Auditing refers to the process of verifying the financial statements prepared by a company as being a true and fair representation of the financial position of that company. Auditing therefore requires that a company prepares its financial statements first before an independent examiner; - the auditor- is called in to determine whether these financial statements are correct (Accounting Concern, 2013). Auditing is a legal requirement of all publicly listed companies in the various stock exchanges across the world. It is conducted through a set of internationally accepted auditing standards which form the template for the audit process. This process is conducted by an external auditor usually a firm or an individual (Cagan, 2013).
In their day to day operations, companies engage the use of internal controls to ensure efficiency and effectiveness in these operations. These controls have numerous benefits as will be explained later. These controls form an integral part in the preparation of the financial statements of a company at the end of a financial year. However, the use and implementation of effective internal controls in an organization is hampered by exuberant costs associated with their implementation. In an era of cost cutting as is now due to challenging economic environments, the use of these costly systems beats logic. It is therefore important to establish whether these controls are more important to the company or to the external consumers of financial information such as investors, regulators, or the external auditors. This paper seeks to explain this dilemma. Internal controls are important to both the decision makers within an organization and to the verifiers of financial information who in this case are the auditors. To better understand this proposition, it is important to first of all delve into their specific uses.
Uses of Internal Controls
Despite the high costs associated with their implementation, internal controls have many uses in an organization. Internal controls help in creating and increasing the credibility between the company and its various business stakeholders. These partners include its customers, lenders, suppliers and its employees. This credibility is achieved through the prevention of common errors that may lead to inaccurate financial information (Cagan, 2013). Internal control processes such as daily reconciliation of bank accounts is an example of the error prevention function of internal controls. Through increased credibility, the company is able to mitigate the risk of unnecessary litigation legal procedures and damaging insurance claims against it. Credibility also demands that the company upholds its agreements with customers and lenders. Through internal controls, this is achieved (Accounting Concern, 2013).
Internal controls help in the prevention of fraud within an organization`s financial system. Fraudulent actions may be intentional or as a result of unforeseen errors. Internal controls help in the prevention of either type of occurrences, thus leading to accurate financial information. Accurate financial information on the other hand leads the decision makers within the company (the management) to making quality decisions which will ensure the growth and prosperity of a business (Cagan, 2013).
Internal controls do not only prevent errors, but they lead to the revelation and rectification of these errors if they do occur. Simple procedures such as multiple-tier counter checking of customer orders will ensure that if one of the persons involved in the supply chain made an error, it will be detected and rectified before the order is serviced to the client (Wahid, 2013).
Internal controls are also important to external auditors when they are conducting audits of the financial statements of a company. Strong internal controls ensure that substantive audit tests are reduced thereby leading to more efficient audits. They also ensure that the auditor does not waste time or trivial matters within the financial statements but that he is instead able to concentrate on bigger issues thus leading him to issuing a comprehensive audit opinion. This is especially true where internal control systems are able to detect anomalies in the first year of an audit and rectify them; and maintain this level of accuracy in the subsequent years thus reducing the need for comprehensive audit investigations on this front (Cagan, 2013).
The external audit process is anchored around certain pillars that provide the information that the auditor requires for him to give a qualified or unqualified opinion. Internal controls are one such pillar. However, this is not the only one and the auditor collects a lot more information during the auditing process. This information is collectively referred to as audit evidence (Wahid, 2013).
The various types of audit evidence collected include physical examination of the components of financial statements. This particularly applies to tangible components such as assets. An auditor may for example be interested in affirming that the number of vehicles listed on a balance sheet is correct by physically counting them. Audit evidence is also collected through verification of company documentation and records. This process may entail the auditor requesting for say vouchers and receipts to verify the transactions listed in the financial statements. Audit evidence can also be collected through verbal confirmations. This may involve the auditor calling a client or a supplier to ascertain whether indeed they are owed money by the company in the case of a supplier, or whether they are debtors in the case of a customer (Wahid, 2013).
Other types of audit evidence include conducting various analytical procedures to ascertain financial information. This applies where some information is not clearly indicated and the financial documents backing up such information is missing. Re-performance is another form of audit evidence and this simply involves the rechecking or re-conducting of a financial process such as the computation of a ratio to ensure that the information or data reflected is indeed correct. A more basic form of audit evidence collection is observation where the auditor merely observes visually the operations of a company especially in the preparation of financial information and gives his instinctive judgment as to whether these processes are credible or not. Inquiry is the final form of audit evidence. This process entails the auditor requesting clarification from the company`s management on various issues that may have arisen during the auditing of the financial statements (Wahid, 2013).
Internal controls, the internal governance structure, and the external auditor
First, it is important to understand who designs internal control systems within an organization and why. These systems are designed and implemented by the management of an organization to address the specific issues unique to that organization. These specific reasons have been previously addressed. Therefore, internal control systems help the management of a company to generally accomplish two things: first, they help the management to mitigate various risks and issues that may arise in the day to day operations of the organization. A key output target for these systems is therefore to ensure accuracy. This accuracy is gauged on the basis of the operations of the company, and the financial data collected in the process of these operations. As a result of this accuracy, the company is able to generate accurate financial information relating to its current state of affairs. This leads to the second goal that the management is able to achieve due to internal controls; this is the ability to make quality decisions based on these statements (Wahid, 2013). The ability to make quality and sound decisions regarding the company is crucial to the company`s future existence and positive performance. At this stage, a subtle conclusion to make would be that internal controls are an input component by the company`s management in the targeted preparation of financial statements, which are the output (Accounting Concern, 2013).
Having established that internal controls are an input for the output that is financial statements, and that these controls are initiated by the management of the company; it is subsequently important to now introduce the position of the external auditor. The external auditor comes in after financial statements have been prepared, and his work is to merely authenticate their contents. Therefore, to summarize it all, the auditor comes into play during the output stage of the preparation of the financial statements, merely as a verifier.
The audit process also entails its own input and output stages. The inputs of the audit process are the various types of audit evidence that is collected by the external auditor. Since the role of the auditor is to authenticate the overall financial statements of a company; and since the internal controls are already factored in as input in the initial preparation of these statements by the management, the auditor is more interested in other factors that either support or demystify the said prepared financial statements. Internal controls merely support financial processes and transactions and hence the auditor is more important in the processes and transactions themselves, than in the control systems that support them. For instance, the company`s income statement may indicate a certain figure as representing account receivables. The internal control system may entail a regrouping of account receivables into long term and short term receivables to ensure that the company is able to track and claim these receivables. During the external audit process, the auditor would primarily be interested in the total receivables first to give him an idea of how the company`s creditors` position stands. It is only after so doing that the auditor would consequently be interested in the types of internal controls that have been put in place when dealing with receivables (Wahid, 2013).
An examination of the various types of audit evidence may also fail to reveal the incorporation of the internal control systems within this evidence. This is because some of the internal control systems implemented are standard in say all banking or insurance organizations and hence their implementation is more of a standard measure than is a control. This means that an organization would be risking its competitive and strategic advantages by not implementing such systems. For example, internal controls may be effected relating to the transportation of cash to a bank`s branches from its head quarters. However, an investigation of this control would reveal that the same practice is applied in nearly all banks and that by failing to implement it; the bank may be risking losing its cash on transit to robbers. In such a case, such a control would not be classified as such because internal controls are meant to give the management some kind of a competitive edge over its fellow industry players such as more efficient service. If the result is the same for all who use these requisite internal controls, then such cannot be justifiably described as such (Accounting Concern, 2013).
In conclusion, internal control systems are designed and implemented by the management of a company who are the primary decision makers and centers of governance in an organization. The management is charged with the preparation of financial statements and the use these internal controls to ensure efficiency and accuracy not only in the preparation of these financial statements, but also in their daily operations. Internal control systems are also used by the management in the overall decision making process by identifying and addressing preexisting anomalies in the company`s operational system.
External auditors are responsible for the verification and authentication of the financial statements prepared by the management of a company as giving a true and fair view of the company`s financial state of affairs. External auditors use internal controls to check the viability of the information given in the financial statement.
A viable conclusion to make therefore is that internal control systems are therefore more important components to the management of an organization in the daily operations of a company but more important to auditors than to management during the external auditing of the company`s financial statements. Auditors examine what is presented to them in the form of financial statements and internal controls whereas the management of a company initiates the preparation of these statements and the implementation of these internal control systems. In general, systems of internal control are therefore more important to the management of a company than they are to its external auditors.
Accounting Concern. “Audit Evidence.” 2013. Web. Accessed 2013, Nov 17.
Michele Cagan. “The Importance of Internal Controls”. 2013. Web. Accessed 2013, Nov 17.
Mohammed Wahid. “The Objective of External Audit.” 2013. Web. Accessed 2013, Nov 17.