Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 1 Internal Control and Control Risk Chapter 10.

Published byEdward Moore Modified over 7 years ago

Similar presentations

Presentation on theme: "©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 1 Internal Control and Control Risk Chapter 10."— Presentation transcript:

1

2 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 1 Internal Control and Control Risk Chapter 10

3 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal control when designing an audit.

4 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 3 Inherentlimitations Reasonableassurance Management’sresponsibility Key Concepts

5 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 4 Client’s Concerns Compliance with Sarbanes-Oxley Act and other applicable laws and regulations and regulations Reliability of financial reporting Efficiency and effectiveness of operations

6 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 5 Client’s Concerns The Sarbanes-Oxley Act requires all public companies to issue an “internal control report” that includes:  a statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.  an assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company’s fiscal year.

7 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 6 Auditor Concerns Controls over classes of transactions Controls related to reliability of financial reporting

8 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 7 Sales Transaction-Related Audit Objectives Objective – General form Related audit objectives Recorded transactions exist (existence). Sales are for shipments to existing customers. Existing transactions are recorded (completeness). Existing sales transactions are recorded. Transactions are stated correctly (accuracy). Sales for goods shipped are correctly billed.

9 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 8 Sales Transaction-Related Audit Objectives Objective – General form Related audit objectives Transactions are properly classified (classification). Sales transactions are properly classified. Transactions are recorded on correct dates (timing). Sales are recorded on the correct dates. Transactions are properly filed (posting and summarization). Sales transactions are properly included in the master files.

10 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 9 Learning Objective 2 Describe how information technology affects internal control.

11 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 10 Effect of Information Technology on Internal Control Information technology IT can improve the effectiveness and efficiency of internal controls. IT also enhances the timeliness and accuracy of information.

12 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 11 Risks Associated With the Use of Information Technology Programmed errors Processing incorrect data Unauthorized access

13 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 12 Learning Objective 3 Explain the five components of internal control.

14 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 13 Five Components of Internal Control Risk assessment Control activities Information and communication Monitoring

15 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 14 The Control Environment Integrity and ethical values Commitment to competence Board of directors or audit committee participation Management’s philosophy and operating style

16 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 15 The Control Environment Organizational structure Assignment of authority and responsibility Human resources policies and practices

17 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 16 Risk Assessment Identify factors affecting risk. Assess significance of risks and likelihood of occurrence. Determine actions necessary to manage risk.

18 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 17 Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance

19 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 18 Adequate Separation of Duties Custody of assets Accounting Authorization of transactions The custody of related assets OperationalresponsibilityRecord-keepingresponsibility IT duties User departments

20 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 19 Proper Authorization of Transactions and Activities General authorization Specific authorization

21 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 20 Adequate Documents and Records Prenumbered consecutively Prepared at the time of transaction Designed for multiple use Constructed to encourage correct preparation Simple enough to ensure understanding

22 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 21 Physical Control over Assets and Records The most important type of protective measure for safeguarding assets and records is the use of physical precautions.

23 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 22 Independent Checks on Performance The need for independent checks arises because internal control tends to change over time unless there is a mechanism for frequent review.

24 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 23 Information and Communication The purpose of an accounting information and communication system is to… initiate, record, process, and report the transactions and to maintain accountability for the related assets.

25 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 24 Monitoring Monitoring activities deal with management’s ongoing and periodic assessment of the quality of internal control performance… to determine whether controls are operating as intended and modified when needed.

26 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 25 Learning Objective 4 Explain methods used to obtain an understanding of internal control.

27 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 26 Understanding Internal Control and Assessing Control Risk Obtain understanding of internal control: Design and operation Assess control risk Test controls Decide planned detection risk and substantive tests

28 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 27 Reasons for Sufficiently Understanding Internal Control SAS 55 (as amended by SAS 78 and SAS 94 plus AU 319) requires the auditor to obtain an understanding of internal control for every audit. Minimumauditplanningmatters: Auditability Auditability Potential materialmisstatements Potential materialmisstatements Detection risk Detection risk Design of test Design of test

29 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 28 Procedures to Determine Design and Placement –Update and evaluate auditor’s previous experience with the entity. –Make inquiries of client personnel. –Read client’s policy and systems manuals. –Examine documents and records. –Observe entity activities and operations.

30 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 29 Documentation of the Understanding Narrative Flowchart Internalcontrolquestionnaire

31 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 30 Learning Objective 5 Assess control risk by linking strengths and weaknesses of internal control to transaction- related audit objectives.

32 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 31 Assess Control Risk Assess whether the entity is auditable. Determine assessed control risk. Assess if a lower control risk could be supported. Determine the appropriate assessed control risk.

33 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 32 Assess Control Risk Identify transaction-related audit objectives. Identify specific controls. Identify and evaluate weaknesses.

34 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 33 Identify and Evaluate Weaknesses Identify existing controls. Identify the absence of key controls. Determine misstatements that could result. Consider compensating controls.

35 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 34 The Control Risk Matrix Auditors use the control risk matrix to identify both controls and weaknesses and to asses control risk.

36 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 35 Communicate Internal Control Deficiencies and Related Matters Management letters Audit committee communications

37 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 36 Learning Objective 6 Describe the process of designing and performing tests of controls.

38 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 37 Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls.

39 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 38 Procedures for Tests of Controls Make inquiries of client personnel. Examine documents, records, and reports. Observe control-related activities. Reperform client procedures.

40 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 39 Extent of Procedures Reliance on evidence from prior year’s audit Testing less than the entire audit period Rotating tests of control

41 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 40 Relationship of Assessed Control Risk and Extent of Procedures InquiryDocumentationObservationReperformance Yes – extensive Yes – with transaction walk-through walk-throughNo Yes – some Yes – using sampling Yes – at multiple times Yes – using sampling Type of procedure High level: Obtaining an understanding only Lower level: Tests of controls Assessed control risk

42 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 41 Decide Planned Detection Risk and Design Substantive Tests The auditor uses the results of the control risk assessment process and tests of controls to determine the planned detection risk and related substantive tests. The auditor links the control risk assessments to the balance-related audit objectives.

43 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 42 Learning Objective 7 Understand evidence requirements for reports on internal control.

44 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 43 Reporting on Internal Control Reports under the Sarbanes-Oxley Act 1 Other reports on internal control 2

45 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 44 Reporting on Internal Control Section 404(b) of the Sarbanes-Oxley Act Section 404(b) of the Sarbanes-Oxley Act restricts the scope of the engagement to internal controls over financial reporting. internal controls over financial reporting. The Act provides that the auditor’s attestation of management’s assessment of internal control for a public company be integrated with the audit of the financial statements.

46 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 45 Differences in Scope of Controls Tested: Nonpublic Company Internal controls over financial reporting Controls that must be tested in an audit of internal controls Internal controls used to assess control risk below maximum Controls that must be tested in an audit of financial statements

47 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 46 Public Company Accounting Oversight Board The (PCAOB) has issued guidance for audits of internal control over financial reporting performed in conjunction with an audit of financial statements of public companies.

48 ©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 47 End of Chapter 10

Download ppt "©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley 10 - 1 Internal Control and Control Risk Chapter 10."

Similar presentations

Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Internal Control and Control Risk

Internal Control and Control Risk
Internal Control.

Internal Control.
Chapter 10 Section 404 Audits of Internal Control and Control Risk

Chapter 10 Section 404 Audits of Internal Control and Control Risk
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions Chapter 14.

Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions Chapter 14.
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 10 Internal control and Control Risk.

Chapter 10 Internal control and Control Risk.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 5 Internal Control over Financial Reporting

Chapter 5 Internal Control over Financial Reporting

Similar presentations

Ads by Google