Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 The Study of Internal Control and Assessment of Control Risk

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9 The Study of Internal Control and Assessment of Control Risk"— Presentation transcript:

1 Chapter 9 The Study of Internal Control and Assessment of Control Risk
9.401 Auditing Chapter 9 The Study of Internal Control and Assessment of Control Risk

2 Generally Accepted Auditing Standard
(ii) A sufficient understanding of internal control should be obtained to plan the audit. When control risk is assessed below maximum, sufficient appropriate audit evidence should be obtained through tests of controls to support the assessment. [Oct. 1992]

3 Internal Control consists of the policies and procedures
established and maintained by management to assist in achieving its objectives

4 Those objectives are… Effectiveness and efficiency of operations
safeguarding of assets Prevention and detection of fraud Reliability of financial reporting Compliance with applicable laws, regulations and policies As far as is practical. Mgmt can and should consider consequences and risks of non-control and costs of control implementation.

5 Factors Affecting Internal Control
The entity’s size The entity’s organization and ownership characteristics The nature of the entity’s business The diversity and complexity of the entity’s operations The entity’s methods of transmitting, processing, maintaining, and accessing information Applicable legal and regulatory requirements

6 Criteria of Control (COCO) Board of the CICA
Monitoring & Learning Purpose Commitment Capability Action A person performs a task guided by an understanding of its purpose (the objective to be achieved) and supported by capability (information, resources, supplies, and skills). The person will need a sense of commitment to perform the task well over time. The person will monitor his or her performance and the external environment to learn about how to do the task better and about changes to be made. The same is true of any team or work group

7 Elements of Internal Control
Elements of internal control include: Control environment General computer control systems and procedures Accounting System Accounting System Control Procedures

8 Control Environment the collective effect of various factors on establishing, enhancing or reducing the effectiveness of internal control policies and procedures . Such factors include: Management Philosophy and Operating Style; The functioning of the board of directors and internal control, particularly the audit committee; Organizational Structure; Methods of Assigning Authority and Responsibility; Management Monitoring Methods; Internal Audit; and Personnel Policies and Practices Management reaction to external Influences Systems Development Methodology

9 Control Environment Reflects the overall attitude, awareness, commitment and actions of management concerning the importance of internal control and its emphasis in the entity. Strengths and weaknesses in control environment factors are likely to have a pervasive effect on the financial statements. An effective control environment interacts with control systems. It may reduce the impact that the absence of certain control systems might otherwise have. It also strengthens the impact of controls in place. An ineffective control system may impair the effectiveness of control systems.

10 General computer control systems
Establish controls over info system processing activities Affect multiple classes of transactions

11 General computer control systems
General Control System Means… Org and Mgmt controls -policies and procedures are established -programmer and operator functions separate Systems acquisition, development and maintenance controls -policies and procedures to ensure systems are authorized, efficient and function according to objectives Operations and Information Systems Support -system should be available and used for authorized purposes (=training, documentation, controlled access, backup and recovery)

12 The Accounting System = the policies and procedures involving the
Collection Transcribing Processing And reporting of data

13 Accounting System Control Procedures
= policies and procedures that enhance the reliability of accounting data Occurrence Completeness Accuracy (valuation), Posting Classification Timing -often involves “checks”, “reconciles”, “compares”, “verifies”, “ensures”…..

14 Segregation of duties Ensures that no-one is in a position to commit or profit from an error/fraud and cover it up. To work, these duties MUST be separate: Authorization of transaction Custody of assets (including cheques, cash, inventory etc.) Recording of transaction Periodic reconciliation

15 Other Controls Proper Authorization (general or specific)
Adequate documents Prenumbered or sequentially numbered + follow-up of missing items Prepared on a timely basis Sufficiently simple, easy to fill out

16 Other Controls Safeguards over access to and use of assets
Safeguards over access to and use of records Physical and logical Independent verification of performance and accuracy of recorded amounts Inventory counts, bank recs. Input or output checks (eg. Check digits, reasonableness limits) Comparison of documents, quantities, prices

17 Acquiring Understanding of IC
At minimum, auditor must acquire understanding of: Control environment General computer control systems and procedures Accounting System

18 Purpose of Understanding IC
Assess auditability (depends on mgmt integrity, adequacy of record and general controls) Familiarity with client to facilitate audit: Major classes of transactions How they’re initiated What records and documents exist How transactions are processed and reported Therefore, helps auditor design tests and identify potential misstatements Assess Preliminary Control Risk

19 Further Investigation of IC
If auditor believes reliance on IC (ie. CR<100%) may be possible AND efficient, investigate further the control procedures in place Make preliminary assessment of Control Risk

20 Preliminary Assessment of CR
Identify transaction audit objective (existence/occurrence, completeness etc.) Identify specific controls remember effects of control environment and general computer controls Identify and evaluate weaknesses Determine potential misstatements that could occur and effect on audit Consider compensating controls

21 How to investigate IC Update and evaluate previous working papers
Inquiries of Client Personnel Read client policy and systems manuals Examine documents and records: perform transaction walk-through Observe activities and operations

22 Documenting the Understanding of the Internal Control
A number of tools are available to the auditor for documenting the understanding of the internal control including: Copies of the entity's procedures manuals and organizational charts Narrative descriptions Internal control questionnaires Flowcharts

23 Further Investigation of IC
If preliminary CR<100%, perform tests of controls on KEY CONTROLS to ensure: Control was operating as described, with sufficient effectiveness, throughout period of reliance Tests may include: Inquiry of personnel (requires corroboration) Examine documents, records, reports Observe activities (eg. Segregation of duties, test data) Reperform procedures if possible If control is computerized, test and ensure controls exist over changes to program

24 Direction of the Test of Controls Audit Procedures
File of shipping documents File of recorded sales (sales journal) Vouch to shipping documents Evidence Sample selection Validity direction Sample selection Evidence Trace to recorded sales Completeness Direction

25 Further Investigation of IC
Revise preliminary control risk with results of tests of controls Calculate detection risk and design substantive procedures Combined approach = reliance on both IC and substantive procedures Substantive approach = no reliance on IC as either unjustified or inefficient

26 Audit Cost Trade - off

27 Communications with the Client
Systems improvements are communicated to the client by the management letter, which is written at the end of field work Section 5220 requires communication of all significant internal control weaknesses Section 5750 “Communication of Matters Identified During the Financial Statement Audit” eg. Fraud or illegal acts 5220 and 5750 don’t have to be in writing

28 Communicating Internal Control Weaknesses
Reportable conditions Absence of appropriate segregation of duties Absence of appropriate reviews and approvals of transactions Evidence of failure of control procedures Evidence of intentional management override Evidence of willful wrong doing by employees or management, including manipulation, falsification or alteration of accounting records

29 Material Weaknesses A material weakness in internal control is defined as a reportable condition in which the design or operation of one or more of the specific internal control elements does not reduce to a relatively low level the risk that errors or irregularities in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions (AU ).

30 Limitations of Internal Control
Human failures such as simple errors or mistakes Management override Collusion Cost/benefit Unusual transactions Because of these limitations, as long as the item is material, it is generally necessary to do at least some substantive testing.

Download ppt "Chapter 9 The Study of Internal Control and Assessment of Control Risk"

Similar presentations

Internal Control and Control Risk

Internal Control and Control Risk
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
The Islamic University of Gaza

The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004

CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Audit objectives, Planning The Audit

Audit objectives, Planning The Audit
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING

Similar presentations

Ads by Google