Control environment:
The overall attitude of management regarding internal controls and their importance. It encompasses management’s philosophy, e.g. a commitment to integrity and ethical values, a formal organisation structure and proper training of staff.
Risk assessment:
The process is an entity’s process for identifying and responding to business risks.
Information system:
The relevant to financial reporting objectives consists of the procedures and records established to process the transactions that the entity carries out, and to maintain accountability for the related assets, liabilities and equity balances. Many information systems make extensive use of information technology (IT).
Control activities:
These activities are the policies and procedures that help ensure that management directives are carried out, for example that necessary actions are taken to address risks that threaten the achievement of the entity’s objectives. Control activities, whether within IT or manual systems, have various objectives and are applied at various organisational and functional levels.
Different books identify different categories of control activities. One possibility is:
– Authorisation
– Comparison
– Computer controls
– Arithmetical controls
– Maintaining a trial balance and control accounts
– Accounting reconciliations
– Physical controls
– Segregation of duties
Use the mnemonic ACCA MAPS to remember these categories.
Monitoring of controls:
It is a process to assess the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions.
Management must decide whether existing control procedures are adequate. This could change over time. For example, a system might become overwhelmed if the entity grows too rapidly.
The operation of controls must also be checked. Compliance failures may arise because of lack of staff motivation or through poor training and supervision.