CHAPTER 13

OVERVIEW OF OVERVIEW OF INTERNAL CONTROL

INTERNAL CONTROL
NATURE AND PURPOSE OF INTERNAL CONTROL

Internal control is the, process designed and effected by those charged with
governance, manageme_nt and other personnel to provide reasonable assurance
~ected Leaming Outcomes about the .achievement of the entity's objectives with regard to reliability of
financia! reporting, effectiveness and effic_iency of operations and compliance
After studying the chapter, you should be,able to ... with applicable laws and regulations. It follows that internal COJJtrol is designed
and implemented to address identified business risks that . threaten the
1- Explain what internal _control is. achi_evement of any of thes.e objectives.

2. Des~ribe th·e nature a~d purpese of internal control: T~ose objectives faJI into three ca,tegories;

3. Define internal control system. .• Reliability ofth~ entity's financial reporting

' . ' ~1

4. . Explatn the el~ments of internal cont~ol, namely, , • Effective!}ess ·and efficiency of operations
• . C6mpliance with applicable laws and regulations
• Control environment
• Entity's risk assessr:nent process \V~ethe~ , an entity achieves its o~jectiv.t;s .t_~Jating to financial reporting and
• lnfor__mation system · compliance is determined .hr activities , within, the .e11tity's .control. However,
• Control actions · -ach_ieving its objectives relating .to . opera,tions will depend not only on_
·• M(;>nitoring. of controls management's decisions but also on competitof'~ actions and other factors outside
the ~ntity._' ·

. INTERNAL CONTROL SYSTEM DEFINED

,Internal control -system means,all the policies and procedures.(intemal controls)

adopted by the management of, an. entity to assist i~ ..ac~ievi~g managemen!'s
objective of ~msuring, as far as practicable, the orderly_ a~d-ef!ic1ent condu~t of its
business, inclu~ling ; adherence .to .p,~nagement .poJ1c1es, the safegl!ardmg of
assets, the prevention and detectio~ ._.o f fraud a~d error, the .accuracy . and
completenes~ of the accounting records, and the timely preparation of reliable
financial information.
 -~
198 Chapter 13 Overview ofInternal Control 199

ELEMENTS OF INTERNAL CONTROL The environment in which internal control operates has an impact on the
effectiveness of the specific control procedures. Several factors comprise the
Internal control structures vary significantly from one _company to· the n~xt. control environment, including:
Factors such as size of the business, nature of ope~at,~ns, the geograph1_cal
dispersion of its activities, and objectiyes of the_or~amzatton affect the specific ], Communication and Enforcement of Integrity and Ethical Values
control features of an organization. However, certam elements or features must
Integrity and ethical values are essential elements of the internal control
be present to have a satisfactory system of control in almost any large scale
environment. ·They affect the design, administration, and monitoring of
organization. other components of internal eontrol. An entity's ethical and behavioral
standards and the manner in which :it .communicates and reinforces them
The internal control system extends -beyond these matters which relate directly to
determine the entity's integrity and ethical behavior. Integrity and ethical
the functions of the accounting system and consists of the followin~ components: values include management's actions to remove or reduce incentives and
temptations that might prompt personnel to engage in dishonest, illegal,
a. the control environment;
or unethical acts. Th(ly also includ~ the communication of entity values
b. the entity's risk assessment process; and behavioral standards to personnel through policy statements, a code
of conduct, and management's example of appropriate behavior.
c. the information system, including the related business processes, relevant
to financial reporting, and communication; 2, Commitment to Compdence .
d. control activities; Competence is the knowledge and skills necessary to. accomplish tasks
that define an employee's job. Commitment to competen_ce me~s th~t
e. monitoring of controls.
management considers the competence levels for particular Jobs 111
determining the skills and knowledge required of each employee and1hat
A. .Control Environment it hires employees competent to perform the tasks.
The control environment which means the overall attitude, awareness and 3. Participation by those Charged with Governance
actions of directors and management regarding the internal control system
and its importance in the entity. The control environment has an effect on the An entity's co~trol consciousness is influenced signific~ntly by those
effectiveness of the specific control procedures. "A strong control charged with governanc·e. Attributes of those charge~ with· gove_mance
environment; for example, one with tight budgetary controls and an effective . include independence from management, their ~xpenerrce ~n~. stature,
·internal audit function, can significantly c9mpleq,ent specific control the extent of their involvement and s~rutmy of ~ct1v1t1es, the
.. . . f t'-=eih1ctions the information they receive, the degree
procedures. However, a strong environment does not, by itself, ensure the appropriateness o •11 ' • d ·h ement
effectiv~n~ss o(the internal control system. Factors reflected in the control to which difficult questions are raised and pursu~ wit m~nag '
environment include: and their int~raction with internal. and external auditors. The imp?rt~n~e
"bTf . of those charged with governance is recogmze m
o f respons1 1 1 1es . . . . uidance produced for the
• The function of the board of directors and its committees; codes of practice and oth~r reglrlat1ons oor t~er responsibilities of those
b·ene fiit of I19se charged with.
governance. · .
de oversi ht of the design and ef~ect1ve
• Management's philosophy and operating ~tyle; ·
charged with governance mclu d ~d the process for reviewmg the
0
o eration of whistle blower proce ures a1
• The entity's organjzational structure and methods .of as~igning authority effectiveness of the entity's internal control.
and responsibility; ·

• '
Management's control system including the internal audit function,
personnel policies and procedures and segregation of duties.
200 Chapter 13
Overview ofInternal Control 201
4.- Management's Philosophy and Operating Style B. Entity's Risk AssessmentPro<:ess
This refers to management's attitude towards (a) business risk, {b)
financial reporting, (c) meeting budget, profit and other established goals Risk .a~sessment is the "identification, analysis, and management of risks
which all . have impact on the reliability of the financial statements. pertammg to the preparation of financial statements". For example risk
Management's approach to taking and monitoring business risks, its ~sessi;n~nt may fo~us on how the entity considers the possibility of
conservative or aggressive selection from alternative accounting tra?sactmns not ~emg recorded or identifies and asse~ses significant
principles, its conscientiousness and conservatism in developing estimates· recorded m .the financial statements.
accounting estimate.s, and its attitude toward information processing and
the accounting function and personnel are factors that affec:t the control An entity's risk assessment. p~~ces.s is its process for identi~ing and
environment. ' responding to business risks and· the results thereof. For financial reporting ,
purp~ses, t~e .entity's risk assessment process includes how ·management
5. Organizational Structure identifies risks relevant to the ·preparation offinancial· statements that are
presented fairly, _in all material , respects in accordance •with the entity's
The responsibilities and authorities of the various personnel within the applicable financial reporting framework, _estimate.~ their significapce,
organization ,should be established •in such a manner as to (]) assist the assesses Jhe likelihood of ,their occurrence, and decid~s upon actions -to
·entity in meeting its goals and objectives and (2) ensure that transactions manage them. For example, t~e entity.'s, risk assessment proc~ss may address
are processed, recorded, summarized .and reported in an accurate and
how the entity considers the possibil ~ty <?.f; U11f~cor.ded transactions or
timely manner. Organizational _structure provides the overall framework
identifies and analyzes significant, estimates 'recorded , in th~ financial
for planning, directi,;1g and conir.olling_operations.
statements. Risks relevant to reliable financial-reporting also relate to specific
events or transitctions. (
6. Assignment ofAuthority and Responsibility
Per_sonnel wit_hi·n· ~n organization need to have a clear tmderstanding of Risks relevant to financial reporting include external and internal event,s and
the!r respons1brht1es and the rules and regulations that govern their circumstanc.es that. ,may . occur · and adversely affect an_ entjty's ability to
actions. M~agement may develop job descriptions, computer system · initiate, ·r.ecor.d; -·process, and report financial data l:lonsisteht with the
doc~mentat10~ . . It ma~ also. establish policies regarding acceptable . assertions of management in the f.inandal statemJnts. Once r-isks are
bus mess·practice, .confl1cts of mterest and code of ·co~duct. .identified, 111.anagement considers ·their significance, 'the likelihood-.of their
occur.r.ence, and how they should be: managed. Management· may initiate
7. Human Resourc.e's Policies ~nd Procedure; plans, programs, or actions ..to address specific risks or it may decide to
1
accept a risk 1;,e:cause of cost or . other · co11siderations. Risks can arise or .
Perhaps. the most iin~ortant :el,emel'!t of an internal accounting control
system rs the peopl~ wh~ pe1'?~m and execute the established policies
change due to circumstances such as the following:
:;d pro~edures. Per~onnel po_hc1es should 'be adopted by the cfient to
as~nabl~ ~~s~i:e th~t only_,eapable arid honest persons are hir~ and
• Changes in operati~g environment. Changes _in the regulatory or
. retam~.. .fohc1es with . .respect' (o employee seJ,,;ction tra1·n··1ng and .operating environment can ~esult in changes in-competitive pressures
supervJSLon sh Id he ,.;i ,. and significantly different dsks.
: .· f. ou , ""IPptecl ~nd ,implemented bv the client. The
C ' ' ' ' "' ' '

Setect tQn o competent 'd' -I ' · '. . • ..J

New personn.el. N:~w .pe~sonnel1 may have a different focus on or
• · •
, h ·- .an lpnest personnel ,does net autp'rllat,cally •
assure t at errors or irregul •r , ·ii, · . ·
person~et' p~Hcies, cou led ·w~n ,es w,r .' hot occur. However, , ade~ua~ . und~rstanding of internal .contro!,
, this section ' enhance p th
procedures ;ill b~ follow~:.
/t 1 I
~~he d~s •gn concepts suggested earher m
e ood that the client's policies and
• New or re.vamped,information systems. .Significll!lt and rapid changes
in information systems can ~hange the risk r.elating .to internal
control.
202 Chapter 13
Overview ofInternal Control 203.
• Rapid growth. Significant and. rapid expansion o~ operations can
strain controls and increase the risk of a breakdown m controls. C. Information System, including the-. Business Processes, Relevant to
Financial Reporting and Communication
• New technology. Incorporating ne~ techno_logies in~o produ~tion
processes or information systems may change the risk associated An information system consists .of infrastructure (physical and hardware
with internal control. · · components); software, people, procedures, an~ data. Infrastructure and
software will be absent, or have · less significance, in systems that are
• New business models, products, or activities. Entering into business exclusively or- primarily manual. Many information systems make extensive
areas or transactions with which an entity has little experience may use oflT.
introduce new risks associated with internal control·.
• Corporate restructurings. Restructurings may be accompanied by · The Information System, Including Related Business Processes, Relevant to
Financial Reporting
staff reductions and changes in supervision and segregation of duties
that may chang~ the risk ~ssociated with internal control.
The information system relevant to financial reporting objectives, which includes
• Expanded foreign operations. The expansion or acquisition of the accounting .·system, consists of the· procedures and records designed and
foreign operations carries _new and often unique risks that may affect established to:
internal control, for example, additional or changed risks from I
• foreign currency transactions. • Initiate, record, process, and report entity transactions (as well as·events
and conditions) and ,to maintain accountability for the related assets,
• New accounting, pronoun<;ements. Adoption of new accounting
liabilities, and equity; ·
principles or changing accounting principles may affect risks in
preparing financial statements. • Resolve · incorrect . processing of transactions, for example, automated
suspense files and procedures followed to clear suspense items out on a
timely basis; . · ·
The basic concepts of the entity's risk assessment process are relevant to every
entity, regardless of size, but the risk assessment process is likely to be less • Process and account for system overrides or bypasses to controls;
formal and less structured i_n small entities than in larger -ones. All entities should • Transfer information from transaction processing systems to ,the,gene.ral
have established financial reporting objectives, but they may be recognized • ledger;
implkitly rather thi,m explicit!:}' in small entities. Management may be aware of • Capture information relevant to financiiil reporting· for events and
risks related to these objectives without the use of a formal process but. through · conditions other than transactions, · such as the depreciation and
direct personal involvement with employees and outside parties. amortization of assets and changes in the recoverability of accounts
. , , .
Considerations Specific to Smaller Entities • Ensure information required to be disclosed by the applicable fina~c1al
reporting framework is accumulated, ~ecorded, process~d, summarized
Many small e,nti_ti_es,are carried ou_t entirely by the e~gagem,ent partner (who may and appropriately reported in the financial statements,
be sole .practitioner). Jn such situations, it is the .engagement partner who,
hav1~g p_ersonally condu~tf~ the planning _of tpe audit, would be responsible for Journal Entries
cons1dermg the suscept1b1ltty of the entity's financial statements to material
misstatement due to fraud and error. · ·An entity's information system typically includes the use of s!andard joumal
· · · b sis to· record transactions. Examp 1es
entries -that are required on a recurring a and cash disbursements in the
might be journal entries to record sales, purchases, h . d'cally made by
. d ting estimates t at are per10 I .
general ledger, or to recor accou~ h estimate of uncollectible accounts
management, such as changes m t e
receivable.
204 Chapter I 3 Overview ofInternal Contr-ol 205
· ,s tiinanc1a
An entity · · -1 repo rt·i-ng process also includes .the .use of non~standard
d" Communication involves- J)roviding an und.erstanding of individual roles-- and
·Jouma I en· tr·1es ·to record non - recurring• unusual transactions
. or
d a ~ustments.
, responsibilities pertaining to internal control over financial reporting. It includes
Examples of such entries include consolidating a~Justme?ts an entries _or a the extent to which personnel understand how their activities in the financial
business combination or disposal or nonrecurring estunates such ~s the reporting information system relate to the _work of ~thers and the means of
impairment of an asset. In manual general ledger syste~s, non-standard Jour~al reporting exceptions to an appropriate higher I1rvel within th_e entity. Open
entries may be identified through inspection of ledgers, Jouma_ls, _~nd supporting communication channels help ensure that exceptions are reported and acted on.
·docume ntat'ion . When. automated
. procedures are w,ed to mamtain
• I · theI general
·
ledger and prepare financial statements, such entries may exist on Y m e ectronic Communication takes such forms as policy manuals, _acco_untiilg and .financial
form and may therefore be more easily identified through the ~se of computer- reporting manuals, ' and memoranda. Communication also can ge made
assisted audit techniques. · · · electronically, orally, and throug!J the actions of management.

Related Business Processes Application to Small Entities

I
An entity's business processes are the activities designed to: Information systems and· , related business processes relevant to financial
. reporting in_small entities are likely to be less formahhan in larger entities but
• , _ Develop, purchase, produce, sell and-distribute an entity's products and their role is just as· significant. Small entities _with active m11,nagement
services; involvement may n,ot need t:xtensive _descriptions of _accounting proc~ures,
• Ensure compliance with laws and regulations; and so'phisticated accounting re9ords, or writte.n policies. Communication may be less
• Record information, . includi,ng accounting· and firiancia1 reporting formal and easier to achie've in a small entity than, in a larger entity due to the
information. small entity's size and fewer levels as well as· management's feater v.isibility and
availability.
Bu;iness processes result in the transactions that are recorded, processed and
reported by the -iQformation system. Ol!itaining an. _understanding of the entity's D. Control Actjvities
business, processes,- which include how transac_tions ar.e -originated, assists the
auditor" obtain an understanding of the· entity's information system relevant to _Control activ'ities -are the policies and procedures that help ensure _that
financiaLreporting i,n a manner that is a;Ppropriate to the entity's circumstances. management dire~ives are carried out, for exampl_e, that- necessary act~o~s
. . are taken to address risks that threaten the achievement of the entity s
Accordin~!y, an inform11,tion sys.tem -enc.ompasses methOEis and r~cor~$ that: objectives. Control activities, whether withi_n IT or__m~nual systems, _have
various ·objectives and are applied at .various orgamzat1onal and functional
I
• Jden1Jify and record all valid transactions. , .- levels. ·

• Describe on a timely ·basis the trans!lctions in sufficient detail to permit The major categ9ries of cohtrol procedures ~re:
proper classification ofti:ansagtioris for ·financial reporting.
A. Performance Review
• Me:15ure the value of transactions in a mann_e r that permits r~cor,ding B.1 Information Processing Controls
their prop.e r monetary value in the .financial statements. .
I) Proper authorization of transactions and activities
·• "DeteliOline the time :period in which transactions 0cc.u'rred to permit 2)° · $egregat'ion of duties - ·
recording oftransactibns in the proper;accounting period; ' 3) Adequate doguments and:records
• Present properly the transactions and related -disclosures· in the financial .4) Safeguards .over access to assets; and
statements. ' · 5) In'depe~denf checks on performance
C. Physical controls
206 Chapter 13
Overview ofInternal Control 207
A brief discussion of these control procedures follows: and backup and recovery procedures. AppHcation · controls are
controls that pertain. to the processing of a specific type of
A. Performance Review
transaction, such a payroll, or sales and collections. These controls.
help ensure that transactions occurred, are authorized, and are
In a performance review management uses accounting and operating ~ompletely and accurately recorded and processed. Examples of
data to assess performance, and it then takes corrective action. Such application controls inelude checking the · arithmetical accuracy of
reviews include: ·
records, maintaining and reviewing accounts and trial balances,
• comparing actual° performance (or operating results) with automated controls such as input data and numerical sequence
budgets, forecasts, prior period performance, or competitors' checks, and manual follow-up of exception n;ports. Generaf' IT- .
data or tracking major initiatives such as cost-containment or controls are policie,s /lJld procedures.that relate·to .many applications
cost-reduction programs to measure the extent to which and support the effective functioning of application controls. by
targets are being met. helping to e1,1sure the' continued ,proper operation of information
systems. General IT-controls commonly include controls over data
• investigating performance indicators base""d on operating or center and network operations; system software acquisition, change
financial data, such as quantity or purchase price variances and maintenance; ,access security; and . application system
or the percentage of returns to total orders. acquisition, development,_and maintenance. These controls apply to
• reviewing functional or activity performance, such as mainframe, miniframe, and end-user environments. Examples of
relating the perform;mce of a manager responsible for a such general IT-controls are program change controls, controls that
bank's consumer loans with some standard, such as restrict access to programs or data, controls over the implementation
economic statistics or targets. of new releases of packaged software applications, and controls over
system software that restrict access to or monitor the ~se of syst~m
Personnel at various levels in an organization may make utilities that could change financial data or records without leavmg
performance reviews. Performance reviews may be used by an audit trail. ·
managers for the sole pUfAOSe of making operating decisions. For
example, managers may analyze performance data and base Internal controls relating to the accounting system are concerned
operating decisions on them because the data are consistent with · with achieving objectives such as: ·
their expectations. This type of review improves the reliability of the
data. However, when managers follow up on unexpected . results • Transactions are executed in accordance with management's
determined by a financial reporting system, performance reviews general or specific authorization.
become a useful control o_ver financial reporting. · All transactions and other events are promptly recor~ed in
• the correct amount, in the appropriate ac~ounts and .m the
B. Information Processing Controls ·
proper accounting period so as to pem:11t prepa_rat10? of
financial statements in accordance with an 1dent1fied
Inf~rmation pro~essing c_orJ~rols are policies and procedures financial reporting framework.
designed to require authonzat1on of transactions and to ensure the
Access to assets and records i_s permitted only in accordance
acc_u~a~y and ·compl~teness ~f . transaction processing. · Control •
act1v1t1es may be classified accordmg to the scope of the system they with management's authorizat10n.
affect. Ge~eral co~~ro/s are control activities that prevent or detect R ded assets are compared with the existing assets at
errors or irregulanties for all accounting systems. ·General controls • • ecor bl . t rvals and appropriate actio•n is taken
reasona e in e
affect all transaction cycles and apply to information processing as...a regarding any differences.
center, hardware and systems software acquisition and m~intenance, .
208 Chapter I 3 Overview of Internal Control 209
Control activities related to the processing of transaction~ may be instruments be placed in a safe deposit box. Appropriate
grouped as follows: (I) proper .authorization, (2) design and use of · company poltc1es are adopted so that only authorized persons
adequate documents and records; and (3) independent checks on have access to company resources. Safeguarding of assets is
performance. '~nor~ than establishing physical barriers. A client should <;iesign
its · Internal accounting control system . so that documents
I . Proper authorization of transactiqns an<;/ activities authorizing the movement of assets into an organization or out of
As sµggested earlier, authorization for the execution of · an organization are adequately controlied. · ·
transactions tiows from the stockholders to management and its
subordinates. Before a transaction is entered into with another · 5. Independent checks on per:formance
party, certain conditions must usually be met. As part of the The objective of a well-designed internal accounting control .
evaluation o~ the potential transaction, documentation ·will be system is the adoptjon of procedures that periodically compare
created. The auditor uses this ~documentation to determine ·the actual asset with its recorded balance. Regardless of the
whether business transactions properly au.thorized. For effectiveness of an · internal control system, some transactions·
example, the purchase of inventory may create a purchase order, may not-. be accurately recordec!, and some assets- may be
a receiving report, ~d a vendor invoice. By inspectiilg these . ni'isappropriated,. An important part, of ·an internal accounting
docllrrients and · comparing them w ith coinpany policy, the control system is to determine the effe9tiveness of recording
auditor may· b·e reasonably satisfied· that a business transaction policies and asset access policies. This is .accomplished by
was authorized and . executed in a manner consistent with periodic ~9unts of assets by, the client and comparing the counts
company policy. to the balance.s in the general ledger account. Examples are the
..__ ' ' ' ' '
c9unt of inventory and the preparation of monthly bank ·
2. 8egr~g'!tion ofduties rec<;mciliation.
Ani mportant.element in designing ;m internal ,accou11ting control
.system that safeguards assets and reasonably e.nsures the C. Phys.ic<;1l Controls
reliability, of t~e ·accoµnt_ing records js the· c.oncept of segregation
of responsibilities. No one person should be .assigned duties that · Controls that encomp,ass:
would allow ~hat person to commit ari error. or perpetuate fraud
aod ·to conceal. the error or fraud. For example, the same person • ~he physical security of asset~. including .adequate
should not be responsible for recording the cash received on
1 safeguards such .as secured faci'lities over access to assets
. account a,rid for posting the receipts to the accounting records. and records. . · · _ · ·
• · The authorization for access to c,ompliter p,rograms and data
3. Adequate documetJtS and records ·mes.
• The periodic coµnting and comparison wi~h amouQts shown
· Th~ us~ ofl}dequate_documents and records allow the company . · on control records (for example, comparing t~e results of
to obtam reas~n~ble assur,ance that all val id transactions have cash, security and inventory counts with accountm~ records).
been recorded .. ·,
Th t t to which .physical controls intended to p~event theft of
4. A·ccess to assets e ex e~ t t@ th" reliability of financial statement
assets are · re 1evan · ·· , -< •
'F.he res~~rces of. :a client can be protected -~y the establishment . . . a~d therefore the audit, depends ,on c1rcm~s~nces
jf phys~cal, ~arriers and appropr-iate · poJ.icies. For example, prepharatlohn, assets are highly susceptible to misappropriation.
sue as w en ,
nventoy es may be . kept in a. storeroom, or negotiable
i .
I
210 Chapter I 3
Overview ofInternal Control 211
The concepts underlying control activities in small entities are
relating to internal control from external auditors in performing monitoring
likely to be similar to those. in larger entities, but_ t~e formality activities.
with which they operate vanes. Further, small entities may find
that certain types of control activities are not relevant because of Application to Small Entities
controls applied by management. For example, management's
retention of authority for approving credit sales, significant Ongoing monitoring activities o( small .entities are more likely tp be informal
purchases, and drawdown's on lines of credit can provide strong and are typically performed as a part of the overall managei:nenf of the
control over those activities, lessening or r~moving the need for entity's operations. Management's close involvement in operations often will
more detailed control activities. An appropriate segregation of identify significant variances from expectations and inaccuracies in financial
· duties often appears to present difficulties i~ small entities. Even data leading to corrective action to.the control.
companies that have only a few employees, however, ·may be
able to assign their responsibilities to achieve appropriate
segregation or, if that is not possible, to use management
oversight of the incompatible activities to achieve control REVIEW QUESTIONS AND EXERCISES
objectives.
Questions
E. Monitoring of Controls
l. . What is meant by the control environment? What are the factors the
Monitoring, the final component of internal control, is the process that an auditor must evaluate to understand it?
entity uses to assess the quality of internal control over time. Monitoring
involves assessing the design and operation of controls on a timely basis and 2. What is the relationship among the five components of internal° control?
taking corrective action as necessary. Management monitors controls to
consider whether they are operating as intended and to modify them as . 3 The separation of operational responsibility from recoi'd keep~ng is
appropriate for changes in conditions. In many entities, internal auditors · meart to prevent different types of misstatements than t?e separat!on of
evaluate the des'ign and operation of internal control and communicate the custody of assets from accounting. Explain the difference m the
information about strengths and weaknesses and recommendations for purposes of these two types of separation of duties.
improving internal control.
4. For each of the following, give an example of a physical control the
Some monitoring acfivities may include communications from' external client can use to protectthe asset or record:
parties. For example, customers implicitly corroborate sales data by paying a. Petty cash
their bills or raising questions. Also, bank regulators, other regulators, and b. Cash received by retail :clerks
outside auditors 'may communicate about the design or effectiveness of
internal control. c. Accounts receivable records
d. Raw material inventory
Monitoring activities may include using information from communications e. Perishable tools
fro~ external parties that may indicate problems are highlight areas in need f. Manufacturing equipment
of _m~pro~ement. Custo?1~rs implicitly ·corroborate billing dfita by paying g. Marketable securities
their mv?1ces o~ complam_mg about their charges. In addition, regulators may
~ommunicate with the entity concerning matters that affect the functioning of
internal control, for,example, communications concerning examinatfons by
bank regulatory agencies. Also, management may consider communications