1. Distinguish between management’s and auditors’ responsibilities
regarding an entity’s internal control.
Management is responsible for establishing a control environment, assessing risks it
wished to control, specifying information and communication channels and content,
designing and implementing control activities and monitoring, supervising and
maintaining the controls. They can estimate benefits and weigh them against costs.
Sarbanes –Oxley requires management to asses and report on entity’s internal control
over financial reporting. Management also must disclose any material weaknesses in
To asses control risk auditors must evaluate existing control activities and asses the
control risk for the period under audit. In addition, specific controls related to
misstatement due to fraud must be evaluated including: control over unusual transactions,
control over period-end journal entries, control over related party transactions, controls
related to significant estimates, control related to areas where management has incentives
and pressures to manipulate financial
2. Define and describe internal control, and explain the limitations.
Internal control is the process, effected by an entity’s board of directors, management and
other personnel, designed to provide reasonable assurance regarding the achievement of
the following three categories:
Reliability of financial reporting
Effectiveness and efficiency of operations
Compliance with applicable laws and regulations.
Internal control can help prevent and detect many errors, but it cannot guarantee that they
will never happen. Human error due to judgment, fatigue, and carelessness can still
occur. Other limitations include deliberate circumvention, management override, and
3. Define and describe the five basic components of internal control,
and specify some of their characteristics.
Control Environment- factors include the integrity, ethical values, board of directors,
management ‘s philosophy and operating style, organizational structure, finance reporting
competencies, authority and responsibility, human resources. Most important feature of
the control environment is the people who make the system work. The entity’s audit
committee is a key factor in the control environment.
2. Risk assessment- Management should take steps to identify risks, estimate their
significance and likelihood, and consider hoe to manage the risks. Te following principles