1 / 18

CHAPTER 5 - b

CHAPTER 5 - b. INTERNAL CONTROL OVER FINANCIAL REPORTING. LO9 - Assessing the Effectiveness of Control Procedures.

redell
Download Presentation

CHAPTER 5 - b

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 5 - b INTERNAL CONTROL OVER FINANCIAL REPORTING

  2. LO9 - Assessing the Effectiveness of Control Procedures • Management designs and implements specific control procedures to ensure that the company will achieve its control objectives - and if the control objectives are achieved, the management assertions are likely to be valid, and the account balance and transactions properly recorded • The auditor assesses the organization's control procedures within a framework of control objectives and management assertions • In order to perform this assessment, the auditor must understand the accounting processes within each system, the related accounts, and the risk associated with incorrect processes • With this knowledge, the auditor can identify which management assertions and control objectives are most likely to be violated • From this, the auditor can identify appropriate control procedures that can then be assessed for effectiveness in design and operation

  3. Account Balance Assertions & Related Objectives • Presentation & Disclosure – an item is disclosed, classified, and described in accordance with the applicable financial reporting framework • Existence - an asset or a liability exists at a given date; • Rights and obligations - an asset or a liability pertains to the entity at a given date.. • Completeness - there are no unrecorded assets, liabilities, transactions or events, or undisclosed items • Valuation - an asset or liability is recorded at an appropriate carrying value

  4. Transaction Assertions & Related Control Objectives • Occurrence – Recorded transactions and events have occurred and pertain to the entity • Completeness – All transactions and events that should have been recorded have been recorded • Accuracy – Amounts and other data have been recorded accurately • Cutoff – Transactions and events have been recorded in the correct accounting period • Classification – Transactions and events have been recorded in the proper accounts

  5. Overview of Controls Testing - Pervasive Control Activities (types of) Some control procedures are found in almost all accounting systems: • Segregation of duties • Authorization procedures • Documented transaction trail • Physical controls to limit access to assets • Independent reconciliation • Competent, trustworthy employees

  6. (a) Segregation of Duties • Very fundamental, should always separate: • Authorization • Record keeping • Custody (Physical)

  7. (b) Authorization Procedures • These ensure that only authorized • Transactions take place • Activities take place • Access to records are permitted

  8. (c) Documentation • Documentation must be such that a proper audit trail exists • This will obviously be more difficult in a computerized environment, but still can be achieved.

  9. (d) Physical Controls to Assets • Security locks • Fences • Keys • Password etc • Vaults, safes

  10. (e) Reconciliation • Comparisons must always be done between • what was submitted and what was processed • What physically exists and what is recorded • Internal records and external records

  11. (f) Competent & Trustworthy employees • These employees help to make controls work

  12. Overview of Controls Testing – Integrated Audit (per PCAOB) vs. Normal Audit • Compare Exhibit 5.11 and Exhibit 5.12 on page 168 & 169

  13. Control Effectiveness and Control Risk Assessment • Process for evaluating controls: • Obtain an understanding of risks and internal controls • Make a preliminary assessment of control risk and decide whether to test operation of control procedures • Test operating effectiveness of controls • Based on the results of testing, determine whether to revise the assessment of control risk and incorporate this revision into the substantive testing

  14. Obtain an Understanding Auditor needs to gain understanding of each significant accounting application operates and the control procedures used The auditor gathers evidence by • Performing walkthroughs of the accounting system and processing procedures and document via narrative memo and/or flowchart • Making inquires of management, and accounting and operational employees • Taking plant and operational tours • Reviewing client documentation including accounting manuals and program and system descriptions • Reviewing prior year audit work papers and then focus on changes The auditor documents his/her understanding using flowcharts (visio), questionnaires, and narratives (see pages 176 & 177)

  15. Make Preliminary Assessment of Control Risk After gaining an understanding, the auditor makes a preliminary assessment of control risk - this assessment is crucial because it drives the planning for the rest of the audit The relationship between the assessed level of control risk and the rigor of the subsequent substantive testing is inverse: • If control risk is assessed as high, • No reliance is placed on the client's internal controls • The amount and rigor of substantive testing must be increased • If control risk is assessed as low • The auditor would like to rely on the client's internal controls • The amount and rigor of substantive testing may not have to be increased • However, the auditor must test the controls to make sure they are operating effectively (and document it)

  16. Perform Tests of Controls • The preliminary assessment of control risk is based on the auditor's understanding of the control system and how it has operated in the past • When control risk is assessed low, and the auditor intends to rely on the client's controls, the auditor may reduce (or not increase) the amount of substantive testing • To ensure that the auditor's reliance on the client's control is warranted, the auditor must test the control to make sure it is operating effectively • Guidance on Sample Size for Testing Controls (Ch 9) • Testing Controls Across Multiple Locations • Dual Purpose Tests (transaction & substantive) • Assessing Control Risk as Moderate (see next slide)

  17. Assessing Control Risk as Moderate • Sometimes benefit of testing controls does not outweigh the cost. • If controls are not tested, then control risk should be set to high (a must for public companies) • If controls are not tested then control risk could only be set to moderate if • The client is a continuing client • Prior year results indicate that controls are effective • There have been no changes since last year • If it is not a public company

  18. Update Assessment of Control Risk & Need for Substantive Testing • If testing indicates the control is not operating effectively, the auditor will revise the preliminary assessment of control risk and incorporate this revision into the subsequent substantive testing

More Related