1 / 54

Control Assessment and Testing

Control Assessment and Testing. Management Versus Auditor Responsibility for Control. Management responsibility: Management is responsible for its control environment accounting system for establishing and maintaining a system of internal control procedures. Internal Control.

bettyt
Download Presentation

Control Assessment and Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Control Assessment and Testing

  2. Management Versus Auditor Responsibility for Control Management responsibility: Management is responsible for • its control environment • accounting system • for establishing and maintaining a system of internal control procedures

  3. Internal Control Internal control is defined as: • The process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives

  4. Management Versus Auditor Responsibility for Control External auditor’s responsibility: • Evaluating existing internal controls and assessing the risk of material misstatement related to them.

  5. General Categories of Misstatements • Invalid transactions are recorded. • Valid transactions are omitted. • Unauthorized transactions are executed. • Transaction amounts are inaccurate. • Transactions are classified incorrectly. • Transaction accounting is incomplete. • Transactions are recorded in incorrect period.

  6. Reasons for Control Evaluation The primary reason for conducting an evaluation of internal control is to give the auditors a basis for determining • Examining the business processes provides a structure for the auditor

  7. Control Risk The risk that the client’s internal control will not prevent or detect material misstatement. • The auditor does not • The auditor’s task is to

  8. Extent of IT Use The extent of IT use needs to be considered in planning the nature, extent and timing of audit procedures. All aspects of a client’s computer processing should be considered in determining the need for specialized IT skills.

  9. How Control Risk Assessment Affects the Audit Program The control risk assessment will affect the procedures included in the audit program. For an entity with poor controls (as compared to an entity with good controls): • The nature of tests • More testing will take place at year-end than at an interim date. • More evidence will have to be gathered

  10. Control Objectives There are seven control objectives. • Each control objective is intended to prevent a class of errors that may lead to material misstatement.

  11. Control Objectives and Financial Statement Assertions An auditor may determine that not all of the control objectives are met for a particular account balance.

  12. Phases of a Control Evaluation The process of control evaluation takes place in three phases: • Understanding control • Assessing control risk • Testing Controls

  13. Audit Cost Trade-off Generally, the more auditors can rely on good internal controls, the less substantive work they need to do. • Auditor can opt not to rely on controls • Auditor can perform a complete evaluation of control • Auditor needs to determine the most efficient mix

  14. Internal Control: Principles and Concepts • The client’s system of internal is an important factor in an audit engagement • The study of internal control often represents a significant part of field work • We will examine: • Basic considerations • Meeting the second standard of GAAS

  15. ST. CATHARINES: Former stock broker Stan Magda has been jailed for contempt of court for refusing to say what happened to the $2 million his wife stole from the St. Catharines Standard. Ontario Superior Court Justice Linda Walters sentenced the 59-year-old self described house husband to five says in jail yesterday and gave him until Sep. 7 to account for the money his wife stole from her employer. Lucy Magda, 62, was sentenced to 34 months in penitentiary last July for embezzling $2.2 million over a five-year period while she was running the classified ad department at The Standard. She is now living in a half-way house in Dundas. Once considered a trusted employee, she stuffed up to $6,000 a day in her handbag and covered her tracks by destroying or doctoring the paper trail. She was caught and immediately fired in the spring of 1997 after a temporary employee she had berated discovered discrepancies in the books. She and her husband, who was no longer working, were both charged with theft related charges in1997. But the charges against Stan were dropped in January 2004, after she pleaded guilty to theft over $5,000. The St. Catharines Standard had earlier won a $2.3 million civil judgment that held the couple jointly responsible for the missing funds. The case has dragged on in the courts for almost eight years with lawyers for the paper pressing the pair to account for the money. During the theft investigation, Niagara police found what s detective described as an “Aladdin's cave” of stolen booty in the couple’s modest Thorold home. Police tallied about $1,170,000 worth of items, including hundreds of pairs of shoes and rooms full of unworn clothing that still had price tags. They also found about $470,000 in cash stashed in the house and several hundred thousands in numerous bank accounts under aliases. Lucy had never earned more than $48,000 a year. When asked about the money during pre-trial discoveries, Lucy told The Standard’s lawyer Peter Mahoney her late father had won the $470,000 while gambling with his buddies in the 1960’s, according to court documents. She said her father, who died in 1975, told her to keep the money in the house until it was sold. She also claimed her dad had given her money to go shopping. The Hamilton Spectator, Wednesday, June 22, 2005.

  16. What is Internal Control? • Remember the second examination standard • CAS 315 The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

  17. Two subdivision of internal control • Administrative controls • The procedures and records concerned with the decision process • Also includes statistical analyses, time and motion studies, performance reports, and quality controls • Some administrative controls do have an impact on accounting records

  18. Accounting controls • The procedures and records concerned with • safeguarding of assets • reliability of accounting records • Designed to provide reasonable assurance that: • Transactions are authorized • Transaction recorded in conformity with? • Access to assets is authorized • Recorded accountability for assets is compared to existing records

  19. Management’s Objectives for Internal Control • Managements responsibility • Objectives should include: • Discharge of statutory • Profitability and cost minimization • Prevention and detection of fraud and • Safeguarding of • Reliability of accounting • Timely preparation of reliable financial information

  20. Internal Control Environment • A good internal control environment complements prescribed control procedures • Should include: • Management leadership • Organizational • Budgets and internal reports • Internal auditing • Reliable personnel • Sound practices • Company circumstances

  21. Internal Accounting Control Principles • Classified as preventative, detective, or corrective • Preventative controls are used prior to or during the authorization, physical event, or recording of the transaction • Detective controls are utilized after the transaction has occurred or been recorded

  22. Major Categories of Controls • Authorization Procedures • The purpose is to ensure that transactions are authorized by management personnel acting within the scope of their authority • Authorizations may be routine or non-routine • Authorization procedures are also important in limiting access to

  23. Segregation of Duties • It is important for an entity to segregate the authorization of transactions, recording of transaction, and custody of related assets. • Independent performance of each of these functions reduces the opportunity for any one person to be in a position to both perpetrate and conceal errors or fraud • Different departments and individuals • Small companies?

  24. Documentation Procedures • Provides evidence of occurrence • Signing or stamping documents • Prenumbered documents • Chart of accounts • Accounting procedures that relate to timely processing

  25. Access to Assets and Records • Physical precautions • Data processing • Physical controls • Access controls • Backup and recovery

  26. Independent Internal Verification • Reviewing the accuracy and propriety of an employee’s work by another employee • Who performs the task? • How often? • Errors and exceptions?

  27. Meeting the Second Examination Standard • A sufficient understanding of internal control should be obtained to plan the audit. When control risk is assessed below maximum, sufficient appropriate audit evidence should be obtained through tests of controls to support the assessment. • Reliance on internal control • If internal control is not tested, at what level is control risk set?

  28. Objectives and Scope of the Standard • Internal controls can change significantly from year to year • Why sufficient understanding of internal control? • Appropriate audit evidence • Relationship between reliance on internal control and the amount of substantive audit work needed

  29. Methodology for the Study of Internal Control • Two closely related parts: • A review of the system • Tests of controls

  30. Planning Phase • The minimum study contemplated by the second examination standard • General knowledge • At the conclusion, the auditor must decide, for each major class of transactions, whether to continue or terminate the review

  31. Study Phase • The auditor obtains specific knowledge and understanding of the client’s prescribed control procedures • Involves the following steps • Gathering information • Verifying the understanding • Preliminary evaluation • Gathering Information • How to obtaining the information?

  32. Generally information is organized according to one of the following approaches: • Transaction cycles • Revenue Cycle • Acquisition & Payments Cycle • Inventory and Warehousing Cycle • Payroll Cycle • Financial Statement classification • Business function

  33. Internal Control Questionnaires (ICQ’s) • A series of questions relating to control procedures required to prevent and detect errors and irregularities Prepared by: ILA Date: 9/8/201X

  34. Flowcharts • Separate flowcharts are prepared for each major class of transactions Narratives • Written comments by the auditor about the system

  35. Verifying the Understanding • Reinforces the understanding of the information gathered • Transaction walkthrough • Making a Preliminary Evaluation • Rely on internal control? • On which internal controls? • Substantive auditing procedures necessary due to weakness in internal control

  36. When is internal control considered reliable? • When there is no planned reliance on a internal control procedure • Communication to management • A material weakness exists when there more than a relatively low risk that error or fraud would have a material effect on the financial statements • At what percentage?

  37. Tests of Controls • Performed in order to obtain reasonable assurance that the controls expected to be relied upon are in use and operating as planned throughout the period of reliance • Nature of Test of Controls • Concerned with four questions: • Were the control procedures performed? • How? • By whom? • Throughout the period?

  38. The failure to perform a required procedure or the failure to perform it properly • CAS 315 • Document inspection • Inquiry and observation • Reperformance

  39. Assume that in the billing department, a second clerk must independently verify the correctness of unit selling prices on invoices by comparing the price to an authorized price list • What would be the evidence of this control? • In testing compliance by reperformance? • Each instance of the use of incorrect prices would be regarded as an exception • Extent and Timing • Throughout the accounting period being audited

  40. An example of Tests of Controls • Campus Theatre cash receipts scenario

  41. Final Evaluation of Controls • On completion of the tests of • Nature of the Evaluation • Weaknesses affecting different classes of transactions do not offset each other • The number of exceptions may be of such magnitude to doubt that the control procedure can be relied on

  42. The auditor should look at what was the underlying cause of the exception • In some cases you might expect some exceptions • It is essential to attempt to see if the exception was caused by an error • Fraud?

  43. The Purpose of the Evaluation • To determine the extent to which the clients controls can be relied on in performing substantive tests • Three level of risk • Low • Medium • High

  44. To what is the final evaluation directed? • Should be documented in the working papers • Strengths • Weaknesses • Effects on substantive tests • Communication to management

  45. Prepared by: ILA Date: 9/15/200X Campus Theatre Evaluation of Internal Control Over Cash Receipts December 31, 200X Strengths All of the controls on which reliance is planned were tested for compliance. These controls were found to be functioning as planned. In my judgment, the control risk associated with these controls is low. Weaknesses Cash is deposited in the bank only once a week. This procedure is not satisfactory for good internal control. Effect on Substantive Tests For controls in which control risk is low, the planned audit program should be implemented. For the control over depositing cash, the substantive tests should be extended. Management Communication Indicate that the failure to deposit cash intact daily also makes cash vulnerable to theft. Suggest that the manager make daily deposits using the banks night depository vault.

  46. Determining Effects on Substantive Tests • The second examination standard does not permit complete reliance on internal control • The auditor relies on internal control to reduce control risk, and substantive tests to reduce detection risk • Reliance on internal control may affect the nature, timing, and extent of substantive tests.

  47. Nature • The type of auditing procedure to be performed • For the verification of sales transactions • For a low risk of errors in sales transactions as demonstrated by tests of controls • For a high risk of errors

  48. Timing • The time when the testing is done • When there is a low risk of errors in processing sales transactions • When the risk of errors is high

More Related