1. CONTROL ACTIVITIES
1.1. policies and procedures that help mitigate the risk that the organization’s objectives are not met
1.1.1. Select and develop control activities that mitigate risks of the achievement of organization objectives to acceptable levels.
1.1.2. Select and develop general control activities over technology to support organization objectives
1.1.3. Deploy control activities through policies that establish what is expected and in procedures that put policies into action
1.1.4. Transaction Control Activities
1.1.4.1. A variety of control activities are performed to check the accuracy, completeness, validity, and authorization of transactions
1.1.4.1.1. authorizations and approvals
1.1.4.1.2. verification
1.1.4.1.3. physical control
1.1.4.1.4. reconciliations
1.1.4.1.5. supervisory controls
1.1.4.1.6. controls over standing data
1.1.4.2. Authorization of transactions may be either general or specification.
1.1.4.2.1. General authorization
1.1.4.2.2. Specific authorization
1.1.4.3. Serial numbers provide control over the number of documents issued
1.1.4.4. Physical controls include those that provide physical security over both records and other assets
1.1.4.5. Only authorized individuals should be allowed access to the company’s valuable asset
1.1.4.5.1. Direct physical access to assets may be controlled through the use of
1.1.5. Performance Reviews
1.1.5.1. These controls include reviews of actual performance as compared to budgets, forecasts, and prior period performance
1.1.5.2. Performance reviews provide management with an overall indication of whether personnel at various levels are effectively pursuing the objectives of the organization
1.1.6. General Controls and Application Controls
1.1.6.1. Transaction-level controls may be broken into two categories
1.1.6.1.1. General control
1.1.6.1.2. Application control
1.1.7. Segregation of Duties
1.1.7.1. No one individual should perform more than one of the fuctions.
1.1.7.1.1. authorizing transactions
1.1.7.1.2. Recording transactions
1.1.7.1.3. Maintaining custody
1.1.7.1.4. Maintaining custody over assets
1.1.7.2. The goal is no to alloe an individual to have incompatible duties.
1.1.7.3. Fidelity bonds
1.1.7.3.1. Form of insurance in which a bonding company agrees to reimburse an employer, whithin limits for loses.
2. CONTROL ENVIRONMENT
2.1. Commitment to Integrity & Ethical Values
2.1.1. Is essential for internal control's effectiveness
2.1.2. Communicated thourgh the Organization's Standard of Conduct
2.1.3. Emphasized through directives, actions and behavior
2.2. Effective Board of Directors
2.2.1. Factors considered are
2.2.1.1. Skills
2.2.1.2. Stature of boar's members
2.2.1.3. Also important to an effective control environmen
2.3. Effective Organizational Structure
2.3.1. Separate authority, reporting lines, responsibility duties among members of organization
2.3.2. Provides basis for planning and controlling operations
2.3.3. It separate responsibilities for
2.3.3.1. authorization of transactions
2.3.3.2. Record keeping for transactions
2.3.3.3. Custody of assets
2.4. Attracting, Developing & Retaining Competent Employees
2.4.1. It has a significant effect on the effectiveness of control environment
2.4.2. Effective Human resources often mitigate weaknesses in control environment
2.5. Individual Accountability
2.5.1. Board of Directors
2.5.2. Internal Control should be throughly investigated
3. RISK ASSESSMENT
3.1. Management's process for indentifying, analyzing and responding for such risks.
3.1.1. For an effective risk assessment organizations should
3.1.1.1. Crearly specify objectives to allow the identification and assessment of risk related to those objectives
3.1.1.2. Identify and analyze to the achievement of its objectives to determine how they be managed
3.1.1.3. Identify and assess changes that could impact internal control
3.1.2. Risk tolerance
3.1.2.1. Acceptable level of variation in performance relative to the achievement of objectives
3.1.2.2. May exist at the entity level of the transaction level
3.1.2.3. Entity-level risks arise from external or internal factors such as
3.1.2.3.1. Economic
3.1.2.3.2. Regulatory
3.1.2.3.3. Technology
3.1.2.3.4. Personnel factors
3.1.3. Assessing risk involves
3.1.3.1. Evaluating likelihood of occurrence and potential impact
3.1.3.2. Consideration of the velocity or speed of occurrence and duration of impact of the risk
3.1.3.3. Allows management to identify the significant risks that requires a response.
3.1.3.3.1. Avoidance: involves existing the activity that gives rise to the risk
3.1.3.3.2. Reduction: involves taking action to reduce risk likelihood or impact
3.1.3.3.3. Sharing: involves reducing likelihood or impact by transfering a portion of the risk
3.1.3.3.4. Acceptance: Involves taking no action because the risk is consistent with he risk tolerance of the organization
4. AUDITING INFORMATION SYSTEM
4.1. Consists in methods and records established to record process, summarize and report an entity's transaction.
4.2. It should includes
4.2.1. A manual of accounting policies, States clearly in writting the methods of treating transactions.
4.2.2. A chart of account, classified listing of all accounts in use.
5. MONTORING OF CONTROLS
5.1. Process to assess the quality of internal control performance over time.
5.2. Basic principles
5.2.1. Select, develop and perform on going and separate monotoring evaluations
5.2.2. Evaluate and communicate internal control deficiencies in a timely manner to those responsible for taking corrective action.
5.3. Internal audit function
5.3.1. Internat auditors
5.3.1.1. Investigate and appraise internal control
5.3.1.2. They are representatives of management
5.3.1.3. They report findings and recommendations to management
5.3.1.4. They are interested in determining whether each branch of department has a clear understanding of its assignment.
5.3.1.4.1. It is idequately
5.3.1.4.2. It is properly safeguards cash, inventory
5.3.1.4.3. It maintains goods records
5.3.1.5. They cooperate with harmoniously with others departments
5.3.1.6. They help to prevent management override of internal control.