Presentation is loading. Please wait.

Presentation is loading. Please wait.

5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything.

Published byChristal Sims Modified over 8 years ago

Similar presentations

Presentation on theme: "5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything."— Presentation transcript:

1 5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything seems under control, you're just not going fast enough.” -- Mario Andretti, Race car driver

2 5-2 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Objectives 1.Distinguish between management’s and auditors’ responsibilities for a company’s internal control. 2.Define internal control. 3.Describe the five basic components of internal control and some of their characteristics. 4.Describe the phases of an evaluation of control and risk assessment. 5.Explain the communication of internal control deficiencies. 6.Explain the limitations of a company’s internal control. 7.Understand Auditors’ responsibilities for evaluating internal controls under GAAS and PCAOB#2

3 5-3 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Responsibility for Internal Control Management responsibility –Foreign Corrupt Practices Act –Sarbanes-Oxley Act of 2002 Auditor responsibility –Second standard of fieldwork –PCAOB #2

4 5-4 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Exhibit 5-1 Trade-off Between Testing of Controls and Substantive Testing Substantive Testing Testing of Controls More EffectiveMore Efficient Year-endInterim

5 5-5 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Internal Control – An Integrated Framework (COSO) Internal Control A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) Reliability of financial reporting, (2) Compliance with applicable laws and regulations, (3) Effectiveness and efficiency of operations.

6 5-6 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Exhibit 5-2 Internal Control—Integrated Framework

7 5-7 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Internal Control – An Integrated Framework (COSO) Components of internal control Control environment Risk assessment Control activities Information & communication Monitoring

8 5-8 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Monitoring Exhibit 5-3 Interrelated components of Internal Control Risk Assessment Control Procedures Control Environment Information and Communication

9 5-9 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Control Environment Sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components.

10 5-10 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. CONTROL ENVIRONMENT MANAGEMENT'S PHILOSOPHY AND STYLE INTEGRITY AND ETHICAL VALUES PROVIDING AND COMMUNICATING MORAL GUIDANCE COMMITMENT TO COMPETENCE THE ENTITY'S ORGANIZATION STRUCTURE

11 5-11 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. CONTROL ENVIRONMENT (CONT.) THE FUNCTIONING OF THE BOARD OF DIRECTORS AND ITS COMMITTEES, PARTICULARLY THE AUDIT COMMITTEE METHODS OF ASSIGNING AUTHORITY AND RESPONSIBILITY (ACCOUNTABILITY) PERSONNEL POLICIES AND PRACTICES EXTERNAL INFLUENCES

12 5-12 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. PERSONNEL POLICIES AND PRACTICES RECRUITING AND HIRING ORIENTATION TRAINING COUNSELING RECOGNITION PROMOTION ADEQUATE PAY JOB ROTATION REQUIRED VACATIONS BONDING

13 5-13 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Risk Assessment The entity's identification and analysis of relevant risks to achievement of its objectives. COSOs Enterprise risk management (ERM) framework

14 5-14 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Exhibit 5-4 Enterprise Risk Management Framework Internal Environment Monitoring Information and Communication Risk Response Risk Assessment Objective Setting Event Identification Control Procedures

15 5-15 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Control Procedures The policies and procedures that help ensure management directives are carried out. –Physical controls over the security of assets –Segregation of duties –Information Processing General Controls Application Controls –Performance reviews

16 5-16 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Exhibit 5-5 Segregation of Duties Authorization Custody Recording Reconciliation

17 5-17 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. GENERAL CONTROLS ORGANIZATION PROCEDURES FOR CHANGES HARDWARE CONTROLS ACCESS CONTROLS CONTINGENCY PLANS

18 5-18 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. APPLICATIONS CONTROLS INPUT CONTROLS PROCESSING CONTROLS OUTPUT CONTROLS

19 5-19 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Information & Communication The identification, capture, and exchange of information in the form and time frame that enables people to carry out their responsibilities.

20 5-20 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Information and Communication Data identification Data description and entry Transaction measurement and processing Report production and distribution

21 5-21 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Monitoring The process that assesses the quality of the internal control's performance over time.

22 5-22 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Phases of a Control Evaluation Phase 1: Understand and Document –Understand the Client’s Internal Control –Document the Internal Control understanding Internal Control questionnaire Narrative Accounting and Control System Flowcharts Phase 2: Assess Control Risk (Preliminary) Phase 3: Testing and Reassessment –Perform Test of Controls Audit Procedures –Re-Assess Control Risk

23 5-23 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Exhibit 5-8 Phases of Internal Control Evaluation

24 5-24 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Exhibit 5-10 Example Flowchart: Credit Approval and Sales Processing and Shipment

25 5-25 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Limitations of Internal Controls Human error Collusion Management override Cost/benefit analysis –There is often a trade-off between the cost and the effectiveness of internal controls. –The concept of reasonable assurance recognizes that the cost of an entity’s internal control should not exceed the benefits that are expected to be derived.

26 5-26 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Exhibit 5-7 Internal Controls Maturity Framework Unreliable Informal Standardized Monitored Optimized Unpredictable environment where controls are not designed or in place. Controls are designed and in place but are not adequately documented. Controls are designed, in place, and are adequately documented. Standardized controls with periodic testing for effective design and operation with reporting to management.. Integrated internal controls with real- time monitoring by management and continuous improvement.. Source: PricewaterhouseCoopers, The Sarbanes-Oxley Act of 2002: Strategies for Meeting New Internal Control Reporting Challenges: A White Paper.

27 5-27 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. PCAOB Internal Control Standard Auditor Attests To Management’s Assessment Not A Separate Engagement –Integrated Audit Of Internal Control And Financial Statements Objective—“to Form An Opinion As To Whether Management's Assessment Of The Effectiveness Of The Registrant's Internal Control Over Financial Reporting Is Fairly Stated in All Material Respects.”

28 5-28 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Audit Of Internal Control-- steps Planning The Audit Evaluating The Management’s Process For Assessing IC Obtaining An Understanding Of IC Evaluating Effectiveness –Design –Operation Forming An Opinion About Effectiveness

29 5-29 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Evaluating Management's Assessment The More Extensive And Reliable Management’s Is, The Less Extensive The Auditor’s Work Needs To Be. Can Incorporate Work Of IA And Others –Must Assess Competence And Objectivity –Limited Reliance –Can’t Reduce Work on Control Environment Auditor Must Perform Work Related To –Company-wide Anti-fraud Programs –Controls That Have A Pervasive Effect –Auditor Must Obtain “Principal Evidence”

30 5-30 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Planning The Audit Knowledge Of Industry Knowledge Of Business Extent Of Changes In Operations Extent Of Changes In IC

31 5-31 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Obtain Understanding Must Understand That Controls Have Actually Been Implemented And Are Operating As Designed Must Perform Walkthroughs –Major classes of transactions –Routine And Unusual Transactions Identify Significant Accounts Processes Identify Relevant Assertions

32 5-32 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Evaluating Effectiveness Design Effectiveness –Will Controls Be Effective If Operated As Designed –Are All Necessary Controls In Place? –Inquiry, Observation, Walkthroughs –Specific Evaluation Of Whether The Controls Are Likely To Prevent Or Detect Financial Misstatements –Specifically evaluate Audit Committee –Can Use SAS 70 Report for Service Organizations

33 5-33 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Evaluating Effectiveness Testing Operating Effectiveness –Evaluation As Of End Of Fiscal Year –Can Test At Different Times And Update –Inquiries, Inspection Of Documentation, Observation, Reperformance. –May Use Tests By Management, IAs And 3 rd Parties –Read IA Reports

34 5-34 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Evaluating Results And Forming An Opinion “An Internal Control Deficiency Exists When The Design Or Operation Of A Control Does Not Allow The Company’s Management Or Employees, In The Normal Course Of Performing Their Assigned Functions, To Prevent Or Detect Misstatements On A Timely Basis.”

35 5-35 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Evaluating Results And Forming An Opinion Significant Deficiency—more Than A Remote Likelihood Of A Misstatement Of The Annual Or Interim Financial Statements That Is More Than Inconsequential In Amount Material Weakness—more Than A Remote Likelihood Of A Material Misstatement Material Weakness=Adverse Opinion Significant Deficiencies And Material Misstatements Must Be Communicated In Writing To Audit Committee

36 5-36 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Evaluating Results And Forming An Opinion Inadequate Documentation Is A Deficiency –Design Of Controls –Objectives Of Controls –Qualifications Of People –Process Used To Assess Effectiveness Nature And Results Of Tests

37 5-37 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Significant Deficiencies Ineffective Control Environment Ineffective Oversight By Audit Committee. Material Misstatement Not Identified or Prevented By Internal Controls. Significant Uncorrected Deficiencies

38 5-38 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Report Two Opinions –Management’s Assessment –Effectiveness Of Controls Over Financial Reporting No Material Weaknesses—Unqualified Opinion. Cannot Perform All Procedures—Qualify Or Disclaim Opinion If Opinion Cannot Be Expressed—Explain Why Management Certifies Responsibility Quarterly –Auditor Performs Limited Procedures.

39 5-39 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Reporting on Internal Control Related Matters Noted in an Audit Sarbanes-Oxley requires that the report be in writing. The auditor may communicate during or after audit. Communications with management is not required; however, communications with management or other individuals within the entity who may, in the auditor's judgment, benefit from the communications are not precluded.

40 5-40 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Example Report of Significant Deficiencies In planning and performing our audit of the financial statements of Apollo Shoes, Inc. for the year ended December 31, 2004, we considered its internal control in order to determine our audit procedures for the purpose of expressing our opinion on the financial statements and not to provide assurance on the internal control system. Our consideration of internal control would not necessarily disclose all deficiencies in internal control that might be significant deficiencies. However, we noted a certain matter involving the internal control and its operation that we consider to be a significant deficiency under standards established by the American Institute of Certified Public Accountants. A significant deficiency involves a matter coming to our attention relating to a weakness in the design or operation of the internal control that, in our judgment, could adversely affect the company’s ability to initiate, record, process, and report financial data consistent with the assertions of management in the financial statements. [Include paragraphs to describe the significant deficiencies noted.] This report is intended solely for the information and use of the board of directors and its audit committee and is not intended to be and should not be used by anyone other than these specified parties.

Download ppt "5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control.

Internal Control.
Chapter 10 Section 404 Audits of Internal Control and Control Risk

Chapter 10 Section 404 Audits of Internal Control and Control Risk
Internal Control Chapter 7 covers two distinct, but related topics:

Internal Control Chapter 7 covers two distinct, but related topics:
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Review of Introduction to Auditing

Review of Introduction to Auditing
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Nature of an Integrated Audit

Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.

Statement on Auditing Standards (SAS) 112 Communicating Internal Control Related Matters Identified in an Audit.

Similar presentations

Ads by Google