 in this presentation we will take a look at principles of internal control components we're going to list out our five components of the internal controls and then we'll list out principles related to them those five components being the control environment risk assessment first a word from our sponsor well actually these are just items that we pick from the youtube shopping affiliate program but that's actually good for you because these aren't things that were just given to us from some large corporation which we don't even use in exchange for us selling them to you these are things that we actually researched purchased and use ourselves acer 27 inch monitor i've been using an acer monitor as my primary monitor for a few years now this is the first acer monitor that i have used after having used a series of different brands of monitors in the past the acer monitor has been performing well and i'm trusting the acer brand more and more as i use the monitor i have a 27 inch monitor which i think is ideal for what i do which is of course the screen recording and the editing if you would like a commercial free experience consider subscribing to our website at accounting instruction dot com or accounting instruction dot think of it dot com where we have many different courses you can purchase one at a time or have a subscription model given you access to all the courses courses which are well organized have other resources like excel files and pdf files to download and no commercials control activities information and communication and monitoring activities we're going to start off with the control environment listing the principles related to control environment first principle business shows a commitment to integrity and ethical value so we're looking at this in terms of the controls of the organization in terms of the organization as a whole that the business shows a commitment to integrity and ethical values note these things aren't always the easiest things for us to write down and communicate but you can think about how can we get a feel for that we're going to be of course talking to people inquiring about it and writing down our impressions of the control environment in terms of business shows commitment to integrity and ethical value principle number two board of directors shows independence from management and exercises oversight of the development and performance of internal control you'll recall that the board of directors are represented and voted on by the owners the shareholders so therefore they should be able to provide some oversight over management which in essence are the people that they hire in order to act as agents of the shareholders so the board of directors should show independence from management the more independence from management then the more you would think the board of directors would have good oversight over management whereas if there's less independence from management it would be a more difficult situation you would think the oversight wouldn't be as good over the performance of the management third principle management sets up with a board oversight structures reporting lines and authorities and responsibilities in the pursuit of objectives so we have the setup and the board of directors being involved in this with the structure the reporting lines we have the business hierarchy the reporting lines within it and authorities and responsibilities in the pursuit of the objectives what are the authorities and responsibilities this is going to be really important because of course people need to understand their specific roles and responsibilities it seems like a basic thing but oftentimes people don't have a good idea of what their responsibilities are things fall down you know in the middle between the responsibilities of two individuals possibly and we don't know exactly who to hold accountable because it was never well defined in the first place principle for business shows a commitment to attract develop and retain competent employees in alignment with objectives so we're looking at the types of employees that are being brought into the organization and we might also consider the overturn of employees are they bringing up the employees that seem to be performing well the best top performance of the employee of the organization are they basically retaining employees that are well performing employees is there a high turnover of employees of employees and what's going to be basically the feeling of employees which can be indicated in whether there's a high turnover or not or whether they're basically able to develop employees within the organization number five business holds individuals accountable for their internal control responsibilities in the pursuit of objectives this of course lines out with first determining what the responsibilities are for different individuals and then determining whether or not the individuals have followed through with their responsibilities and the people that aren't following through we know who to hold accountable and we want to be able to see that the people responsible for for certain conditions or first certain objectives are the ones being held accountable if those objectives are not met next we'll take a look at risk uh risk assessment principles or principles related to risk assessments principle number one business specifies objectives with enough clarity to enable the identification and assessment of risks related to objectives so when we're thinking about the risks we need to know exactly what the objectives are so that that's going to help us to identify what the risks are we need to be clear about that the more clear we are about that the more clearly we can basically assess what those risks are and take action with regards to them principle number two business identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks are to be managed once we understand what the risks are we want to see them across the organization and then we can come up with a plan of course to see how we want to deal with those risks how can we mitigate those risks principle three business considers the potential for fraud in assessing risks to the achievement of objectives so we want to consider fraud and we'll talk a little bit more about the fraud factors that can be put together what's going to increase the likelihood of fraud we want to basically set up an environment within the organization to lessen the likelihood of fraud as part of the components of our internal control so first we have to say what are the risks of fraud some of those risks are going to be things that we can apply to any type of organization some might be specific to the type of organization that we are in we want to see where the fraud risks are highest and put in policies and principles in order to mitigate them principle number four business entities and assesses changes that could significantly impact the system of internal controls so we're going to identify and assess any changes anytime we have a significant change we should have in our mind what is the internal control what are going to be the risks related to any significant changes and we should basically map out what are going to be the risks related to the significant change make adjustments as necessary based on those changes and those adjusted risks next we'll take a look at the principles related to control activities principle number one principle selects and develops control activities that contribute to the mitigation of risks to achievement of objectives to acceptable levels so now we're on basically the ground floor we're talking about the control activities the actual implementation and development and implementation of those control activities that are going to be put in place in order to contribute to the mitigation the lessening of the risks to the achievement of objectives to acceptable levels we're going to be thinking about things then including performance reviews as our control activities physical controls as our perform as our control activities the segregation of duties this probably being the one that you want to think about first when you think about internal controls in general one of the first thing that probably comes into mind should be the segregation of duties you probably think of things like performance review or people when they first think about internal controls are probably thinking about some type of performance reviews when considering audit and setting up the audit procedures and someone asks you about internal controls the first thing that should come in your mind is really the separation of duties as one of the major functions and factions or areas of internal controls then we have the information processing controls principle number two business selects and develops general control activities over technology to support the achievement of objectives so once we have these set up once we have the control activities we will set them up and we're probably going to need technology in order to do this we're going to have some type of database program as part of our internal controls oftentimes we're going to have that's going to allow us to do things like the separation of duties like having the performance reviews through the interaction and the setting up of that database and of course we need it professionals to help us with that that part of it so we set up the internal controls work with it then to help us to implement those by restricting or manipulating the database to get certain restrictions and assignments to different individuals principle number three business sets up control activities through policies that establish what is expected and procedures that put policies into play so obviously once we implement this information we're going to actually put in the play the policies and the procedures as we as we set the set thing up so we're imagining of course we set up the controls now we're in the pot in the part of the control system where we have to actually implement and put those controls into place which involves setting up the policies and procedures and implementing those policies and procedures next we have information and communication principle principle number one business obtains makes and uses relevant quality information to support the functioning of internal controls this could include identify and record valid transactions classify transactions correctly measure the value of transactions correctly record transactions in the correct period correctly present a transaction and disclosures principle number two business communicates information internally communication includes objectives and responsibilities for internal controls needed to support the functioning of the internal control obviously when we set up the internal controls we then need to have the good communication in order for people to understand those internal controls in terms of what is expected of them as well as what the reason is to some degree because that'll give them some incentive to follow through and make sure that they are implementing the internal controls and possibly the feeling of well-being and self-worth as they go through the internal controls some processes which can seem like they're going to be something that's not contributing to the performance but actually is when you think about it out on the bigger picture level so principle number three business communications with external parties regarding issues affecting the functioning of internal controls next we're going to take a look at monitoring activities principles related to it principle number one business selects develops and performs ongoing and or separate evaluations to determine whether the components of internal controls are installed and functioning so you'll of course we're thinking about the internal controls here in terms of what are the risks we come up with a plan for internal controls we then implement that plan with the control activities we communicate that information and then of course we monitor that information to see if this the internal control processes are set up well if they're implemented well if they're doing what we would expect them to do principle number two business evaluates and communicates internal control problems in a timely manner to parties responsible for taking corrective action there's problems in certain internal controls in terms of either the way the internal control is set up not well designed or in the way it's being implemented not being implemented or followed through with then we go to the appropriate level of management and discuss the the implementation and or design at that at that point parties include senior management and the board of directors as appropriate obviously if it's if it's to the point where we can discuss this with senior management and and take care of it then that would be it if it's something that's going to be a serious flaw in the internal controls and have substantial risk then of course we would want to include the board of directors as well audit risk model you'll recall that the audit risk model represents in a formula type format audit risk equals the inherent risk the inherent risk within basically inherent in the organization or type of business that we're in line with the control risk control risk what we are talking about now and then we have the detection risk this is the auditors basically whether the audit will pick up pick up any problems within the auditing process these two recall are kind of on the business side of things what industry they're in what's inherently risky about the business ventures that they are in that's their decision to be in that business and take on those inherent risks the control risk is what they are designing in their bureaucratic system as they set up their their business model that of course is the is the component that we're focusing on here when we consider the overall audit risk model