(12)What are the components of Internal Control?
Answer: The five components of Internal Control (as per SA 315) are as follow:
- The control environment includes set of standards, processes and structures for effective internal control across the organization.
(2)Control Activities:
- Control activities are the actions established through policies and procedures for the achievement of management objectives.
- Control activities include authorizations and approvals, verifications, reconciliations and business performance reviews.
- Segregation of duties (SOD) is a control activity intended to reduce opportunities for error or fraud.
- General control includes controls over IT Infrastructure, IT Management and other IT processes.
- Application controls are designed to ensure completeness, accuracy and validity of transaction processing.
(3)Control
Monitoring:
- Ongoing evaluation or separate evaluation is used to ensure that components of internal controls are present and functioning.
- Ongoing evaluations help to capture timely information. Scope & frequency of Separate evaluations depends on assessment of risks, effectiveness of ongoing evaluations, and other management considerations.
(4)Risk
Assessment:
- Risk assessment involves a dynamic and iterative process for identifying and assessing risks.
- Risk assessment forms the basis for determining how risks will be managed.Risk assessment also requires management to consider the impact of possible changes (internal as well as external) that may render internal control ineffective.
(5)Information
& Communication:
- Communication is iterative process of sharing of necessary information.
- The organization communicates relevant information in a timely manner that enables people to carry out their responsibilities.
- Effective communication flows down, across and up the organization