An evaluation of internal control involves an examination of the effectiveness of an organization's system of internal controls. By engaging in this evaluation, an auditor can determine the extent of other tests that must be performed in order to arrive at an opinion regarding the fairness of the entity's financial statements. A robust system of internal controls reduces the risk of fraudulent activity, which moderates the need for additional audit procedures. The examination concentrates on such issues as:
- The separation of duties
- Checks and balances
- Safeguarding of records
- The training level and competence of employees
- The effectiveness of the entity's internal audit function
The steps involved in this evaluation process include the following:
- Determine the extent and types of controls being used by the client.
- Determine which of these controls the auditor intends to rely upon.
- Based on the first two steps, determine which audit procedures should be expanded or reduced.
- Make recommendations to the client regarding how to improve its system of internal controls.
The last of the preceding steps is useful for improving the control environment for the auditor in the following year's audit.