Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prepared by: Angela Davis CA, CFE, MSc Booth University College

Published byLeonard Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "Prepared by: Angela Davis CA, CFE, MSc Booth University College"— Presentation transcript:

1 Prepared by: Angela Davis CA, CFE, MSc Booth University College
Copyright John Wiley & Sons Canada, Ltd.

2 GAINING AN UNDERSTANDING OF THE CLIENT’S SYSTEM OF INTERNAL CONTROLS
Define internal control Explain the seven generally accepted objectives of internal control activities Understand and describe the elements of internal control at the entity level Understand and describe the elements of internal control at the transaction level, and apply them to the sales, purchases, and payroll cycles Explain the different techniques used to document internal controls Explain the importance of identifying strengths and weaknesses in a system of internal controls Explain how to communicate internal control strengths and weaknesses to those charged with governance Copyright John Wiley & Sons Canada, Ltd.

3 Internal control defined
Internal control encompasses the entity’s resources, systems, processes, culture, structure and tasks When controls are effective, the entity is more likely to achieve its strategic and operating objectives The auditor focuses on controls with a direct impact on the entity’s financial reporting, compliance and asset safeguarding Copyright John Wiley & Sons Canada, Ltd.

4 Internal control defined cont’d
Internal control is the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations (CAS315) Copyright John Wiley & Sons Canada, Ltd.

5 Objectives of internal controls
Is an entity’s internal control effective as it relates to recording of transactions and balances? Effective internal control meets the following objectives: Real – no fictitious or duplicated transactions Assertions: occurrence, rights and obligations & existence Copyright John Wiley & Sons Canada, Ltd.

6 Objectives of internal controls cont’d
Recorded – prevent or detect omission of transactions Assertions: accuracy, completeness, valuation & allocation Valued – correct amounts assigned to transactions Assertions: accuracy, valuation & allocation Classified – transactions charged to correct account Assertions: accuracy, classification, valuation & allocation Copyright John Wiley & Sons Canada, Ltd.

7 Objectives of internal controls cont’d
Summarized – transactions summarized and totalled correctly Assertions: accuracy, valuation & allocation Posted – accumulated totals in transaction file are correctly transferred to the general and subsidiary ledgers Assertions: accuracy, classification, valuation & allocation Timely – transactions recorded in correct accounting period Assertions: cut-off and completeness Copyright John Wiley & Sons Canada, Ltd.

8 Objectives of internal controls cont’d
Auditor aims to gain an understanding of how the client uses internal controls to meet these objectives Focusing on these objectives helps auditor select controls for testing to gain greatest assurance that controls are operating effectively Failure of an entity’s controls to meet any of these objectives is a weakness in internal control Copyright John Wiley & Sons Canada, Ltd.

9 Objectives of internal controls cont’d
All internal control systems have inherent limitations Human error that results in control breakdown Ineffective understanding of control’s purpose Collusion by two or more individuals to avoid control Software program control being overridden, disabled Management decisions about nature and extent of controls being implemented Copyright John Wiley & Sons Canada, Ltd.

10 Entity-level internal controls
Entity level internal controls potentially impact all entity processes. Comprises: The control environment Culture, structure and discipline of an entity. Communication and enforcement of integrity and ethical values Commitment to competence Participation by those charged with governance Management’s philosophy and operating style Organizational structure, including IT Assignment of authority and responsibility Human resource policies and practices Copyright John Wiley & Sons Canada, Ltd.

11 Entity-level internal controls cont’d
The entity’s risk assessment process How does the entity identify and respond to business risks? Auditor is interested in how management identify, analyze and manage risks relevant to financial reporting, and how the risks might impact the audit 3. Information systems and communication Designed to capture and exchange information to conduct, manage and control entity’s operations Includes manual and automated systems Auditor is interested in systems relevant to financial reporting Copyright John Wiley & Sons Canada, Ltd.

12 Entity-level internal controls cont’d
Control activities Policies and procedures that help make sure management’s directives are carried out Performance review e.g. actual vs budget, investigation of differences Information processing Manual or automated, to check accuracy, completeness and authorization of transactions Physical controls Security of assets and records Segregation of incompatible duties No one employee/group should be in position both to perpetrate a fraud/errors and to cover it up Separate authorization/custody/recording Copyright John Wiley & Sons Canada, Ltd.

13 Entity-level internal controls cont’d
When understanding client’s control activities, auditor considers: Extent of reliance on IT Existence of necessary policies and procedures Extent to which control policies are being applied Clarity of management objectives for controls Existence of planning and reporting systems for performance and investigation of variance, and management action to follow-up Extent of segregation of duties Software controls over access to data and programs Periodic comparison between records and assets Safeguards over access to documents, records, assets Copyright John Wiley & Sons Canada, Ltd.

14 Entity-level internal controls cont’d
Monitoring of controls Does management monitor controls and modify as required when conditions change? Ongoing monitoring procedures should be part of regular activities, e.g. internal audit function Auditor considers: Are there periodical evaluations of internal controls? Do client staff regularly obtain evidence of control functioning? Extent to which information from external parties corroborate, or contradict, internal information Management act on audit recommendations, or respond to control difficulties on timely basis Copyright John Wiley & Sons Canada, Ltd.

15 Entity-level internal controls cont’d
Internal control in small entities Difficult to implement formal controls, segregate duties in small entities Reliance on owner-manager, heavily involved in daily business Personally detect material errors, but Potential to override internal controls Auditor could increase substantive procedures to compensate for weaker controls Auditor must make overall assessment of effectiveness of entity-level controls Copyright John Wiley & Sons Canada, Ltd.

16 Transaction-level controls
These controls impact a particular transaction, or group of transactions They are aimed at preventing an error from entering the records, or detecting errors that do enter the records Controls are considered for transaction processes, or flows, e.g. Sales process Cost of sales process Copyright John Wiley & Sons Canada, Ltd.

17 Transaction-level controls cont’d
When gaining an understanding of the transaction processes, the auditor: Identifies major events and transactions in the process Identifies risks to correct processing of the transactions – What Can Go Wrong? (WCGWs) For each WCGW, auditor identifies one or more controls This understanding is documented and used to guide evaluation and testing of internal controls Copyright John Wiley & Sons Canada, Ltd.

18 Transaction-level controls cont’d
Table 7.1 Example: Sales risks and controls Copyright John Wiley & Sons Canada, Ltd.

19 Transaction-level controls cont’d
Table 7.1 (continued) Copyright John Wiley & Sons Canada, Ltd.

20 Transaction-level controls cont’d
Table 7.1 (continued) Copyright John Wiley & Sons Canada, Ltd.

21 Transaction-level controls cont’d
Table 7.1 (continued) Copyright John Wiley & Sons Canada, Ltd.

22 Transaction-level controls cont’d
Table 7.1 (continued) Copyright John Wiley & Sons Canada, Ltd.

23 Transaction-level controls cont’d
Example: Purchasing risk and controls Table 7.2 Copyright John Wiley & Sons Canada, Ltd.

24 Documenting internal controls
Common forms of documenting controls: Narratives Very useful when controls simple, straightforward Auditor uses words to describe each step of transaction from start to finish 2. Flowcharts Useful for more complex controls – keep chart simple Conveys information visually Copyright John Wiley & Sons Canada, Ltd.

25 Documenting internal controls cont’d
3. Combination of flowchart and narrative Use both techniques side-by-side Narrative used to explain details 4. Checklists and preformatted questionnaires Helps identify most common controls that should be present Useful for less experienced auditors Copyright John Wiley & Sons Canada, Ltd.

26 Documenting internal controls cont’d
Figure 7.1 Example: Credit Sales Process Copyright John Wiley & Sons Canada, Ltd.

27 Example flowchart for credit sales process
Figure 7.2 Copyright John Wiley & Sons Canada, Ltd.

28 Example combination documentation for credit sales processes
Figure 7.3 Copyright John Wiley & Sons Canada, Ltd.

29 Example checklist for documenting a credit sales process
Figure 7.4 Copyright John Wiley & Sons Canada, Ltd.

30 Identifying strengths and weaknesses in controls
After documentation, auditor must assess control system Identify systems strengths and weaknesses that have financial reporting impact Identify internal control exceptions where control did not operate as intended Draw conclusions about control risk Copyright John Wiley & Sons Canada, Ltd.

31 Management letters CAS 260 requires auditors to provide those charged with governance timely observations arising from the audit that are significant and relevant to the oversight of the financial reporting process. May take the form of a letter from the auditor to the client, recommendations based on internal control weaknesses and other matters discovered during the audit Copyright John Wiley & Sons Canada, Ltd.

32 Management letters Professional judgement required about which matters to include in letter Allows management to document their actions in response, and inform those charged with governance Often use interim and final management letters Copyright John Wiley & Sons Canada, Ltd.

33 Copyright John Wiley & Sons Canada, Ltd.

Download ppt "Prepared by: Angela Davis CA, CFE, MSc Booth University College"

Similar presentations

Internal Control and Control Risk

Internal Control and Control Risk
Chapter 13: Control processes and systems

Chapter 13: Control processes and systems
ACCOUNTING INFORMATION SYSTEMS

ACCOUNTING INFORMATION SYSTEMS
Auditing Concepts.

Auditing Concepts.
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.

Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Internal Control.

Internal Control.
Accounting Principles Second Canadian Edition Prepared by: Carole Bowman, Sheridan College Edited by: Carolyn Doering, HHSS Weygandt · Kieso · Kimmel ·

Accounting Principles Second Canadian Edition Prepared by: Carole Bowman, Sheridan College Edited by: Carolyn Doering, HHSS Weygandt · Kieso · Kimmel ·
The Islamic University of Gaza

The Islamic University of Gaza
Prepared by: Angela Davis CA, CFE, MSc Booth University College

Prepared by: Angela Davis CA, CFE, MSc Booth University College
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Prepared by: Angela Davis CA, CFE, MSc Booth University College

Prepared by: Angela Davis CA, CFE, MSc Booth University College
Prepared by: Angela Davis CA, CFE, MSc Booth University College

Prepared by: Angela Davis CA, CFE, MSc Booth University College
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 2: The Recording Process

Chapter 2: The Recording Process

Similar presentations

Ads by Google