Last time, I explained each of the inherent risks, control risks, and discovery risks that make up audit risk.
Accounting Plus: Understanding audit risk is the key to reducing audit costs!
Current audits are conducted by a risk-focused risk approach, and companies can keep audit costs low by lowering control risk.
This time, I would like to explain this point in a little more detail.
table of contents
- What is the key to lowering audit costs and control risk?
- Internal control isn’t just for auditing!
- Audits focus on the components of internal control
- What is the “control environment” that forms the basis of internal control?
- The key to internal control What is “control activity”?
What is the key to lowering audit costs and control risk?
Control risk was the possibility that material misstatements could not be prevented by the company’s internal controls. In other words, if appropriate internal control is in place and operated, control risk can be kept low.
And this control risk is the key to keeping audit costs low for companies.
As companies grow in size, become global, and trade in volume and complexity, auditors are forced to rely on the company’s internal controls to audit.
For items for which internal control is functioning effectively, the control risk is considered low, and the auditor’s audit procedure can be simplified.
On the other hand, items for which internal control is not functioning effectively are audited intensively, resulting in an increase in audit costs.
Recently, the internal control of listed companies has not been functioning effectively, and cases of fraudulent accounting have been covered in the news, so let’s learn what internal control is. ..
Internal control isn’t just for auditing!
Internal control basically refers to the processes that are incorporated into the business to achieve the following four purposes.
- Effectiveness and efficiency of business
- Confidence in financial reporting
- Compliance with laws and regulations related to business activities
- Asset conservation
The purpose directly related to auditing is the second “credibility of financial reporting”. Achieving proper financial reporting is one of the goals of internal control.
But keep in mind that internal control has other purposes as well.
The first purpose is to improve the effectiveness and efficiency of business by establishing procedures for achieving business objectives as internal control, comply with laws and regulations, and unfair company property. It is also stated in the second and fourth purposes that it will not be used, disposed of, or stolen.
In other words, internal control is not only for audit-related financial reporting, but also for enabling, streamlining, complying with laws and regulations, and protecting assets.
Therefore, internal control does not have to be tightened for proper financial reporting. It is necessary to develop and operate the optimal internal control for the company in consideration of other purposes (especially business efficiency).
Audits focus on the components of internal control
As mentioned earlier, internal control is not just for the reliability of financial reporting.
However, as audits focus on whether the company’s situation is properly represented in the financial statements, the question in audits is whether internal controls achieve the objective of financial reporting reliability.
The auditor first breaks down the company’s internal controls into the following components and evaluates them.
- Control environment
- Risk assessment and response
- Control activities
- Information and communication
- Support for IT
Then, the control risk is determined from the evaluation results of each component, and the audit procedure is carried out accordingly.
Therefore, all the components of internal control are important, but in this article, we will explain the control environment and control activities.
What is the “control environment” that forms the basis of internal control?
The controlled environment refers to corporate integrity and ethics, management intentions and attitudes, management policies, and corporate practices. In other words, it can be said to be a factor that determines the corporate mood.
The controlled environment negatively and positively affects the consciousness of people working in a company and is the basis of internal control. No matter how well the other internal control elements are in place, it cannot be expected that internal control will operate properly if the control environment is sparse.
The auditor evaluates the control environment by conducting interviews with management and investigating whether the board of directors and the board of auditors are appropriately monitoring.
The key to internal control What is “control activity”?
Control activities are policies and procedures for the proper execution of management’s instructions and orders.
In order for management’s instructions to be carried out properly, the right person must be given the right authority and responsibilities, and the duties must be divided.
For example, what if the person in charge of small cash can take out the cash stored in the safe and even record it? The person in charge of small cash can take out the cash in the safe without anyone knowing it, and can match the cash on the books.
Therefore, in order to withdraw cash from the safe, the approval of the manager is required, and it is necessary for someone other than the person in charge of small cash to book the book. Internal control is often based on this division of duties and mutual checks.
In order to reduce the risk of fraud and error, it is important to clarify the authority and responsibilities of each person in charge and build a system to appropriately share duties among multiple people. If we can reduce control risk in this way, we can reduce audit costs.
This time, we reconfirmed the purpose of internal control. Internal control is often talked about in the topic of auditing, but did you understand that it is actually useful not only for auditing, but also for improving corporate efficiency and preserving assets?
He also explained the control environment and control activities, which are the main components of internal control. When it comes to the appropriateness of internal control, people tend to focus only on the division of duties, but in reality, you can see that the control environment, which can be said to be the basis for determining the corporate mood, is also important.
We hope that you will reduce control risk and control audit costs by appropriately developing the control environment and control activities that form the core of internal control.