Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTERNAL CONTROL OVER FINANCIAL REPORTING

Published byRoland Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "INTERNAL CONTROL OVER FINANCIAL REPORTING"— Presentation transcript:

1 INTERNAL CONTROL OVER FINANCIAL REPORTING
CHAPTER 5 - a INTERNAL CONTROL OVER FINANCIAL REPORTING

2 LO1 - The Quality of an Organization’s Internal Controls
The quality of an organization's internal controls affects not only the reliability of its financial reporting, but also its ability to make good decisions and stay in business Internal control processes must effectively address risks that are present in the industry and in the organization Auditors gain an understanding of their client's control system in order to Better understand the client, its risks, and how it manages those risks Assess control risk and identify types of most likely misstatements Plan extent of substantive testing needed Report on effectiveness of internal controls (publicly-held companies)

3 Define Internal Controls - COSO
Internal controls is a process designed to provide reasonable assurance of achieving the following: Generating reliable financial accounting information Safeguarding assets Complying with applicable laws and regulations Operating efficiently and effectively

4 The Need for Control Control is part of corporate governance whereby the owners and creditors of an organization exert control and require accountability for its resources Governance begins with stockholders, who delegate certain responsibilities to the board of directors and in turn to management That delegation must occur within a framework of control and accountability The control system exists to ensure that Responsibilities are properly identified Tasks are assigned in accordance with responsibilities and accountability

5 Who is Interested in an Organization's Control System?
Board of directors and the audit committee Management Regulators Internal and external auditors Suppliers and customers Investors and creditors Customers or others using the Web for commerce

6 The Integrated Audit The Sarbanes-Oxley Act of 2002 requires publicly held companies to report on the effectiveness of their internal controls over financial reporting The Public Company Accounting Oversight Board requires external auditors to perform an integrated audit of the effectiveness of internal controls and financial reporting In essence, the auditor must attest to both the financial statements and management's assertions regarding the effectiveness of internal controls over financial reporting

7 LO2 - The components of an internal control system
An internal control system consists of five components Control environment: overall attitude, awareness, and actions of significant internal groups to maintain a well-controlled organization (tone at the top) Risk assessment: process designed to identify and manage risks that may affect its ability to achieve its objectives Control activities: policies and procedures established by management to help ensure that internal control objectives are achieved and risks mitigated Information and communication: process of identifying, capturing, and exchanging information in a timely fashion to enable the organization to achieve its objectives Monitoring: process that assesses the quality of internal controls over time

8 The logical loop There is a logical loop to an organization's internal controls, starting with 1. Design of the control environment 2. Identification of organizational risks and controls to minimize those risks 3. Design and implementation of controls and a communication system 4. Monitoring of the effectiveness of the controls to mitigate risk

9 Internal Control Components
MONITORING Information & Communication CONTROL ACTIVITIES RISK ASSESSMENT CONTROL ENVIRONMENT

10 LO3 – Management monitors internal control
Done through ongoing activities or separate evaluations Either of these include the following internal and external parties Internal Auditors Customers Regulators

11 LO4 - Understanding & Assessing the Control Environment – The most pervasive of them all
There are a number of factors an auditor should look at when evaluating an organization's control environment: Management's philosophy and operating style Organizational structure, including assignment of authority and responsibility Board of directors and audit committee Human resource policies and practices Integrity and ethical values Commitment to competence Compensation and evaluation programs Effectiveness of the internal audit function

12 LO5 - Reporting on Internal Control - Management Reports to External Parties Ex 5.2
The Sarbanes-Oxley Act of 2002 requires publicly held companies to report on the effectiveness of their internal controls over financial reporting The report must describe the following: Statement of management's responsibility for establishing and maintaining effective internal controls over financial reporting Identify the framework used by management to evaluate internal controls Assessment of the effectiveness of the company's internal controls Description of any material deficiencies in internal control Statement that the report has been audited The external auditor must attest to management's report

13 Reporting on Internal Control – Internal Management Reports
Management often requests reports on the quality of its internal controls in order to ensure the company can achieve its major objectives and is not exposed to unnecessary risks Management receives reports from three sources: Ongoing monitoring reports from operations Internal audit reports External audit reports

14 LO6 - Audit Reporting on Internal Control
External auditors of non-public companies must report to management significant internal control deficiencies in the design or operation of internal controls that are identified in the normal course of a financial audit. Such reports are for management's use and are not intended to be distributed to the public External auditors of public companies must go beyond the report to management and also report on management's assertion regarding the effectiveness of internal controls over financial reporting Includes an opinion on the client's internal controls Included in the company's annual report

15 Audit Reporting on Internal Control
In performing an audit of controls, the auditor must Review client documentation including how controls are supposed to work (design) Review client testing of controls (operations) Determine which controls to test, sample sizes, and how to judge whether a control is operating effectively Reach conclusion about the effectiveness of client internal controls over financial reporting

16 LO7 Audit Reporting on Internal Control (continued)
The PCAOB's proposed report on internal controls would include a(n): Description of internal control, its objectives, and inherent limitations Definition of material deficiency in internal control Description of all material deficiencies found Opinion regarding effectiveness of company's internal controls

17 Audit Reporting on Internal Control (continued)
According to the Sarbanes-Oxley Act, if an auditor identifies significant or material deficiencies in internal control, Those deficiencies must be reported to both management and the audit committee Deficiencies must be reported to the audit committee even if management has addressed the deficiency and implemented new controls The stated intent of the Sarbanes-Oxley Act is to ensure boards of directors understand they have a responsibility to improve the governance of the organization

18 LO8 - Relationship of Controls to Auditing
Minimum level of control is necessary for an entity to be auditable The quality of internal controls affects the operating effectiveness and ultimately, the organization's ability to remain a going concern The quality of internal controls drives the audit approach and amount of testing Analysis of control deficiencies helps identify the types of likely misstatements Inadequate controls may place an organization in violation of federal laws Auditor is required to attest to management's assessment of the effectiveness of internal control over financial reporting for all public companies

19 Accounting Information Systems
Accounting systems capture, record, summarize, and report information An accounting information system is typically not one big system, but a network of smaller accounting application/subsystem Each application processes a unique type of transaction Examples: sales, accounts receivable, accounts payable, cash receipt cash disbursements, payroll, inventory, etc Each application has its own unique source documents, processes, and controls The quality of internal control can vary between applications The auditor develops understanding of how transactions are entered and processed, and the controls for each significant accounting application

20 Internal Control & Financial Statement Account Balances
Auditor assesses control risk for each relevant assertion for each important class of transactions and account balance as a basis for planning the audit Auditor needs to understand and evaluate the internal control design for all important accounting applications Auditor needs to evaluate the effectiveness of internal control over financial reporting for accounting applications that process material transactions

21 Internal Control & Financial Statement Account Balances (2)
Auditor has to evaluate controls in systems that Record revenue Deal with significant estimates Process journal entries near the end of the year to close the books Deal with off-statement financing or related party transactions Auditor needs to jointly assess organization's control environment and the specific accounting system controls to evaluate the risk of material deficiency in internal control To conclude internal controls are effective, auditor must obtain evidence that the control structure is soundly designed AND operating effectively

Download ppt "INTERNAL CONTROL OVER FINANCIAL REPORTING"

Similar presentations

Internal Control and Control Risk

Internal Control and Control Risk
Internal Control.

Internal Control.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Audit Planning and Analytical Procedures Chapter 8.

Audit Planning and Analytical Procedures Chapter 8.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Review of Introduction to Auditing

Review of Introduction to Auditing
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Nature of an Integrated Audit

Nature of an Integrated Audit
Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.

Auditing II Unit 1 : Audit Procedures Unit 2: Audit of Limited Companies Unit 3: Audit of Government Companies.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Similar presentations

Ads by Google