Evaluation of internal controls
/What is an Evaluation of Internal Controls?
An evaluation of internal control involves an examination of the effectiveness of an organization's system of internal controls. By engaging in this evaluation, an auditor can determine the extent of other tests that must be performed in order to arrive at an opinion regarding the fairness of the entity's financial statements. An evaluation is also a good way to proactively spot any control deficiencies, and fix them.
A robust system of internal controls reduces the risk of fraudulent activity, which moderates the need for additional audit procedures. The examination concentrates on such issues as the separation of duties, checks and balances, safeguarding of records, the training level and competence of employees, and the effectiveness of the entity's internal audit function.
The steps involved in this evaluation process include the following:
Determine the extent and types of controls being used by the client.
Determine which of these controls the auditor intends to rely upon.
Based on the first two steps, determine which audit procedures should be expanded or reduced.
Make recommendations to the client regarding how to improve its system of internal controls.
The last of the preceding steps is useful for improving the control environment for the auditor in the following year's audit.
Who Evaluates Internal Controls?
There are two parties that evaluate an organization’s internal controls - internal auditors and external auditors. The internal audit team should routinely conduct an internal controls evaluation, not only to see if the correct controls are present, but also whether these controls are being used appropriately. If the audit team finds any issues, it discusses them with management, which is responsible for making any indicated changes. This tends to be a frequent, ongoing evaluation that rotates through the business processes within an organization. Those processes that have changed recently are the most likely to have their controls evaluated again, on the grounds that a fine-tuning of the related controls might be necessary.
An organization’s external auditors will conduct a detailed internal controls evaluation as part of its annual audit. The outcome of this analysis is the auditors’ determination of which audit areas will require extra work (reflecting poor internal controls) and which ones will require less work (reflecting strong internal controls).