 In this presentation, we will discuss internal control components. We're gonna first go through it and we're gonna list out the internal control components and then we'll first a word from our sponsor. Well actually these are just items that we picked from the YouTube shopping affiliate program, but that's actually good for you because these aren't things that we're just given to us from some large corporation which we don't even use in exchange for us selling them to you. These are things that we actually researched, purchased, and used ourselves. Bayer Dynamic? Not sure if I said that right, but this is the DT770 Pro 250 OHM Studio Reference Closed Back Headphones. I wear headphones basically every day for a large part of the day. They are important to me, therefore I've gone through many different kinds of headphones. I've had these for some time and they've worked quite well. They fit over my ears but I'm still able to put my glasses on under the headphones. The headphones not pinching too tight on the glasses to give me a headache which is nice. The quality of the patting is good and it has lasted for some time. I've had these for some time now and they haven't gotten all torn up on me or anything like that. I also like that I have a cord when I'm doing my recordings as opposed to a USB centered headphone because that frees up a USB port and I find the USB headphones to be less reliable. They come with an audio jack that looks like this which is useful for me because that plugs into my audio interface. However, if you want to use the headphones for some other purpose, I believe it's fairly easy to get a converter to other types of audio jacks. If you would like a commercial free experience, consider subscribing to our website at accountinginstruction.com or accountinginstruction.thinkific.com where we have many different courses. You can purchase one at a time or have a subscription model giving you access to all the courses. Courses which are well organized have other resources like Excel files and PDF files to download and no commercials. Go into more detail on each of them. The first component, we have the control environment. We have the entities risk assessment process control component number two control component number three control activities number four information and communication number five monitoring activities. So these are the five internal control components. Let's now go to into them in more depth starting with the control environment number one set of standards processes and structures that provides the foundation for carrying out internal control processes throughout the business. The board of directors and senior management establishes the tone at the top of the business regarding the importance of the internal controls. When we consider the control environment we are looking at that overall type of foundation and an important piece is the tone at the top of the foundation of internal controls. We could think of this as internal controls having two separate components as we consider them one is the design of the internal controls. How well are they designed? Do they do what they should do in terms of a good design? The second is going to be in terms of what's the implementation of the internal controls which often comes down to the tone at the top of management. Does management think it's important to have these internal controls sometimes those controls actually making it more difficult to go through some of the processes that need to be done but which are important in order to safeguard whatever type of assertion that control is being set up for. We as auditors are good at designing or thinking about what an internal control system should look like but the implementation of the system is equally as important. We can have a well-designed system and have it not be implemented and again if the management at the top doesn't enforce the internal controls these added steps often that have to be done in order to go through a process in order to complete some type of assertion related to that internal control then the controls will become more lax and will be less applied so we want to be able to assess the overall environment and the attitude at the top of the internal controls which will then flow through to the rest of the organization. Entities risk assessment process a dynamic process for identifying and analyzing the risks to achieving the objectives of the business risk assessment helps the business determine how risks should be managed thought is given to possible changes in the external environment and within the business model that could harm its ability to achieve its to achieve its objective so obviously when we're considering the internal controls implementing the internal controls we have to have an idea of this risks of the organizations the risks of the business each organization risk is going to be slightly different depending on what type of industry they are in how large the organization is so we need to get an idea of what the risks are in order to basically set up and implement and decide whether or not the implementation of the internal controls are sufficient to mitigate the specific risks related to a specific organization next we have control activities actions established by policies and procedures that help management directives to be carried out management directives to mitigate risks to the achievement of objectives control activities are done at every level of the organization and at various stages in the business process so the control activities are the actual activities we have we have put in place these controls or the actual actions established by policies and procedures to help management directives to be carried out so this is actually what you can think of as basically kind of like the red tape that's going to be put in place these are the actual checks and balances the checks and balances the policies and procedures that can actually make it a little bit longer to go through certain types of process due to things such as separation of duties for a process having limitation to what people can see in a database program as part of that separation of duty possibly making the process longer but helping to safeguard or implement some type of controls that will be related related to some type of assertion that will be necessary so we have to weigh the pros and cons every time we implement a new type of internal control control activities information and communication information is necessary for the business to carry out internal controls responsibilities in achieving objectives communication includes both internal and external communication it provides the business with information needed to carry out day to day internal control activities communication enables employees to understand internal control responsibilities and their importance to the achievement of objectives it also allows for upward flow of operating information to management so obviously once we set up the control procedures we need to be able to have good information good communication you can imagine this setting up we could say okay what are going to be the risks of the organization how are we going to set up the internal controls what are going to be basically the separation of duties what are going to be the processes that need to be put in place to control activities then how can we implement that information one we want to have the thing to be set up well we want to know exactly what the internal controls are as thoroughly as possible so that we can explain it as easily as possible then we need to communicate that in some way so obviously once we have the controls some of them being items that might be not to be completely intuitive when we're trying to achieve simple and business type objectives because they may have goals other than what we would think of as the business objectives and therefore we have to basically communicate that information we want to be able to communicate both the actual the actual internal control the procedures that need to happen so that the employees understand the internal controls responsibilities and their importance to achievement but they also need to understand the why they need to understand the importance of it as well if you can be able to implement the importance that goes back to the environment in some way and notice there's of course some overlap between these types of items if the people know if the employees know both what the controls are that they are important at the top that people at the top think it's important that we implement the internal controls and they actually have an idea of why it is important then of course they're going to be much more likely to implement those internal controls even if it causes them a bit more problem within their day to day lives to achieve their other type of business goals that they're typically looking to achieve in a day to day process next we have the monitoring of activities evaluations are used to ascertain whether each of the five components are present and functioning findings from evaluations are evaluated and differences are communicated with serious matters reported to the senior management and to the board so we can imagine this process we assess the risk we set up the internal controls we implement the control activities we communicate the control activities and then of course we have to monitor the control activities so if we find it deviations within the monitoring activities we're going to report them to the to the proper level of management and possibly to the board of directors depending on the severity of the deviations