Before any discussion on the effect of internal control on the auditor’s work is undertaken it is necessary to appreciate that devising and installation of internal control is the responsibility of the management. In any business, the management is vested with the responsibility of carrying on the business, safeguarding its assets and recording the transactions in the books of account and other records. AAS1 on “Basic Principles Governing an Audit” also states that, “the management is responsible for maintaining an adequate accounting system incorporating various internal controls to the extent appropriate to the size and nature of the business”. It should also be appreciated that in every business organisation, small or big, simple or complex, some sort of control is perceptively or otherwise in operation. It ensures uniform treatment and operation. It outlines the broad line of authority and specifies each one’s task. The form and details, however, may vary from organisation to organisation. It is also important to bear in mind that the system installed needs review by the management to
- whether the prescribed management policies are being properly interpreted by the employees and are faithfully implemented;
- whether the prescribed procedures need a revision because of changed circumstances or whether they have become obsolete or cumbersome; and
- whether effective corrective measures are taken promptly when the system appears to break down.
It is desirable that the management also installs an internal audit system as an independent function to check, amongst other things, the actual operation of the internal control system and report to it the deviations and non-compliances.