Evaluating Internal ControlsWhile it is important to have internal control system, the controls will be ineffective if they are not evaluating regularly.  All of the procedures and policies in the world mean very little if no one is held accountable.  By evaluating internal controls, a company can reduce its risk of fraud schemes and reduce innocent errors that might, otherwise, go unnoticed.  Appendix A is a checklist for evaluating internal controls.  The phases  for evaluating internal controls are “(1) understanding a client’s financial reporting controls and documenting that understanding, (2) preliminarily assessing the control risk, and (3) testing the controls, reassessing control risk, and using that assessment to plan the remainder of the audit work” (Louwers, Ramsay, Sinason, & Strawser, 2007, p. 161).  The following is a detailed explanation of the phases of control evaluation.Phase OneThe first step to evaluating internal control is to understand what internal controls are in place and how they are documented.  Once the internal controls are understood, the auditor can create a checklist for evaluating the controls to help ease the testing completed in phase three.  It is important to review all controls during phase one so that the control risk can be assessed based on the current procedures accurately in phase two.  When evaluating controls, phase two and three build on the information gathered in phase one so it is important to be accurate and thorough in this phase of evaluation.Phase TwoIn the second phase, the preliminary control risk is assessed.  This gives a point to measure the results from the testing conducted in phase three against.  Phase two adds value to the overall process.  The control risk assessment in this phase will be the best case scenario because it isbased on what is supposed to be occurring for internal control.  Testing will validate whether controls that are in place are effective and being followed.  Without phase two, the assessment in phase three would not have as much value.Phase ThreeIn phase three testing occurs.  A checklist for evaluating internal control is created based on the information gathered in phase one.  Appendix A is an example of a checklist for evaluating internal controls.  It is important to realize that different companies will have different controls. A standard checklist would not yield the best results and may not provide opportunity to evaluateevery control in place.  It is important to have key areas for review.  Finally, the checklist will give an easy way of measuring the control risk present against the assessed control risk from phase two.ConclusionEvaluating control risk and internal controls is a process.  By following the phases of evaluating control, the results can be relevant to the company and give value by comparing the control policies with actual results.  By creating a checklist, an auditor can be more confident that internal controls are verified thoroughly.  Every company will be different and should be reviewed based on the information discoveredin phase one and not just by utilizing a generic list of controls.Appendix AChecklist for Evaluating Internal ControlsCash 1. Cash drawer audits are conducted randomly once per quarter 2. Complete monthly bank account reconciliations – balances verified on statement and generalledger 3. Cash receipts are verified by two employees – signature on original documents 4. Check signers do not have access to check stock or check issuing functions – location and access verifiedAccounts Receivables 1. Receivables clerk does not have access to checks – access verified 2. AR statements are printed and mailed by office manager or controller – question process 3. Checks are only signed by authorized signers – verify sampling of checks 4. Any checks cashed have signatures verified – verify all checks cashed during one month 5. Credits for vendors reference original sales invoice – verify a sampling of credits against original sales invoiceInventory 1. Key items are physically verified monthly – review inventory for appropriate signatures and reports to match inventory 2. Any manual adjustments are signed off by controller and department manager daily – verify adjustment reports are available and have appropriate signatures 3. Damaged product is logged and returned items are tracked – verify log, check sampling of tracking numbers. 4. Physical inventory is conducted annual by outside service – review physical inventory reportsAccounts Payables 1. Payments are made by statement balance– verify sampling of AP checks to statements. 2. Any checks payable to parties other than vendors are approved by two managers – verify misc. non-vendor checks for approval signatures 3. All checks over $40,000 require two signatures – Verify all checks greater than $40,000 4. Every invoices is approved by appropriate department manager – verify sampling of invoicesfor each department 5. Purchase order references sales order number – verify sampling of purchase ordersPayroll 1. Change reports is reviewed by controller for each payroll – verify all change reports have signature of controller 2. Paychecks are distributed by controller once per pay period – question procedure 3. All pay increases have written authorization – verify any increases on change report have appropriate documentation 4. Hours paid match time cards – verify a sampling of timecards to payroll reportsIT 1. Employees have passwords for programs that are changed every 90 days – verify system setup requiring password change 2. Web access is restricted by job title – review internet reports and access restrictions 3. Functions for accounting are limited per job function – verify access in system by title 4. All terminations are reported to IT department immediately for removal of access – verify date access removed to actual termination documents.ReferenceLouwers, T., Ramsay, R., Sinason, D., & Strawser, J. (2007). Auditing & assurance services: A look beneath the surface. (2nd ed.). New York: McGraw Hill