## Evaluation of Internal Controls by the Auditor

### Why the Auditor Evaluates IC

The auditor evaluates IC to determine:

Nature, timing, and extent of other audit procedures
Whether errors and frauds are likely to surface in ordinary operations
Whether an adequate IC system is in use and operating as planned
Whether an effective internal auditing department is operating
Whether administrative controls have a bearing on audit work
Whether controls adequately safeguard assets
How reliably management is recording transactions
How reliable reports, records, and certificates provided to management are
Areas where control is weak or excessive
Suggestions to improve the control system

---

### Methods of Evaluating Internal Controls

#### 1. Narrative Record

> A complete and exhaustive written description of the system as found in operation by the auditor.

Best for simple systems
Time-consuming for complex systems

#### 2. Checklist

> A series of instructions and/or questions that audit staff must answer or follow.

Standardises evaluation across engagements
Risk: mechanical compliance without genuine analysis

#### 3. Internal Control Questionnaire (ICQ)

> A comprehensive series of questions concerning IC — covering existence, operation, and efficiency.

Most widely used method
Designed so that a 'No' answer signals a weakness
Covers all areas systematically

#### 4. Flow Chart

> A graphic representation of each part of the company's system of IC.

Visually maps transaction flows and control points
Easy to identify missing controls or redundant controls
Best for complex, multi-department processes

---

### Comparison Table

Method	Format	Best For	Limitation
Narrative Record	Written prose	Simple systems	Cumbersome for complex systems
Checklist	Yes/No questions	Standardisation	Risk of mechanical use
ICQ	Structured questionnaire	Comprehensive coverage	'No' = weakness convention must be understood
Flow Chart	Diagrams	Complex processes	Requires diagramming skill

Worked example

### Example 1

ICQ Example: Question: 'Is there a separation of duties between the person who authorises purchases and the person who issues cheques?' → If answered 'No', it immediately flags a control weakness in the purchases-to-payment cycle.

### Example 2

Flow Chart Example: An auditor maps the sales cycle from order receipt → credit approval → dispatch → invoicing → collection. The flow chart reveals that the same person both raises invoices and records receipts — a missing segregation-of-duties control is instantly visible.

### Example 3

Narrative Record Example: For a 5-person company, the auditor writes: 'The owner approves all purchase orders above ₹10,000. Payments are made only after matching the purchase order, delivery note, and supplier invoice. The owner signs all cheques personally.' This narrative fully describes the IC over purchases.

⚠️ Common exam mistakes

Thinking only one method must be used — in practice, auditors combine methods (e.g., ICQ for initial review + flow chart for complex cycles).
In ICQ, designing questions where 'Yes' = weakness (ICQ convention is that 'No' = weakness; all questions should be framed accordingly).
Using a narrative record for large, complex entities — this creates an unmanageably long document and misses visual control gaps that a flow chart would reveal.
Treating the checklist as a substitute for professional judgment — checking boxes without actually verifying operations defeats the purpose.

Reference:

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →

Evaluation of Internal Controls by the Auditor — Methods

Worked example

⚠️ Common exam mistakes