Standar Pekerjaan Lapangan

advertisement
Standar Pekerjaan Lapangan:
Pemahaman Memadai
atas Pengendalian Intern
Pertemuan 5
Learning Objectives
1.
2.
3.
4.
5.
6.
Management’s need for internal control vs. the
Auditor’s need to consider internal control in
designing an audit
How IT affects internal control
Explain the five components of internal control
Explain
methods
used
to
obtain
an
understanding of internal control
Assess control risk
Describe the process of designing and
performing tests of controls
Client and Auditor Concern
about Internal Control
System Internal Control
consists of policies and procedures
designed to provide management with
reasonable assurance that the company
achieves its objectives and goals
3 key concepts underlie the study of IC and
assessment control risk
1. Management Responsibility
2. Reasonable Assurance
3. Inherent Limitations
Client Concerns
about Internal Control
(COSO Report)
3 (three) concerns of management in
designing an effective control system
1.
2.
3.
Reliability of Financial Reporting
Efficiency
and
Effectiveness
of
Operation
Compliance with Applicable Laws and
Regulation
Auditor Concerns
about Internal Control
1. Controls related to the Reliability of
Financial Reporting
2. Control over Classes of Transactions
Effect of IT
on Internal Control
Advantages

Able to process large volume of transactions
Processes transactions with highly accuracy

No human judgment.

Disadvantages



Program error - GIGO
Unauthorized persons accessing the system
(data and program)
System (data or program) corruption because
of virus.
Components of
Internal Control
5 Categories of Controls (=PSA69 – SA Seksi
319 = COSO)
 The control environment
 Risk assessment
 Control activities
 Information and Communication

Monitoring
Control Environment







Integrity and ethical Value
Commitment to Competence
Board of Directors or Audit Committee
Management’s Philosophy and Operating
Style
Organization Structure
Assignment of Authority and Responsibility
Human Resource a Policies and Practices
Risk Assessment
All entities regardless of size, structure,
nature, or industry, face a variety of
risks from external and internal sources
that must be managed, as they are
constantly change
The important first step is to identify
factors that may increase risks.
Mgt assesses risks as a part of designing
and operating internal control to
minimize errors and fraud
Risk Assessment
Risk occur because of :
 Changes in Operating Environment
 New Personnel
 New or Repaired Information System
 New Technology
 New
Product Lines, Products, or
Activities
 Corporate Restructuring
 Foreign Operation
 New Accounting standard
Control Activities
(1)
Control Activities (SAS 94 and COSO
Report) – generally relate to policies
and procedures;
1. Segregation of Duties
2. Information Processing
3. Physical Control
4. Performance Review
Control Activities
(2)
5 Specific Control Activities related to
policies and procedures;
1. Adequate separation of Duties
2. Proper authorization of transactions and
activities
3. Adequate documents and records
4. Physical Control over assets and records
5. Independent check on performance
Information and Communication
Information system relevant with the objective of
Financial Reporting consisted of the methods
and records established to record, process,
summarize, and report the transactions of the
entity, and also to maintain the accountability
of assets, liabilities and equities of the entity
Communication
consists
of
providing
understanding about individual’s roles and
responsibilities related to internal control on
financial reporting
Information and Communication
(2)
Auditor should get reasonable understanding
about:




Group of transactions significant in the
financial statements
How does a transaction begin ?
Accounting record, supporting information,
and certain accounts in the financial
statements
Accounting process from transaction till
financial reports.
Monitoring
Management is responsible to establish and
maintain internal control.
For that management should monitor to
consider whether the IC works properly
and what needed to be justified (updated) as the environment changes
Adequate Documents
and Records
Relevant principles dictate the proper design
and use of documents and Records
1. Pre-numbered
2. Prepare at the time a transaction takes
place
3. Sufficiently simple
4. Designed for multiple use
5. Constructed in a manner that encourage
correct preparation
Procedures to Obtain
an Understanding of Internal Control
 Reasons:
1.
2.
3.
4.
Auditability
Potential Material misstatement
Detection Risk
Design of tests
 Procedures
to Determine Design and
Placement in Operation (see p.284)
 Documentation of the Understanding (see
p. 285)
Assess Control Risk
Four specific assessments must be made:
 Assess whether the Financial Statements
are auditable
 Determine assessed control risks supported
by understanding obtained
 Assess whether it likely that a lower
assessed control risk could be supported
 Determine
the appropriate assessed
control risk
Assess Control Risk
(2)






Identify Transaction-Related Audit Objectives
Identify Specific Controls
Identify and evaluate Weaknesses (see Figure
10 – 4 on p. 290)
The Control Risk Matrix (see Figure 10 – 5 on
p. 291)
Assess Control Risk
Communicate Reportable Conditions and
Related Matters
Test of Control
Procedures for Test of Controls




Make inquires of appropriate client
personnel
Examine documents, records, and reports
Observe Control-Related activities
Reperform Client Procedures
Download