INTERNAL CONTROL NOTITIES
1. Chapter 1: Introduction to Auditing
1.1 What is Auditing?
Auditing is a systematic process of objectively obtaining and evaluating evidence regarding
assertions about economic actions and events to ascertain the degree of correspondence
between those assertions and established criteria and communicating the results to
interested users:
Auditing is a systematic process … : = structured as a dynamic activity in a logical
manner → systematic = the process is organized
…of objectively obtaining and evaluating evidence…: = the auditor should perform the
audit independently and objectively
…regarding assertions about economic actions and events…: = the auditor will collect
information about management assertions (= beweringen, verklaringen)
…to ascertain (= vaststellen) the degree of correspondence between those assertions
and established criteria…: depending on the type of audit the established criteria are fixed
by law (financial audit and compliance audit) or the company herself (operational audit).
…and communicating the results to interested users: = important deviations between
observed reality and established criteria should be indicated (= afwijkingen tussen realiteit en
vastgestelde criteria)
What do you need for audit?
• Information in a verifiable form
o Can be;
▪ Quantifiable (FS, Tax information)
▪ Subjective
• Standards (=criteria) by which an auditor can evaluate information
o Criteria vary depending on the information being audited;
▪ Audit of FS: BGAAP or IFRS
▪ Audit of internal control: COSO
What does evidence mean in auditing?
= all information used to determine whether info is in accordance (= overeenkomstig) with
criteria
Information can be:
• Electronic data about transactions
• Written or electronic communication from externals
• Observations by the auditor
• Oral statement of client
→ auditors must obtain enough information with a sufficient quality and quantity
Auditor must :
• have an independent mental attitude, → not independent? Audit has little value
• be qualified to understand criteria
• be competent to know types and amount of evidence necessary to make a proper
conclusion → not competent? Audit has little value
,Last step of audit process:
= audit report → which communicates the auditor’s findings to interested users
→ inform the reader of the degree of correspondence between the information audited and
established criteria
→ NL: de lezer informeren over de mate van overeenkomst tussen de gecontroleerde informatie en de
vastgestelde criteria
1.2 Types of audit
Financial audit = external audit
= scheiding tussen zeggenschap en eigendom
= separation between the control and ownership in large companies
→ shareholders (owners) nominate directors (control) to run the company’s affairs on their
behalf
• Directors report on the financial performance and position of the company →
o to the shareholders : they need assurance over the accuracy of these
statements BEFORE relying on them
▪ SOLUTION = external audit
• = it provides reasonable assurance to the owners that FS are
free from material misstatements
Financial auditing = the process of examining an organization’s accounting and financial
records to determine if they are accurate and in accordance with applicable rules, regulations
and laws. → + provide independent opinion on these records
Belgian law → ALL large companies must have their financial statements externally audited
o = companies that meet 2 of the 3 conditions:
▪ Annual turnover of €9 million
▪ Balance sheet total €4,5 million
▪ More than 50 employees
Financial auditors are gathered in the IBR-institute (instituut van de bedrijfsrevisoren)
Operational audit
= an examination of the manner in which an organization conducts its business
→ objective: pointing out improvements that will increase its efficiency and effectiveness
Conducting an operational audit can include the evaluation of:
− Organizational structure
− Computer operations
− Production methods
− Marketing
→ operational audit = internal audit
Internal audit is typically centralized around certain key activities which include:
− Monitoring the effectiveness of IC’s and proposing improvements
− Investigating instances of fraud and theft
− Monitoring compliance with laws and regulations
− Evaluating risk management policies and procedures of the company
− Examining the effectiveness, efficiency and economy of operations and processes
Forensic audit
Forensic auditors are investigators of legal and financial documents that are hired to look into
possible fraudulent activities within a company.
Companies who may want to prevent fraudulent activities from occurring can also hire a
forensic auditor to investigate the company.
Forensic auditors are represented by the IFA (institute of fraud auditors)
Compliance audit
= is conducted to determine whether the company is following specific procedures, rules, or
regulations set by some higher authority.
Results → primarily reported to management → because is concerned about compliance
with procedures, rules, and regulations
FOR EXAMPLE: compliance audit on the subject of the health and safety legislation in
Belgium → changes several times so it’s complex
Information system audit = IT audit
= involves the assessment of the controls relevant to the IT infrastructure within an
organization.
Objectives:
• benefit their operations and services through IT
• ensure that their IT systems are reliable, secure and not vulnerable to computer
attacks
• help to reduce the risks of data loss or leakage
IT audits may be performed as part of the internal control assessment during an internal or
external audit.
1.3 Auditing vs Accounting
→ more looking at the financial auditing, so external audit
Purpose: focus on determining whether FS Purpose: providing financial information for
properly reflects the economic events decision making
Periodic process (after FS are ready) Continuous basis
Uses samples of FS Very detailed
External and independent Internal employee of the company
, 2. Chapter 2: Internal control and External control
2.1 Internal Control
→ without internal control: impossible for managers to manage the company’s risks
Organigram → doel om duidelijk vast te stellen wie verantwoordelijk is als er iets fout gaat
IC is very important when assignments and responsibilities are delegated !!!
COSO = joint initiative to combat fraud
→ intention = to establish a definition of IC that serves the needs of different parties
THEIR DEFINITION:
Internal control is a process …: = ongoing activity
… effected by an entity’s board of directors, management and other personnel …: it is
not achieved by simply having policy manuals and forms, but by actions and attitudes of
people at every level of an organization.
… to provide reasonable assurance …: ! not absolute assurance ! because limitations are
inherent in all IC systems
… regarding the achievement of objectives in the following categories:
• effectiveness and efficiency of operations, (operational audit)
• reliability of financial reporting, (financial audit)
• compliance with applicable laws and regulations (Compliance audit)
IC is set up to achieve objectives in one or more separate but overlapping categories
Institute of Internal Auditors
THEIR DEFINITION:
IC is any action taken by management to enhance the likelihood that established
objectives and goals will be achieved
Primary objectives of IC are to ensure:
− the reliability of information
− compliance with policies, procedures, laws, regulations,…
− the safeguarding of assets
− the economical and efficient use of resources
− the accomplishment of established objectives and goals for operations or programs
2.2 Internal audit
Internal auditing is an independent, objective assurance and consulting activity designed to
add value and improve an organization’s operations. It helps an organization accomplish
its objectives by bringing a systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes
- Institute of Internal Auditors
= The keystone for a good IC system
= Identify issues before they become substantial problems
= Evaluate whether IC’s are working correctly and efficiently
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller chalineclaesen. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $18.09. You're not tied to anything after your purchase.