Download presentation
Presentation is loading. Please wait.
Published byWinifred McCarthy Modified over 6 years ago
1
Internal Control in a Financial Statement Audit
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
2
Internal Control The auditor uses risk assessment procedures to
LO# 1 The auditor uses risk assessment procedures to -obtain an understanding of the entity’s internal control -identify key controls -identify the types of potential misstatements -design tests of controls and substantive procedures The auditor’s understanding of the internal control is a major factor in determining the overall audit strategy. The auditor has a responsibility to: (1) obtain an understanding of internal control and (2) assess control risk. 6-2
3
COSO’s Internal Control – Integrated Framework
LO# 2 COSO’s Internal Control – Integrated Framework Reliability of Financial Reporting Effectiveness and Efficiency of Operations Compliance with Laws and Regulations Objectives 6-3
4
The Effect of Information Technology on Internal Control
6-4
5
Components of Internal Control
LO# 5 Components of Internal Control 6-5
6
Planning an Audit Strategy
LO# 6 Planning an Audit Strategy Audit Risk Model AR = IR × CR × DR In applying the audit risk model, the auditor must assess control risk. The figure on the next slide presents a flowchart of the auditor’s decision process when considering internal control in planning an audit. 6-6
7
LO# 6 Planning an Audit Strategy Figure 6-2 Flowchart of the Auditor’s Consideration of Internal Control and Its Relation to Substantive Procedures 6-7
8
Obtain an Understanding of Internal Control
LO# 7 Obtain an Understanding of Internal Control The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This knowledge is used to: Identify types of potential misstatement Pinpoint the factors that affect the risk of material misstatement Design tests of controls and substantive procedures 6-8
9
Documenting the Understanding of Internal Control
LO# 8 Documenting the Understanding of Internal Control Procedures Manuals and Organizational Charts Flowcharts Internal Control Questionnaires Narrative Description 6-9
10
The Limitations of an Entity’s Internal Control
LO# 8 The Limitations of an Entity’s Internal Control Management Override of Internal Control Human Errors or Mistakes Collusion 6-10
11
Assessing Control Risk
LO# 9 Identify specific controls that will be relied upon. Perform tests of controls. Conclude on the achieved level of control risk. 6-11
12
Interim Audit Procedures
LO# 12 Interim Audit Procedures Interim Tests of Controls Assertion being tested not significant Control has been effective in prior audits Efficient use of staff time Interim Substantive Procedures Control environment Availability of information at a later date The purpose of the substantive procedure The assessed risk of material misstatement The nature of the transactions or balances and relevant assertions The ability of the auditor to perform appropriate procedures to cover the remaining period 6-12
13
Auditing Accounting Applications Processed by Service Organizations
LO# 13 Auditing Accounting Applications Processed by Service Organizations In some instances, an entity may have some or all of its accounting transactions processed by an outside service organization. Because the entity’s transactions are subjected to the controls of the service organization, one of the auditor’s concerns is the internal control system in place at the service organization. It is not uncommon for service organizations to have an auditor issue one of two types of reports on their operations. 6-13
14
Communication of Internal Control-Related Matters
LO# 14 Communication of Internal Control-Related Matters A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. Material Weakness A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance. Significant Deficiency 6-14
15
Types of Controls in an IT Environment
LO# 15 Types of Controls in an IT Environment General Controls Data center and network operations System software acquisition, change, and maintenance Access security Application system acquisition, development, and maintenance Application Controls Data capture controls Data validation controls Processing controls Output controls Error controls 6-15
16
Flowcharting Symbols LO# 16 6-16
17
End of Chapter 6 6-17
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.