Presentation is loading. Please wait.

Presentation is loading. Please wait.

10 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.

Similar presentations


Presentation on theme: "10 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10."— Presentation transcript:

1

2 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10

3 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 1 Describe the three primary objectives of effective internal control.

4 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Compliance with laws and regulations Efficiency and effectiveness of operations Reliability of financial reporting Internal Control Objectives

5 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 2 Contrast management’s responsibilities for maintaining and reporting on internal controls with the auditor’s responsibilities for understanding, testing, and reporting on internal controls.

6 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Management and Auditor Responsibilities Related to Internal Control Management’s responsibility for establishing internal control Reasonable assurance Inherent limitations

7 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Management and Auditor Responsibilities Related to Internal Control Management’s Section 404 reporting responsibilities Design of internal control Operating effectiveness of controls

8 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Management and Auditor Responsibilities Related to Internal Control Auditor responsibilities for understanding internal control Control over classes of transactions Auditor responsibilities for testing and reporting on internal control and reporting on internal control

9 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Sales Transaction-Related Audit Objectives Sales Transaction-Related Audit Objectives Sales are for shipments to existing customers. Transaction-Related Audit Objective – General form Recorded transactions exist (existence). Existing sales transactions are recorded. Existing transactions are recorded (completeness). Transactions are stated correctly (accuracy). Sales for goods shipped are correctly billed.

10 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Sales Transaction-Related Audit Objectives Transactions are properly classified (classification). Sales transactions are properly classified. Transactions are recorded on correct dates (timing). Sales are recorded on the correct dates. Transactions are properly filed (posting and summarization). Sales transactions are properly included in the master files. Transaction-Related Audit Objective – General form Sales Transaction-Related Audit Objectives

11 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 3 Explain the five components of the COSO internal control framework.

12 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Five Components of Internal Control Riskassessment Controlactivities Information and communication Monitoring

13 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Control Environment Integrity and ethical values Commitment to competence Board of directors or audit committee participation Management’s philosophy and operating style

14 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Control Environment Organizational structure Assignment of authority and responsibility Human resources policies and practices

15 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Risk Assessment Identify factors that may increase risk. Assess the likelihood of the risk. Determine actions necessary to manage the risk. Estimate the significance of the risk.

16 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance

17 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Adequate Separation of Duties Custody of assets Accounting Authorization of transactions The custody of related assets OperationalresponsibilityRecord-keepingresponsibility IT duties User departments

18 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Proper Authorization of Transactions and Activities General authorization Specific authorization

19 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Adequate Documents and Records Prenumbered consecutively Prepared at the time of transaction Designed for multiple use Constructed to encourage correct preparation Simple enough to ensure understanding

20 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Physical Control over Assets and Records The most important type of protective measure for safeguarding assets and records is the use of physical precautions.

21 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Independent Checks on Performance The need for independent checks arises because internal control tends to change over time unless there is a mechanism for frequent review.

22 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Information and Communication The purpose of an accounting information and communication system is to… initiate, record, process, and report the entity’s transactions and to maintain accountability for the related assets.

23 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Monitoring Monitoring activities deal with management’s ongoing and periodic assessment of the quality of internal control performance… to determine whether controls are operating as intended and modified when needed.

24 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder How the Size of the Business Affects Internal Control In general the SEC believes that small businesses should be expected to adhere to the same internal control standards that apply to larger public companies. The SEC has also stated that the burden to smaller companies can be disproportionate.

25 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 4 Obtain and document an understanding of internal control.

26 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Four Phases of a Financial Statement Audit Phase 1 Obtain an understanding of internal control: design and operation Phase 2 Assess control risk. Phase 3 Design, perform, and evaluate tests of controls Phase 4 Decide planned detection risk and substantive tests.

27 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Obtain and Document Understanding of Internal Control SAS 55 and PCAOB Standard 2 both require the auditor to obtain an understanding of internal control for every audit. Procedures to obtain an understanding: Design of internal controls Design of internal controls Whether placed in operation Whether placed in operation Uses this information as a basis for the Uses this information as a basis for the integrated audit. integrated audit.

28 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Methods Used Narrative Flowchart Internalcontrolquestionnaire

29 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Narrative 1. The origin of every document and record in the system and record in the system 2. All processing that takes place 3. The disposition of every document and record in the system and record in the system 4. An indication of the controls relevant to the assessment of control risk to the assessment of control risk

30 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Evaluating Internal Control Operation Update and evaluate auditor’s previous experience with the entity. Make inquiries of client personnel. Examine documents and records. Observe entity activities and operations. Perform walkthroughs of the accounting system.

31 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 5 Assess control risk by linking key controls, significant deficiencies, and material weaknesses to transaction-related audit objectives.

32 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Assess Control Risk Assess whether the financial statements are auditable. Determine assessed control risk supported by the understanding obtained assuming the controls are being followed. Use of a control risk matrix to assess control risk

33 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Control Risk Matrix Auditors use the control risk matrix to identify both controls and weaknesses and to assess control risk.

34 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Control Risk Matrix Identify transaction-related audit objectives. Identify existing controls. Associate controls with transaction-related audit objectives. Identify and evaluate control deficiencies, significant deficiencies, and material weaknesses

35 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Evaluating Significant Control Deficiencies MaterialWeakness LIKELIHOODSIGNIFICANCEMaterial Immaterial ProbableRemote

36 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Communicate Internal Control Deficiencies and Related Matters Management letters Audit committee communications

37 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 6 Describe the process of designing and performing tests of controls.

38 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls.

39 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Procedures for Tests of Controls 1. Make inquiries of client personnel. 2. Examine documents, records, and reports. 3. Observe control-related activities. 4. Reperform client procedures.

40 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Extent of Procedures Reliance on evidence from prior year’s audit Testing less than the entire audit period

41 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Relationship of Assessed Control Risk and Extent of Procedures InquiryDocumentationObservationReperformanceYes–extensive Yes–with transaction walk-through walk-through walk-throughNoYes–some Yes–using sampling Yes–at multiple times Yes–using sampling Type of procedure High level: Procedures to obtain an understanding Lower level: Tests of controls Assessed control risk

42 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Decide Planned Detection Risk and Design Substantive Tests The auditor uses the results of the control risk assessment process and tests of controls to determine the planned detection risk and related substantive tests. The auditor links the control risk assessments to the balance-related audit objectives.

43 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 7 Understand Section 404 requirements for auditor reporting on internal control.

44 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Section 404 Reporting on Internal Control The auditor’s opinion on whether management’s assessment of the effectiveness of internal control over financial reporting as of the end of the fiscal period is fairly stated, in all material respects. 1

45 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Section 404 Reporting on Internal Control The auditor’s opinion on whether the company maintained, in all material respects, effective internal control over financial reporting as of the specified date. 2

46 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Types of Opinions Unqualified Adverse Qualified or disclaimer of opinion

47 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Learning Objective 8 Describe the differences in evaluating, reporting, and testing internal control for nonpublic companies.

48 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Evaluating, Reporting, and Testing Internal Control for Nonpublic Companies 1. Reporting requirements 2. Extent of required internal controls 4. Assessing control risk 5. Extent of tests of controls needed 3. Extent of understanding needed

49 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Differences in Scope of Controls Tested: Nonpublic Company Internal controls over financial reporting Internal controls used to assess control risk below maximum Controls that must be tested in an audit of financial statements Controls that must be tested in an audit of internal controls

50 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder End of Chapter 10


Download ppt "10 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10."

Similar presentations


Ads by Google