Loading in 2 Seconds...
Loading in 2 Seconds...
Chapter 10 Section 404 Audits of Internal Control and Control Risk. Internal Control. Risk. Internal Control. . Presentation Outline. An Overview of Internal Control The Components of Internal Control Process for Understanding Internal Control and Assessing Control Risk
An entity’s system of internal control consists of policies and procedures designed to provide management with reasonable assurance that the company achieves its objectives and goals including:
Code the missing cash to bad debts.
Reasonable assurance involves two considerations:
Section 404 of Sarbanes-Oxley requires the management of public companies to issue an internal control report that includes:
The internal control framework for most U.S. companies is the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework, issued in 1992.
Integrity and ethical values
Commitment to competence
Board of directors and audit committee
Management’s philosophy and operating style
Assignment of authority and responsibility
Human resource policies and practicesA. The Control Environment
Management’s consideration of the competence levels for specific jobs and how those translate into requisite skills and knowledge.
Management, through its activities, provides clear signals to employees about the importance of internal control. For example, are sales and earnings targets unrealistic, and are employees encouraged to take aggressive actions to meet those targets.
Understanding the client’s organizational structure provides the auditor with an understanding of how the client’s business functions and implements controls.
Client Management’s Risk Assessment
Auditor Risk AssessmentB. Risk Assessment
Client management assesses risk as part of designing and operating internal controls to minimize errors and fraud. Three steps involve:
The auditor obtains knowledge about management’s risk assessment process by:
Adequate segregation of duties
Proper authorization of transactions and activities
Adequate documents and records
Physical control over assets and records
Independent checks on performanceC. Control Activities
Personnel are likely to forget or intentionally fail to follow procedures, or they may become careless unless someone observes and evaluates their performance.
For a small company with active involvement by the owner, a simple computerized accounting system that involves one honest, competent accountant may provide an adequate accounting system.
A larger company requires a more complex system that includes carefully defined responsibilities and written procedures.D. Information and Communication
For many companies, especially larger ones, an internal audit department is essential for effective monitoring.
To maintain internal audit independence, it is imperative that they be independent of operating and accounting departments; and that they report to a high level of authority, preferably the audit committee of the board of directors.E. Monitoring
Two specific assessments must be made to arrive at the preliminary assessment:
As part of understanding internal control and assessing control risk, the auditor is required to communicate certain matters to the audit committee: