Chapter 9 the study of the internal control and assessment of control risk
Download
1 / 103

CHAPTER 9 The Study of the Internal Control and Assessment of Control Risk - PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on

CHAPTER 9 The Study of the Internal Control and Assessment of Control Risk . What is internal control ?. What is internal control ?. Internal control consists of the policies & procedures established & maintained by management to assist in orderly & efficient conduct of business.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' CHAPTER 9 The Study of the Internal Control and Assessment of Control Risk ' - luigi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 9 the study of the internal control and assessment of control risk
CHAPTER 9The Study of theInternal Control and Assessment of Control Risk


What is internal control
What is internal control?


What is internal control1
What is internal control?

Internal control consists of the policies &

procedures established & maintained by

management to assist in orderly &

efficient conduct of business.


Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s ob-

jectives regarding:

- reliability of controls

Our records

are reliable!

Accounting

Records


Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s

objectives regarding:

- reliability of controls

- optimizing use of resources

Waste


Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s ob-

jectives regarding:

- reliability of controls

- optimizing use of resources

- safeguarding of assets


Internal control is a process designed to

provide reasonable assurance regarding

the achievement of management’s ob-

jectives regarding:

- reliability of controls

- optimizing use of resources

- safeguarding of assets

- preventing & detecting fraud & error


Steps in audit planning

obtain

information

about

client’s legal

obligations

obtain

background

information

preplan

set

materiality, and

assess acceptable

audit risk and

inherent risk

understand

internal control

and assess

control risk

Steps in audit planning

perform

preliminary

analytical

procedures


Steps in audit planning1

obtain

information

about

client’s legal

obligations

obtain

background

information

preplan

understand

internal control

and assess

control risk

Steps in audit planning

perform

preliminary

analytical

procedures

Why is an

understand-

ing of internal

control im-

portant?

set

materiality, and

assess acceptable

audit risk and

inherent risk


Why is an

understanding

of internal

control

important?

Second Examination Standard:

A sufficient understanding of internal

control should be obtained to plan the audit.


Audit risk has 3 components which combine to make the audit risk model

audit

risk

inherent

risk

control

risk

detection

risk

=

x

x

the

risk that material

misstatements will not be

prevented or

detected by

internal controls

Audit Risk has 3 components which combine to make the audit risk model:


Key internal control concepts
Key Internal Control Concepts

- internal control is the client’s respon-

sibility and should be designed to help

the client attain goals


Key internal control concepts1
Key Internal Control Concepts

- internal control is the client’s respon-

sibility and should be designed to help

the client attain goals

- internal control should provide rea-

sonable but not absolute assurance;

cost/benefit must be considered


Key internal control concepts2
Key Internal Control Concepts

- internal control is the client’s respon-

sibility and should be designed to help

the client attain goals

- internal control should provide rea-

sonable but not absolute assurance;

cost/benefit must be considered

- internal control has inherent limita-

tions (e.g., misunderstandings, mis-

takes, fatigue, carelessness, collusion,

management override)



What are the elements of internal control
What are the elements ofinternal control?

the control

environment


All of these controls are unnecessary!

The control environment is the

actions, policies, and procedures that

reflect management’s attitude regard-

ing controls and their importance.



Factors related to the control environment1
Factors related to the Control Environment:

- management’s philosophy and operating style


Factors related to the control environment2
Factors related to the Control Environment:

- management’s philosophy and operating style

Consider the following:

- their approach to taking and monitoring

business risk


Factors related to the control environment3

- management’s philosophy and operating style

Consider the following:

- their attitude and actions toward financial

reporting

Factors related to the Control Environment:


Factors related to the control environment4
Factors related to the Control Environment:

- management’s philosophy and operating style

Consider the following:

- their emphasis on meeting financial and

operating goals

...our bonuses

are based on net income.

We all want fat bonuses!

What can we do?


Factors related to the control environment5
Factors related to the Control Environment:

- board of directors & committees

The audit committee maintains communication

between the Board of Directors and internal and

external auditors.

BOARD OF

DIRECTORS

internal

auditors

audit

committee

external

auditors


Factors related to the control environment6
Factors related to the Control Environment:

- organizational structure

The auditor should consider lines of

responsibility and authority.


Factors related to the control environment7

Job

Description

Memo:

- assignment of authority and responsibility

Factors related to the Control Environment:

What are the

formal methods that

management uses to communicate

internal controls to

employees?

Employee

Handbook

Company

Policies


Factors related to the control environment8

Do management’s

methods send a clear

message about the

importance of

control?

- management’s control methods

Factors related to the Control Environment:


Factors related to the control environment9

- management’s control methods

Factors related to the Control Environment:

Do management’s methods send a clear message about the importance of control?

Do manage-

ment’s methods

serve to detect

misstatements?


Factors related to the control environment10
Factors related to the Control Environment:

- systems development methodology

Does management have a

methodology for developing

and modifying systems and

procedures?


Factors related to the control environment11

- personnel policies and practices

Management should ensure that compe-

tent, trustworthy, motivated personnel are

employed to meet

client goals and

objectives.

Factors related to the Control Environment:

Employees are the critical component of effective internal control.


Employees are the critical com-ponent of effective internal control.

With competent, trustworthy, motivated per-

sonnel, even a poorly designed system of

internal control may function adequately.


With competent, trustworthy, motivated per-

sonnel, even a poorly designed system of

internal control may function adequately.

Without such personnel, even a well-

designed system will probably fail.


Factors related to the Control Environment:

  • management’s reaction to external influences

Is management aware of external influences such as changes in the economy and technology?


Factors related to the control environment12
Factors related to the Control Environment:

- internal audit

Does an internal audit department exist? Doesit effectively monitorcontrol policies and procedures, and enhance operational effectiveness and efficiency?


Factors related to the control environment13
Factors related to the Control Environment:

- internal audit

Does an internal audit department exist? Does it…?

Does internal

audit assist the

external auditors

and reduce audit

fees?


What are the elements of internal control1

control

systems

What are the elements ofinternal control?


What are the elements of internal control2

accounting

systems

What are the elements ofinternal control?

Accounting systems have several

subcomponents - classes of

transactions



control

procedures

Control procedures are policies and pro-

cedures, in addition to those related to

other components, established to enable

the entity to address risks in the

achievement of their objectives.



Categories of control procedures1
Categories of Control Procedures

1. Adequate segregation of duties

- separate custody of assets from

accounting

The Controller


Categories of control procedures2
Categories of Control Procedures

1. Adequate segregation of duties

- separate custody of assets from

authorization of transactions

As custodian of

the corporate auto

fleet, I hereby

authorize retire-

ment of auto #43

because of obso-

lescence.

#43

Joe


Categories of control procedures3
Categories of Control Procedures

1. Adequate segregation of duties

- separate operational responsibility

from record keeping responsibility

Example: Ace company has two plants; one in

Great Britain and one in Canada. Manage-

ment is deciding whether the plant controllers

should report directly to the plant managers

or the corporate vice president of finance.


V.P.-

production

V.P.-

finance

plant

manager

plant

controller

V.P.-

production

V.P.-

finance

plant

manager

plant

manager

plant

controller

plant

controller

Which arrangement creates a potential conflict of interest?

plant

manager

plant

controller

plant

controller

plant

controller


Which arrangement creates a potential conflict of interest?

V.P.-

production

V.P.-

finance

plant

manager

plant

manager

plant

controller

plant

controller

If the plant controller reports directly to the

plant manager, a potential conflict of interest

exists. In an effort to make that plant’s results

appear favourable, the plant manager may at-

tempt to influence the plant controller.


Categories of control procedures4
Categories of Control Procedures

1. Adequate segregation of duties

- separate duties within EDP



What kind of company typically has difficulty accomplishing adequate segregation of duties1
What kind of company typically has difficulty accomplishing adequate segregation of duties?

Small companies frequently have diffi-

culty with segregation of duties because

of fewer employees and cost constraints.


What is collusion
What is adequate segregation of duties?collusion?


What is collusion1
What is adequate segregation of duties?collusion?

Collusion is the defeat of adequate

separation of duties wherein

Employees cooperate to perpetrate fraud.

...we’re agreed.

We’ll be rich be-

yond our wildest

dreams!


What is the most effective way to prevent collusion
What is the most effective way to adequate segregation of duties?prevent collusion?


What is the most effective way to prevent collusion1
What is the most effective way to adequate segregation of duties?prevent collusion?

Hire competent, trustworthy,

motivated personnel.



Why is collusion particularly troublesome for auditors1
Why is collusion particularly troublesome for auditors? adequate segregation of duties?

Competent, untrustworthy, motivated

personnel often

know how to

conceal their

fraud.


Categories of control procedures5
Categories of Control Procedures adequate segregation of duties?

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities


Categories of control procedures6

accounts adequate segregation of duties?

payable

policies &

procedures

personnel

policies &

procedures

cash

receipts

policies &

procedures

Categories of Control Procedures

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities

- general authorization - management

establishes authorization policies


Categories of control procedures7
Categories of Control Procedures adequate segregation of duties?

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities

- specific authorization - management

makes authorizations on a case-by-

case basis.

I’m the

president and

I want to approve

every cash

payment!


Categories of control procedures8
Categories of Control Procedures adequate segregation of duties?

1. Adequate segregation of duties

2. Proper authorization of transactions

and activities

3. Adequate documents and records

should provide reasonable assurance

that all assets are properly controlled

and all transactions are correctly

recorded.


PURCHASE ORDER adequate segregation of duties?32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

WAIT FOREST

M a n u f a c t u r i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

prenumbered

and accounted

for


PURCHASE ORDER adequate segregation of duties?32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

WAIT FOREST

M a nu f a ct ur i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

prepared

during or

soon after the

related

transaction


PURCHASE ORDER adequate segregation of duties?32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

WAIT FOREST

M a n u f a c t u r i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

understand-

able and

correctly

designed

(including

routing and

authorization)


a adequate segregation of duties?

PURCHASE ORDER32494

Date:

Vendor:

234 Reynolds Rd.

Winnipeg, MB R2V 4E3

Purchasing agent:

Quantity Description Price

b

c

WAIT FOREST

M a n u f a c t u r i n g

U N I V E R S I T Y

total cost of order

Est. shipment date:

Terms of sale (including discounts and freight

costs):

Carrier:

Internal Use Only: (routing instructions)

1.PO made in purchasing 3. receiving notes ship

2.Copies to vendor, receiv. 4. acctg. reconciles

Document

Guidelines

Documents

should be:

designed

for

multiple

purposes


Categories of control procedures9
Categories of Control Procedures adequate segregation of duties?

2. Proper authorization of transactions

and activities

3. Adequate documents and records

4. Adequate safeguards over assets and

records - physical: locking rooms,

fenced areas, fireproof safes, safe

deposit boxes, security guards;

access; backup files and recovery


Categories of control procedures10
Categories of Control Procedures adequate segregation of duties?

2. Proper authorization of transactions

and activities

3. Adequate documents and records

4. Adequate safeguards over assets and

records

5. Independent, continuous checks on

performance - those reviewing

performance should be independent

of those performing a task


Categories of control procedures11
Categories of Control Procedures adequate segregation of duties?

5. Independent checks on performance

Segregation of duties is the least

expensive method of performing

independent checks.


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives.


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives:

- existence - the system should ensure

that recorded transactions exist - no

fictitious transactions


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives:

- existence

- completeness - the system should en-

sure that all existing transactions are

recorded


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

How do the existence and completeness

objectives differ?


Existence adequate segregation of duties? con-

cerns the existence of

fictitious data; i.e., overstatement.

How do the existence and completeness

objectives differ?


Completeness adequate segregation of duties? concerns omission

of information; i.e., under-

statement.

Existence con-

cerns the existence of

fictitious data; i.e., overstatement.

How do the existence and completeness

objectives differ?


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy - the system should ensure

that recorded transactions are stated

at the correct amounts


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy

- classification - the system should en-

sure that transactions are properly

classified, possibly through use of a

chart of accounts.


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy

- classification

- timing - the system should ensure that

transactions are recorded on the cor-

rect dates. Generally, transactions

should be recorded during or shortly

after their occurrence.


The accounting information and adequate segregation of duties?

communication system should be

designed to satisfy audit objectives:

- existence

- completeness

- accuracy

- classification

- timing

- posting and summarization -the system

should ensure that transactions are

included in the accounting records and

accurately summarized.


Monitoring activities adequate segregation of duties? deal with

ongoing or periodic assessment

of internal control.


Internal auditing departments adequate segregation of duties? frequently perform monitoring activities.


What are the elements of internal control3
What are the elements of adequate segregation of duties?internal control?

the control

environment

accounting

systems

control procedures


Control adequate segregation of duties?

Examina-

tion

Overview

Obtain an understanding

of internal control.

HOW?


Control adequate segregation of duties?

Examina-

tion

Overview

Obtain an understanding

of internal control.

- review prior year’s

working papers

- interview prior year

auditors

- interview client

personnel

- study client policies and

procedures

- study client documents,

records, information and

communication system


Control adequate segregation of duties?

Examina-

tion

Overview

How do auditors

document their under-

standing of internal

control?


Control adequate segregation of duties?

Examina-

tion

Overview

How do auditors

document their under-

standing of internal

control?

- narratives

- flowcharts

- internal control

questionnaires


How do auditors adequate segregation of duties?

document their under-

standing of internal

control?

Control

Examina-

tion

Overview

- narratives

- flowcharts

- internal control

questionnaires

What is an

internal control

questionnaire?


Internal control questionnaire
Internal Control Questionnaire adequate segregation of duties?

- a series of questions about internal

controls and their application to groups

of accounts and cycles


Internal control questionnaire1
Internal Control Questionnaire adequate segregation of duties?

- a series of questions about internal

controls and their application to groups

of accounts and cycles

- generally, a “no” answer indicates an

internal control weakness


Internal control questionnaire2

What are the adequate segregation of duties?

advantages provided by

an IC questionnaire?

Internal Control Questionnaire

- a series of questions about internal

controls and their application to groups

of accounts and cycles

- generally, a “no” answer indicates an

internal control weakness


Internal control questionnaire3

What are the adequate segregation of duties?

advantages provided by

an IC questionnaire?

Internal Control Questionnaire

- can be designed to cover most aspects

of internal control

- is relatively applicable from one en-

gagement to another

- when complete, can be quickly re-

viewed for weaknesses


Internal control questionnaire4

What are the adequate segregation of duties?

disadvantages of using

an IC questionnaire?

Internal Control Questionnaire


Internal control questionnaire5

What are the adequate segregation of duties?

disadvantages of using

an IC questionnaire?

Internal Control Questionnaire

- concentrates on pieces of internal con-

trol rather than the system as a whole

- has questionable reliability; oral cli-

ent responses should be supported

by other evidence

- may be too standardized for some

clients, especially smaller clients


Control adequate segregation of duties?

Examina-

tion

Overview

Are

financial statements

auditable?


Control adequate segregation of duties?

Examina-

tion

Overview

Are

financial statements

auditable?

When would the

answer be NO?


Control adequate segregation of duties?

Examina-

tion

Overview

Are

financial statements

auditable?

When would the

answer be NO?

- management lacks

integrity

- significantly deficient

accounting records or

internal controls


Control adequate segregation of duties?

Examina-

tion

Overview

Assess control risk, based

on understanding.


Control adequate segregation of duties?

Examina-

tion

Overview

Assess the cost/benefit of

further enhancing under-

standing of internal control.


Control adequate segregation of duties?

Examina-

tion

Overview

Assess

control

risk.

max.

support

low


Control adequate segregation of duties?

Examina-

tion

Overview

Assess

control

risk.

max.

support

low

- maximum:

poor controls indicate

a very risky situation

or more efficient to do

100% substantive audit


Assess adequate segregation of duties?

control

risk.

Control

Examina-

tion

Overview

- maximum:

poor controls indicate

a very risky situation or

not efficient

- supportable:

risk is at a level

supported by

understanding obtained

max.

support

low


Assess adequate segregation of duties?

control

risk.

Control

Examina-

tion

Overview

- supportable:

risk is at a level

supported by

understanding obtained

- low:

effective controls indi-

cate a lower level of risk

that could be supported

max.

support

low


Control adequate segregation of duties?

Examina-

tion

Overview

Plan & perform tests of controls.


Control adequate segregation of duties?

Examina-

tion

Overview

Decide

whether the initial

internal control assessment

was appropriate.


Control adequate segregation of duties?

Examina-

tion

Overview

Based on appropriate

level of detection risk,

perform substantive tests.


When should weaknesses be reported to the client
When should weaknesses be adequate segregation of duties?reported to the client?


When should weaknesses be reported to the client1
When should weaknesses be adequate segregation of duties?reported to the client?

When there are significant

deficiencies in the design or

operation of internal control.


Significant deficiencies adequate segregation of duties?

in the design or operation of

internal control.

GAAS requires the

auditor to communicate

(oral or written) with the

audit committee

regarding the significant

deficiencies.


ad