1 / 43

Internal Control and Control Risk

Internal Control and Control Risk. Chapter 9. Learning Objective 1. Contrast management’s need for internal control with the auditor’s need to consider internal control when designing an audit. Key Concepts. Management’s Responsibility. Reasonable Assurance. Inherent Limitations.

ariel-doyle
Download Presentation

Internal Control and Control Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Controland Control Risk Chapter 9

  2. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal control when designing an audit.

  3. Key Concepts Management’s Responsibility Reasonable Assurance Inherent Limitations

  4. Client’s Concerns Reliability of financial reporting Efficiency and effectiveness of operations Compliance with applicable laws and regulations

  5. Auditor Concerns Controls related to reliability of financial reporting Controls over classes of transactions

  6. Objective – General Form Related Audit Objectives Recorded transactions exist (existence). Sales are for shipments to existing customers. Existing transactions are recorded (completeness). Existing sales transactions are recorded. Transactions are stated correctly (accuracy). Sales for goods shipped are correctly billed. Sales Transaction-RelatedAudit Objectives

  7. Transactions are recorded on correct dates (timing). Sales are recorded on the correct dates. Transactions are properly filed (posting and summarization). Sales transactions are properly included in the master files. Sales Transaction-RelatedAudit Objectives Objective – General Form Related Audit Objectives Transactions are properly classified (classification). Sales transactions are properly classified.

  8. 58% 51% 43% 41% 37% 35% How Frauds HaveBeen Discovered Notification by employee Internal controls Internal auditor Customer notification Accidental discovery Management investigation

  9. 35% 25% 21% 16% 4% 20% How Frauds HaveBeen Discovered Anonymous reporting Hot line notification Employee investigation Government notification External auditor Other sources

  10. Learning Objective 2 Describe how information technology affects internal control.

  11. IT can improve the effectiveness and efficiency of internal controls. IT also enhances the timeliness and accuracy of information. Effect of InformationTechnology on Internal Control Information Technology

  12. Risks Associated With the Useof Information Technology Programmed errors Processing incorrect data Unauthorized access

  13. Learning Objective 3 Explain the five components of internal control.

  14. Five Componentsof Internal Control Control Environment Risk Assessment Control Activities Information and Communication Monitoring

  15. The Control Environment Integrity and ethical values Commitment to competence Board of directors or audit committee participation Management’s philosophy and operating style

  16. The Control Environment Organizational structure Assignment of authority and responsibility Human resources policies and practices

  17. Risk Assessment Identify factors affecting risk. Assess significance of risks and likelihood of occurrence. Determine actions necessary to manage risk.

  18. Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance

  19. Custody of assets from Accounting Authorization of transactions The custody of related assets from Operational responsibility Record-keeping responsibility from IT Duties from User departments Adequate Separationof Duties

  20. Proper Authorization of Transactions and Activities General authorization Specific authorization

  21. Adequate Documentsand Records Prenumbered consecutively Prepared at the time of transaction Simple enough to ensure understanding Designed for multiple uses Constructed to encourage correct preparation

  22. Physical controls Access controls Backup and recovery procedures Physical Control overAssets and Records Physical precautions Controls related to IT equipment, programs, and data files

  23. Independent Checkson Performance The need for independent checks arise because internal control tends to change over time unless there is a mechanism for frequent review.

  24. Information and Communication The purpose of an accounting information and communication system is to… initiate, record, process, and report the transactions and to maintain accountability for the related assets.

  25. Monitoring Management’s ongoing and periodic assessment of the quality of internal control performance … to determine whether controls are operating as intended and modified when needed.

  26. Learning Objective 4 Explain methods used to obtain an understanding of internal control.

  27. Assess Control Risk Test Controls Decide Planned Detection Risk and Substantive Tests Understanding Internal Controland Assessing Control Risk Obtain Understanding of Internal Control: Design and Operation

  28. Reasons for Sufficiently Understanding Internal Control SAS 55 (as amended by SAS 78 and 594 plus AU319) requires the auditor to obtain an understanding of internal control for every audit. Minimum audit planning matters • Auditability • Potential material • misstatements • Detection risk • Design of test

  29. Procedures to DetermineDesign and Placement Update and evaluate auditor’s previous experience with the entity. Make inquires of client personnel. Read client’s policy and systems manuals. Examine documents and records. Observe entity activities and operations.

  30. Documentation ofthe Understanding Narrative Flowchart Internal control questionnaire

  31. Learning Objective 5 Assess control risk by linking strengths and weaknesses of internal control to transaction- related audit objectives.

  32. Assess Control Risk Obtain sufficient understanding for planning. Assess whether the entity is auditable. Determine assessed control risk. Assess if a lower control risk could be supported. Determine the appropriate assessed control risk.

  33. Assess Control Risk Identify transaction-related audit objectives. Identify specific controls. Identify and evaluate weaknesses.

  34. Identify and Evaluate Weaknesses Identify existing controls. Identify the absence of key controls. Determine misstatements that could result. Consider compensating controls.

  35. The Control Risk Matrix Auditors use the control risk matrix to identify both controls and weaknesses and to asses control risk.

  36. Communication Reportable conditions letter Audit committee communications Management letters

  37. Learning Objective 6 Describe the process of designing and performing tests of controls.

  38. Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls.

  39. Procedures forTests of Controls Make inquiries of client personnel. Examine documents, records, and reports. Observe control-related activities. Reperform client procedures.

  40. Extent of Procedures Reliance on evidence from prior year’s audit Testing less than the entire audit period

  41. Relationship of Assessed ControlRisk and Extend of Procedures Assessed Control Risk High Level: Lower Level: Obtaining an Tests of Type of Procedure Understanding Only Controls Inquiry Yes – extensive Yes – some Documentation Yes – with transaction Yes – using walk-through sample Observation Yes – with transaction Yes – multiple walk-through times Reperformance No Yes – sampling

  42. Decide Planned Detection Riskand Design Substantive Tests The auditor uses the results of the control risk assessment process and tests of controls to determine the planned detection risk and related substantive tests. The auditor links the control risk assessments to the balance-related audit objectives.

  43. End of Chapter 9

More Related