Internal Control Evaluation: Assessing Control Risk

Slides:



Advertisements
Similar presentations
Internal Control in a Financial Statement Audit
Advertisements

Internal Control and Control Risk
Internal Control.
Internal Control Chapter 7 covers two distinct, but related topics:
Review of Introduction to Auditing
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 5 Risk Assessment: Internal Control Evaluation
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit
Section 404 Audits of Internal Control and Control Risk
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Nature of an Integrated Audit
INTERNAL CONTROL OVER FINANCIAL REPORTING
Reports on Audited Financial Statements
Auditing Internal Control over Financial Reporting
5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything.
Auditing Internal Control over Financial Reporting
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditing & Assurance Services, 6e
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit
9 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 9.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Chapter 3 Audit Planning, Types of Audit Tests, and Materiality McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Evaluation of Internal Control System
5-1 McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk.
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Chapter 06 Audit Planning, Understanding the Client, Assessing Risks, and Responding McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
1 Overview of PCAOB Auditing Standard No. 5 An Audit of Internal Control Over Financial Reporting that is Integrated with an Audit of Financial Statements.
Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.
18-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Internal Control. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition A process...designed.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Section 404 Audits of Internal Control and Control Risk
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Internal Control in a Financial Statement Audit
Obtain and document understanding of internal control
Question 4-1 Which of the following statements concerning noncompliance by clients is correct?    A.  An auditor's responsibility to detect noncompliance.
PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT
Audit Planning, Types of Audit Tests and Materiality
Reports on Audited Financial Statements
Internal Control in a Financial Statement Audit
Audit Planning, Types of Audit Tests, and Materiality
Defining Internal Control
Management Fraud and Audit Risk
INTERNAL CONTROLS AND THE ASSESSMENT OF CONTROL RISK
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Internal Control Evaluation: Assessing Control Risk Chapter 5 Internal Control Evaluation: Assessing Control Risk Accounting 408 Chapter 5

1. Overview Accounting 408 Chapter 5

2. Introduction Management’s Responsibility for internal control Responsibility under SOX design, implement, and maintain control system certify the financial statements (Section 302) report on IC over fin. reporting (Section 404) must include a statement: that management is responsible identifying the framework providing management's assessment For nonissuer Foreign Corrupt Practices Act Accounting 408 Chapter 5

2. Introduction (continued) Auditor’s responsibility Under SOX auditor must conduct an integrated audit under PCAOB stds not a separate engagement issue opinion on f/s and IC For nonissuer auditor must conduct audit under AICPA stds use evaluation of the client’s business and it’s IC to identify and assess risks of material misstatement Accounting 408 Chapter 5

2. Introduction (continued) Performance Principle The auditor must identify and assess risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including its internal control. Standards SAS 122 SAS 109 SAS 78 - COSO SAS 55 SAS 1 Questions Accounting 408 Chapter 5

2. Introduction (continued) SAS 122 and 109 – Definition of IC IC is a process, effected by those charged with governance, management, and other personnel, designed to provide reasonable assurance about the achievement of objectives with regard to reliability of financial reporting effectiveness and efficiency of operations compliance with applicable laws and regulations Accounting 408 Chapter 5

3. Control Structure Relevance to an audit Elements of IC – COSO control environment risk assessment information and communication control activities monitoring Accounting 408 Chapter 5

3. Control Structure (con’t) Control environment – most important integrity and ethical values board of directors (includes audit committee) management’s philosophy and operating style organizational structure financial reporting competencies authority and responsibility human resource policies How would you gather evidence about these components? Harder to gather evidence about more abstract components yet more abstract components have the most pervasive effect Accounting 408 Chapter 5

3. Control Structure (con’t) Risk assessment Examples of where risks may arise: change in regulatory or operating environment new personnel new or revised AIS rapid expansion new technology new business models or products expansion or acquisition of foreign operations Accounting 408 Chapter 5

3. Control Structure (con’t) Information and communication AIS IT general controls IT application controls spreadsheet controls Accounting 408 Chapter 5

3. Control Structure (con’t) Control activities prenumbered documents segregation of duties authorization record keeping custody reconciliation physical security IT controls preventive controls vs. detective controls Accounting 408 Chapter 5

3. Control Structure (con’t) Monitoring internal auditing follow-up of reporting errors follow up of customer complaints Questions Accounting 408 Chapter 5

3. Control Structure (con’t) Accounting 408 Chapter 5

3. Control Structure (con’t) Elements – Enterprise Risk Mgt Framework internal environment objective setting event identification risk assessment risk response control procedures information and communication monitoring Accounting 408 Chapter 5

3. Control Structure (con’t) Accounting 408 Chapter 5

4. General Considerations Entity’s specific context Management’s responsibility Extent of IT Reasonable assurance Limitations Accounting 408 Chapter 5

4. General Considerations (continued) Limitations cost benefit issues misunderstandings mistakes of judgment carelessness collusion management override unusual transactions Accounting 408 Chapter 5

4. General Considerations (continued) Small business considerations Design vs. implementation vs. operating effectiveness Auditability of entity Accounting 408 Chapter 5

4. General Considerations (continued) Why assess risk of material misstatement? determine nature, timing, and extent of audit procedures tests of controls substantive tests Accounting 408 Chapter 5

4. General Considerations (continued) Trade-off Between Testing of Controls and Substantive Testing Detection Risk: High Low Substantive Testing Tests of Controls RMM: Low High Accounting 408 Chapter 5

4. General Considerations (continued) Control risk never zero Some substantive procedures always required Tests of controls required for issuers (AS 5) optional for nonissuers Use of TOC evidence from previous audits inquire of management – if no changes, can use but must test every three years Accounting 408 Chapter 5

5. Obtaining an Understanding Extent of understanding necessary? depends on circumstances of the engagement size and complexity of the entity auditor’s experience with entity identifying significant changes from prior years sufficient to identify and assess RMM Must include understanding of (follows top down approach) significant accounts and disclosures, and their relevant assertions entity-level controls and transaction-level controls design, implementation, effectiveness Must include knowledge of each IC element Does not have to include all controls in the entity Accounting 408 Chapter 5

5. Obtaining an Understanding (continued) Procedures to obtain an understanding (Risk Assessment Procedures) inquiries inspection observation analytical procedures walk through previous experience Accounting 408 Chapter 5

5. Obtaining an Understanding (continued) Documentation Extent Discussion among audit team Key components and each element Assessment of RMM at both f/s and assertion levels Controls tested Risks identified Methods Narrative Questionnaire Flowchart Accounting 408 Chapter 5

6. Assessing RMM Use top-down approach Consider nature of transactions identify significant accounts and assertions identify risks at entity level and then relate to assertion level for significant accounts and assertions relate risks to what can go wrong at the relevant assertion level consider if misstatements could raise to a material amount consider the likelihood they would result in a material misstatement Consider nature of transactions routine transactions nonroutine transactions estimation transactions Accounting 408 Chapter 5

6. Assessing RMM (con’t) Examples of Risk Assessment Procedures used to obtain understanding and assess risks Inquires – use different levels Analytical procedures – high level of aggregation Observation and inspection – prior year info – consider changes Discussion with audit team Accounting 408 Chapter 5

6. Assessing RMM (con’t) After assessment Determine: nature timing extent of testing (substantive and tests of controls) Accounting 408 Chapter 5

6. Assessing RMM (con’t) Assessment levels Initial assessment at the maximum below the maximum Initial assessment Additional concepts for assessment pervasive vs. specific effect direct vs. indirect effect compensating strengths qualitative or quantitative assessment Accounting 408 Chapter 5

7. Tests of Controls Types of tests inquiries inspection observation reperformance Requirements to perform tests of controls Accounting 408 Chapter 5

7. Tests of Controls (con’t) Approach to tests of controls directed toward the operation of a control (design or implementation) procedures used: inquiring, inspecting, observing e.g., budget, IT general controls directed toward the effectiveness of a control procedures used: inquiring, inspecting, observing reperforming Dual purpose tests Accounting 408 Chapter 5

7. Tests of Controls (con’t) Internal control deficiency the design or operation of a control does not allow management or employees to detect or prevent misstatements in a timely fashion Design deficiency control missing or so poorly designed it fails to detect or prevent misstatements even if operating as designed Operating deficiency properly designed control is either ignored or inappropriately applied Accounting 408 Chapter 5

8. Reassess RMM Based on results from tests of controls Could support lower assessment same assessment higher assessment Cumulative process Accounting 408 Chapter 5

9. Design Substantive Tests Audit program Relationship between final assessment of CR and substantive testing Effect on substantive testing nature timing extent Questions Accounting 408 Chapter 5

11. Communication of Internal Control Matters Responsibility of auditor (nonissuer) AU-C 265.02 The auditor is required to obtain an understanding of internal control relevant to the audit when identifying and assessing the risks of material misstatement. In making those risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances but not for the purpose of expressing an opinion on the effectiveness of internal control. The auditor may identify deficiencies in internal control not only during this risk assessment process but also at any other stage of the audit. This section specifies which identified deficiencies the auditor is required to communicate to those charged with governance and management. Accounting 408 Chapter 5

11. Communication of Internal Control Matters Levels of deficiencies control deficiencies significant deficiencies material weaknesses Must communicate both significant deficiencies and material weaknesses to management and BOD for issuers, must be in writing Do not give statement of no deficiencies found Accounting 408 Chapter 5

11. Communication of Internal Control Matters Control deficiencies could result from deficiency in design – no control, or existing control not properly designed operation – properly designed control not operating as designed, or person performing control does not possess necessary authority or competence Accounting 408 Chapter 5

11. Communication of Internal Control Matters Material weaknesses a deficiency, or combination of deficiencies, such that there is a reasonable possibility* that a material misstatement of the f/s will not be prevented or detected * based on FASB Stmt. No. 5 – includes reasonably possible and probable Accounting 408 Chapter 5

11. Communication of Internal Control Matters Significant deficiencies less severe than material weakness yet important enough to merit attention Accounting 408 Chapter 5

12. AS Requirements Phases of AS 5 integrated audit Plan the engagement Use a top-down approach to gain an understanding Identify entity-level controls Walkthroughs Testing internal control effectiveness Design effectiveness Operating effectiveness Evaluating control deficiencies Deficiencies Significant deficiencies Material weaknesses Wrapping up: Forming an opinion on the effectiveness of internal control over financial reporting Reporting on internal control Accounting 408 Chapter 5

12. AS Requirements (con’t) Must use top down approach Must issue opinion on the effectiveness of internal control Not separate engagement integrated audit of internal control and financial statements Report Unqualified – no material weaknesses found Disclaimer of opinion – cannot perform all procedures considered necessary Adverse opinion – one or more material weaknesses found Evaluate management’s report Accounting 408 Chapter 5

13. Review Questions for Discussion Chapter 5 5.3 5.4 5.6 5.7 5.9 5.12 5.13 5.16 5.17 5.18 5.26 ACCT-4080 Chapter 3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.