Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at San Luis Obispo Raymond N. Johnson Portland State University Chapter 10 – Understanding Internal Control

Chapter 10 Overview

Fundamental Concepts of Internal Controls Process integrated with an entity’s infrastructure People implement internal control Can only provide reasonable assurance Achieve objectives in financial reporting, compliance, and operations

Components of Internal Control Control Environment Risk Assessment Control Activities Information and Communication Monitoring

Entity Objectives with Internal Control Reliability of financial information Compliance with applicable laws and regulations Effectiveness and efficiency of operations

Limitations of Internal Control Mistakes in Judgment Breakdowns Collusion Management Override Cost versus Benefits

Roles and Responsibilities Management Board of Directors and Audit Committee Internal Auditors

Roles and Responsibilities (cont.) Other Entity Personnel Independent Auditors Other External Parties

Study Break _____ is a process that assesses the quality of internal control performance over time. Control activities Risk assessment Information and communication Monitoring D. Monitoring

Study Break 2. This limitation of an entity’s internal controls occurs when two or more individuals act together to perpetrate and conceal fraud. Breakdowns Collusion Management override Mistakes in judgment B. Collusion

Components of Internal Control

Control Environment Integrity and Ethical Values Commitment to Competence Board of Directors and Audit Committee Management’s Philosophy and Operating Style

Control Environment (cont.) Organizational Structure Assignment of Authority and Responsibility Human Resource Policies and Practices

Risk Assessment Process

Information and Communication Transactions Audit Trail or Transaction Trail Documents Records Communication

Control Activities Authorization Controls Segregation of Duties Transaction authorization Custody of assets Recorded accountability in accounting records

Segregation of Duties

Control Activities (cont.) Information Processing Controls General Controls Computer Application Controls Controls over the Financial Reporting Process

General Controls Organization and Operation Controls Systems Development and Documentation Controls Hardware and Systems Software Controls Access Controls Data and Procedural Controls

Computer Application Controls Input Controls Processing Controls Output Controls

Controls over the Financial Reporting Process

Control Activities (cont.) Physical Controls Performance Reviews Controls over Management Discretion in Financial Reporting

Control Activities (cont.) Monitoring Ongoing monitoring programs Separate evaluations Element of reporting deficiencies to the audit committee

Antifraud Programs and Controls

Study Break 3. Which of the following does not influence the control environment? Management’s Philosophy Adequate Training Hiring Processes All of the above influence the control environment D. All of the above influence the control environment

Study Break 4. This component of control activities ensures that every transaction is authorized by management acting within the scope of their authority. Authorization Controls Segregation of Duties Information Processing Controls All of the above A. Authorization Controls

Study Break 5. This computer application control is designed to ensure that the processing results are correct and only authorized personnel receive the information. Input Controls Processing Controls Output Controls Data Controls C. Output Controls

Understanding Internal Control Must perform procedures to: Understand design of policies and procedures Determine whether the policies and procedures are operating

Understanding Internal Control Auditor uses the understanding to: Identify types of potential misstatements Understand factors affecting risk of material misstatement Design further audit procedures

Effects of Preliminary Audit Strategies Control Environment Risk Assessment Information and Communication Control Activities Monitoring

Procedures to Obtain an Understanding Review previous experience with the client Inquire management, supervisory, and staff personnel Inspect documents and records Observe activities and operations Trace transactions through system

Documenting the Understanding Questionnaires Flowcharts Decision Tables Narrative Memoranda

Questionnaire

Decision Table

Narrative Memoranda

Study Break 6. All of the following are procedures used to obtain an understanding of internal controls except: Inspecting documents Inquiries of client’s customers Inquiries of management All of the above procedures are used B. Inquiries of client’s customers

Study Break 7. This form of documentation is a diagram that uses symbols to identify the steps involved in processing information through the accounting system. Questionnaire Flowchart Decision Table Narrative Memoranda B. Flowchart