Internal control audit is one of the important contents of modern enterprise internal audit, the purpose of which is to find and solve the problems existing in internal control and improve the management level and risk prevention ability of the enterprise through the evaluation and review of the internal control system of the enterprise. This article will focus on the key contents and audit methods of internal control audits.
1. The key content of the internal control audit.
1.Internal control environment audit.
The internal control environment is the foundation of an enterprise's internal control, including the company's governance structure, organizational structure, corporate culture, human resources policy, etc. The internal control environment audit mainly focuses on whether the enterprise has established a sound governance structure, whether the organizational structure is clear and responsibilities are clear, whether the corporate culture emphasizes integrity, law-abiding, responsibility and risk awareness, and whether the human resources policy is conducive to the growth and development of employees.
2.Risk management audits.
Risk management is an important part of an enterprise's internal control, including risk identification, assessment, monitoring and control. Risk management audit mainly focuses on whether the enterprise has established a sound risk management system, whether it can identify and assess potential risks in a timely manner, and take effective measures to monitor and control.
3.Audit of internal control activities.
Internal control activities are the specific implementation measures of the internal control of the enterprise, including the business process, financial management, information system and other aspects of the enterprise. The audit of internal control activities mainly focuses on whether the enterprise has carried out various business activities in accordance with the requirements of internal control, whether the financial management is standardized and transparent, and whether the information system is safe and reliable.
4.Internal control oversight audits.
Internal control supervision is the guarantee mechanism of the internal control of an enterprise, including internal audit, external audit, etc. Internal control supervision and audit mainly focuses on whether the enterprise has established an effective internal audit mechanism, whether it can timely discover and correct internal control problems, and whether it accepts the supervision and inspection of external audit.
2. Methods of internal control audit.
1.Document review.
Document review is a review of documents related to an enterprise's internal controls, including corporate rules and regulations, business process charts, financial statements, etc. Through document review, you can understand the internal control system and specific implementation of the enterprise, and find out the existing problems and deficiencies.
2.On-site observation.
On-site observation is a direct observation of the implementation of the internal control of the enterprise, including the observation of the work process and operation specifications of the employees of the enterprise. Through on-site observation, we can find out the problems and deficiencies of enterprise employees in specific operations, and put forward suggestions and suggestions for improvement.
3.Ask about surveys.
The inquiry survey is a survey of the employees and management of the enterprise, including the understanding and perception of the internal control of the enterprise, the existing problems and deficiencies, etc. Through the inquiry, we can understand the understanding and views of employees and management on internal control, and provide a reference for subsequent audit work.
4.Analytical procedures.
The analytical procedure is the analysis of the financial and non-financial data of the enterprise, including the analysis of the financial statements of the enterprise, the analysis of business data, etc. Through analytical procedures, the correlation and regularity between financial and non-financial data of enterprises can be discovered, and possible anomalies and problems can be discovered.
5.Walk-through test.
Walk-through testing is a test of an enterprise's business processes, including tests of all aspects of an enterprise's business processes. Through the walk-through test, we can understand the specific implementation of the enterprise business process, find the existing problems and shortcomings, and put forward suggestions and suggestions for improvement.
6.Symposium.
The symposium is a discussion of issues related to the internal control of enterprises, including the design, implementation and supervision of the internal control system of enterprises. Through the symposium, we can understand the views and suggestions of employees and management on the internal control of the enterprise, and provide reference for the follow-up audit work.
In short, internal control audit is one of the important contents of modern enterprise internal audit, through the evaluation and review of the internal control system of the enterprise, find and solve the problems of internal control, and improve the management level and risk prevention ability of the enterprise. In the specific implementation process, it is necessary to pay attention to the selection and application of key contents and methods.