1 / 16

Understanding and Evaluating Internal Control Systems: A Framework for Assurance

This chapter explores the concept of internal control and its importance in achieving organizational objectives. It discusses the stakeholders interested in an organization's control system and the different types of reports on internal control. The chapter also covers the components of an internal control system and the assessment of control risk. Additionally, it provides guidance on evaluating accounting information systems and assessing the effectiveness of control procedures.

alazarus
Download Presentation

Understanding and Evaluating Internal Control Systems: A Framework for Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems

  2. A Framework for Control What is Internal Control? A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) reliability of financial reporting, (2) compliance with applicable laws and regulations, (3) effectiveness and efficiency of operations, and (4) safeguarding of assets.

  3. The Need for Control • Control is part of corporate governance • Governance begins with stockholders. • Needs to occur within a framework of control and accountability. Control is almost as important to shareholders as are the financial results. Good control makes good business sense.

  4. Who is interested in an organization’s control system? • The board of directors and the audit committee of the board. • Management. • Regulators. • Auditors, both internal and external. • Suppliers and customers. • Investors and lenders. • Customers or others using the Web for commerce.

  5. Reports on Internal Control • Internal Reports to Management • Ongoing monitoring reports from operations. • Internal audit reports. • External audit reports. External Reports by Management Regulatory Required Reports E-Commerce Reports Audit Committee Reports

  6. A Framework for Understanding and Evaluating Internal Controls • Components of an Internal Control System • Control environment • Risk assessment • Control activities • Information and communication • Monitoring

  7. Understanding and Assessing the Control Environment • Sets the tone of an organization. • Management’s philosophy and operating style. • Organizational structure, including the assignment of authority and responsibility. • Board of directors and the audit committee. • Human resource policies and practices. • Integrity and ethical values. • Commitment to competence.

  8. Control Environment: Implications for Control Risk Assessment • Risk Assessment • Control Activities • Information and Communication • Monitoring

  9. Relationship of Controls to Auditing • Minimum level of control necessary. • Overall quality of controls can impact ability to remain a going concern. • Quality of control will significantly affect both audit approach and amount of testing. • Analysis of control risk helpful in identifying types of likely misstatements. • Inadequate controls may place organizations in violation of federal laws. • Auditor may need to issue a formal report.

  10. Understanding and Evaluating Accounting Information Systems • Internal Control and Financial Statement Account Balances • Auditor needs to evaluate internal control. • Auditor needs to evaluate internal control only for accounting systems that result in material account balances. • Need to assess both overall control structure and specific control procedures. • To reduced control risk must have evidence that control structure is soundly designed and efficient.

  11. Assessing the Effectiveness of Control Procedures • Non-Transaction-Based Systems • Transaction-Based Systems • Pervasive Control Activities • Segregation of duties • Authorization procedures • Adequate documentation • Physical controls • Reconciliation • Competent, trustworthy employees.

  12. Phase 1 Obtain an understanding of risks and controls. Phase 2 Preliminary assessment of control risk. Phase 3 Test controls for effectiveness. Reconsider and revise assessment if necessary. Phase 4 Control Risk Assessment

  13. Phase One: Obtain an Understanding • Walk-Throughs • Inquiries • Plant and Operational Tours • Client-Prepared Documentation • Prior-Year Working Papers

  14. Phase Two: Make Preliminary Assessment of Control Risk Crucial, because it drives the planning for the rest of the audit. Control risk highmeans more testing. Control risk low means less testing. Control risk can vary across subsystems.

  15. Phase Three: Perform Test of Controls Preliminary assessment based on understanding of system as it has operated in past and how it is designed to operate. Things change so the auditor must test the system.

  16. Phase Four: Update Assessment of Control Risk and Need for Substantive Testing Work in gaining an understanding is not an end in itself. The amount of risk determines the amount, timing and extent of evidence needed.

More Related