Modern Economy
Vol.5 No.7(2014), Article ID:47279,6 pages DOI:10.4236/me.2014.57072

Research and Discussing on Internal Control Auditing

Jianfei Leng, Lingfen Zhang

School of Business, Hohai University, Nanjing, China


Copyright © 2014 by authors and Scientific Research Publishing Inc.

This work is licensed under the Creative Commons Attribution International License (CC BY).

Received 1 May 2014; revised 1 June 2014; accepted 13 June 2014


In modern China, the development of the economy is rapid; it mainly includes the creation of many companies. However, it is a double edged sword which may lead to economic development, but it also has a lot of problems. This paper mainly regards the corporate internal control system as the research object. Through the Zhong Xin Fu Tai cases, it found problems from specific aspects and the overall level of internal control audit, and identified the problems and then proposed appropriate recommendations for improvement.


Internal Control, Financial Statements, Auditing

1. Introduction

The internal control system is an important activity of enterprises operating smoothly, which is the important measure to achieve the long-term strategic development of the enterprise and which aims to improve the operating efficiency of the effect. The external audit of Internal Control over Financial Reporting (ICFR) is a very expensive and contentious aspect of the Sarbanes-Oxley Act (SOX). Wang Qin, Huang Dan, Ellen Young found that the disclosure of internal control self-assessment report is better; internal control audit report issued by the numbers is increasing year by year, but the accounting firm’s internal control audit report’s credibility has yet to be verified [1] . The current enterprise faces the problems which come from the aspects such as society, economy, law, foreign culture changes in the environment, which has prompted the development of internal control theory; furthermore, the internal control system mainly experiences five development stages. They include the internal check, internal control, internal control structure, internal control-integrated framework, enterprise risk management-integrated framework. Firms are more likely to be identified with an internal control weakness, if their audit committees have less financial expertise or, more specifically, have less accounting financial expertise and non-accounting financial expertise [2] . The first line of the enterprise internal control defense is to prevent financial reporting errors and frauds, which make sure that the internal mechanism of enterprises is a complete financial report. The second line of defense is against the enterprise financial report errors and frauds. The certified public accountants namely put forward the financial statements and express the opinion of the enterprise accounting information quality.

Firms are more likely to be identified with an internal control weakness, if their audit committees have less financial expertise or, more specifically, have less accounting financial expertise and non-accounting financial expertise [3] . In recent years, auditing in China has made remarkable development; in June 2008 and April 2010, the ministry of finance, securities and futures commission, the national audit office, the China banking regulatory commission, insurance regulatory commission has jointly issued the enterprise internal control basic norms and three facilities, such as enterprise internal control audit guidelines, which are mainly aiming at the existing problem of Chinese enterprises and establishing internal control system, and for Chinese companies, a sound system of internal control is established which provides the basic framework, namely “to establish internal control system is the Chinese enterprises to participate in international competition, gradually accepted and conscientiously abided by rules of the market economy, perfecting enterprise system and the inherent requirement of fine management”. Based on resource dependency theory that stresses entity’s economic needs for internal control over administering federal funding, they select a sample of nonprofit hospitals subject to the Single Audit Act in the United States, from 2001 to 2008. Their results show that hospitals that had audit committees and also employed Big 4 auditors were associated with better internal control quality [4] .

The internal control goal guarantees enterprise operation and management in accordance with the provisions of the laws and regulations, the safety of the assets, and financial reports and related information and true, and improves the management efficiency and effectiveness, promotes enterprise development strategy—“internal control audit is a control behavior which can understand internal control whether the establishment is effective, can prevent the fraud, at last to provide reasonable assurance for the realization of the internal control goals” [5] . In Chinese state-owned enterprises occupying the dominant position in the national economy, the number is larger, and the relationship in the state-owned enterprise internal control audit has very important practical significance. It is beneficial to the state-owned enterprises to speed up the perfect internal control system, which is more advantageous to enhance the enterprise competition. The remaining part is organized as follows:

The second part mainly analyses the internal audit and explains its relationship with the audit of financial statements from the company’s management aspect; the third part describes the main elements of the internal control; the fourth part is about the case description and analysis; the fifth part is the conclusions and recommendations.

2. From the Company’s Management Aspect, It Mainly Analyses the Internal Audit and Explains Its Relationship with the Audit of Financial Statements

In the past, people used to focus on whether the management has the behavior beyond the control. Though we can’t deny that this is still a part of the modern internal control auditing important content, under modern corporate environment, for the audit, the process of management aims to achieve effective utilization of resources. “On the one hand, the management is the vital position in the control environment.”

As an example, Shanghai Stock Exchange main board listed companies to disclose Internal 2012 control selfassessment report and the audit report as a sample, follow the COSO internal control report, the five elements of internal control of 650 Shanghai-listed companies drawn from the analysis of defect types: Shanghai-listed companies to disclose Internal control deficiencies small percentage of the company; [6] management ideology, directly affect the whole process of, only we fully understand the intention of the authorities, we can do better to improve the internal control by the audit company, and perfect the process, so as to improve the company’s operating purposes. This article combines internal control and information technology, suggesting how internal control plays a positive role in achieving company’s goal and improving enterprise value [7] .

The process audit is a kind of more operational audit. “In Wang Haibin’s paper, internal control self-assessment report is not only a reflection of the effectiveness of corporate financial reporting, it is the business of the whole process of implementation of internal control evaluation, development and implementation of the internal control system has a decisive role [8] .” The concept itself also has to ensure the efficiency of the internal control process and to determine the reasonable goal, evaluation of project risk, implementation of control behavior, guarantee the realization of the goal, and then make sure the new goal to adapt to the development of enterprise. “Internal control is a continuous cycle repeat steps, so for the evaluation of internal control and audit, it also should be to this process audit. So the audit of internal control should be a circulation of the audit process [9] .”

Enterprise internal control operates smoothly and that has important influence on enterprises to prepare financial statements. The following briefly introduces the relation and the distinction between the financial statements and the internal control.

The relationship between the internal control and the company’s financial statements:

1) The audit in the same way.

Both took risk oriented audit mode. Audit procedures are same. Financial statements audit must understand the internal control environment of the enterprises, and even take control of the test; the internal control auditing must understand and test the internal control; at the same time the definition of the effectiveness of the internal control and evaluation method, they can be used to ask, examination, observation, through the test, to implement methods and procedures.

2) Focus on the same object.

Both of them need to identify key account, important deal category and so on. In the financial statements audit certified public accountant needs to evaluate these key accounts and key to make sure that whether they are the material misstatement category; in the internal control audit, they need to evaluate whether these accounts and transaction are covered by the internal control.

3) Determine the importance of the same level.

They need to check whether there is a material misstatement in the financial report; to determine the level of importance in the internal control audit, they also need to check whether there is a significant internal control defects.

Therefore, only internal control get to formulate and effective implementation, can they guarantee the audit report is issued by officially. But the specific part of the internal control and those content will be namely introduced in the next section.

3. Main Components of the Internal Control

First of all, the control environment is the first part of the internal control framework. It sets the tone for the company as a whole and it also affects the execution of its staff awareness. This is an integral part of the internal control components and the basis of internal control procedures provides the tone and organizational structure. In this phase, the company determines the business goals and the overall business philosophy. It is used to identify and analyze and realize the risks associated with the company’s objectives. Every company is faced with various risks from internal and external, therefore, to maintain the continuing operations of the enterprise, they must assess the risk. At this stage, the company should find out all kinds of risks and determine the basic measures of risk management; control activities is the third part of the internal control framework, it helps to reduce the risk of company objectives, control activities including account reconciliation, separation of duties, decentralization, and uses the serial number of the documents in advance to aim to overcome these activities, such as the company may face the potential risks, and help the company achieve its business goals [10] . So the company must be in the form of appropriate and at the appropriate time determine and communicate relevant information about the internal control so that in the fourth part of the internal control people can perform their duties of communication and information.

It must be communicated with the company’s business objectives, and control activities should control activities so that the staff can find the management information and also need to monitor by monitoring, and control activities over a period of time can be evaluated, as well as the whole internal control, you can determine the effectiveness of the control activities to make sure whether the control activities need to be scaled, or whether it is no longer needed to perform. They also should be evaluated at this stage of the company’s business objectives.

The above five aspects is necessary for the enterprise to develop sustainable and healthy which include the control environment, risk assessment and supervision process, and the business process level control include the control activities, further, only will do the business flow, daily life and from the overall level, enterprise’s control can continue to operate normally [11] . Today’s enterprise internal control audits are almost large enterprise internal. And big enterprise is mainly state-owned enterprises. They can be stated through the specific case below.

4. Case Is Introduced and Analyzed

The company is listed in 1986. In the same year, in February’s it issues 270 million new shares to the China international trust and investment group (Hong Kong) co. LTD. This make the CITIC group (Hong Kong) hold company’s 64.7% [12] stake. Since then, it had become a subsidiary of CITIC. In Western Australia CITIC Pacific’s operated iron ore, in order to reduce the currency risk of the company, since 2007, CITIC Pacific began to buy foreign currency options contracts to hedge. On December 5, 2008, CITIC Pacific’s shares closed at 5.80 Hong Kong dollars and declined more than HK $21 billion in more than a month’s. On November 12, 2008, CITIC Pacific’s made an announcement again, with the parent company of CITIC group restructuring reaching a preliminary agreement, one of them was to convert the bond manner and to CITIC capital injection of $1.5 billion. At the general meeting, according to leaked CITIC Pacific on December 19, shareholders got 99.94% of the vote. Second is the “surgical” way of the partial derivatives contracts from the listed company, CITIC group will assist in CITIC Pacific two-step restructuring the existing a $8.7 billion contract. According to the announcement, CITIC group hopes to complete restructuring in December 30. The derivatives losses are over periodically.

In the second part we introduced the five elements of internal control, now we will explain the cause of the problem from the aspect of the business flow and the overall level in this paper.

4.1. The Business Flow

It mainly includes two parts: control activities and information systems. In CITIC Pacific’s case, its defects embodied in investing heavily, within the scope of a certain amount, there are corresponding level for examination and approval of personnel, but in the actual execution process, because of the amounts involved, numerous and complicated formalities, it finally results in the defect of the control activities; in information systems, because there are specific legal provisions of the state-owned enterprises overseas futures hedging business management method, it clear stipulates the total trading spot trading volume shall be a limited amount, while CITIC Fu Tai chairman Larry Yung and managing director Henry Fan has been aware of this situation. But he did not communicate timely; finally, the circumstance led to the delay of information, as a result, the amount made losses increase greatly.

4.2. The Overall Level

It mainly includes three parts: control environment, risk assessment and supervision. In this case, they don’t have a design about the necessary risk assessment process; they also don’t make the overall understanding of the overall control environment. Without the approval of the board of directors the company executives make a major strategic decision which makes the CITIC Pacific exists a huge hole in corporate governance. Standard & poor’s, a rating agency, at the same time according to the report, CITIC Pacific’s huge foreign exchange trading losses reflect that the company lacks proper internal regulation and transparency insufficient which cause huge losses of CITIC Pacific.

For any management decision-making activities of the enterprise, they must consider the basis of the above five aspects, then the company could have much better development.

5. The Conclusions and Recommendations

5.1. To Ensure Effective Implementation of Internal Control

Since 2002 the United States has gradually strengthened the construction of enterprise internal control and supervision, and the most representative is issued by the US President George Bush in 2002 Sarbanes Oxley Act which puts forward the effectiveness of internal control self-assessment, hires a certified public accountant audit self-assessment report required and classified according to the type and size of listed companies gradually, and strengthens the supervision of the internal control of listed companies. The enterprise that has investment value needs not only to have a good business performance and developing prospect, but also to have a perfect internal control system; to some extent, the internal control failure faced a greater risk of decline in operating performance. This may bring fatal harm to the significant internal control defects.

In our country, commodity business has entered the era of meager profit. As an example of the steel industry, according to the survey, in 2009 profit margin of annual sales of large and medium-sized steel mills is only 2.5%, however, capital operation is more risky than the traditional commodity business. Deron, Gelinkeer events and a series of failure cases are being exposure, which show the significance and urgency of the internal control and economic globalization. Enterprises are facing the risk of more complex control and the most important way of avoiding these risks is to establish and implement internal control system, and make the effect about the internal control audit.

The development of our country enterprises is more and more restricted by market and a buyer’s market has initially formed. The increasingly competitive market focuses more on high quality, many varieties, famous brand, low cost, economies of scale of enterprises and products; this has forced companies to enhance their own brand strength by controlling the cost, improving the management level and finally to ensure the realization of business objectives.

5.2. The Establishment of Independent Internal Control Audit Institutions

“In view of the state-owned enterprise, internal audit independence is not recognized by the public of the status, I think they should set up internal audit institutions under the highest decision-making and enforcement agencies, and they also should appoint the nomination or specific head to ensure the independence and authority of internal audit institutions; at the same time, we should follow our country enterprise internal control basic norms and the enterprise internal control audit guide specification requirements to make sure that audit content and audit procedures are reasonable and find weak link of enterprise internal control and internal management and at the same time we should put forward opinion to improve the enterprise internal control.”

In our country, enterprise internal control supporting guidance of certified public accountants audit guidelines demands that the CPA should implement the audit work in accordance with the method of top-down which requires the auditor to focus on the level control first, then the big account, and the final focusing on trading or application level in the process of the specific control in the state-owned enterprise internal control audit work; commonly used methods are mainly about the appropriate personnel, observing activities, checking the related documents through testing, and the methods of execution, but the question itself is not enough to obtain sufficient and appropriate evidence, and it should be combined with other internal control auditing method together.

5.3. Improve the Quality of the Internal Auditors

Perfecting the internal audit work—“the internal control auditing practice standard is the internal control audit personnel’s professional standard; they need to have a number of highly qualified internal control auditing professionals”, it is important to strengthen audit professionals follow-up education. “Through enhancing the auditor’s professional ethics consciousness, strengthening audit professional training, strengthening the internal auditors of the certification exam and continuing education training, they aim to improve risk analysis of the internal audit staff proactive; they need to meet the requirements of the development of state-owned enterprise internal audit in the aspects such as personnel structure and quality.”

5.4. Strengthening the Internal Control Auditing Supervision

At the end of each year, according to the principle of cost and the importance, SASAC available should make spot check about whether the state-owned enterprise internal control is effective; the internal control evaluation report is a true reflection of enterprise internal control; internal control of the auditing reports issued by certified public accountants is real fair. Only when they strengthen the regulation, the state-owned enterprise internal control construction and the effect of the internal control auditing will be strengthened.


  1. Wang, Q., Huang, D. and Young, E. (2014) Internal Control Information Disclosure Situation Analysis—Based on Studies of the Shenzhen Stock Exchange from 2008 to 2012. Taxation and Economy, 1, 57-62. (in Chinese)
  2. Herda, D.N., Notbohm, M.A. and Dowdell, T.D. (2014) The Effect of External Audits of Internal Control over Financial Reporting on Financial Reporting for Clients of Big 4, Second-Tier, and Small Audit Firms. Research in Accounting Regulation, 26, 98-103.
  3. Dey, R.M. and Sullivan, M.W. (2012) Was Dodd-Frank Justified in Granting Internal Control Audit Exemption to Small Firms? Managerial Auditing Journal, 27, 666-692.
  4. Keane, M.J., Elder, R.J. and Albring, S.M. (2012) The Effect of the Type and Number of Internal Control Weaknesses and Their Remediation on Audit Fees. Review of Accounting and Finance, 11, 377-399.
  5. Pridgen, A. and Wang, K.J. (2012) Audit Committees and Internal Control Quality: Evidence from Nonprofit Hospitals Subject to the Single Audit Act. International Journal of Auditing, 16, 165-183. (in Chinese)
  6. Wang, T. (2013) Shanghai Stock Exchange Main Board Listed Companies to Disclose Control Deficiencies. Analysis Foreign Trade, 12, 105-107. (in Chinese)
  7. Li, R.M. and Zhang, S.Q. (2013) Empirical Study on the Correlation between the Internal Control and Enterprise Value—Based on the Information System. Journal of Computers, 6, 126-129. (in Chinese)
  8. Wang, H.B. (2014) Internal Control Self-Assessment Report Literature Review Study. Disclosure of Beijing Technology and Business University (Social Science Edition), 1, 89-95. (in Chinese)
  9. Chen, L.R. and Huang, Y. (2013) Management Residual Control Rights, Residual Claim and Internal Control Audits Correlation. Chinese CPA, 7, 88-94. (in Chinese)
  10. Wang, H.C. and Kim, J.J. (2013) Internal Control over Financial Reporting of Listed Companies Audited Problems. Green Accounting, 7, 18-20. (in Chinese)
  11. Zhu, C.J. and Han, X.W. (2013) Audit of Internal Control over Financial Reporting Audit Opinions Impact Study— Evidence from China’s A-Share Listed Companies in 2011. Beijing Technology and Business University (Social Science Edition), 5, 77-82. (in Chinese)
  12. Ding, H. (2009) CITIC Pacific for ex Derivatives Investment Losses Case Studies and Inspiration. Southern Finance, Section 3. (in Chinese)