SAS #1A Conceptually Logical Approach A) Consider the types of errors and fraud that could occur; B) Determine the accounting control procedures that should prevent or detect such errors and fraud; C) Determine whether the necessary procedures are prescribed and being followed satisfactorily; D) Evaluate any weaknesses.
SAS #55Internal Control “Elements” • Control Environment • Accounting System • Control Procedures
SAS # 78Internal Control “Components” • Control Environment • Risk Assessment • Information and Communication • Monitoring • Control Activities
Control Activities • Performance Reviews • Information Processing • General • Application (PDI) • Physical Controls • Segregation of Duties
CONTROL ENVIRONMENT FACTORS(SAS #78 Appendix) • Assignment of Authority & Responsibility • Commitment to Competence • The Board or Audit Committee • Integrity and Ethical Values • Organizational Structure • Note. Human Resource Policies & Practices • Style of Management • ATTITUDES AND AWARENESS
METHODS OF TESTING CONTROLS(SAS #78) • INQUIRIES • INSPECTION • OBSERVATION • REPERFORMANCE
Issues in Testing Controls: • Must test entire period (year) • Control can change during the year • Sampling is more expensive than some other forms of control testing • Cost vs. benefit of sampling should consider short-term as well as long-term benefits
Test of Controls –Sampling • To sample or not to sample, that is the first question • If we decide to sample, should we use statistical or judgmental sampling? • Next, read the AICPA Audit Sampling Guide! • Also, check out the 7 steps on page 329.
Highlights of the 7-steps: • Step #2: • Tie out the population • Identify the attribute of interest • Identify what a deviation is
Key Factors: Risk of Assessing CR too low (overrel) Tolerable Deviation Rate Expected Population Deviation Rate Type of Affect: Inverse Inverse Direct Check out the tables on page 341. Step#4: DetermineSample Size (Controls)
Step # 7:Evaluating Results • Calculate your sample’s deviation rate, • Next, • Add to that an allowance for sampling risk (ASR) • That = UDL (your upper deviation limit) • Compare UDL with what you can tolerate • Compare results with AICPA Guide Table
SUBSTANTIAL MODERATE LITTLE 2% to 7% 6% to 12% 11% to 20% PLANNED DEGREE TOLERABLEOF RELIANCE RATE(AICPA AUDIT SAMPLING GUIDE, p. 32)
Extent of our reliance: High Moderate Limited Chance of MM getting past controls: 10-30% 20-70% 60-100% Assessing CR
UDL 4% ASR SDR (2%) Evaluating I/C Sample Results Tolerable dev rate (5%) 0%