The key aspects of a good internal control system are that all policies, procedures, practices and methods carried out in an organisation to ensure their objectives are met, that their assets are safeguarded, and the transactions are accurately entered and recorded.
Control Activities – Policies and procedures established to provide reasonable assurance that management decisions are executed.
Risk Management – Identification, analysis and management of risks relevant to the preparation of financial statements. Risks include internal and external events that may occur and adversely affect an entity’s ability to process and report financial data consistent with management assertions.
Management Assertions – Management or those in charge of the governance within the organisation, make a number of assertions about the financial information that is prepared and presented to users.
The key aspects of Internal Auditing are to help an entity accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing is a catalyst for improving an entity’s risk management, management controls by providing recommendations based on assessments of the data collected and its business practices.
As stated in paragraph 58 of Auditing Standard ASA 315
“Division of Internal Control into Components A58. The division of internal control into the following five components, for purposes of Australian Auditing Standards, provides a useful framework for auditors to consider how different aspects of an entity’s internal control may affect the audit: (a) The control environment; (b) The entity’s risk assessment process; (c) The information system, including the related business processes, relevant to financial reporting, and communication; (d) Control activities; and (e) Monitoring of controls.”
The main difference between internal control and internal auditing is:
Internal Control is a system that is set up and controlled within an entity and has procedures to achieve the business objective.
Internal Auditing is a function, where it is performed by professions to ensure that internal control system is implemented so the entity is effective and to detect fraud/risks to the business.