1 / 30

9.401 Auditing

9.401 Auditing. Chapter 9 The Study of Internal Control and Assessment of Control Risk. Generally Accepted Auditing Standard.

Download Presentation

9.401 Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 9.401 Auditing Chapter 9 The Study of Internal Control and Assessment of Control Risk

  2. Generally Accepted Auditing Standard • 5100.02 (ii) A sufficient understanding of internal control should be obtained to plan the audit. When control risk is assessed below maximum, sufficient appropriate audit evidence should be obtained through tests of controls to support the assessment. [Oct. 1992]

  3. Internal Control consists of the policies and procedures established and maintained by management to assist in achieving its objectives

  4. Those objectives are… • Effectiveness and efficiency of operations • safeguarding of assets • Prevention and detection of fraud • Reliability of financial reporting • Compliance with applicable laws, regulations and policies As far as is practical. Mgmt can and should consider consequences and risks of non-control and costs of control implementation.

  5. Factors Affecting Internal Control • The entity’s size • The entity’s organization and ownership characteristics • The nature of the entity’s business • The diversity and complexity of the entity’s operations • The entity’s methods of transmitting, processing, maintaining, and accessing information • Applicable legal and regulatory requirements

  6. Purpose Monitoring &Learning Commitment Capability Action Criteria of Control (COCO)Board of the CICA • A person performs a task guided by an understanding of its purpose (the objective to be achieved) and supported by capability (information, resources, supplies, and skills). The person will need a sense of commitment to perform the task well over time. The person will monitor his or her performance and the external environment to learn about how to do the task better and about changes to be made. The same is true of any team or work group

  7. Elements of Internal Control • Elements of internal control include: • Control environment • General computer control systems and procedures • Accounting System • Accounting System Control Procedures

  8. Control Environment • the collective effect of various factors on establishing, enhancing or reducing the effectiveness of internal control policies and procedures • . Such factors include: • Management Philosophy and Operating Style; • The functioning of the board of directors and internal control, particularly the audit committee; • Organizational Structure; • Methods of Assigning Authority and Responsibility; • Management Monitoring Methods; Internal Audit; and Personnel Policies and Practices • Management reaction to external Influences • Systems Development Methodology

  9. Control Environment • Reflects the overall attitude, awareness, commitment and actions of management concerning the importance of internal control and its emphasis in the entity. • Strengths and weaknesses in control environment factors are likely to have a pervasive effect on the financial statements. • An effective control environment interacts with control systems. It may reduce the impact that the absence of certain control systems might otherwise have. It also strengthens the impact of controls in place. • An ineffective control system may impair the effectiveness of control systems.

  10. General computer control systems • Establish controls over info system processing activities • Affect multiple classes of transactions

  11. General computer control systems

  12. The Accounting System = the policies and procedures involving the • Collection • Transcribing • Processing • And reporting of data

  13. Accounting System Control Procedures = policies and procedures that enhance the reliability of accounting data • Occurrence • Completeness • Accuracy (valuation), Posting • Classification • Timing -often involves “checks”, “reconciles”, “compares”, “verifies”, “ensures”…..

  14. Segregation of duties • Ensures that no-one is in a position to commit or profit from an error/fraud and cover it up. • To work, these duties MUST be separate: • Authorization of transaction • Custody of assets (including cheques, cash, inventory etc.) • Recording of transaction • Periodic reconciliation

  15. Other Controls • Proper Authorization (general or specific) • Adequate documents • Prenumbered or sequentially numbered + follow-up of missing items • Prepared on a timely basis • Sufficiently simple, easy to fill out

  16. Other Controls • Safeguards over access to and use of assets • Safeguards over access to and use of records • Physical and logical • Independent verification of performance and accuracy of recorded amounts • Inventory counts, bank recs. • Input or output checks (eg. Check digits, reasonableness limits) • Comparison of documents, quantities, prices

  17. Acquiring Understanding of IC • At minimum, auditor must acquire understanding of: • Control environment • General computer control systems and procedures • Accounting System

  18. Purpose of Understanding IC • Assess auditability (depends on mgmt integrity, adequacy of record and general controls) • Familiarity with client to facilitate audit: • Major classes of transactions • How they’re initiated • What records and documents exist • How transactions are processed and reported Therefore, helps auditor design tests and identify potential misstatements • Assess Preliminary Control Risk

  19. Further Investigation of IC • If auditor believes reliance on IC (ie. CR<100%) may be possible AND efficient, investigate further the control procedures in place • Make preliminary assessment of Control Risk

  20. Preliminary Assessment of CR • Identify transaction audit objective (existence/occurrence, completeness etc.) • Identify specific controls • remember effects of control environment and general computer controls • Identify and evaluate weaknesses • Determine potential misstatements that could occur and effect on audit • Consider compensating controls

  21. How to investigate IC Update and evaluate previous working papers Inquiries of Client Personnel Read client policy and systems manuals Examine documents and records: perform transaction walk-through Observe activities and operations

  22. Documenting the Understanding of the Internal Control A number of tools are available to the auditor for documenting the understanding of the internal control including: • Copies of the entity's procedures manuals and organizational charts • Narrative descriptions • Internal control questionnaires • Flowcharts

  23. Further Investigation of IC • If preliminary CR<100%, perform tests of controls on KEY CONTROLS to ensure: • Control was operating as described, with sufficient effectiveness, throughout period of reliance • Tests may include: • Inquiry of personnel (requires corroboration) • Examine documents, records, reports • Observe activities (eg. Segregation of duties, test data) • Reperform procedures if possible • If control is computerized, test and ensure controls exist over changes to program

  24. Direction of the Test of Controls Audit Procedures File of recorded sales(sales journal) File of shipping documents Vouch to shipping documents Sampleselection Evidence Validitydirection Sampleselection Evidence Trace to recorded sales Completeness Direction

  25. Further Investigation of IC • Revise preliminary control risk with results of tests of controls • Calculate detection risk and design substantive procedures • Combined approach = reliance on both IC and substantive procedures • Substantive approach = no reliance on IC as either unjustified or inefficient

  26. Audit Cost Trade - off

  27. Communications with the Client • Systems improvements are communicated to the client by the management letter, which is written at the end of field work • Section 5220 requires communication of all significant internal control weaknesses • Section 5750 “Communication of Matters Identified During the Financial Statement Audit” eg. Fraud or illegal acts • 5220 and 5750 don’t have to be in writing

  28. Communicating Internal Control Weaknesses Reportable conditions • Absence of appropriate segregation of duties • Absence of appropriate reviews and approvals of transactions • Evidence of failure of control procedures • Evidence of intentional management override • Evidence of willful wrong doingby employees or management, including manipulation, falsification or alteration of accounting records

  29. Material Weaknesses A material weakness in internal control is defined as a reportable condition in which the design or operation of one or more of the specific internal control elements does not reduce to a relatively low level the risk that errors or irregularities in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions (AU 325.15).

  30. Limitations of Internal Control • Human failures such as simple errors or mistakes • Management override • Collusion • Cost/benefit • Unusual transactions Because of these limitations, as long as the item is material, it is generally necessary to do at least some substantive testing.

More Related