 and welcome to the session in which we will discuss an important topic in an auditing course or the CPA exam and that's internal control. So we need to know what is internal control and specifically in this session we're gonna focus on the purpose of the internal control. Now why do we need to learn about internal control especially in an audit course? Well the least thing is we need to learn about it in order to understand the audit risk model which is audit risk times control risk times inherent risk. So CR the control risk and the audit risk model is based on the internal control of the company. So it's very important to understand what is internal control. Now also as auditors you're gonna see later we need to learn we need to understand the internal control. We may or may not rely on the internal control so it's very important to understand what is internal control and what's the purpose because every time you see this word you don't want to go back and try to think of the meaning of it you want to understand it inside out. So let's go ahead and get started by defining what is internal control and what's the purpose of internal control. Before we proceed any further I have a public announcement about my company farhatlectures.com. Farhat accounting lectures is a supplemental educational tool that's gonna help you with your CPA exam preparation as well as your accounting courses. My CPA material is aligned with your CPA review course such as Becker, Roger, Wiley, Gleam, Miles. My accounting courses are aligned with your accounting courses broken down by chapter and topics. My resources consist of lectures, multiple choice questions, true-false questions as well as exercises. Go ahead start your free trial today. Internal control are simply policies, processes and procedures. Basically things that you follow, policies. You can do this, you're not supposed to do that. In order to make a sale here are the processes and the procedures. In order to perform a return here are the policies and the procedures. Well you cannot go into the building after a certain amount of time. You cannot access this database. You cannot access the inventory. So on and so forth. Policies and procedures. For what purpose? If these are if internal controls are policies and procedures what is the purpose? Because without a purpose those policies and procedures are not that useful. The policies and procedures they are designed to achieve the following four objectives. One, reliability of financial reporting. Simply put the quality of the financial reporting. How good is your financial numbers, your balance sheet, your cash flow, your income statement, all the account balances that are sitting on your balance sheet, all the transaction that you reported. How well are they? How good are they? Are they reliable? Two, efficiency and effectiveness of operation. How well you are running your operation? Is it running efficiency and in an effective way? Three, compliance withdrawal, laws and regulations. Specially the one that are materially affecting number one which is reliability of financial reporting. And notice in number one I have it in a different color because I want to emphasize the point that as auditors as auditors we are primary our primary concern is reliability of financial reporting. That does not mean we totally ignore how well the company is being run or how effective it's being run. It may tell us something about the reliability of financial reporting but our main purpose is financial reporting. Same thing when we look at compliances with laws and regulations we are seeing how these compliances also influence financial reporting. And the fourth objective of financial of internal control is safeguarding of assets. Simply put I would like to compare the internal control to this fort that's here in front of you in this picture. I'm going to explain what's the fort. What does the fort represent? The fort itself represent internal control. This fort, this protection system inside of it lives your accounting information system. So your accounting information system is residing inside of this fort. Inside this fort also reside your assets and those assets could be physical assets such as cash inventory, other assets as well as intangible assets. That's fine. So the internal control is trying to make sure your accounting information system which produces your financial reporting is producing good information. So when bad information, bad info try to go in the internal control will try to block it. It does not allow poor or incorrect or misleading financial information goes into your accounting information system. Those walls are the internal control. Now we have a lot to talk about what are these walls and specifically later we're going to see that these walls are composed of five different components and we'll talk about each component separately. And what's the purpose of each component? I'm just giving you the big picture. So that's the purpose of internal control. Making sure the employees inside this fort, the employees are following laws and regulation and making sure we are safeguarding whatever assets we have inside, we are safeguarding those assets. So that's the purpose of internal control. Starting with the reliability of financial reporting. What do we mean by reliability of financial reporting? As I told you, this is the number one concern for the auditors when it comes to internal control. It's the assurance that the financial statements cashflow balance sheet income statement provide a true and a fair view of the organization's financial position crucial for stockholders. So we want to make sure when we report the information that information is represent the true and fair pictures of us to the stakeholders, not stockholders, stakeholders and stakeholders would involve shareholders such as investors, creditors, regulators, the general public. We want to make sure that our system, this fort is protecting our accounting information system integrity to make so they can make informed decisions. Now, how to achieve this? In this session, I'm going to talk in general, but we're going to talk about control activities in particular. But how to achieve this, we want to make sure the information we provide is accurate. Those are very general statement. In other words, information and financial statements should be free from materialness statements and errors. How can we make sure that's the case? With, for example, we double check the information, we have inputs to make sure there are no errors in the or material errors in the financial statement, we have certain inputs completeness, we want to make sure we are reporting all relevant information for that period, wherever that period is a monthly quarterly or relevant financial information is disclosed to present a comprehensive, a full picture of the organization, financial possession or financial situation. Again, to make sure to making sure completeness is achieved, there are certain steps we would learn about later. Neutrality. We don't favor one group of users over the others. For example, we don't favor investors to creditors. We don't favor those financial reporting should be free from bias or any attempt to manipulate information and to favor certain interests. So for example, investors are interested in show and in and showing them high profit. We don't want our financial information system to produce reports that are biased toward profit. Creditors are interested more in our cash position and our cash ability generation can we generate cash so they so we can pay them interest. So we don't want the information we provide to favor any group transparency. Disclosure should be clear, comprehensive and understandable. Anything that we need to disclose about the company in addition to the numbers should be understandable. People can read it, can understand it, providing sufficient information for the users to make informed decision. So this is part of what is reliable financial reporting. Consistency is important. Basically accounting policies and practices should be applied consistently so users can can compare the information from period to period. Again, those are very general general objectives. We're going to see later there are specific control activities that would help achieve each of these objectives. The second objective is promote efficiency and effectiveness of operation. Again, this is a secondary concern to the user to the auditor. And basically what's efficiency internal control can help organization achieve its goal using the least amount of resources possible being efficient means you are using the least amount of resources while achieving the same objective. It means reducing waste process to reduce waste prevent errors because when you have errors you have to repeat your reason your resources save time time is money. For example, automation of certain processes such as data entry invoicing and reconciliation can reduce manual errors and save employee time. That's improving efficiency. Once again, the auditor is not going to judge the company's efficiency. They are going to look at it and if it's relevant to the financial reporting, they might look at it a little bit further effectiveness. Well, effectiveness, can you achieve your goal refer to the ability of the organization to meet its objective. Now internal control can help ensure the business operation are effective in other words reaching their objective whatever the intended result the company is achieving. Now effectiveness and efficiency are typically measured. Now how do we measure this? How does the company measure this through performance matrixes like revenue, cost, control, profitability as well as non financial matrixes such as customer satisfaction, market share and operational quality. This is how you measure your efficiency and effectiveness. Again, the auditor would look at this. But how does it relate to financial reporting? That's all what we care about. The third objective of internal control is compliance with laws and regulations. This is making sure that when the business operate, it's operating within the legal framework in which they operate. Why do we want to do this? We want to minimize being sued. We want to minimize any penalties or fines by regulators. And the most important is we don't want to damage the most important asset is our reputation. So internal control mechanism focuses on compliance can take many forms and their precise nature will depend on the company's industry depending on which industry you're operating. You're going to have different compliance with different laws and regulation. If you're operating in the banking industry, you have different laws and regulation. If you are operating in manufacturing industry, you'll have different sets of laws and regulation. Also on which countries you operate will make a difference and specific laws and regulation you must adhere to depending on your location and your industry. Now, what can the company do to adhere to compliance with laws and regulation? They can provide training to their employees, education. They could have a monitoring system making sure employees you train them, you want to make sure they are adhering report and mechanism, you know, help the employees report any violation quickly. You might have either compliance officer or compliance department to do what to making sure we are complying with rules and regulation. The fourth and last objective of financial of internal control is safeguarding of asset. Simply put, procedures to do what to prevent theft, fraud, misuse or damage the company's asset. Here we can have many examples and now assets would include, as I mentioned earlier, cash, inventory, equipment, property, any asset, computers, furniture, but also intangible assets such as intellectual property, trade secrets and company reputation. And sometimes intangible assets are more important than intangible asset. So what could be some steps that the company can undertake to make sure their assets being safeguarded? Well, one thing I show you right here, a security camera monitoring. Well, we call this physical controls. This involves physical security measures to protect tangible asset, security cameras, security people, fences, locks on the door. Okay. For example, cash may be stored in a safe and warehouses may have security cameras or guards for valuable equipment. Access might be restricted by authorized personnel. So those are some example of physical control. We could have what's called authorization control. What does that mean? It means certain transaction that affect the company's asset should require approval from a higher level of management or from multiple individual. This way, we don't give the approval to one party. So large purchases, for example, might need the approval of senior manager before we finalize the transaction. Why we want someone else to have authority to authorize it. Other examples will be inventory controls. For example, if you have inventory, especially retailers, regular inventory count and reconciliation can help ensure that the recorded inventory matches the physical inventory, thereby identifying theft and loss in a timely manner and taking protective as well as corrective actions. Document control include timely and accurate recording of transaction and proper document retention. And this is important because document control is the evidence, is the evidence behind the accounting information system. You want to make sure you have a record of your document. All sales transactions should be promptly recorded and the invoices should be kept for a specific period of time for future reference or for audit. Access control. Now for digital asset, access controls are crucial. We're going to have one or two recording later on, specifically about digital or IT security control. This includes things like password, the most basic IT security access control, two factor authentication. For example, you have the password, you put the password, then you would wait for your cell phone to send you a code, then you will input the code as well with the password. Limiting access to sensitive information to only those who need it. And this is one of the critical part of access control. Also network and system security measures are important to provide cyber theft and damage. Again, we're going to have few lessons about IT controls in general. Auditing is a form of safeguarding asset. Regular, whether it's internal auditing or internal, they can help identify deficiencies in the asset protection controls and suggest way to improve them. So you can audit your safeguards, send send people, try to send people who work for you, for example, in another department or hire an outside agency to see if they can, if they can come in and steal, quote, literally steal any asset to test your internal control for safeguarding asset. Audit also can act as a deterrent for internal fraud. If employees know they are being audited on regular basis, that's going to deter them. Also, another form of safeguarding of asset is insurance. It's not strictly an internal control, but insurance can be considered part of the company's overall strategy. So one thing is you don't have insurance, you have a lousy internal control because insurance coverage can provide financial compensation. It's basically a form of risk management if asset are lost, stolen or damaged. Now let's take a look at this multiple choice questions that you can find a lot, a lot of more at Farhat Lectures. And this is what you should do. You should go to Farhat Lectures, work MCQs, true, false, additional resources. A system of internal control is designed to ensure that all the following would be achieved except. So internal control would achieve all the following except what? A, the company's personnel compliance with applicable rules and regulation is this part of the internal control and the answer is yes. So this is not the answer. It's correct. It will it will achieve that or will try to achieve that. B, all instances of fraud will be detected. Now this looks like all instances of fraud. Well, if that's the case, then fraud will be eliminated. I would say this is a good candidate or I'm going to wait because of the especially the word all. That's not good. Transact. It's good, but it's not true. Most likely transaction are executed in accordance with management authorization with internal control. Help of that. Yes, internal control would achieve this. Now we're down to B and D. Would achieve would be achieved. The company's resources are used efficiently and effectively. Yes, that's another objective of internal control that we can, we can, we can do. That's also not the right answer. It's correct, but that's not the right answer. I would see B is correct because all instances of fraud will be detected. Internal controls can do that. Internal controls, they have inherent weaknesses. They can't detect all of this. They cannot detect everything. Otherwise, problems are solved. Once again, what you should do now go to Farhad lectures and work additional MCQs that's going to help you understand the topic that you are learning, whether you are a CPA exam candidate, taking the CPA exam or studying for your audit course. It's basically the same thing. Internal control is especially the purpose of it, the component of it, how does, what's the responsibility of the management? What's the responsibility of the auditor? This is what we're going to be discussing next will be critical to your success. Good luck, study hard, invest in yourself and always stay safe.