2 Internal Control Objectives 1. Reliability of financial reporting2. Efficiency and effectiveness of operations3. Compliance with laws and regulations
3 Five Components of Internal Control Control EnvironmentRiskassessmentControlactivitiesInformation andcommunicationMonitoring
4 The Control Environment Integrity and ethical valuesCommitment to competenceBoard of directors or auditcommittee participation
5 The Control Environment Management’s philosophy and operating styleOrganizational structureHuman resource policies and practices
6 Risk Assessment Identify factors that may increase risk Estimate the significance of the riskAssess the likelihood of the risk occurringDetermine actions necessary to manage the risk
7 Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities3. Adequate documents and records4. Physical control over assets and records5. Independent checks on performance
8 Proper Authorization of Transactions and Activities General authorizationSpecific authorization
9 Adequate Documents and Records Prenumbered consecutivelyPrepared at the time of transactionDesigned for multiple useConstructed to encourage correct preparation
10 Physical Control Over Assets and Records The most important type of protectivemeasure for safeguarding assets andrecords is the use of physical precautions.
11 Independent Checks on Performance The need for independent checks arisesbecause internal control tends to changeover time unless there is a mechanismfor frequent review.
12 Information and Communication The purpose of an accounting informationand communication system is to…initiate, record, process, and reportthe entity’s transactions and to maintainaccountability for the related assets.
13 Monitoring Monitoring activities deal with management’s ongoing and periodic assessment of thequality of internal control performance…to determine whether controls are operatingas intended and modified when needed.
14 Process for Understanding Internal Control and Assessing Control Risk Phase 1Obtain an understanding of internal control: design and operationPhase 2Assess control riskPhase 3Design, perform, and evaluate tests of controlsPhase 4Decide planned detection risk and substantive tests
15 Obtain and Document Understanding of Internal Control Auditing standards require auditors to obtainan understanding of internal control for everyaudit.Procedures to obtain an understanding:Design of internal controlsWhether placed in operationUses this information as a basis for theintegrated audit
17 Narrative 1. The origin of every document and record in the system 2. All processing that takes place3. The disposition of every documentand record in the system4. An indication of the controls relevantto the assessment of control risk
18 Evaluating Internal Control Operation Update and evaluate auditor’s previousexperience with the entityMake inquiries of client personnelExamine documents and recordsObserve entity activities and operationsPerform walk-throughs of the accounting system
19 Assess Control Risk Assess whether the financial statements are auditable.Determine assessed control risk supportedby the understanding obtained assumingthe controls are being followed.Use of a control risk matrix to assesscontrol risk.
20 Control Risk Matrix Many auditors use the control risk matrix to assist in the control risk assessmentprocess.
21 Control Risk Matrix Identify audit objectives Identify existing controlsAssociate controls with related audit objectivesIdentify and evaluate control deficiencies,significant deficiencies, and material weaknesses
22 Evaluating Significant Control Deficiencies SIGNIFICANCEMaterialMaterialWeaknessLIKELIHOODRemoteProbableImmaterial
23 Identify Deficiencies and Weakness Identify existing controlsIdentify the absence of key controlsConsider the possibility of compensating controlsDecide whether there is a significant deficiencyor material weaknessDetermine potential misstatements that could result
24 Communications Communications to those charged with governance Management letters
25 Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed controlrisk are called tests of controls.
26 Procedures for Tests of Controls 1. Make inquiries of client personnel2. Examine documents, records, and reports3. Observe control-related activities4. Reperform client procedures
27 Extent of Procedures Reliance on evidence from prior year’s audit Testing of controls related to significant risksTesting less than the entire audit period
28 Decide Planned Detection Risk and Design Substantive Tests The auditor uses the results of the control riskassessment process and tests of controls todetermine the planned detection risk andrelated substantive tests.The auditor links the control risk assessmentsto the balance-related audit objectives.