Evaluating Internal Controls While it is important to have internal control system the controls will be ineffective if they are not evaluating regularly All of the procedures and policies in the world mean very little if no one is held accountable By evaluating internal controls a company can reduce its risk of fraud schemes and reduce innocent errors that might otherwise go unnoticed Appendix A is a checklist for evaluating internal controls The phases for evaluating internal controls are 1 understanding a client s financial reporting controls and documenting that understanding 2 preliminarily assessing the control risk and 3 testing the controls reassessing control risk and using that assessment to plan the remainder of the audit work Louwers Ramsay Sinason Strawser 2007 p 161 The following is a detailed explanation of the phases of control evaluation Phase One The first step to evaluating internal control is to understand what internal controls are in place and how they are documented Once the internal controls are understood the auditor can create a checklist for evaluating the controls to help ease the testing completed in phase three It is important to review all controls during phase one so that the control risk can be assessed based on the current procedures accurately in phase two When evaluating controls phase two and three build on the information gathered in phase one so it is important to be accurate and thorough in this phase of evaluation Phase Two In the second phase the preliminary control risk is assessed This gives a point to measure the results from the testing conducted in phase three against Phase two adds value to the overall process The control risk assessment in this phase will be the best case scenario because it is based on what is supposed to be occurring for internal control Testing will validate whether controls that are in place are effective and being followed Without phase two the assessment in phase three would not have as much value Phase Three In phase three testing occurs A checklist for evaluating internal control is created based on the information gathered in phase one Appendix A is an example of a checklist for evaluating internal controls It is important to realize that different companies will have different controls A standard checklist would not yield the best results and may not provide opportunity to evaluate every control in place It is important to have key areas for review Finally the checklist will give an easy way of measuring the control risk present against the assessed control risk from phase two Conclusion Evaluating control risk and internal controls is a process By following the phases of evaluating control the results can be relevant to the company and give value by comparing the control policies with actual results By creating a checklist an auditor can be more confident that internal controls are verified thoroughly Every company will be different and should be reviewed based on the information discovered in phase one and not just by utilizing a generic list of controls Appendix A Cash Checklist for Evaluating Internal Controls 1 Cash drawer audits are conducted randomly once per quarter 2 Complete monthly bank account reconciliations balances verified on statement and general 3 Cash receipts are verified by two employees signature on original documents 4 Check signers do not have access to check stock or check issuing functions location and ledger access verified Accounts Receivables 1 Receivables clerk does not have access to checks access verified 2 AR statements are printed and mailed by office manager or controller question process 3 Checks are only signed by authorized signers verify sampling of checks 4 Any checks cashed have signatures verified verify all checks cashed during one month 5 Credits for vendors reference original sales invoice verify a sampling of credits against original sales invoice Inventory reports to match inventory 1 Key items are physically verified monthly review inventory for appropriate signatures and 2 Any manual adjustments are signed off by controller and department manager daily verify adjustment reports are available and have appropriate signatures 3 Damaged product is logged and returned items are tracked verify log check sampling of 4 Physical inventory is conducted annual by outside service review physical inventory tracking numbers reports Accounts Payables 1 Payments are made by statement balance verify sampling of AP checks to statements 2 Any checks payable to parties other than vendors are approved by two managers verify misc non vendor checks for approval signatures 3 All checks over 40 000 require two signatures Verify all checks greater than 40 000 4 Every invoices is approved by appropriate department manager verify sampling of invoices 5 Purchase order references sales order number verify sampling of purchase orders 1 Change reports is reviewed by controller for each payroll verify all change reports have 2 Paychecks are distributed by controller once per pay period question procedure 3 All pay increases have written authorization verify any increases on change report have 4 Hours paid match time cards verify a sampling of timecards to payroll reports for each department Payroll signature of controller appropriate documentation IT setup requiring password change 1 Employees have passwords for programs that are changed every 90 days verify system 2 Web access is restricted by job title review internet reports and access restrictions 3 Functions for accounting are limited per job function verify access in system by title 4 All terminations are reported to IT department immediately for removal of access verify date access removed to actual termination documents Reference Louwers T Ramsay R Sinason D Strawser J 2007 Auditing assurance services A look beneath the surface 2nd ed New York McGraw Hill Irwin