What are control activities?

 

Control activities is one of the elements of the system of internal control.

Components of the Company’s System of Internal Control

Control activities are the actions established through policies and procedures that help ensure that management’s directives to mitigate risks to the achievement of objectives are carried out. These objectives relate to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

Controls in the control activities component may relate to the following:

Authorization and approvals.  An authorization affirms that a transaction is valid.  An authorization typically takes the form of an approval by a higher level of management or of verification and a determination if the transaction is valid. For example, a supervisor approves an expense report after reviewing whether the expenses seem reasonable and within policy.

Reconciliations. Reconciliations compare two or more data elements. If differences are identified, action is taken to bring the data into agreement.

Verifications. Verifications compare two or more items with each other or compare an item with a policy and will likely involve a follow-up action when the two items do not match, or the item is not consistent with policy. Examples include computer matching or a reasonableness check.

Physical or logical controls, including those that address security of assets against unauthorized access, acquisition, use or disposal. Controls that encompass: 

○ The physical security of assets, including adequate safeguards such as secured facilities over access to assets and records. 

○ The authorization for access to computer programs and data files (i.e., logical access). 

○ The periodic counting and comparison with amounts shown on control records (for example, comparing the results of cash, security and inventory counts with accounting records).

Segregation of duties. Assigning different people, the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets. Segregation of duties is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of the person’s duties. For example, a manager authorizing credit sales is not responsible for maintaining accounts receivable records or handling cash receipts.

ISA 315

Comments

Post a Comment

Popular posts from this blog

Why do auditors use assertions?

Image
  Assertions are representations by management that are embodied in the financial statements and used by the auditor to consider the different types of potential misstatements that may occur. Assertions may fall into the following categories: Assertions about classes of transactions and events, and related disclosures, for the period under audit : ·         Occurrence —transactions and events that have been recorded or disclosed have occurred, and such transactions and events are related to the company. ·         Completeness —all transactions and events that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included.   ·         Accuracy —amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been app...
Read more

What is the new International Standard on Auditing for Audits of Financial Statements of Less Complex Entities?

Image
  The International auditing and assurance standards board designed “The International Standard on Auditing for Audits of Financial Statements of Less Complex Entities” which is effective for audits of financial statements of less complex entities for periods Beginning on or after December 15, 2025. The standard is based on the International Standards on Auditing (ISA) and would follow a simplified approach based on risk assessment. The standard will enable auditors to obtain reasonable assurance that financial statements are free from material misstatements, and in an independent audit`s report will be pointed out that the audit is conducted in accordance with the ISA for LCE. The ISA for LCE has the following limitations for using: 1.       Specific classes of entities for which the use of the ISA for LCE is prohibited (described below). 2.       Qualitative characteristics that describe an LCE. Qualitative characteristics rel...
Read more