity is the responsibility of the auditor to design tests that allow identifying controls, risks and testing the processes established in the company.

Testing of controls

An audit procedure designed to evaluate the operational effectiveness of controls to prevent, or detect and correct, misrepresentations of material importance at the level of assertion (Ricchiute, 2006). During the process of an audit of financial statements, the auditor should evaluate and design the procedures that respond to significant identified risks of errors in their audit, affecting the audited financial statements as a whole, or an assertion specific.

Strengths and weaknesses


The company has very robust internal control mechanisms that safeguard it against internal frauds. Some of the strengths include the following;

Orders are received in all manner therefore sales is at 100% recording. Some make sales order via telephone, fax mails and even sales representatives. The sales are then recorded by the data entry clerk and nobody else is supposed to record the sales entries. After recording there is a computer generated check, which checks the orders against the entries. The orders that have met the requirements proceed and the goods are ordered. The orders that don’t meet the criteria are recorded on a file for review subject to approval by the credit control clerk (Furnell, 2011). The rejected order is then noted by the credit control clerk and then passed to the supervisors in the department for further review. On picking, the slips are printed in the dispatch office and then it is forwarded. To check on this, physical goods is done on checking slip to see if there is any discrepancies in the system. The last step in the control and checks is to send two copies of the invoice to the customer in whom he keeps one invoice and the other he sends back for confirmation that he received the order. At the end of the day, the master file is updated for the accounts receivable for comparison at the end of the month.


The following are the weaknesses;

  1. The staff may collude right from the entry of data point and the order of goods.
  2. The computer generated checker may fail and the system has no manual backup system in case of an electronic fail.
  3. No checker for the person who is putting in the entries and making orders.
  4. Accounts receivable at the end of the day may not vary with the actual balance of the creditors account.
  5. In the store, the goods ordered may be changed if they are not labeled well.

Implications of the of each weaknesses

I'm not sure what to do, but I'm not sure what to expect. I, what more will it give if the collections are recorded as separate stocks or included in the work in progress? If it comes to having a simple and inexpensive system of valuing stocks, it does not matter, does not it? In my judgment it is not the same. One thing is the stock of goods, distributed by different works, store, etc. (Guidance on monitoring internal control systems, 2009), This does not include "unmounted" merchandise. Therefore, they are stocks, but for different concepts. When the company registers "executed work pending invoicing", it would be exclusively for this concept. And against this "provision" (work in progress), it would have to be regularized when the final invoice of executed work was received... And I repeat what was before. this would be normal for weight builders. * If you give him a fish, he will eat that day

As a part of these works are already recognized as inventories, it would be necessary to proceed simultaneously, by invoice, to a regularization of the considered stocks, otherwise the income figure would be doubled. It is the adjustment to which I have been referring in this moment. This seat, as a variation of stocks, is apart from that which could correspond to the materials collected and in storage, object of annual inventory. These materials, at the end of the year, are not included in the "works in progress executed pending billing. If you give him a fish, he will eat that day. (Gertz, Guldentops and Strous, n.d.), which is that the builder, when you give the conformity to the invoice, write in it what work corresponds, nothing easier and with that the manager has it perfectly fixed.

Collusion of staff in sales will lead to loss of company’s resources which is bad for the country. System collapse will also lead to loss of important data that may affect the company.

Control risk assessment for Acid sales systems
A significant risk is the high probability that a significant identified error will occur and that, if it occurs, would materially affect the financial statements or an assertion. Therefore, in the opinion of the auditor, an adequate response is required in its audit, through the application of specific procedures.
In the work done in the audit planning, the auditor identified:
Significant transactions and processes that initiate, process and record
Business risks that have significant implications in the financial statements
Fraud risks

The internal controls cover five key components:

This component is the basis for the rest of the control components; a weak control environment means that regardless of the proper design of the rest of the components, they cannot be fully trusted. The control environment sets the level of discipline and structure in the company (Guidance on monitoring internal control systems, 2009).

In many cases, when we talk about internal controls, perceptions of their meaning are very different, depending on the user, preparer, auditor or management. For some users, internal control refers to conciliation and authorization procedures; for others, it could be fraud-related controls; and for others, be only established policies and procedures in companies.
However, in general it can be said that internal controls are the responses of the management of a company or business to mitigate an identified risk factor or achieve a control objective (Friedman, 2011).
The objectives of internal controls can be grouped into four categories:
Financial information.
Compliance with legal provisions and regulations.
Although companies need to establish internal controls to mitigate the risks associated with these issues; for the purpose of auditing financial statements, the relevant internal control is related to financial reporting.
This article will analyze the evaluation of internal control and its components in the audit of financial statements, taking into account the provisions of the International Standards of Audit (NIA) to expose the purpose, scope and nature of internal control on the financial information, including the five components to be evaluated by the auditor of the financial statements.


In accordance with ISA 315, Identification and valuation of risks of material misstatement through the knowledge of the entity and its environment, the auditor will obtain knowledge of the internal control relevant to the audit. For this purpose, the auditor should first exclude from internal analysis the internal controls that are aimed at issues not related to financial information, and subsequently identify which of the internal controls related to financial information are relevant, according to their professional judgment, so that based on these make their evaluation (Anthony et al., 2014).
The first step for the auditor is to evaluate the design of the control to identify the risks that are sought to mitigate with the control; subsequently, it will be necessary to identify what controls exist to mitigate those risks. Also, in turn, it must determine if they have been implemented through interviews with company personnel and the completion of additional procedures.

Sales flow chart

From customer placement of order to customer invoice and receipt of the order


Anthony, R., Govindarajan, V., Hartmann, F. and ... [et al.] (2014). Management control systems. London [etc.]: McGraw-Hill Education.

Friedman, J. (2011). Sales. New York, N.Y.: Wolters Kluwer Law & Business.

Furnell, S. (2011). Security Management, Integrity, and Internal Control in Information Systems. New York: Springer.

Gertz, M., Guldentops, E. and Strous, L. (n.d.). Integrity, Internal Control and Security in Information Systems.

Guidance on monitoring internal control systems. (2009). [New York].

Ricchiute, D. (2006). Auditing. Mason, Ohio: South-Western/Thomson Learning.

How to cite this essay: