General internal control procedures
Broadly speaking general control procedures are internal control procedures that provide management
with overall (as opposed to specific) assurance that the objectives of the accounting information system will be achieved. In other words, general controls provide assurance as to the overall
completeness, validity and accuracy of the accounting information system. They provide assurance about one or more levels of
aggregation in the accounting information system for often more than one accounting application by providing an
environment in which specific control procedures may function
effectively. For this reason, general internal control procedures are also referred to
as environmental controls (as well as pervasive control plans and,
in an IT (information technology) [fn] environment, as general DP (data processing) controls).
There are a number of categories of general control procedures,
including internal control procedures that provide assurance as to:
- organizational independence.
Organizational independence exists
where no one person in an organization is in a position to both
perpetrate and conceal, in the normal course of their duties, a
misstatement. It is achieved through the separation (or
segregation) of incompatible functions. Functions are incompatible
if their combination may permit the commitment and concealment of
intentional or unintentional misstatements or where the duties of
one function can bypass, by accident or intent, the controls which
should exist on the other. If organizational independence does not exist within an organization (or a department within an organization) then auditors place reduced, or no, reliance on control procedures performed by staff in that organization (or department).
- competence of personnel. Personnel that are charged with
the responsibility of performing specific accounting and control
procedures should be competent and trustworthy. If they are not,
then auditors place reduced, or no, reliance on procedures they
perform.
- supervision. Personnel who have been delegated the
responsibility for the execution of specific accounting and control
procedures should be adequately supervised to provide assurance,
inter alia, that exceptions not processed are reviewed, corrected
and resubmitted for processing. If control procedures are not
supervised, or there is no evidence of supervision, auditors do not place significant, if any, reliance upon these procedures.
- restricted access to resources, such as procedures (i)
allowing access to resources to only those personnel who have the
responsibility for custody of the resource and (ii) restricting
access to resources by personnel responsible for the performance of
a related control procedure. Where the client's personnel are responsible for performing one or more control procedures that relate to the authorization or approval of transactions affecting resources and the same personnel have access to those resources, then auditors place little, if any, reliance upon the control procedures performed by those personnel.
- authorization. For any specific class of transaction, control
procedures should exist that set limits to authority. i.e. there
should be a number of levels of authority and no one person should
have unlimited authority over, for example, the authorization of a
transaction or an underlying source document. Where there are no limits to the authorization of transactions, auditors place little or no reliance on these authorization control procedures.
- information systems development. These include controls
which provide assurance that both new and existing application
software are developed, operated and maintained in an effective
manner, such as change controls, maintenance controls, and controls
over the testing, conversion, documentation of new/revised
systems. Again, where these controls are absent or limited in their extent, auditors place reduced or no reliance on these procedures.
Copyright, Australian Educational Research
Pty Ltd. Any person accessing this site agrees to the
Terms of Use.
