The management has little concern for internal control, then

The control environment as a foundation which
comprises a set of standards, procedures, and structures for carrying out
internal control across the organization. The board of directors and high level
of management concern about the importance of internal control including
expected codes of conduct. Top management emphasizes expectations at the different
levels of the organization because if management has little concern for
internal control, then employees are less conscientious in achieving control
objectives. The control environment includes commitment to integrity, ethical and
competence; management’s philosophy and operating style; the organizational
structure and assignment of authority and responsibility; the process for attracting,
developing and retaining competent individuals; and the internal control
oversight by board of directors. For instance, company endorse integrity by
avoiding unrealistic expectation or incentives that motivate dishonest acts. On
the other hand, public companies must have audit committee act as independent board
of director members who is responsible for regulatory compliance, financial
reporting, internal control and hiring and overseeing internal and external
auditors according to Sarbanes-Oxley Act. Thus, overall of internal control
system will be affected by the resulting control environment.

Risk is defined as the likelihood that an event will
occur and adversely affect the achievement of objectives. Management should
state their objectives clearly enough for risks to be identified and assessed.  Then, the management must analyze risks to
determine how it will be managed. They can response to risk by way of reduce
risk through implementing effective internal control, accept the likelihood and
impact of the risk, share risk by entering into hedging transactions and avoid
risk by participating in the activity that produces the risk. Besides,
management should also consider the factors that will lead to ineffectiveness
of internal control system such as the possible changes in the internal and
external environment of the organization. For auditor risk assessment, auditor
should understand organization’s risk assessment process by determining how
management identifies risks that are relevant to their financial reporting,
evaluating their significance and possibility of occurrence and deciding the
actions needed to address the risks. Hence, risk assessment is one of the crucial
component of designing and operating internal control to minimize errors and
fraud.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Information and communication systems should acquire
and exchange the information needed to conduct, manage and control
organization’s operations which involves the process of collecting and
disseminating information throughout the organization. Management obtains or
creates relevant and high quality information from all available sources to
support the internal control. For instances, employee manuals and orientation courses
whereby employees receive information pertaining to the ongoing control practices
from time to time throughout their employment. Moreover, internal communication
of the information about objectives and responsibilities is needed to
facilitate the other components of internal control as it enables employees to obtain
a clear message from top management that control responsibilities must be taken
seriously. If the size of the company is large, a more complex system is
required to carefully defined responsibilities and written procedures to
maintain accountability of all employees in the organization.

Despite how well-designed of internal control an
organization, it can provide reasonable assurance but cannot make sure the
organization’s objective being accomplished because there are some inherent
limitations of internal control systems do exist. The limitations may result
from the human judgement which can be fault and subjective in the reality, breakdowns
caused by human failures such as mistakes and external events that beyond the
organization’s control. Management override and collusion may result in
internal controls be circumvented. When organization is designing an internal
control, the risk of failure and potential impact towards organization should
be taken into consideration along with the costs of establishing the control in
order to ensure the equilibrium between these essential elements. The reason is
too little control can be ineffective and high risk for fraud to be occurred
while excessive control can be counterproductive and expensive. In the
nutshell, management need to evaluate the effectiveness of internal control
system regularly and modify the system when necessary to maintain a good
internal control within the organization.