2Internal Control Objectives 1. Reliability of financial reporting2. Efficiency and effectiveness of operations3. Compliance with laws and regulations
3Five Components of Internal Control Control EnvironmentRiskassessmentControlactivitiesInformation andcommunicationMonitoring
4The Control Environment Integrity and ethical valuesCommitment to competenceBoard of directors or auditcommittee participation
5The Control Environment Management’s philosophy and operating styleOrganizational structureHuman resource policies and practices
6Risk Assessment Identify factors that may increase risk Estimate the significance of the riskAssess the likelihood of the risk occurringDetermine actions necessary to manage the risk
7Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities3. Adequate documents and records4. Physical control over assets and records5. Independent checks on performance
8Proper Authorization of Transactions and Activities General authorizationSpecific authorization
9Adequate Documents and Records Prenumbered consecutivelyPrepared at the time of transactionDesigned for multiple useConstructed to encourage correct preparation
10Physical Control Over Assets and Records The most important type of protectivemeasure for safeguarding assets andrecords is the use of physical precautions.
11Independent Checks on Performance The need for independent checks arisesbecause internal control tends to changeover time unless there is a mechanismfor frequent review.
12Information and Communication The purpose of an accounting informationand communication system is to…initiate, record, process, and reportthe entity’s transactions and to maintainaccountability for the related assets.
13Monitoring Monitoring activities deal with management’s ongoing and periodic assessment of thequality of internal control performance…to determine whether controls are operatingas intended and modified when needed.
14Process for Understanding Internal Control and Assessing Control Risk Phase 1Obtain an understanding of internal control: design and operationPhase 2Assess control riskPhase 3Design, perform, and evaluate tests of controlsPhase 4Decide planned detection risk and substantive tests
15Obtain and Document Understanding of Internal Control Auditing standards require auditors to obtainan understanding of internal control for everyaudit.Procedures to obtain an understanding:Design of internal controlsWhether placed in operationUses this information as a basis for theintegrated audit
17Narrative 1. The origin of every document and record in the system 2. All processing that takes place3. The disposition of every documentand record in the system4. An indication of the controls relevantto the assessment of control risk
18Evaluating Internal Control Operation Update and evaluate auditor’s previousexperience with the entityMake inquiries of client personnelExamine documents and recordsObserve entity activities and operationsPerform walk-throughs of the accounting system
19Assess Control Risk Assess whether the financial statements are auditable.Determine assessed control risk supportedby the understanding obtained assumingthe controls are being followed.Use of a control risk matrix to assesscontrol risk.
20Control Risk Matrix Many auditors use the control risk matrix to assist in the control risk assessmentprocess.
21Control Risk Matrix Identify audit objectives Identify existing controlsAssociate controls with related audit objectivesIdentify and evaluate control deficiencies,significant deficiencies, and material weaknesses
22Evaluating Significant Control Deficiencies SIGNIFICANCEMaterialMaterialWeaknessLIKELIHOODRemoteProbableImmaterial
23Identify Deficiencies and Weakness Identify existing controlsIdentify the absence of key controlsConsider the possibility of compensating controlsDecide whether there is a significant deficiencyor material weaknessDetermine potential misstatements that could result
24Communications Communications to those charged with governance Management letters
25Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed controlrisk are called tests of controls.
26Procedures for Tests of Controls 1. Make inquiries of client personnel2. Examine documents, records, and reports3. Observe control-related activities4. Reperform client procedures
27Extent of Procedures Reliance on evidence from prior year’s audit Testing of controls related to significant risksTesting less than the entire audit period
28Decide Planned Detection Risk and Design Substantive Tests The auditor uses the results of the control riskassessment process and tests of controls todetermine the planned detection risk andrelated substantive tests.The auditor links the control risk assessmentsto the balance-related audit objectives.