top of page
  • CCS

Internal Control Objectives

Updated: Dec 28, 2022


Internal control is designed, implemented, and maintained by those charged with governance and management of other personnel to address identified business and fraud risks that threaten the achievement of stated objectives, such as the reliability of financial reporting.


The auditor must understand how the entity addresses each of the five components of internal control as they relate to a financial statement audit.


These components are described in ISA 315 (Revised) paragraphs 4(c), 14-24 and A76-A117. Appendix 1 of ISA 315 (Revised) also provides further explanation of each of these components.


This understanding of internal control is required to determine control risk. The understanding is to be obtained irrespective of any decision by the auditor to test such controls as part of an audit strategy.


Note: Only internal controls relevant to the audit need to be identified, documented and assessed. A relevant control is one that addresses a risk of misstatement in the financial statements.

内部控制是由负责治理的人员和其他人员的管理部门设计、实施和维护的,以解决已确定的威胁到实现既定目标的业务和欺诈风险,如财务报告的可靠性等。


审计师必须了解该实体如何处理与财务报表审计有关的内部控制的五个组成部分中的每一个。


国际审计准则 315 (修订版)第4(c)、14-24 和 A76-A117 段对这些组成部分进行了描述。 国际审计准则 315 (修订版)附录 1 也对每个组成部分作了进一步解释。


对内部控制的这种理解是确定控制风险所必需的。无论审计师是否决定作为审计策略的一部分测试这些控制,都应获得这种理解。


注意:只有与审计有关的内部控制需要被识别、记录和评估。 唯有针对财务报表错报风险的控制才相关。


In short, the entity's Objective is = Prepare Financial Statements that are not materially misstated.


简单来说,实体的目标是 = 编制没有重大误报的财务报表。

Internal Control Objectives | 内部控制的目的

Internal control is management’s response to mitigate an identified risk factor or achieve a control objective.


There is a direct relationship between an entity’s objectives and the internal control it implements to ensure its achievement.


Once objectives are set, it is possible to identify and assess potential events (risks) that would prevent the achievement of the objectives.

This information allows management to develop appropriate responses, including internal control design.


内部控制是管理层为减轻已确定的风险因素或实现控制目的而采取的对策。


一个实体的目的和它为确保实现有关目的而实施的内部控制之间存在着直接的关系。


一旦确定了目的,就有可能识别和评估会阻止目的实现的潜在事件(风险)。


根据这些信息,管理层可以制定适当的对策,包括内部控制设计。


Internal control objectives can be broadly grouped into four categories:

  • Strategic, high-level goals that support the entity's mission;

  • Financial reporting (internal control over financial reporting);

  • Operations (operational controls); and

  • Compliance with laws and regulations.

内部控制目标可大致分为四类:

  • 战略性的、支持实体使命的高层使命。

  • 财务报告(财务报告的内部控制)。

  • 运营(运营控制);以及

  • 遵守法律和法规。

Internal control relevant to an audit primarily pertains to financial reporting.


This addresses the entity’s objective of preparing financial statements for external purposes.


Operational controls, such as production and staff scheduling, quality control, and employee compliance with health and safety requirements, would not normally be relevant to the audit, except where:

  • The information produced is used to develop an analytical procedure, or

  • The information is required for disclosure in the financial statements.

For example, if production statistics were used as a basis for an analytical procedure, the controls to ensure the accuracy of such data would be relevant. If non-compliance with certain laws and regulations has a direct and material effect on the financial statements, the controls for detecting and reporting such non-compliance would be relevant.

与审计有关的内部控制主要与财务报告有关。


这解决了主体为外部目的编制财务报表的目标。


运营控制,如生产和员工调度、质量控制以及员工对健康和安全要求的遵守,通常不会与审计有关,除非在以下情况下:

  • 产生的信息被用来制定分析程序,或

  • 该信息需要在财务报表中披露。

例如,如果生产统计数据被用作分析程序的基础,确保这些数据准确性的控制措施将是相关的。如果不遵守某些法律和法规对财务报表有直接和重大的影响,发现和报告这种不遵守情况的控制措施将是相关的。

Internal Control Components | 内部控制组成部分

The term “internal control” used in ISA 315 (Revised) is broader than control activities such as segregation of duties, authorisations, account reconciliations, etc.


Internal control encompasses five key components:

  • The control environment;

  • The entity’s risk assessment process;

  • The information system, including the related business processes relevant to financial reporting and communication;

  • Control activities relevant to the audit; and

  • Monitoring of internal control.

国际审计准则 315(修订版)中使用的 "内部控制 "一词比职责分离、授权、账户核对等控制活动更为广泛。


内部控制包括五个关键部分:-

  • 控制环境。

  • 实体的风险评估过程。

  • 信息系统,包括与财务报告和沟通相关的业务流程。

  • 与审计有关的控制活动;以及

  • 对内部控制的监控。


These components relate to the entity’s financial reporting objectives and are illustrated below.


这些组成部分与实体的财务报告目标有关,说明如下。


The division of internal control into these five components provides a useful framework for auditors to understand the different aspects of an entity’s internal control system.


However, it should be noted that:

How the internal control system is designed and implemented will vary based on the entity’s size and complexity.


Smaller entities often use less formal means and simpler processes and procedures to achieve their objectives.


The five components of internal control may not be so distinguished; however, their underlying purposes are equally valid.


For example, an owner-manager may (and, in the absence of additional staff, should) perform functions belonging to several internal control components.