Control Environment

The control environment sets the tone of the organization. It is the foundation for all other components of internal control. It provides discipline and structure. Control environment factors include the integrity, ethical values, and competence of the company's people.

Personnel policies and practices also come under the control environment. An organization should conduct regular reviews of its operations to determine if they conform to desired operating policies. Some large and medium-size enterprises have separate internal audit departments, whose internal auditors test existing internal controls for proper functioning and use. Small companies usually cannot afford their own internal audit departments, but they can hire outside consultants or ask managers to test compliance with operating policies.

1. The internal control evaluation can be designed around the components of internal control. What are two questions that can be included on the internal control check-list to obtain information about the entity's control environment?

Auditors of public companies need to have sufficient knowledge to support both an opinion on the financial statement and an opinion on internal control over financial reporting (ICFR). The auditor must understand the system of ICFR in sufficient detail that the auditor can determine that effective controls have been placed in operation to prevent or detect any material misstatement in the financial statements on a timely basis.

Sometimes, auditors make inquiries of client personnel regarding what controls are present in their system and other times, the queries might start by asking the client personnel what risks they perceived to be important when the system was designed.

2. Should auditors identify risks before they document internal controls?

The three phases of internal control evaluation. The top-down approach requires the auditor to obtain an understanding of the internal controls, document the understanding of the internal controls, design a preliminary program of substantive procedures for auditing relevant assertions related to significant account balances, identify points at which errors or fraud could occur, and identify controls to test that prevent or detect errors or fraud.

3. You are the managing partner of a CPA firm. During your discussion of the nature and scope of the audit, your new client asked if it is really necessary for the auditor to gain an understanding of the company's system of internal control. What will be your response?