Concepts Related to Internal Controls

Hello,

Index of Concepts

1. Control Design

2. Control description

3. Control Testing

4. Control Frequency

5. Control Owner

6. Control Logic

7. Control Implementation

8. Control Trigger

1. Control Design:

Design of control is sequencing and modeling internal control framework within the different business process to effectively mitigate the business risk. Design of control majorly depends upon the structure of the business process, Business risk, and risk appetite. Design of control addresses the existence of control within the business process.

Here P1 and P2 Represent the Process Risk and C1 and C2 Represent the Control.

A. Control should always be performed after completion of Business Process.
B. There may be multiple control for mitigation of one business risk (Refer 2)
C. One control can mitigate the risk of multiple business risks. (Refer 1)

2. Control Description:

Control Description means the steps to be performed by control owner. Control Description helps in better control testing.
Critically Control Description also includes the Information process by control and deliverable produce by control. (Refer control testing)
Good writing of description of control enables better control performance.

3. Control Testing:

The control test focuses on testing of control design, control implementation and control operating effectiveness.
Control testing is done by anyone expect to process and control owner.
Control testing typically includes determination of control frequency_CF (Refer Control Frequency) and whereby sample for the test of control.

4. Control Frequency:

Calculation of control frequency helps in determining of sample size.

Control Frequency calculation helps in the testing of its implementation.

Time Base Control means control performance interval is equal

Event Base Control means control is perform once particulars event occur.

Generally-

Time Base Control - On Bunch of  Transactions (Bank Reconciliation)

Event Base Control - For Every Transaction (PO Approval)

5. Control Owner:

Owner of a control means a person who performs the control.

Owner of control test the business process logic with the help of control description.

Sign off of control owner justify the performance of control (Sometime this may be the control deliverable)

Unavailability of control owner delay the subsequent business process or required alternate control procedure or required additional control owner.

6. Control Logic:

The Relationship between control and risk associated with business process refer as control logic.

Control logic means how control detects the business risk, how control assesses the risk aptitude and how control addressed the business risk.

Control logic helps in -

A. Testing of effective design

B. In determining of control objective

C. Control Performance

7. Control Implementation:

Control implementation means continuity of control operation. Control design should always operate to assess the business risk.

Control implementation gap can be detected by comparing the estimated control frequency with actual control frequency.

8. Control Trigger:

There are two types of control trigger:

a. Time

b. Event

If control performance is required after the passage of predetermined time period (interval) then such control trigger is time base. (e.g. Preparation of MIS, Preparation of BRS and Analysis of Open Purchase Request)

If control performance is required on the occurrence of the specified event then such control trigger is event base. (e.g. approval of sales invoice, PO, SO, Quotations)

Thanks

Please Comment in case of any ambiguity.