Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Jerry L. Turner 2006 Jerry L Turner The University of Memphis An Efficient Approach to Identification and Documentation of Critical Accounting Application.

Published byJessie Spiller Modified over 9 years ago

Similar presentations

Presentation on theme: "© Jerry L. Turner 2006 Jerry L Turner The University of Memphis An Efficient Approach to Identification and Documentation of Critical Accounting Application."— Presentation transcript:

1 © Jerry L. Turner 2006 Jerry L Turner The University of Memphis An Efficient Approach to Identification and Documentation of Critical Accounting Application Controls

2 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 Section 404 requires an assessment by management of the effectiveness of the internal control structure and procedures for financial reporting Requires each independent auditor to attest to, and report on, the assessment made by the management of the issuer

3 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 Internal control systems must be documented Relevant internal controls must be identified and tested.

4 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 Congress assumed that existing documentation would be an adequate basis for management of public companies to report on internal accounting controls

5 © Jerry L. Turner 2006 Background—Auditors Prior to SAS No. 55 (1988), auditors documented systems and identified internal controls with extensive flowcharts, extensive internal control checklists, or both

6 © Jerry L. Turner 2006 Traditional Flowcharts Portray systems as a chronological sequence of processing steps representing transaction flows Usually include superfluous information Difficult to maintain because of complexity Ineffective in identifying existing controls Ineffective at identifying where controls should exist but were not present

7 © Jerry L. Turner 2006 Traditional Flowchart Source: Whittington/Pany: Principles of Auditing

8 © Jerry L. Turner 2006 Internal Control Questionnaires Tend to be boilerplate in nature Not very effective at relating controls to audit objectives Frequently in a yes/no format where yes is good, no is bad

9 © Jerry L. Turner 2006 Internal Control Questionnaire Source: Whittington/Pany: Principles of Auditing

10 © Jerry L. Turner 2006 Move to Focus on Assertions Subsequent to SAS No. 55, auditors began organizing internal control documentation by audit objective to enable risk-based audits Prompted auditors to replace flowcharts with more easily prepared (cheaper?) narratives organized by control objectives corresponding to financial statement assertions

11 © Jerry L. Turner 2006 Narrative Source: Whittington/Pany: Principles of Auditing

12 © Jerry L. Turner 2006 Background—Companies System documentation has many forms, depending on the functional group involved in preparation Usually related to system design, such as physical and logical data flow diagrams Extremely detailed and generally not effective for other purposes, such as identification of critical internal controls

13 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 Management is to provide to the auditor documentation based on relevant assertions about each significant account –Existence or occurrence, –Completeness, –Valuation or allocation, –Rights and obligations, and –Presentation and disclosure

14 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 SOX notes that documentation might take many forms, such as paper, electronic files, or other media Can include a variety of information, including policy manuals, process models, flowcharts, job descriptions, documents, and forms

15 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 For each significant process related to an assertion, both management and the independent auditor should –understand the flow of transactions, including how transactions are initiated, authorized, recorded, processed, and reported; –identify the points within the process at which a misstatement—including a misstatement due to fraud—related to each relevant financial statement assertion could arise;

16 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 –identify the controls implemented to address these potential misstatements; and –identify the controls implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets

17 © Jerry L. Turner 2006 Sarbanes-Oxley Act of 2002 Individual controls must be linked clearly with the significant accounts and assertions to which they relate In addition to specific controls in isolation, combinations of controls also should be considered in assessing whether the objectives of the control criteria have been achieved.

18 © Jerry L. Turner 2006 Existing Documentation Methods Neither efficient nor effective in complying with the requirements of SOX Documentation typically begins with the source of accounting information, e.g. a transaction, and creates data flows from that activity to an end-point in the general ledger

19 © Jerry L. Turner 2006 Consider a Leaf on a Tree

20 © Jerry L. Turner 2006 A More Effective Approach Is consistent with a risk-based approach to auditing Identifies the critical files in the financial reporting process from the hundreds or thousands of files in a computer-based accounting system Identifies the critical processes that impact data contained in those critical files

21 © Jerry L. Turner 2006 A More Effective Approach Allows identification of controls related to those processes, based on management assertions about financial statement account balances Is useful for both company management and independent auditors Allows identification of controls that may be monitored effectively with continuous auditing techniques

22 © Jerry L. Turner 2006 Continuous Auditing Several reasons for resistance to implementation of continuous auditing –Technology –Cost –Different objectives for company and auditor SOX has aligned objectives with integrated audit approach

23 © Jerry L. Turner 2006 When Can Errors Occur? When data is entered into a system When data is transferred from one document or electronic file to a different document or electronic file When data changes form through aggregation or other process When data is deleted

24 © Jerry L. Turner 2006 Three Steps to an Effective Approach First, identify the significant accounts that affect the financial statements Then, for each significant account, identify the critical data path (CDP), beginning from the general ledger or terminal database table and proceeding backwards through each relevant file or database table until data origination

25 Critical Data Path (CDP) General Ledger Account File A File B Transaction or Allocation Document 1 Interface with other systems/applications E-commerce Web interfaces EDI Non-integrated systems/applications

26 © Jerry L. Turner 2006 Three Steps to an Effective Approach Second, identify the process or processes that affect accounting data as it moves from entry to general ledger or terminal database table A process can affect data in three ways: it can –add new data to the CDP –transform data already existing in the CDP –delete data from the CDP

27 © Jerry L. Turner 2006 Ad Hoc and Other Processes Error correction procedures may allow addition, deletion or manipulation of data, but occur outside normal processing Management override or circumvention of normal controls Journal entries needed as part of financial reporting process (accruals, allocations, etc.)

28 General Ledger Account File A File B P7—Normal process P5—Normal process P3—Normal process P1—Normal process Transaction or Allocation Document 1 P8— Error correction Management override Journal entries P6— Error correction Management override P4— Error correction Management override P2— Error correction Management override Interface with other systems/applications E-commerce Web interfaces EDI Non-integrated systems/applications

29 © Jerry L. Turner 2006 Three Steps to a New Approach For each CDP, critical controls for each of the five assertions affected by each process must be identified and documented A critical control might be the first and/or the last control in a process over a specific management assertion.

30 © Jerry L. Turner 2006 Three Steps to a New Approach A CDP may require more than one critical control over an assertion as the data is transformed or aggregated Also may require identification of additional files and processes outside the CDP, e.g. verify that a subsidiary ledger balance used as a control is correct

31 © Jerry L. Turner 2006 Three Steps to a New Approach As critical controls are identified, each should be referenced to a separate control summary sheet The summary sheet should be organized by management assertion and document the critical control or controls for each assertion Each control should be referenced to audit program tests of that control

32 © Jerry L. Turner 2006 Examples Recording of customer payments Additions to inventory

33 Remittance Advice Customer Check Cash Receipt Control Listing CR1—Cash Receipt Transaction File Customer Check CRP2—Manually input cash receipts from Cash Receipt Control Listing General Ledger Accounts Receivable File or Database Table Credit Remittance Advice Copy of Cash Receipt Control Listing To Cashier Recording of Customer Payments CRP3—Master File update run Aggregate amounts Update existing balance CRP4— Error correction Management override Journal entries CRP1—Manually prepare cash receipt control listing Record Customer ID Invoice number Date Check number Check amount

34 Critical Control Summary CRP1—Manually prepare cash receipt control listing CategoryAssertionCritical Control(s)Audit Procedure(s) Existence or Occurrence  All receipts represent valid payments-on-account  All remittances must be accompanied by a valid remittance advice Completeness  All payments-on-account are recorded  All payments received are listed on a cash receipt control listing Rights and Obligations  Payments are made to the correct entity  Payments are deposited only in company accounts All pay-to-the-order-of notations are examined on all checks received  All payments are endorsed with “For Deposit Only” to the company account Valuation  Correct amounts are recorded on the cash receipt control listing  Cash and checks received are totaled and total compared to total on cash receipt control listing Presentation or DisclosureN/A

35 Additions to Inventory

36 © Jerry L. Turner 2006 Discussion

Download ppt "© Jerry L. Turner 2006 Jerry L Turner The University of Memphis An Efficient Approach to Identification and Documentation of Critical Accounting Application."

Similar presentations

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Auditing Concepts.

Auditing Concepts.
Supplement E T he Changing Nature of Journals and Ledgers.

Supplement E T he Changing Nature of Journals and Ledgers.
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.

Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Audit Documentation PCAOB Auditing Standard no.3.

Audit Documentation PCAOB Auditing Standard no.3.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Recordkeeping & Accounting

Recordkeeping & Accounting
Sales & Cash Receipts Transactions By David N. Ricchiute

Sales & Cash Receipts Transactions By David N. Ricchiute
Chapter 11 Auditing the Purchasing Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 11 Auditing the Purchasing Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Chapter 7 Revenue and Collection Cycle “What at first was plunder assumed the softer name of revenue.” Thomas Paine McGraw-Hill/IrwinCopyright © 2008 by.

Chapter 7 Revenue and Collection Cycle “What at first was plunder assumed the softer name of revenue.” Thomas Paine McGraw-Hill/IrwinCopyright © 2008 by.
Nature of an Integrated Audit

Nature of an Integrated Audit
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Auditing the Purchasing Process

Auditing the Purchasing Process
Auditing the Purchasing Process

Auditing the Purchasing Process
Chapter 13 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Auditing Human Resources Processes: Personnel and Payroll in Service Industries.

Chapter 13 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Auditing Human Resources Processes: Personnel and Payroll in Service Industries.
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
1 Designing Substantive Procedures The auditor “must plan and perform the audit to reduce the audit risk to an acceptably low level that is consistent.

1 Designing Substantive Procedures The auditor “must plan and perform the audit to reduce the audit risk to an acceptably low level that is consistent.

Similar presentations

Ads by Google