Inherent Limitations of ICS
Even a well-designed ICS cannot provide absolute assurance that objectives will be achieved. It can only provide reasonable assurance due to the following inherent limitations:
1. Management override of controls
Management may deliberately override established controls for personal interest or to manipulate results, making controls ineffective.
2. Collusion
Two or more employees (or employees with third parties) may work together to bypass controls, which segregation of duties alone cannot prevent.
3. Human error or negligence
Mistakes may occur due to carelessness, misunderstanding of procedures, fatigue, or poor judgement.
4. Cost–benefit constraint
The cost of implementing controls must not exceed the benefits. As a result, some risks may be accepted rather than controlled fully.
5. Changes in circumstances
Controls may become ineffective over time due to changes in:
- Company size
- Nature of operations
- Technology
- Business environment
If controls are not updated, they may no longer address current risks.
Key Audit Reminder
ICS reduces the risk of errors and fraud, but cannot eliminate them completely due to inherent limitations.
Tiada ulasan:
Catat Ulasan