Anda di halaman 1dari 2

Evaluation of internal control & internal check

During an audit, you have to assess your clients control risk. This audit procedure involves
evaluating control risk, which means you need to find out as much as you can about your
clients internal control procedures. Auditing those procedures involves several steps:

Consider external factors: Uncover as much as you can about environmental and external
influences that may affect the company, such as the state of the economy, changes in
technology, the potential effect of any laws and regulations, and changes in generally accepted
accounting principles (GAAP) that relate to the clients type of business.
External changes (such as technological or GAAP changes) may decrease your
reliance on the companys internal controls, unless the client can demonstrate that it
has modified internal controls in response to the changes.

Evaluate how management assesses its controls: The Sarbanes-Oxley Act of 2002 (requires
that management of publicly traded companies create a written self-assessment document at
this stage, which demonstrates how well it believes its internal controls are working.
Your evaluation of how well management thinks its internal controls work during the
initiating, authorizing, recording, and reporting of significant accounts can help you
identify areas where material misstatements due to error (mistake) or fraud
(intentional) could occur thus increasing your efficiency during an audit of a
private company.
When reviewing the self-assessment, keep the following points in mind:
Management should take a close look at the controls for significant accounts.
If the company has many business units or locations, management should
come u with a logical game plan as to which units and locations it looks at.
Management should assess the design and operating effectiveness of its

Review managements self-assessment: After management finishes its work, its your turn!
You have to review managements written assessment to come to your own conclusion about
how well management is performing.
Use questionnaires to evaluate internal controls: When evaluating your clients internal
controls, two questionnaires can help you gather important information for your assessment:
The first, created by your CPA firm and given to the client, consists of yes
and no questions about the companys operating structure. It also asks who
performs each of the operating tasks so that you know which employee to
pursue with your auditing questions.
The second questionnaire, which you fill out, documents your understanding of
the clients control environment. It covers topics such as the clients
commitment to competence, the assignment of authority and responsibilities,
and human resources policies and procedures.
Design your tests of controls: After you review managements self-assessment and
document your understanding, you design your tests of controls and decide which procedures
to use while testing. Tests of controls over operating effectiveness should include the
following five procedures:
Talk with the client: Ask questions ranging from how often performance reviews are
carried out to segregation of duties to discover if policies and procedures allow the
carrying out of management objectives.
Look at client documents: These source documents, such as invoices and loan
paperwork, back up information on the financial statements.
Observe the client: You check out for yourself how the company operates. For
example, you observe the procedures for opening mail and processing cash receipts to
test the operating effectiveness of controls over cash receipts.
Conduct walkthroughs: A walkthrough refers to tracing a transaction from the
original document to where the client includes it in the financial statements. You do
this by questioning the client about the transaction, having staff members show you
how they entered the transaction into the books, and inspecting the documents
involved in the transaction.
Do reperformance: Reperformance means that you use the clients source documents
to check the clients work by redoing it such as totaling a line of numbers to see if
you get the same grand total as the client.