Share
Explore BrainMass

This post addresses internal control and IT.

For internal control to be effective, it needs to be enthusiastically accepted by the management. The other components will be ineffective if the management has a tendency to override these controls. From an auditor's perspective, having a good knowledge of such practices has a significant contribution to understanding the internal controls of an organization.

Please share any experience you may have in this area.

Solution Preview

This is very true in regards to IT auditing. If you have never seen the GAAS standards broken down into three divisions, here is a copy of it that is pretty comprehensive: http://www.gao.gov/govaud/govaudhtml/d07731g-8.html

Basically, the main reason for internal controls in the first place is to prevent fraud and other acts of wrongdoing. The internal controls are equally important for both public and private companies, they're just aimed slightly different. For a public company, the main person we're protecting is the investor - this is why internal controls are designed, and it's because of how much money investors, as the primary stakeholder, have tied up in a company. When we're dealing with private companies, the main person we're protecting is the business owner. Private companies are limited on stakeholders and the usual makeup of stakeholders are the owner, employees, customers, and the community where the business resides. The controls, however, are designed to function the same. Now we move those ...

Solution Summary

This solution discusses the following scenario:

For internal control to be effective, it needs to be enthusiastically accepted by the management. The other components will be ineffective if the management has a tendency to override these controls. From an auditor's perspective, having a good knowledge of such practices has a significant contribution to understanding the internal controls of an organization.

$2.19