A review of the ICS of an entity is of paramount necessity as it may dominate the basis for judgement of the Independent Auditor(s).
International Standards of Auditing (ISA) 400 look at IC to comprise Control Environment and Control Procedures. These include all the policies and procedures adopted by the management of an entity. This assists in their objective of achieving as far as possible the orderly and efficient conduct of the business.
Management is responsible for the success or failure of any business from the eyes of the ICS of that entity. The ICS, to be established by management, should be effective and should help in realising most, if not all, of the entity’s objectives.
The ICS must ensure that accurate and reliable data is provided. This data would be used by stakeholders to make strategic decisions. If these data are inaccurate, the decision would lead the entity into confusion.
The ICS should also ensure that assets and records are safeguarded. If this is well built on the ground, the ‘going concern’ concept of the entity would have been ‘in the bag’.
Adherence to prescribed policies should also be encouraged by the ICS. A stringent respect of the rules and policies put in place would facilitate the realisation of the company goals.
Promotion of operational efficiency and the cuddling of new technology should also be ensured. All attempts to safeguard assets and records and to provide reliable data should be cost effective. Otherwise, the objective of the business would not be met.
The ICS should strictly ensure that there is total compliance to legislative provisions. This relates to the provisions of the General Tax Code (GTC), OHADA and Finance laws. Entities that infringe these provisions are prone to incur Contingent Liabilities which has an adverse effect on the business.
The ICS should equally ensure that fictitious and none-existent transactions are not incorporated in the records.
Furthermore, transactions should be completely recorded, done so at their exact values and classified in the precise account at the time they occurred.
It is of absolute necessity to note here that all transactions should be properly authorised either generally or specifically. This authorisation has to be done by a competent official. This will limit wastage and destruction of company property.
Worthy to emphasise that IC comprises Control Environment and Control Procedures. The Control Environment of an entity embodies the following: actions, policies and procedures of top management; management philosophy and operating style; methods to communicate the assignment of authority and responsibility.
Control Procedure on its part ensures that: there is adequate separation of duties; proper authorisation of transactions and records; physical control over assets and records and independent checks on performance.
In sum, the ICS should ensure cordiality in the work environment; enable people to work happily and strong enough to blind-fold the Independent Auditors. It should just be ideal.