Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

Chapter 1 - Ross Fuerman

advertisement 
Chapter 6
Internal Control in a
Financial Statement
Audit
LO# 1
Internal Control
Management has the responsibility to maintain controls that
provide reasonable assurance that adequate control exists over
the entity’s assets and records.
The Internal Control System should:
-ensure that assets and records are safeguarded
-generate reliable information for decision making
The auditor needs assurance about the reliability of the data
generated by the information system.
6-2
LO# 1
Internal Control
The auditor’s understanding of the internal control is a
major factor in determining the overall audit strategy. The
auditor has a responsibility to:
(1) obtain an understanding of internal control and
(2) assess control risk.
6-3
LO #2, 3
COSO Framework and Controls
Relevant to the Audit
Objectives
Reliability of
Financial
Reporting
(most
important for
the audit)
Effectiveness
and Efficiency
of Operations
Compliance
with Laws and
Regulations
6-4
LO# 5
COSO Components of Internal Control
6-5
LO# 5
Control Environment
6-6
The Entity’s Risk
Assessment Process
LO# 5
The risk assessment process should consider external and
internal events and circumstances that may arise and adversely
affect the entity’s ability to initiate, record, process, and report
financial data consistent with the assertions of management in
the financial statements.
Client business risk can arise or change due to the following
circumstances:
Changes in the
operating
environment
Corporate
restructuring
Rapid growth
New or revamped
information
systems
New accounting
pronouncements
New business
models, products,
or activities
New personnel
New technology
International
growth
6-7
Information System and
Communication
LO# 5
An effective accounting system gives appropriate consideration
to establishing methods and records that will
1. Identify and record all valid transactions.
2. Describe on a timely basis the transactions in sufficient detail to
permit proper classification of transactions for financial reporting.
3. Measure the value of transactions in a manner that permits
recording their proper monetary value in the financial statements.
4. Determine the time period in which transactions occurred to permit
recording of transactions in the proper accounting period.
5. Properly present the transactions and related disclosures in the
financial statements.
6-8
LO# 5
Control Activities
Control activities are the policies and procedures that help
ensure that management’s directives are carried out. Control
activities are commonly categorized into the following types:
Performance
reviews
Information
processing
Physical
controls
Segregation
of duties
6-9
LO# 5
Monitoring of Controls
Monitoring of controls is a process that
assesses the quality of internal control
performance over time.
Effective
Monitoring
1. Establishing a foundation for
control effectiveness
2. Designing and executing
monitoring procedures based on
business risks
3. Assessing and reporting results
6-10
LO# 6
Planning an Audit Strategy
Audit Risk Model
AR = IR × CR × DR
In applying the audit risk model, the auditor
must assess control risk. The figure on the
next slide presents a flowchart of the
auditor’s decision process when considering
internal control in planning an audit.
6-11
LO# 6
Planning an Audit Strategy
Figure 6-3 Flowchart of the Auditor’s Consideration of Internal Control and Its Relation to
Substantive Procedures
6-12
LO# 6
Substantive Strategy
After obtaining an understanding of internal control, an
auditor may choose to follow a substantive strategy and set
control risk at a relatively high for some or all assertions
because of one or all of the following factors:
Controls do
not pertain to
an assertion.
Controls are
assessed as
ineffective.
Testing the
effectiveness
of controls is
inefficient.
6-13
LO# 6
Reliance Strategy
Obtain
Understanding of
Internal Control
Plan to Rely on IC
and Assess Control
Risk at a relatively
low level
6-14
LO# 6
Assertions
6-15
Obtain an Understanding
of Internal Control
LO# 7
The auditor should obtain an understanding of each of
the five components of internal control in order to plan
the audit. This knowledge is used to:
Pinpoint the
factors that affect
the risk of material
misstatement
Identify types of
potential
misstatement
Design tests of
controls and
substantive
procedures
6-16
Obtain an Understanding of
Internal Control
LO# 7
1. Understand the control environment.
2. Understand the entity’s risk assessment process.
3. Understand the information system and communications.
4. Understand control activities.
5. Understand monitoring of controls.
6-17
LO# 8
Documenting the Understanding
of Internal Control
Procedure Manuals
and Organizational
Charts
Flowcharts
Internal Control
Questionnaires
Narrative Description
6-18
LO# 8
The Effect of Entity Size on
Internal Control
While the basic concepts of the five
components should be present in all entities,
they are likely to be less formal in a small or
midsize entity than in a large entity.
6-19
LO# 8
The Limitations of an Entity’s
Internal Control
Override of
Internal Control
by Management
Human Errors
or Mistakes
Collusion
6-20
LO# 9
Assessing Control Risk
Identify
specific
controls that
will be relied
upon.
Perform tests
of controls.
*This means the control
risk after testing is
completed. Generally,
after testing, the CR will
either be unchanged or
it will be revised higher.
Conclude on the
achieved level
of control risk.*
6-21
LO# 10
Performing Tests of Controls
Inquiry of appropriate
personnel
Inspection of documents
indicating the
performance of the
control
Observation of the
application of the
control
Reperformance of the
application of the
control by the auditor
6-22
LO# 10
Documenting the Achieved Level of
Control Risk
The auditor’s assessment of control risk and the
basis for the achieved level can be documented
using a structured working paper, an internal control
questionnaire, or a memorandum.
Let’s look at an example from
EarthWear Clothiers to see
how the control risk for two
accounts that differ in terms of
their nature, size, and
complexity is documented.
6-23
LO# 10
An Example of Assessing Control
Risks and Its Effects
6-24
LO# 11
Performing Substantive Procedures
6-25
LO# 12
Timing of Audit Procedures
Interim
Year End
Let’s look at the EarthWear Clothiers example
again to see the timing of their audit
procedures.
6-26
LO# 12
Timing of Audit Procedures
A Timeline for Planning and Performing the Audit of EarthWear Clothiers
6-27
LO# 12
Interim Audit Procedures
Interim Tests of
Controls
Interim
Substantive
Procedures
1. Assertion being tested not significant
2. Control has been effective in prior audits
3. Efficient use of staff time
1. Assertion probably has low control risk
2. May increase the risk of material
misstatements
3. Still requires some year-end testing
6-28
LO# 13
Auditing Accounting Applications
Processed by Service Organizations
In some instances, a client may have some or all of its
accounting transactions processed by an outside service
organization.
Because the client’s
transactions are subjected to
the controls of the service
organization, one of the
auditor’s concerns is the
It is not uncommon for service
internal control system in
organizations to have an auditor
place at the service
issue one of two types of
organization.
reports on their operations.
6-29
LO# 13
Auditing Accounting Applications
Processed by Service Organizations
Type 1 Report
Describes the service organization’s
controls and assesses whether they
are suitably designed to achieve
specified internal control objectives.
Type 2 Report
An auditor may reduce
Goes further by testing whether the
control risk below the
maximum only on the controls provide reasonable assurance
that the related control objectives were
basis of a service
auditor’s Type 2 report.
achieved during the period.
6-30
LO# 14
Auditors must communicate to the audit
committee or BOD internal control problems
Material
Weakness
A material weakness is a deficiency, or
combination of deficiencies, in internal control,
such that there is a reasonable possibility that a
material misstatement of the financial
statements will not be prevented, or detected
and corrected, on a timely basis.
Significant
Deficiency
A Significant deficiency is a deficiency, or a
combination of deficiencies, in internal control
that is less severe than a material weakness, yet
important enough to merit attention by those
charged with governance.
6-31
LO# 14
Examples of internal control problems
6-32
End of Chapter 6
Related documents
(financial and operational) auditor internal (financial and operational
(financial and operational) auditor internal (financial and operational
Chapter 7
Chapter 7
Senior Financial and Operational Auditor
Senior Financial and Operational Auditor
Chap006
Chap006
Example of a Management Representation Letter
Example of a Management Representation Letter
Case
Case
Accounting 241 Outline
Accounting 241 Outline
Internal Auditor Job Description
Internal Auditor Job Description
analisa pengaruh struktur kepemilikan dan dewan
analisa pengaruh struktur kepemilikan dan dewan
Fundamentals of Auditing Lecture 13 SUBSTANTIVE
Fundamentals of Auditing Lecture 13 SUBSTANTIVE
Fundamentals of Auditing Lecture 12 AUDIT TESTS Audit evidence
Fundamentals of Auditing Lecture 12 AUDIT TESTS Audit evidence
AUDIT TESTS Audit evidence through Audit Procedures The auditor
AUDIT TESTS Audit evidence through Audit Procedures The auditor
Download
advertisement