Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Published byRodger Stokes Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk."— Presentation transcript:

1 Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk

2 Copyright © 2007 Pearson Education Canada 9-2 Chapter 9 objectives  Explain why the study of internal control is important  List the four components of internal control  Discuss the relationship between the control environment and application controls  Examine how control risk is assessed  Describe the process used to understand, document and test internal controls  Identify internal control reports

3 Copyright © 2007 Pearson Education Canada 9-3 What is Internal Control?  A process designed and effected by management (or board or employees) in providing reasonable assurance about the achievement of the entity’s objectives (reliable reporting, effectiveness and efficiency, compliance with laws)  See CICA Handbook 5141.042

4 Copyright © 2007 Pearson Education Canada 9-4 GAAS and Internal Controls  Why is it mandatory for the auditor to understand the internal control system?  How likely is it that there are NO internal controls at all?

5 Copyright © 2007 Pearson Education Canada 9-5 Management responsibilities with respect to internal control  Should be cost-effective  Provide reliable accounting and operating data  Safeguard assets and records  Promote operational efficiency  Prevent and detect error, fraud or illegal acts  Ensure compliance with laws and regulations

6 Copyright © 2007 Pearson Education Canada 9-6 Auditor responsibilities with respect to internal control  Exercise professional skepticism  Document and evaluate internal controls of financial systems  Test controls if reliance intended  Communicate weaknesses that could cause material errors

7 Copyright © 2007 Pearson Education Canada 9-7 Concepts when studying internal control  Remember, it is management’s responsibility to establish and maintain internal controls: the auditor evaluates and may test these controls  The auditor can provide reasonable, but not absolute assurance  Internal controls have inherent limitations

8 Copyright © 2007 Pearson Education Canada 9-8 Inherent limitations of internal controls  No such thing as 100% internal controls  Effectiveness depends upon the competency and dependability of individuals (or systems) executing the controls  Most internal controls can be overridden using collusion

9 Copyright © 2007 Pearson Education Canada 9-9 Four components of internal control

10 Copyright © 2007 Pearson Education Canada 9-10 The control environment  Actions, policies and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about controls  The essence of an effectively controlled organization lies in the attitude of its management  Control environment (CE) factors are assessed as part of the knowledge of business and are used to develop a client risk profile

11 Copyright © 2007 Pearson Education Canada 9-11 CE factor: management philosophy and operating style  Management should operate ethically and honestly  Like behaviour should be encouraged among employees, perhaps by means of documented policies such as a code of ethics  Service policies could include a commitment to quality and competence

12 Copyright © 2007 Pearson Education Canada 9-12 CE factor: board of directors and audit committee  Board should include independent directors  Audit committee should include independent directors  Audit committee should have competence in financial reporting assessment  Board members should participate actively, meet with internal and external auditors

13 Copyright © 2007 Pearson Education Canada 9-13 CE factor: organizational structure  A structure that is appropriate for planning, directing and controlling operations  Authority and responsibility assignments clear  Information systems steering committee to oversee systems development and management of information systems

14 Copyright © 2007 Pearson Education Canada 9-14 CE factor: methods of assigning authority and responsibility  Take into account reporting relationships and responsibilities within organizational culture  Organizational goals, ethical and social issues considered  Development and implementation of policies such as job descriptions and codes of conduct

15 Copyright © 2007 Pearson Education Canada 9-15 CE factor: management control methods  Methods used to implement objectives and policies (many possible examples)  Logical access controls and monitoring for data communications  Monitoring activities of employees  Implementing of effective budgeting systems with follow up of differences

16 Copyright © 2007 Pearson Education Canada 9-16 CE factor: systems development methodology  Policies and procedures for selecting, development/purchase and maintenance of information systems  Formal methodologies for customized systems  Implementation of systems consistent with organizational objectives

17 Copyright © 2007 Pearson Education Canada 9-17 CE factor: management reaction to external influences  Monitoring of the external environment, including changes in laws  Ability to respond to changes in the external environment, including changes in business procedures or organizational structures

18 Copyright © 2007 Pearson Education Canada 9-18 CE factor: human resource policies and practices  Hiring practices to ensure competent and trustworthy employees  Evaluation and compensation processes to help motivate employees to continued competence and honesty

19 Copyright © 2007 Pearson Education Canada 9-19 Role of internal audit  To help ensure independence, internal audit should report to the audit committee of the board of directors  Can be part of control environment when effective, competent, independent and well-trained  Can contribute to reduced external audit costs

20 Copyright © 2007 Pearson Education Canada 9-20 Risk assessment  Involves managements identification and analysis of risks relevant to the preparation of financial statements in conformity with GAAP  Management needs to: identify risks, estimate significance, assess likelihood of occurrence, develop action plans to reduce the risk to an acceptable level

21 Copyright © 2007 Pearson Education Canada 9-21 Control systems include:  General controls: control systems that affect multiple classes of transactions (also called application systems)  Application (or accounting system) controls: can be manual, computer-assisted, or fully automated

22 Copyright © 2007 Pearson Education Canada 9-22 Impact of inadequate general controls  Organization and management: Cannot rely on automated or combined controls  Systems acquisition, development and maintenance: Cannot rely upon automated or combined controls  Operations and information systems support: May result in going concern issues

23 Copyright © 2007 Pearson Education Canada 9-23 Accounting (application) system control procedures  Appropriate segregation of duties  Proper authorization of transactions and activities  Adequate documents and records  Adequate safeguards over access to and use of assets and records  Independent verification of performance and the accuracy of recorded amounts

24 Copyright © 2007 Pearson Education Canada 9-24 Monitoring  Deals with ongoing or periodic assessment of the quality of internal control performance by management  Internal audit department may provide independent evaluation of the quality of the monitoring process

25 Copyright © 2007 Pearson Education Canada 9-25 Internal control audit process: 1. Obtain understanding  Obtain understanding of design and operation  Methods used to understand and document this process: – Flow charts – Narrative – Internal control questionnaire

26 Copyright © 2007 Pearson Education Canada 9-26 Knowing the difference between a strength and a weakness  Question 9-17, p. 278  Identifying the absent control when an error or fraud occurred  Which audit objective(s) were not met?  Also be able to identify: Controls to help prevent the problem from occurring

27 Copyright © 2007 Pearson Education Canada 9-27 Internal control audit process: 2. Assess control risk  Using the audit risk model  Control risk is assessed at one of the following levels: – Maximum (100%) – no reliance, only substantive testing is completed – High – Moderate – Low  Decide whether controls will be tested or not (it may be more efficient to only go substantive)

28 Copyright © 2007 Pearson Education Canada 9-28 Internal control audit process: 3. Test controls if reliance is intended  Procedures completed to ensure that key controls have been operating: – Inquiry – Inspection – Observation – Reperformance  Procedures must be linked to audit objectives

29 Copyright © 2007 Pearson Education Canada 9-29 Where controls are functioning:  Identify the errors that are less likely to occur  Link to the related substantive test  Perform less or limited or no substantive procedures in this area  More analytical procedures can be used

30 Copyright © 2007 Pearson Education Canada 9-30 Identify the potential impact of weaknesses  If a control is not functioning, or does not exist, this is a WEAKNESS: – Need to identify potential monetary error (is the impact MATERIAL?) – Do expanded substantive tests, if necessary – Analytical procedures – No internal controls testing in this area

31 Copyright © 2007 Pearson Education Canada 9-31 Internal control audit process: 4. Decide PDR and substantive tests  After control testing you are better able to assess planned detection risk (PDR or just DR)  Then substantive tests are designed for each audit objective based on the PDR for that cycle or objective

32 Copyright © 2007 Pearson Education Canada 9-32 Internal control audit process: 5. Report potentially material weaknesses  Specific wording is required for these weaknesses  Must be reported to management, board and audit committee (GAAS requires)  Other weaknesses (i.e. non-material) would also be included in a management letter

Download ppt "Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk."

Similar presentations

Internal Control and Control Risk

Internal Control and Control Risk
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
Chapter 10 Section 404 Audits of Internal Control and Control Risk

Chapter 10 Section 404 Audits of Internal Control and Control Risk
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Chapter 10 Internal control and Control Risk.

Chapter 10 Internal control and Control Risk.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Similar presentations

Ads by Google