Limitations And Evaluation Of Control Flashcards
Limitation
Internal control systems, while essential, have inherent limitations that can affect their effectiveness:
-
Human Error:
- Mistakes or omissions by employees can lead to incomplete or inaccurate processing, which may not be detected by control systems¹.
-
Cost-Effectiveness:
- Implementing certain controls may not be cost-effective for the organization, leading to gaps in the control environment¹.
-
Override by Employees or Management:
- Controls may exist but can be ignored or overridden by employees or management, compromising their effectiveness¹.
-
Collusion:
- Segregation of duties can be rendered ineffective if two or more individuals collude to bypass controls, often for fraudulent purposes¹.
Despite these limitations, auditors do not rely solely on control systems. They supplement their evaluation with substantive testing of transactions and balances to ensure a comprehensive audit¹.
Small entities face unique challenges in implementing effective internal controls:
-
Segregation of Duties:
- In small companies with limited staff, it is difficult to segregate duties, leading to one individual performing multiple tasks².
-
High Involvement of Owner-Manager:
- Control systems in small entities often rely heavily on the involvement of the owner-manager, who may personally authorize many transactions².
- While this can mitigate some risks, it also introduces potential issues:
- Lack of Documentation: There may be insufficient evidence of how systems are supposed to operate, requiring auditors to rely more on inquiries².
- Override of Controls: The owner-manager may override existing controls².
- Lack of Expertise: The owner-manager may lack the necessary expertise to effectively control the entity².
- No Independent Oversight: Unlike larger entities, small entities may lack independent oversight within the management team².
When auditing a small entity, the auditor must understand and evaluate the existing controls and plan the audit work accordingly. For example:
- Segregation of Duties: In a small retail business, the same person might handle cash, record transactions, and reconcile accounts. The auditor would need to assess the risks associated with this lack of segregation and plan substantive testing to verify the accuracy of financial records.
- Owner-Manager Involvement: In a small manufacturing firm, the owner-manager might personally approve all purchases. The auditor would evaluate the effectiveness of this control and consider the potential for override or lack of documentation.
By understanding these limitations and challenges, auditors can tailor their approach to ensure a thorough and effective audit¹²³.
The purpose of evaluating controls is to determine their effectiveness and identify control risks, which are part of the overall audit risk. This evaluation helps the auditor decide whether to use a systems-based or transactions-based approach for the audit.
The evaluation process involves two stages:
1. Effectiveness on Paper: Assess whether the controls, if applied properly, are sufficient.
2. Practical Application: Determine if the controls are actually being applied effectively in practice.
The auditor should follow these steps to evaluate controls:
-
Review Documentation:
- Obtain a general picture of the effectiveness of the controls by reviewing the documentation of the internal control system.
-
Identify Major Weaknesses:
- If the paper review indicates major weaknesses, the auditor will likely focus on substantive tests rather than tests of controls.
-
Initial Assessment:
- If the initial assessment shows weak control systems, the auditor will proceed directly to substantive testing without performing tests of controls.
-
Tests of Controls:
- If controls appear acceptable on paper, the auditor must perform tests of controls to ensure they are working effectively.
- If controls are operating effectively, the audit can be systems-based with reduced substantive testing.
-
Review Documentation:
- The auditor reviews the internal control documentation for the sales and inventory processes.
-
Identify Major Weaknesses:
- The paper review reveals that there is no segregation of duties in the cash handling process, indicating a major weakness.
-
Initial Assessment:
- Given the identified weakness, the auditor decides to focus on substantive testing for cash transactions.
-
Tests of Controls:
- For other areas, such as inventory management, the auditor performs tests of controls to verify that inventory counts are accurate and properly recorded.
- If these controls are found to be effective, the auditor can reduce the extent of substantive testing for inventory.
After evaluating the controls, the auditor may issue a management letter to communicate any identified weaknesses and provide recommendations for improvement. This letter helps management understand the areas that need attention and take corrective actions.
By following these steps, auditors can effectively evaluate controls and assess audit risk, ensuring a thorough and reliable audit process¹²³.
Limitation
Internal control systems, while essential, have inherent limitations that can affect their effectiveness:
-
Human Error:
- Mistakes or omissions by employees can lead to incomplete or inaccurate processing, which may not be detected by control systems¹.
-
Cost-Effectiveness:
- Implementing certain controls may not be cost-effective for the organization, leading to gaps in the control environment¹.
-
Override by Employees or Management:
- Controls may exist but can be ignored or overridden by employees or management, compromising their effectiveness¹.
-
Collusion:
- Segregation of duties can be rendered ineffective if two or more individuals collude to bypass controls, often for fraudulent purposes¹.
Despite these limitations, auditors do not rely solely on control systems. They supplement their evaluation with substantive testing of transactions and balances to ensure a comprehensive audit¹.
Small entities face unique challenges in implementing effective internal controls:
-
Segregation of Duties:
- In small companies with limited staff, it is difficult to segregate duties, leading to one individual performing multiple tasks².
-
High Involvement of Owner-Manager:
- Control systems in small entities often rely heavily on the involvement of the owner-manager, who may personally authorize many transactions².
- While this can mitigate some risks, it also introduces potential issues:
- Lack of Documentation: There may be insufficient evidence of how systems are supposed to operate, requiring auditors to rely more on inquiries².
- Override of Controls: The owner-manager may override existing controls².
- Lack of Expertise: The owner-manager may lack the necessary expertise to effectively control the entity².
- No Independent Oversight: Unlike larger entities, small entities may lack independent oversight within the management team².
When auditing a small entity, the auditor must understand and evaluate the existing controls and plan the audit work accordingly. For example:
- Segregation of Duties: In a small retail business, the same person might handle cash, record transactions, and reconcile accounts. The auditor would need to assess the risks associated with this lack of segregation and plan substantive testing to verify the accuracy of financial records.
- Owner-Manager Involvement: In a small manufacturing firm, the owner-manager might personally approve all purchases. The auditor would evaluate the effectiveness of this control and consider the potential for override or lack of documentation.
By understanding these limitations and challenges, auditors can tailor their approach to ensure a thorough and effective audit¹²³.
The purpose of evaluating controls is to determine their effectiveness and identify control risks, which are part of the overall audit risk. This evaluation helps the auditor decide whether to use a systems-based or transactions-based approach for the audit.
The evaluation process involves two stages:
1. Effectiveness on Paper: Assess whether the controls, if applied properly, are sufficient.
2. Practical Application: Determine if the controls are actually being applied effectively in practice.
The auditor should follow these steps to evaluate controls:
-
Review Documentation:
- Obtain a general picture of the effectiveness of the controls by reviewing the documentation of the internal control system.
-
Identify Major Weaknesses:
- If the paper review indicates major weaknesses, the auditor will likely focus on substantive tests rather than tests of controls.
-
Initial Assessment:
- If the initial assessment shows weak control systems, the auditor will proceed directly to substantive testing without performing tests of controls.
-
Tests of Controls:
- If controls appear acceptable on paper, the auditor must perform tests of controls to ensure they are working effectively.
- If controls are operating effectively, the audit can be systems-based with reduced substantive testing.
-
Review Documentation:
- The auditor reviews the internal control documentation for the sales and inventory processes.
-
Identify Major Weaknesses:
- The paper review reveals that there is no segregation of duties in the cash handling process, indicating a major weakness.
-
Initial Assessment:
- Given the identified weakness, the auditor decides to focus on substantive testing for cash transactions.
-
Tests of Controls:
- For other areas, such as inventory management, the auditor performs tests of controls to verify that inventory counts are accurate and properly recorded.
- If these controls are found to be effective, the auditor can reduce the extent of substantive testing for inventory.
After evaluating the controls, the auditor may issue a management letter to communicate any identified weaknesses and provide recommendations for improvement. This letter helps management understand the areas that need attention and take corrective actions.
By following these steps, auditors can effectively evaluate controls and assess audit risk, ensuring a thorough and reliable audit process¹²³.
