The internal control system will consist of manual and automated controls for most entities.
The risks and benefits associated with the different types of control are outlined below.
Benefits | 优点
Used to monitor the effectiveness of automated controls.
Suited to areas where judgment and discretion are required over large, unusual, or non-recurring transactions.
Beneficial when errors are difficult to define, anticipate, or predict.
Changing circumstances may require a control response outside the scope of an existing automated control.
Consistently apply predefined business rules and perform complex calculations in processing large volumes of transactions or data.
Enhance the timeliness, availability, and accuracy of information.
Facilitate the additional analysis of information.
Enhance the ability to monitor the performance of the entity’s activities and its policies and procedures.
Reduce the risk that internal control will be circumvented.
Enhance the ability to effectively segregate duties by implementing appropriate system access restrictions in applications, databases, and operating systems.
Risks | 风险
Less reliable than automated controls, as performed by people.
More easily bypassed, ignored, or overridden.
Prone to simple errors and mistakes.
Consistency of application cannot be assumed.
Less suitable for high volume or recurring transactions where automated controls would be more efficient.
Less suitable for activities where specific ways to perform the control can be adequately designed and automated.
Reliance can be placed on systems or programs that are inaccurately processing data, processing inaccurate data, or both.
Unauthorised access to data may destroy data or make improper changes to data, including the recording of unauthorised or non-existent transactions or inaccurate recording of transactions (particular risks may arise where multiple users access a common database).
IT personnel may gain access privileges beyond those necessary to perform their assigned duties, thereby breaking down the segregation of duties.
Unauthorised changes to data in master files.
Unauthorised changes to systems or programs.
Failure to make necessary changes to systems or programs.
Inappropriate manual intervention.
Potential loss of data or inability to access data as required.
When the entity has a mix of manual and automated controls, always identify who is responsible for the operation of each control.
For example, suppose a warehouse manager is responsible for shipping goods.
The warehouse manager manually inputs the data into a sales system with application control to match the shipment to the original order.
If something goes wrong in the matching process, is it the responsibility of the warehouse manager, the IT department, or the accounting department?
Unless one person is assigned responsibility for the entire process, people will inevitably blame each other when errors are made.
Where responsibility has not been assigned, consider:
The likelihood and magnitude of potential misstatements that could occur in the financial statements;
The appropriate audit response; and
Whether the matter should be reported to management
Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.
Keep in touch with us so that you can receive timely updates |