top of page
  • CCS

Internal Control Objectives

Updated: Dec 28, 2022

Internal control is designed, implemented, and maintained by those charged with governance and management of other personnel to address identified business and fraud risks that threaten the achievement of stated objectives, such as the reliability of financial reporting.

The auditor must understand how the entity addresses each of the five components of internal control as they relate to a financial statement audit.

These components are described in ISA 315 (Revised) paragraphs 4(c), 14-24 and A76-A117. Appendix 1 of ISA 315 (Revised) also provides further explanation of each of these components.

This understanding of internal control is required to determine control risk. The understanding is to be obtained irrespective of any decision by the auditor to test such controls as part of an audit strategy.

Note: Only internal controls relevant to the audit need to be identified, documented and assessed. A relevant control is one that addresses a risk of misstatement in the financial statements.



国际审计准则 315 (修订版)第4(c)、14-24 和 A76-A117 段对这些组成部分进行了描述。 国际审计准则 315 (修订版)附录 1 也对每个组成部分作了进一步解释。


注意:只有与审计有关的内部控制需要被识别、记录和评估。 唯有针对财务报表错报风险的控制才相关。

In short, the entity's Objective is = Prepare Financial Statements that are not materially misstated.

简单来说,实体的目标是 = 编制没有重大误报的财务报表。

Internal Control Objectives | 内部控制的目的

Internal control is management’s response to mitigate an identified risk factor or achieve a control objective.

There is a direct relationship between an entity’s objectives and the internal control it implements to ensure its achievement.

Once objectives are set, it is possible to identify and assess potential events (risks) that would prevent the achievement of the objectives.

This information allows management to develop appropriate responses, including internal control design.





Internal control objectives can be broadly grouped into four categories:

  • Strategic, high-level goals that support the entity's mission;

  • Financial reporting (internal control over financial reporting);

  • Operations (operational controls); and

  • Compliance with laws and regulations.


  • 战略性的、支持实体使命的高层使命。

  • 财务报告(财务报告的内部控制)。

  • 运营(运营控制);以及

  • 遵守法律和法规。

Internal control relevant to an audit primarily pertains to financial reporting.

This addresses the entity’s objective of preparing financial statements for external purposes.

Operational controls, such as production and staff scheduling, quality control, and employee compliance with health and safety requirements, would not normally be relevant to the audit, except where:

  • The information produced is used to develop an analytical procedure, or

  • The information is required for disclosure in the financial statements.

For example, if production statistics were used as a basis for an analytical procedure, the controls to ensure the accuracy of such data would be relevant. If non-compliance with certain laws and regulations has a direct and material effect on the financial statements, the controls for detecting and reporting such non-compliance would be relevant.




  • 产生的信息被用来制定分析程序,或

  • 该信息需要在财务报表中披露。


Internal Control Components | 内部控制组成部分

The term “internal control” used in ISA 315 (Revised) is broader than control activities such as segregation of duties, authorisations, account reconciliations, etc.

Internal control encompasses five key components:

  • The control environment;

  • The entity’s risk assessment process;

  • The information system, including the related business processes relevant to financial reporting and communication;

  • Control activities relevant to the audit; and

  • Monitoring of internal control.

国际审计准则 315(修订版)中使用的 "内部控制 "一词比职责分离、授权、账户核对等控制活动更为广泛。


  • 控制环境。

  • 实体的风险评估过程。

  • 信息系统,包括与财务报告和沟通相关的业务流程。

  • 与审计有关的控制活动;以及

  • 对内部控制的监控。

These components relate to the entity’s financial reporting objectives and are illustrated below.


The division of internal control into these five components provides a useful framework for auditors to understand the different aspects of an entity’s internal control system.

However, it should be noted that:

How the internal control system is designed and implemented will vary based on the entity’s size and complexity.

Smaller entities often use less formal means and simpler processes and procedures to achieve their objectives.

The five components of internal control may not be so distinguished; however, their underlying purposes are equally valid.

For example, an owner-manager may (and, in the absence of additional staff, should) perform functions belonging to several internal control components.