We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Check Writers' Offers

What's Your Topic?

Hire a Professional Writer Now

The input space is limited by 250 symbols

What's Your Deadline?

Choose 3 Hours or More.
2/4 steps

How Many Pages?

3/4 steps

Sign Up and Get Writers' Offers

"You must agree to out terms of services and privacy policy"
Get Offer

Evaluating Internal Controls

Paper type: Essay
Pages: 3 (715 words)
Downloads: 31
Views: 98

An organization’s internal controls are comprised of five components, which include: the control environment, risk assessment, control activities, monitoring, and information and communication. The five components of internal control are considered to be criteria for evaluating an organization’s financial reporting controls and the bases for auditors’ assessment of control risk as it relates to an organization’s financial statements (Lowers, et. al., 2007). “Thus, auditors must consider the five components in terms of (1) understanding a client’s financial reporting controls and documenting that understanding, (2) preliminarily assessing the control risk, and (3) testing the controls, reassessing control risk, and using that assessment to plan the remainder of the audit work” (Lowers, et.

al., 2007, p. 161).

Phase I – Understanding

Throughout the course of Phase I an audit team will work to obtain a clear understanding of a company’s internal control environment and management’s risk assessment. The audit team will review the flow of transactions through the company’s accounting system, and the design of some client control procedures (Lowers, et.

al., 2007). In this step the audit team will perform their assessments in a top-down risk-based manner that first examines company-level controls (CLCs) and then controls of significant business units within the company (Lowers, et.al., 2007). Controls within the control environment and companywide programs include:

• Management’s risk assessment
• Centralized processing and controls including shared service environments • Period-end financial reporting process
• Controls to monitor results of operations
• Controls to monitor other controls
• Board-approved policies that address significant business control and risk management practices (Lowers, et. al., 2007, p. 161). Once the audit team has completed their examination of CLCs the audit team will then document their understanding through the use of narrative descriptions or flowcharts. The audit team will then use one of those tools to design a preliminary program of substantive procedures for auditing assertions related to the company’s account balances, which is conducted in Phase II (Lowers, et. al., 2007).

Phase II – Assessment

After the audit team has completed Phase I the audit team will move into Phase II or the preliminary assessment of the company’s control risks. Throughout the course of Phase II the audit team will analyze the control strengths and weaknesses of the company. A company’s strengths are considered as specific features of good general and application controls while its weaknesses are considered as a lack of controls in particular areas (Lowers, et. al., 2007). The audit team’s findings and preliminary conclusions should then be written up and documented in audit files known as the bridge workpapers.

In Phase II the audit team will seek to answer the following questions through its assessment. Can control risk be low or less than maximum? Is reduction of the control risk assessment cost-effective? Once the audit team arrives at the answers of those questions it will then specify the controls to be tested and the degree of compliance required. “The distinction between the understanding and documenting phase and the preliminary control risk assessment phase is useful for understanding the audit work. However, most auditors in practice do the two together, not as separate and distinct audit tasks” (Lowers, et. al., 2007).

Phase III – Testing

In the third and final phase the audit team will then perform tests of controls of the specified controls and reassess control risk. During the testing phase the audit team will seek to answer the question of how the actual degree of company compliance compares with the required degree of compliance with the company’s control policies and procedures. The audit team will then document the basis for assessing the company’s control risks, which are less than 100% or assess the company’s high or maximum control risk and design an audit program for the company with more effective substantive procedures. The audit team will then perform a test on the planned or revised substantive procedures.


An effective evaluation of a company’s internal controls will provide the company with a reasonable assurance regarding the achievement of its objectives in the following three categories: reliability of financial reporting; effectiveness and efficiency of its operations; and compliance with applicable laws and regulations.

Lowers, T.J., Ramsay, R.J., Sinason, D. H., Strawser, J.R. (2007). Internal Control and Evaluation. Auditing and Assurance Services. 2nd ed. The McGraw-Hill Companies.
New York City, NY.

Cite this page

Evaluating Internal Controls. (2016, Aug 21). Retrieved from https://studymoose.com/evaluating-internal-controls-essay

How to Avoid Plagiarism
  • Use multiple resourses when assembling your essay
  • Use Plagiarism Checker to double check your essay
  • Get help from professional writers when not sure you can do it yourself
  • Do not copy and paste free to download essays
Get plagiarism free essay

Not Finding What You Need?

Search for essay samples now


Your Answer is very helpful for Us
Thank you a lot!