Chapter 9 the study of the internal control and assessment of control risk
This presentation is the property of its rightful owner.
Sponsored Links
1 / 103

CHAPTER 9 The Study of the Internal Control and Assessment of Control Risk PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

CHAPTER 9 The Study of the Internal Control and Assessment of Control Risk . What is internal control ?. What is internal control ?. Internal control consists of the policies & procedures established & maintained by management to assist in orderly & efficient conduct of business.

Download Presentation

CHAPTER 9 The Study of the Internal Control and Assessment of Control Risk

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Chapter 9 the study of the internal control and assessment of control risk

CHAPTER 9The Study of theInternal Control and Assessment of Control Risk


What is internal control

What is internal control?


What is internal control1

What is internal control?

Internal control consists of the policies &

procedures established & maintained by

management to assist in orderly &

efficient conduct of business.


Chapter 9 the study of the internal control and assessment of control risk

Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s ob-

jectives regarding:

- reliability of controls

Our records

are reliable!

Accounting

Records


Chapter 9 the study of the internal control and assessment of control risk

Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s

objectives regarding:

- reliability of controls

- optimizing use of resources

Waste


Chapter 9 the study of the internal control and assessment of control risk

Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s ob-

jectives regarding:

- reliability of controls

- optimizing use of resources

- safeguarding of assets


Chapter 9 the study of the internal control and assessment of control risk

Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s ob-

jectives regarding:

- reliability of controls

- optimizing use of resources

- safeguarding of assets

- preventing & detecting fraud & error


Steps in audit planning

obtain

information

about

client’s legal

obligations

obtain

background

information

preplan

set

materiality, and

assess acceptable

audit risk and

inherent risk

understand

internal control

and assess

control risk

Steps in audit planning

perform

preliminary

analytical

procedures


Steps in audit planning1

obtain

information

about

client’s legal

obligations

obtain

background

information

preplan

understand

internal control

and assess

control risk

Steps in audit planning

perform

preliminary

analytical

procedures

Why is an

understand-

ing of internal

control im-

portant?

set

materiality, and

assess acceptable

audit risk and

inherent risk


Chapter 9 the study of the internal control and assessment of control risk

Why is an

understanding

of internal

control

important?

Second Examination Standard:

A sufficient understanding of internal

control should be obtained to plan the audit.


Audit risk has 3 components which combine to make the audit risk model

audit

risk

inherent

risk

control

risk

detection

risk

=

x

x

the

risk that material

misstatements will not be

prevented or

detected by

internal controls

Audit Risk has 3 components which combine to make the audit risk model:


Key internal control concepts

Key Internal Control Concepts

- internal control is the client’s respon-

sibility and should be designed to help

the client attain goals


Key internal control concepts1

Key Internal Control Concepts

- internal control is the client’s respon-

sibility and should be designed to help

the client attain goals

- internal control should provide rea-

sonable but not absolute assurance;

cost/benefit must be considered


Key internal control concepts2

Key Internal Control Concepts

- internal control is the client’s respon-

sibility and should be designed to help

the client attain goals

- internal control should provide rea-

sonable but not absolute assurance;

cost/benefit must be considered

- internal control has inherent limita-

tions (e.g., misunderstandings, mis-

takes, fatigue, carelessness, collusion,

management override)


What are the components of internal control

What are the components of internal control?


What are the elements of internal control

What are the elements ofinternal control?

the control

environment


Chapter 9 the study of the internal control and assessment of control risk

All of these controls are unnecessary!

The control environment is the

actions, policies, and procedures that

reflect management’s attitude regard-

ing controls and their importance.


Factors related to the control environment

Factors related to the Control Environment:


Factors related to the control environment1

Factors related to the Control Environment:

- management’s philosophy and operating style


Factors related to the control environment2

Factors related to the Control Environment:

- management’s philosophy and operating style

Consider the following:

- their approach to taking and monitoring

business risk


Factors related to the control environment3

- management’s philosophy and operating style

Consider the following:

- their attitude and actions toward financial

reporting

Factors related to the Control Environment:


Factors related to the control environment4

Factors related to the Control Environment:

- management’s philosophy and operating style

Consider the following:

- their emphasis on meeting financial and

operating goals

...our bonuses

are based on net income.

We all want fat bonuses!

What can we do?


Factors related to the control environment5

Factors related to the Control Environment:

- board of directors & committees

The audit committee maintains communication

between the Board of Directors and internal and

external auditors.

BOARD OF

DIRECTORS

internal

auditors

audit

committee

external

auditors


Factors related to the control environment6

Factors related to the Control Environment:

- organizational structure

The auditor should consider lines of

responsibility and authority.


Factors related to the control environment7

Job

Description

Memo:

- assignment of authority and responsibility

Factors related to the Control Environment:

What are the

formal methods that

management uses to communicate

internal controls to

employees?

Employee

Handbook

Company

Policies


Factors related to the control environment8

Do management’s

methods send a clear

message about the

importance of

control?

- management’s control methods

Factors related to the Control Environment:


Factors related to the control environment9

- management’s control methods

Factors related to the Control Environment:

Do management’s methods send a clear message about the importance of control?

Do manage-

ment’s methods

serve to detect

misstatements?


Factors related to the control environment10

Factors related to the Control Environment:

- systems development methodology

Does management have a

methodology for developing

and modifying systems and

procedures?


Factors related to the control environment11

- personnel policies and practices

Management should ensure that compe-

tent, trustworthy, motivated personnel are

employed to meet

client goals and

objectives.

Factors related to the Control Environment:

Employees are the critical component of effective internal control.


Chapter 9 the study of the internal control and assessment of control risk

Employees are the critical com-ponent of effective internal control.

With competent, trustworthy, motivated per-

sonnel, even a poorly designed system of

internal control may function adequately.


Chapter 9 the study of the internal control and assessment of control risk

With competent, trustworthy, motivated per-

sonnel, even a poorly designed system of

internal control may function adequately.

Without such personnel, even a well-

designed system will probably fail.


Chapter 9 the study of the internal control and assessment of control risk

Factors related to the Control Environment:

  • management’s reaction to external influences

Is management aware of external influences such as changes in the economy and technology?


Factors related to the control environment12

Factors related to the Control Environment:

- internal audit

Does an internal audit department exist? Doesit effectively monitorcontrol policies and procedures, and enhance operational effectiveness and efficiency?


Factors related to the control environment13

Factors related to the Control Environment:

- internal audit

Does an internal audit department exist? Does it…?

Does internal

audit assist the

external auditors

and reduce audit

fees?


What are the elements of internal control1

control

systems

What are the elements ofinternal control?


What are the elements of internal control2

accounting

systems

What are the elements ofinternal control?

Accounting systems have several

subcomponents - classes of

transactions


What are the components of internal control1

What are the components of internal control?

control

procedures


Chapter 9 the study of the internal control and assessment of control risk

control

procedures

Control procedures are policies and pro-

cedures, in addition to those related to

other components, established to enable

the entity to address risks in the

achievement of their objectives.


Categories of control procedures

Categories of Control Procedures


Categories of control procedures1

Categories of Control Procedures

1. Adequate segregation of duties

- separate custody of assets from

accounting

The Controller


Categories of control procedures2

Categories of Control Procedures

1. Adequate segregation of duties

- separate custody of assets from

authorization of transactions

As custodian of

the corporate auto

fleet, I hereby

authorize retire-

ment of auto #43

because of obso-

lescence.

#43

Joe


Categories of control procedures3

Categories of Control Procedures

1. Adequate segregation of duties

- separate operational responsibility

from record keeping responsibility

Example: Ace company has two plants; one in

Great Britain and one in Canada. Manage-

ment is deciding whether the plant controllers

should report directly to the plant managers

or the corporate vice president of finance.


Chapter 9 the study of the internal control and assessment of control risk

V.P.-

production

V.P.-

finance

plant

manager

plant

controller

V.P.-

production

V.P.-

finance

plant

manager

plant

manager

plant

controller

plant

controller

Which arrangement creates a potential conflict of interest?

plant

manager

plant

controller

plant

controller

plant

controller


Chapter 9 the study of the internal control and assessment of control risk

Which arrangement creates a potential conflict of interest?

V.P.-

production

V.P.-

finance

plant

manager

plant

manager

plant

controller

plant

controller

If the plant controller reports directly to the

plant manager, a potential conflict of interest

exists. In an effort to make that plant’s results

appear favourable, the plant manager may at-

tempt to influence the plant controller.


Categories of control procedures4

Categories of Control Procedures

1. Adequate segregation of duties

- separate duties within EDP


What kind of company typically has difficulty accomplishing adequate segregation of duties

What kind of company typically has difficulty accomplishing adequate segregation of duties?


What kind of company typically has difficulty accomplishing adequate segregation of duties1

What kind of company typically has difficulty accomplishing adequate segregation of duties?

Small companies frequently have diffi-

culty with segregation of duties because

of fewer employees and cost constraints.


What is collusion

What is collusion?


What is collusion1

What is collusion?

Collusion is the defeat of adequate

separation of duties wherein

Employees cooperate to perpetrate fraud.

...we’re agreed.

We’ll be rich be-

yond our wildest

dreams!


What is the most effective way to prevent collusion

What is the most effective way to prevent collusion?


What is the most effective way to prevent collusion1

What is the most effective way to prevent collusion?

Hire competent, trustworthy,

motivated personnel.


Why is collusion particularly troublesome for auditors

Why is collusion particularly troublesome for auditors?


Why is collusion particularly troublesome for auditors1

Why is collusion particularly troublesome for auditors?

Competent, untrustworthy, motivated

personnel often

know how to

conceal their

fraud.


Categories of control procedures5

Categories of Control Procedures

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities


Categories of control procedures6

accounts

payable

policies &

procedures

personnel

policies &

procedures

cash

receipts

policies &

procedures

Categories of Control Procedures

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities

- general authorization - management

establishes authorization policies


Categories of control procedures7

Categories of Control Procedures

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities

- specific authorization - management

makes authorizations on a case-by-

case basis.

I’m the

president and

I want to approve

every cash

payment!


Categories of control procedures8

Categories of Control Procedures

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities

3. Adequate documents and records

should provide reasonable assurance

that all assets are properly controlled

and all transactions are correctly

recorded.


Chapter 9 the study of the internal control and assessment of control risk

PURCHASE ORDER32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

WAIT FOREST

M a n u f a c t u r i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

prenumbered

and accounted

for


Chapter 9 the study of the internal control and assessment of control risk

PURCHASE ORDER32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

WAIT FOREST

M a nu f a ct ur i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

prepared

during or

soon after the

related

transaction


Chapter 9 the study of the internal control and assessment of control risk

PURCHASE ORDER32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

WAIT FOREST

M a n u f a c t u r i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

understand-

able and

correctly

designed

(including

routing and

authorization)


Chapter 9 the study of the internal control and assessment of control risk

a

PURCHASE ORDER32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

b

c

WAIT FOREST

M a n u f a c t u r i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

designed

for

multiple

purposes


Categories of control procedures9

Categories of Control Procedures

2. Proper authorization of transactions

and activities

3. Adequate documents and records

4. Adequate safeguards over assets and

records - physical: locking rooms,

fenced areas, fireproof safes, safe

deposit boxes, security guards;

access; backup files and recovery


Categories of control procedures10

Categories of Control Procedures

2. Proper authorization of transactions

and activities

3. Adequate documents and records

4. Adequate safeguards over assets and

records

5. Independent, continuous checks on

performance - those reviewing

performance should be independent

of those performing a task


Categories of control procedures11

Categories of Control Procedures

5. Independent checks on performance

Segregation of duties is the least

expensive method of performing

independent checks.


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives.


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives:

- existence - the system should ensure

that recorded transactions exist - no

fictitious transactions


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives:

- existence

- completeness - the system should en-

sure that all existing transactions are

recorded


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

How do the existence and completeness

objectives differ?


Chapter 9 the study of the internal control and assessment of control risk

Existence con-

cerns the existence of

fictitious data; i.e., overstatement.

How do the existence and completeness

objectives differ?


Chapter 9 the study of the internal control and assessment of control risk

Completeness concerns omission

of information; i.e., under-

statement.

Existence con-

cerns the existence of

fictitious data; i.e., overstatement.

How do the existence and completeness

objectives differ?


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy - the system should ensure

that recorded transactions are stated

at the correct amounts


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy

- classification - the system should en-

sure that transactions are properly

classified, possibly through use of a

chart of accounts.


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy

- classification

- timing - the system should ensure that

transactions are recorded on the cor-

rect dates. Generally, transactions

should be recorded during or shortly

after their occurrence.


Chapter 9 the study of the internal control and assessment of control risk

The accounting information and

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy

- classification

- timing

- posting and summarization -the system

should ensure that transactions are

included in the accounting records and

accurately summarized.


Chapter 9 the study of the internal control and assessment of control risk

Monitoring activities deal with

ongoing or periodic assessment

of internal control.


Chapter 9 the study of the internal control and assessment of control risk

Internal auditing departments frequently perform monitoring activities.


What are the elements of internal control3

What are the elements ofinternal control?

the control

environment

accounting

systems

control procedures


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Obtain an understanding

of internal control.

HOW?


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Obtain an understanding

of internal control.

- review prior year’s

working papers

- interview prior year

auditors

- interview client

personnel

- study client policies and

procedures

- study client documents,

records, information and

communication system


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

How do auditors

document their under-

standing of internal

control?


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

How do auditors

document their under-

standing of internal

control?

- narratives

- flowcharts

- internal control

questionnaires


Chapter 9 the study of the internal control and assessment of control risk

How do auditors

document their under-

standing of internal

control?

Control

Examina-

tion

Overview

- narratives

- flowcharts

- internal control

questionnaires

What is an

internal control

questionnaire?


Internal control questionnaire

Internal Control Questionnaire

- a series of questions about internal

controls and their application to groups

of accounts and cycles


Internal control questionnaire1

Internal Control Questionnaire

- a series of questions about internal

controls and their application to groups

of accounts and cycles

- generally, a “no” answer indicates an

internal control weakness


Internal control questionnaire2

What are the

advantages provided by

an IC questionnaire?

Internal Control Questionnaire

- a series of questions about internal

controls and their application to groups

of accounts and cycles

- generally, a “no” answer indicates an

internal control weakness


Internal control questionnaire3

What are the

advantages provided by

an IC questionnaire?

Internal Control Questionnaire

- can be designed to cover most aspects

of internal control

- is relatively applicable from one en-

gagement to another

- when complete, can be quickly re-

viewed for weaknesses


Internal control questionnaire4

What are the

disadvantages of using

an IC questionnaire?

Internal Control Questionnaire


Internal control questionnaire5

What are the

disadvantages of using

an IC questionnaire?

Internal Control Questionnaire

- concentrates on pieces of internal con-

trol rather than the system as a whole

- has questionable reliability; oral cli-

ent responses should be supported

by other evidence

- may be too standardized for some

clients, especially smaller clients


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Are

financial statements

auditable?


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Are

financial statements

auditable?

When would the

answer be NO?


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Are

financial statements

auditable?

When would the

answer be NO?

- management lacks

integrity

- significantly deficient

accounting records or

internal controls


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Assess control risk, based

on understanding.


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Assess the cost/benefit of

further enhancing under-

standing of internal control.


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Assess

control

risk.

max.

support

low


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Assess

control

risk.

max.

support

low

- maximum:

poor controls indicate

a very risky situation

or more efficient to do

100% substantive audit


Chapter 9 the study of the internal control and assessment of control risk

Assess

control

risk.

Control

Examina-

tion

Overview

- maximum:

poor controls indicate

a very risky situation or

not efficient

- supportable:

risk is at a level

supported by

understanding obtained

max.

support

low


Chapter 9 the study of the internal control and assessment of control risk

Assess

control

risk.

Control

Examina-

tion

Overview

- supportable:

risk is at a level

supported by

understanding obtained

- low:

effective controls indi-

cate a lower level of risk

that could be supported

max.

support

low


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Plan & perform tests of controls.


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Decide

whether the initial

internal control assessment

was appropriate.


Chapter 9 the study of the internal control and assessment of control risk

Control

Examina-

tion

Overview

Based on appropriate

level of detection risk,

perform substantive tests.


When should weaknesses be reported to the client

When should weaknesses be reported to the client?


When should weaknesses be reported to the client1

When should weaknesses be reported to the client?

When there are significant

deficiencies in the design or

operation of internal control.


Chapter 9 the study of the internal control and assessment of control risk

Significant deficiencies

in the design or operation of

internal control.

GAAS requires the

auditor to communicate

(oral or written) with the

audit committee

regarding the significant

deficiencies.


  • Login