Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.

Slides:



Advertisements
Similar presentations
Internal Control.
Advertisements

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.
Discussion on SA-500 – AUDIT EVIDENCE
Auditing Computer-Based Information Systems
Audit Documentation PCAOB Auditing Standard no.3.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved Chapter 21 CHAPTER 21 ASSURANCE, ATTESTATION, AND OTHER FORMS OF SERVICES.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Internal Controls over Financial Reporting
The Demand for Audit and Other Assurance Services Chapter 1.
Planning the Audit; Linking Audit Procedures to Risk
Chapter 5 Risk Assessment: Internal Control Evaluation
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
2-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 2 Professional Standards: “The Rules of the Road”
Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.
Professional Standards. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 2-2 Generally Accepted Auditing Standards-- General.
Section 404 Audits of Internal Control and Control Risk
Mª ANGELA JIMENEZ 1 UNIT 4. EXTERNAL AUDIT BASIS CONCEPTS.
Nature of an Integrated Audit
Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.
Auditing & Assurance Services, 6e
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Reports on Audited Financial Statements
Auditing Internal Control over Financial Reporting
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved
Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit
1 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Evaluation of Internal Control System
5-1 McGraw-Hill/Irwin ©2007 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
BA 427 – Assurance and Attestation Services Lecture 7 Reporting on Internal Controls.
Chapter 02 Professional Standards McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Audit Objectives To obtain reasonable assurance whether the Financial Statements are free of material misstatement To express the opinion whether the F/S.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
18-1 Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Audit Reports Chapter 3. Audit Reports What is an audit report? Different reporting guidelines exist depending on the type of company upon which the auditor.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Internal Control. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition A process...designed.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Audit Planning, Understanding the Client, Assessing Risks and Responding Chapter 6.
Section 404 Audits of Internal Control and Control Risk
Obtain and document understanding of internal control
Internal Control Evaluation: Assessing Control Risk
The Demand for Audit and Other Assurance Services
Reports on Audited Financial Statements
Internal Control in a Financial Statement Audit
Communicating Levels of Assurance
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting Chapter Seven Auditing Internal Control over Financial Reporting

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-2 Management Responsibilities under Section 404 Section 404 of the Sarbanes-Oxley Act requires managements of publicly traded companies in the United States to issue an internal control report that explicitly accepts responsibility for establishing and maintaining ‘adequate’ internal control over financial reporting.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-3 Management Responsibilities under Section 404 Management must comply with the following in order for its public accounting firm to complete an audit of internal control over financial reporting. 1.Accepts responsibility for the effectiveness of the entity’s internal control over financial reporting. 2.Evaluate the effectiveness of the entity’s internal control over financial reporting using suitable control criteria. 3.Support its evaluation with sufficient evidence, including documentation. 4.Present a written assessment of the effectiveness of the entity’s internal control over financial reporting as of the end of the entity’s most recent fiscal year. 1.Accepts responsibility for the effectiveness of the entity’s internal control over financial reporting. 2.Evaluate the effectiveness of the entity’s internal control over financial reporting using suitable control criteria. 3.Support its evaluation with sufficient evidence, including documentation. 4.Present a written assessment of the effectiveness of the entity’s internal control over financial reporting as of the end of the entity’s most recent fiscal year.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-4 Auditor Responsibilities under Section 404 The entity’s independent auditor must audit and report on management’s assertion about the effectiveness of internal control. The auditor is required to conduct an ‘integrated audit’ of the entity’s internal control over financial reporting and its financial statements.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-5 Internal Control over Financial Reporting Defined Internal control over financial reporting is defined as a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with generally accepted accounting principles (GAAP). Controls include procedures that: 1.Pertain to the maintenance of records that fairly reflect the transactions and dispositions of the assets of the company. 2.Provide reasonable assurance that transactions are recorded in accordance with GAAP. 3.Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets. 1.Pertain to the maintenance of records that fairly reflect the transactions and dispositions of the assets of the company. 2.Provide reasonable assurance that transactions are recorded in accordance with GAAP. 3.Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-6 Internal Control Deficiencies Defined Material Consequential Inconsequential RemoteMore than remote Material weakness Significant deficiency Insignificant deficiency L I K E L I H O O D MAGNITUDEMAGNITUDEMAGNITUDEMAGNITUDE

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-7 Management’s Assessment Process Management must: 1.Design and implement an effective system of internal control. This process involves determining whether a necessary control is missing or an existing control is not properly designed. 2.Develop an ongoing assessment process for the internal controls in place. Management must assess the likelihood that failure of a control could result in a misstatement. 3.Management must decide which business units to include in the assessment process. Management must: 1.Design and implement an effective system of internal control. This process involves determining whether a necessary control is missing or an existing control is not properly designed. 2.Develop an ongoing assessment process for the internal controls in place. Management must assess the likelihood that failure of a control could result in a misstatement. 3.Management must decide which business units to include in the assessment process.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-8 Management’s Documentation Management must develop sufficient documentation to support its assessment of the effectiveness of internal control. This documentation may take many forms, such as paper, electronic files, or other media. It also includes policy manuals, job descriptions, flowcharts, and process models.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-9 Framework Used by Management to Conduct Its Assessment Most entities use the framework developed by COSO. This framework identifies three primary objectives of internal control: (1) reliable financial reporting; (2) efficiency and effectiveness of operations; and (3) compliance with laws and regulations. COSO

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-10 Performing an Audit of Internal Control over Financial Reporting Plan the engagement. Evaluate management’s assessment process. The auditor typically obtains his or her understanding of management’s assessment process through inquiry of management and others.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-11 Performing an Audit of Internal Control over Financial Reporting Plan the engagement. Evaluate management’s assessment process. Obtain and document an understanding of internal control. As part of gaining this understanding the auditor must: 1.Understand and assess company-level controls. 2.Evaluate the effectiveness of the audit committee. 3.Identify significant accounts. 4.Identify relevant financial statement assertions. 1.Understand and assess company-level controls. 2.Evaluate the effectiveness of the audit committee. 3.Identify significant accounts. 4.Identify relevant financial statement assertions. 5.Identify significant processes and major classes of transactions. 6.Understand the period-end financial reporting process. 7.Perform walkthroughs. 8.Identify controls to test. 5.Identify significant processes and major classes of transactions. 6.Understand the period-end financial reporting process. 7.Perform walkthroughs. 8.Identify controls to test.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-12 Performing an Audit of Internal Control over Financial Reporting Plan the engagement. Evaluate the management’s assessment process. Obtain and document an understanding of internal control. Evaluate the design effectiveness of internal control. Controls are effectively designed when they prevent or detect errors or fraud that could result in material misstatements in the financial statements.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-13 Performing an Audit of Internal Control over Financial Reporting Plan the engagement. Evaluate the management’s assessment process. Obtain and document an understanding of internal control. Evaluate the design effectiveness of internal control. Test and evaluate the operating effectiveness of internal control. In testing the effectiveness of controls, the auditor needs to consider the nature, timing, and extent of testing.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-14 Performing an Audit of Internal Control over Financial Reporting Plan the engagement. Evaluate the management’s assessment process. Obtain and document an understanding of internal control. Evaluate the design effectiveness of internal control. Test and evaluate the operating effectiveness of internal control. Form an opinion of the effectiveness of internal control. The auditor should evaluate all evidence before forming an opinion on internal control, including (1) the adequacy of management’s assessment, (2) the results of the auditor’s evaluation, (3) the negative results of substantive procedures performed, (4) any control deficiencies.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-15 Written Representations In addition to the management representations obtained as part of a financial statement audit, the auditor also obtains written representations from management related to the audit of internal control over financial reporting. Failure to obtain written representations from management, including management’s refusal to furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-16 Auditor Documentation Requirements The auditor must properly document the processes, procedures, judgments, and results relating to the audit of internal control. When an entity has effective internal control over financial reporting, the auditor should be able to perform sufficient testing of controls to assess control risk for all relevant assertions at a low level.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-17 Reporting on Internal Control Sarbanes-Oxley requires management’s description of internal control to include: 1.A statement of management’s responsibility for establishing and maintaining adequate internal control. 2.A statement identifying the framework used by management to conduct the required assessment of the effectiveness of the company’s internal control. 3.An assessment of the effectiveness of the company’s internal control as of the end of the most recent fiscal year, including an explicit statement as to whether internal control is effective. 4.A statement that the public account firm that audited the financial statements included in the annual report has issued an attestation report on management’s assessment of internal control. 1.A statement of management’s responsibility for establishing and maintaining adequate internal control. 2.A statement identifying the framework used by management to conduct the required assessment of the effectiveness of the company’s internal control. 3.An assessment of the effectiveness of the company’s internal control as of the end of the most recent fiscal year, including an explicit statement as to whether internal control is effective. 4.A statement that the public account firm that audited the financial statements included in the annual report has issued an attestation report on management’s assessment of internal control.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-18 The Auditor’s Report on Internal Control over Financial Reporting Once the auditor has completed the audit of internal control, he or she must issue an appropriate report to accompany management’s assessment, published in the company’s annual report.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-19 Types of Reports Relating to the Audit of Internal Control The auditor’s report contains opinions on two separate items: (1) management’s assessment of the effectiveness of internal control over financial reporting, and (2) the effectiveness of internal control over financial reporting based on the auditor’s independent audit work.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-20 Types of Reports Relating to the Audit of Internal Control Opinion An unqualified opinion signifies that the client’s internal control is designed and operating effectively. A qualified opinion is issued when there is a limitation on the scope of the auditor’s work. A serious scope limitation requires the auditor to disclaim an opinion. An adverse opinion is required if a material weakness is identified.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-21 Types of Reports Relating to the Audit of Internal Control Report Modification Based on Control Deficiencies Likelihood of Misstatement Type of Audit Report Inconsequential deficiency Significant deficiency Material weakness Unqualified opinion Adverse opinion

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-22 Types of Reports Relating to the Audit of Internal Control Report Modification Based on Scope Limitation Reason for Scope Limitation Type of Audit Report Minor effect Management imposed/ more than minor effect Sever limitation Unqualified opinion Disclaim opinion or withdraw Qualified opinion

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-23 Elements of the Auditor’s Report 1.A title that includes the word ‘independent.’ 2.An identification of management’s conclusion about the effectiveness of the company’s internal control over financial reporting. 3.A definition of internal control over financial reporting. 4.A statement that the auditor planned and performed the audit to obtain reasonable assurance about whether effective internal control is maintained. 5.A statement that an audit includes obtaining an understanding of internal control, valuating management’s assessment of testing the design and effectiveness of internal control and any other procedures. 6.A paragraph stating that internal control may not prevent or detect misstatements because of inherent limitations. 7.The auditor’s opinion on whether management’s assessment of the effectiveness of internal control is fairly stated. 8.The auditor’s opinion on whether the company maintained effective internal control.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-24 Integrating the Audits of Internal Control and Financial Statements An integrated audit is composed of the audits of internal control and the financial statements. The control testing impacts the planned substantive procedures. Also, the results of the substantive procedures are considered in the evaluation of internal control. Tests of internal control Substantive audit procedures

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-25 Effect of the Audit of Internal Control on the Financial Statement Audit If the auditor performs an integrated audit, he or she will have access to a large amount of information about the client’s controls. This information can make the financial statement audit more efficient and result in reduced substantive procedures. Regardless of the level of control risk in connection with the audit of the financial statements, auditing standards require the auditor to perform some substantive procedures for all significant accounts and disclosures.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-26 Effect of the Financial Statement Audit on the Audit of Internal Control The effectiveness of the audit of internal controls should lead the auditor to determine the implications of these findings on the financial statement audit. The auditor’s evaluation should include: 1.Misstatements detected. 2.The auditor’s risk evaluations in connection with the selection and application of substantive procedures, especially those related to fraud. 3.Findings with respect to illegal acts and related party transactions. 4.Indications of management bias in making accounting estimates and in selecting accounting principles. 1.Misstatements detected. 2.The auditor’s risk evaluations in connection with the selection and application of substantive procedures, especially those related to fraud. 3.Findings with respect to illegal acts and related party transactions. 4.Indications of management bias in making accounting estimates and in selecting accounting principles.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-27 Special Considerations for an Audit of Internal Control Special consideration by management and the auditor Using the work of others. Multi-locations and business units. Service organizations. Safeguarding assets.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-28 Using the Work of Others In determining the extent to which the auditor may use the work of others, the auditor should: o Evaluate the nature of the controls subjected to the work of others. o Evaluate the competence and objectivity of the individuals who performed the work. o Test some of the work performed by others to evaluate the quality and effectiveness of their work. o Evaluate the nature of the controls subjected to the work of others. o Evaluate the competence and objectivity of the individuals who performed the work. o Test some of the work performed by others to evaluate the quality and effectiveness of their work.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-29 Testing Multi-location Total number of units = 150 Is unit individually important? Are there specific significant risks? Are there units that are not important even when aggregated? Are there documented company-level controls over this group? No No No No 135 Evaluate documents and test controls over significant accounts at each location. 15 Yes 130 Evaluate documents and test controls over specific risks. 5 Yes No further action required Yes Evaluate documents and test company-level controls over group. Some testing of controls at individual locations. Yes

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-30 Safeguarding of Assets Safeguarding of assets is defined as policies and procedures that ‘provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material effect on the financial statements.’

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-31 Computer-Assisted Audit Techniques Computer-assisted audit techniques include: o Generalized audit software packages. o Custom audit software. o Test data. Computer-assisted audit techniques include: o Generalized audit software packages. o Custom audit software. o Test data.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-32 Generalized Audit Software

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-33 Custom Audit Software Custom audit software is generally written by auditors for specific audit tasks. It may be required when the client’s computer system is not compatible with the auditor’s generalized audit software. Custom software: (1) Is expensive to develop. (2) Requires extended development time. (3) Is limited in scope of functions. Custom software: (1) Is expensive to develop. (2) Requires extended development time. (3) Is limited in scope of functions.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-34 Test Data This is data developed by the auditor to test the application controls in the client’s computer programs. The technique can be used to check (1) data validation controls and error detection routines, (2) processing logic controls, (3) arithmetic calculations, and (4) the inclusion of transactions in records, files, and reports.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-35 End of Chapter 7

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.