Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 7- 1 © The McGraw-Hill Companies, Inc., 2006 Internal Control.

Similar presentations


Presentation on theme: "Slide 7- 1 © The McGraw-Hill Companies, Inc., 2006 Internal Control."— Presentation transcript:

1 Slide 7- 1 © The McGraw-Hill Companies, Inc., 2006 Internal Control

2 Slide 7- 2 © The McGraw-Hill Companies, Inc., 2006 Internal Control System Definition A process...designed to provide reasonable assurance regarding, achievement of (the entity’s) objectives in the following categories: è Effectiveness and efficiency of operations è Reliability of financial reporting è Compliance with applicable laws and regulations Source: Committee of Sponsoring Organizations

3 Slide 7- 3 © The McGraw-Hill Companies, Inc., 2006 Components of Internal Control  The Control Environment  Risk Assessment  The Accounting Information and Communication System  Control Activities  Monitoring

4 Slide 7- 4 © The McGraw-Hill Companies, Inc., 2006 Control Environment(Internal) l Integrity and ethical values l Commitment to competence l Board of directors or audit committee l Management philosophy and operating style l Organizational structure l Human resource policies and practices l Assignment of authority and responsibility

5 Slide 7- 5 © The McGraw-Hill Companies, Inc., 2006 Control Environment (External) Reviews by Governmental Agencies:  OSHA, FDA, IRS, GAO, EPA, DCAA, Bank Examiners, Bd of Equalization, State Franchise Tax Bd Reviews by Non-Governmental Agencies:  ISO, Industry Associations

6 Slide 7- 6 © The McGraw-Hill Companies, Inc., 2006 Components of Internal Control lThe Control Environment lRisk Assessment lThe Accounting Information and Communication System lControl Activities lMonitoring

7 Slide 7- 7 © The McGraw-Hill Companies, Inc., 2006 Client Risk Assessment Clients must constantly reassess its ICS because of: l Changes in regulatory or operating environment l Changes in key personnel l Implementation of new/modified information system l Rapid growth of the organization l Changes in technology affecting production processes or information systems l Introduction of new lines of business, products, or processes

8 Slide 7- 8 © The McGraw-Hill Companies, Inc., 2006 Components of Internal Control lThe Control Environment lRisk Assessment lThe Accounting Information and Communication System lControl Activities lMonitoring

9 Slide 7- 9 © The McGraw-Hill Companies, Inc., 2006 Primary Objectives of Accounting & Information Systems l Identify & record all, but only, valid transactions l Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions l Measure the value of transactions appropriately l Determine time period in which the transactions occurred to permit recording in the proper period l Present properly the transactions and related disclosures in the financial statements

10 Slide © The McGraw-Hill Companies, Inc., 2006 Components of Internal Control lThe Control Environment lRisk Assessment lThe Accounting Information and Communication System lControl Activities lMonitoring

11 Slide © The McGraw-Hill Companies, Inc., 2006 Types of Control Activities l Performance Reviews (Usually Detection) (Reconcile, Analyze & Approve) l IT General & Application Controls (Ch 8) l Physical Security Controls l Segregation of Duties  Recording Transactions  Authorizing Transactions  Custody of Related Asset

12 Slide © The McGraw-Hill Companies, Inc., 2006 Components of Internal Control lThe Control Environment lRisk Assessment lThe Accounting Information and Communication System lControl Activities lMonitoring

13 Slide © The McGraw-Hill Companies, Inc., 2006 Monitoring Monitoring ICS Effectiveness & Compliance  Ongoing Monitoring Activities (Management review & follow-up)  Separate Evaluations (Internal Audits or Self Compliance)  Public Companies: SOX Section 404 Monitoring and Assessment

14 Slide © The McGraw-Hill Companies, Inc., 2006 Monitoring Internal Controls Do Public Companies do More? l Section 404 of Sarbanes-Oxley requires at least quarterly monitoring & assessment of financial reporting internal control effectiveness. Comment required on any material change during a fiscal quarter. l CFO normally leads, generally with Internal Audit involvement.

15 Slide © The McGraw-Hill Companies, Inc., 2006 Limitations of Even A Good (Well Designed) ICS mistakes l Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. collusion l Controls that depend on the segregation of duties may be circumvented by collusion. l Managementoverride l Management may override the structure deteriorate over time l Compliance may deteriorate over time

16 Slide © The McGraw-Hill Companies, Inc., 2006 Auditor’s Basic Requirements Regarding Client’s Internal Controls l Obtain an understanding and l Document the understanding

17 Slide © The McGraw-Hill Companies, Inc., 2006 Documenting Internal Control

18 Slide © The McGraw-Hill Companies, Inc., 2006 Sources of ICS Information  Client Policies & Procedures  Client Inquiry  Inspection of Documents  Observations

19 Slide © The McGraw-Hill Companies, Inc., 2006 The Auditors’ Consideration of Client’s Internal Controls l Obtain an understanding l Document the understanding l Determine planned (initial) assessed level of control risk

20 Slide © The McGraw-Hill Companies, Inc., 2006 Assessing Control Risk

21 Slide © The McGraw-Hill Companies, Inc., 2006 Assessing Control Risk 1.At the F.S. Statement/Overall Level  Preparation of F.S., incl. estimates & disclosures  Selection of Significant Accounting Policies  The Control Environment  General IT Controls (chapter 8) 2.At the Assertion/Account Level  Relates to specific assertions about specific accounts. (Transactions)

22 Slide © The McGraw-Hill Companies, Inc., 2006 To Test or Not to Test Controls We Test Controls When We Expect That: 1.We Will Be Able Rely on the Client’s Internal Controls to Set Control Risk Below Maximum AND 2.Estimated Time Spent to Test Controls Will Be < the Reduction in Substantive Testing Time IF We Find the Controls to be Operating Effectively.

23 Slide © The McGraw-Hill Companies, Inc., 2006 The Auditors’ Consideration of Client’s Internal Controls l Obtain an understanding l Document the understanding l Determine planned assessed level of control risk l Design additional tests of control (Testing procedures include: review of documents, observations, questioning client employees, re-performing the controls, review of error detection & correction reports.)

24 Slide © The McGraw-Hill Companies, Inc., 2006 Relying on Previous Tests of Controls  Auditors should obtain evidence of changes in internal controls/business processes since the last audit and must test any changed controls/processes for which reliance is desired.  For controls/process that haven’t changed, reliance can be placed on testing for operating effectiveness in prior years’ audits if the control tested every 3 rd year.

25 Slide © The McGraw-Hill Companies, Inc., 2006 The Auditors’ Consideration of Client’s Internal Controls l Obtain an understanding l Document the understanding l Determine planned assessed level of control risk l Design additional tests of control l Perform test of controls likely to prevent or detect material misstatements and Reassess control risk

26 Slide © The McGraw-Hill Companies, Inc., 2006 The Auditors’ Consideration of Client’s Internal Controls l Obtain an understanding l Document the understanding l Determine planned assessed level of control risk l Design additional tests of control l Test Controls and Reassess control risk l Design nature, timing and extent of substantive tests

27 Slide © The McGraw-Hill Companies, Inc., 2006 Documentation Requirements  Understanding of Internal Controls  Assessed Level of Control Risk and the Combined Level of the Risk of Material Misstatements (IR + CR)  Basis for the Risk Assessment  Auditor’s Response to the Risks and Link to Audit Procedures Performed  Use of Prior Years’ Tests of Controls

28 Slide © The McGraw-Hill Companies, Inc., 2006 ICS in a Small Client  Adequate segregation of duties impossible.  Owner may have to be more active.  But, this could foster fraudulent F.S.  Therefore, we usually apply the “substantive” rather than the “reliance” audit approach.

29 Slide © The McGraw-Hill Companies, Inc., 2006 IA as Part of the ICS l Some of their work may “overlap” what CPA would do. l We may be able to rely on (1) their work to reduce our work, just like any other part of client’s ICS, or (2) use of their auditors to perform on the F.S. audit. l To rely, we must assess: 1. Objectivity 2. Competency 3. Quality Source: SAS 128

30 Slide © The McGraw-Hill Companies, Inc., 2006 Communicating ICS Weaknesses  Report to Mgmt and Those Charged with Governance (Board of Directors)  Must Communicate: 1.Significant Deficiencies 2.Material Weaknesses 3.Previously Reported, But Not Remediated 4.Potential Effects of the Deficiencies/Weaknesses  In Writing & Within 60 Days of Release Date of Audit Report on Financial Statements

31 Slide © The McGraw-Hill Companies, Inc., 2006 Classifying ICS Weaknesses A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. Source: AU 325 with SAS 115 (eff. 2009) and 99

32 Slide © The McGraw-Hill Companies, Inc., 2006 Classifying ICS Weaknesses (con’t) Indicators of material weaknesses include: l Identification of fraud, whether or not material, on the part of senior management; l Restatement of previously issued financial statements to reflect the correction of a material misstatement due to error or fraud; l Identification by the auditor of a material misstatement of the financial statements under audit in circumstances that indicate that the misstatement would not have been detected by the entity’s internal control; and Ineffective oversight of the entity’s financial reporting and internal control by those charged with governance Source: AU 325 with SAS 115

33 Slide © The McGraw-Hill Companies, Inc., 2006 Classifying ICS Weaknesses (con’t) Level Generally Accepted Meaning Probable The future event or events are likely to occur (probability is > 50%). Reasonably Possible The chance of the future event or events occurring is more than remote, but less than likely (probability is 20% to 50%). Remote The chance of the future event or events occurring is slight (probability is < 20%).

34 Slide © The McGraw-Hill Companies, Inc., 2006 Classifying ICS Weaknesses (con’t) Material A misstatement which would alter a reasonable person's decision making. More than Inconse- quential When a reasonable person would not reach a conclusion regarding a particular misstatement that the misstatement is inconsequential, then that misstatement is more than inconsequential. Inconse- quential When a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would clearly be immaterial to the financial statements. ( Generally, less than 20% of overall financial statement materiality threshold.)

35 Slide © The McGraw-Hill Companies, Inc., 2006 Summary  Why do we consider a client’s ICS? 1. Assess Control Risk 2. To plan the audit (nature, timing & extent of tests)  What must we do before we set Control Risk below maximum? Test the controls we want to rely on. l Why Wouldn’t We Test Controls? 1. Appear Very Weak - Reliance Unlikely 2. Time to Test > Savings in Reduced Sub. Tests


Download ppt "Slide 7- 1 © The McGraw-Hill Companies, Inc., 2006 Internal Control."

Similar presentations


Ads by Google