Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.

Slides:



Advertisements
Similar presentations
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Advertisements

Internal Control in a Financial Statement Audit
© Jerry L. Turner 2006 Jerry L Turner The University of Memphis An Efficient Approach to Identification and Documentation of Critical Accounting Application.
Auditing Concepts.
The Islamic University of Gaza
MODERN AUDITING 7th Edition
Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Auditing A Risk-Based Approach To Conducting A Quality Audit
Internal Control in a Financial Statement Audit
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
Learning Objectives LO1 Explain the key risks of misstatement in production and payroll processes. LO2 Outline the production process: typical transactions,
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Learning Objectives LO1 Outline six general audit techniques for gathering evidence. LO2 Identify the procedures and sources of information auditors can.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Auditing & Assurance Services, 6e
Learning Objectives LO1 Distinguish between management and auditor’s responsibilities regarding an auditee organization’s internal controls. LO2 Explain.
Auditing Internal Control over Financial Reporting
(SIA) 14 Internal Audit in an Information Technology Environment Standard should be read in the conjunction with the “Preface to the Standards on Internal.
Chapter 5 Internal Control over Financial Reporting
Internal Control in a Financial Statement Audit
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Evidence and Documentation
Audit Risk. "Audit risk" means the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated Audit.
Internal Control in a Financial Statement Audit
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 8.1 Control Risk,
Chapter 8: Preliminary Survey & Internal Control Review
Evaluation of Internal Control System
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
Conducting an Information Systems Audit
S4: Understanding the IT environment of the entity.
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Audit Planning and Types of Audit Tests Chapter Five.
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
Electronic Presentations in Microsoft ® PowerPoint ® Prepared by Brad MacDonald SIAST © 2009 McGraw-Hill Ryerson Limited.
Casualty Loss Reserve Seminar General Session II September 9, 2003 Section 302/404 of Sarbanes-Oxley Act What Actuaries Need to Know Jan A. Lommele, FCAS,
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.
BA 427 – Assurance and Attestation Services Lecture 21 Tests of Controls.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
MODERN AUDITING 7th Edition Developed by: Gregory K. Lowry, MBA, CPA Saint Paul’s College John Wiley & Sons, Inc. William C. Boynton California Polytechnic.
Chapter 5 Evidence and Documentation McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Audit Evidence Process
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
1 CHAPTER 5 - b INTERNAL CONTROL OVER FINANCIAL REPORTING.
AUDIT QUALITY AND ASSURANCE 2 ND AND 3 RD OCTOBER 2014 HILTON HOTEL ANALYTICAL PROCEDURES 1.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
 Planning an audit of cost statements, records and other related documents is considered necessary to ensure achievement of audit objectives with available.
8 INTERNAL CONTROL. Definition Duty  mgt (CEO)  Board  Internal auditor  Employee  External person.
Auditing Concepts.
Internal Control in a Financial Statement Audit
Internal Audit & Accounting Systems Review
Question 4-1 Which of the following statements concerning noncompliance by clients is correct?    A.  An auditor's responsibility to detect noncompliance.
PLANNING, MATERIALITY AND ASSESSING THE RISK OF MISSTATEMENT
Internal Control in a Financial Statement Audit
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Defining Internal Control
CHAPTER 15 AUDITING EDP SYSTEMS.
Sarbanes-Oxley Act (404) An IT Viewpoint
AUDIT TESTS.
Presentation transcript:

Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests for an audit program. LO7 Outline the auditor’s responsibility when internal control evaluation work detects or indicates a significant control deficiency or a high risk of fraudulent misstatement.

Application Control Activities Specific procedures used in each accounting process to meet the relevant control objectives. LO5

Documentation of Control Elements Documentation of the control structure shows the audit team’s understanding of internal controls and the basis of decisions reached. A number of tools are available to the auditor for documentation: internal control questionnaires, formal interview using a checklist, narratives, and flowcharts. LO5

Internal Control Questionnaire (ICQ) and Narrative The most efficient means of gathering evidence about internal control is to conduct a formal interview with knowledgeable managers. The ICQ is a form of checklist covering the control objectives. Use of an ICQ assists the auditor in covering all the important points. An ICQ is designed so that a response of “no” typically indicates a control weakness. LO5

Accounting and Control System Flowcharts A picture is worth a thousand words. Flowcharts can enhance auditors’ evaluations and updating a flow chart is relatively easy. Initial preparation of a flow chart is time consuming. In some cases, control conscious businesses will have already prepared the flow charts. LO5

Flowchart Guidelines Standardized flow chart symbols should be used. Flowcharts should be drawn with a ruler and template, or by computer software. The flowchart should progress from top to bottom, from left to right wherever possible. All relevant information should be on the flowchart, including explanations. Columns can be used for the various departments to demonstrate segregation of responsibilities. LO5

Stopping Risk Assessment Work Auditors may decide to stop evaluation work in Phase 1 for two reasons: Control is too poor to justify reliance. Control risk is set at maximum. Goal is audit effectiveness. Cost/benefit of reliance is not justified, although control is good. Goal is audit efficiency. LO5

Phase 2 – Assessing the Control Risk Following Phase 1, the auditor should make a preliminary assessment of control risk. This involves: identifying specific control objectives, identifying points in the flow of transactions where misstatements could occur, identifying specific control procedures in place, identifying the control procedures that must function to prevent or detect the misstatements, and evaluating the design of control procedures to determine if it will be effective to test these controls. LO5

Assessing the Control Risk A useful assessment technique is to analyze control strengths and weaknesses. Strengths are controls that should prevent, detect, or correct errors. Control strengths will be further tested. Weaknesses are the lack of controls that would allow material misstatements to get by undetected. A bridge working paper can be used to connect the control evaluation to subsequent procedures. LO5

Control Risk in Complex IT and Ecommerce Environments Business Internet and IT use have an impact on control risk. Many business models incorporate the Internet. Auditors are concerned with the security of IT processing LO5

Ecommerce Control Aspects For an auditee that engages in ecommerce, the following aspects of internal control are particularly relevant: Security Transaction integrity Process alignment LO5

Security External access to the auditee’s information system though the internet creates security risks. Control environment should address this increased risk. LO5

Transaction Integrity Risks related to the recording and processing of ecommerce transactions include the completeness, accuracy, timeliness, and authorization of information in the financial records. Control activities related to transaction integrity are required. LO5

Process Alignment Process alignment refers to the integration of IT systems so that they operate as one system. Control objectives for manual and IT-based systems are the same. The points in the system where misstatements might occur are at input, processing, and output. LO5

Input Inputs include: Activities related to source data preparation. Manual procedures applied to source data. Source data are converted into computer-readable form. Input files are identified for use in processing. LO5

Processing Processing activities include: Information being transferred from one program to another. Computer –readable files are used to supply additional information. Transactions are initiated by the computer LO5

Output Output activities include: Output files are created / master files are updated. Master files are changed outside the normal flow of transactions. Output reports or files are produced. Errors identified by control procedures are corrected. LO5

Manual and IT Controls over Information Processing Use of IT systems for financial reporting will include manual elements. Controls over manual processed also need to be considered. LO5

Assessing the Control Risk The information gathered about the client’s control environment, the accounting system and the control procedures should enable the auditor to reach one of three conclusions. The auditor is required to make the control evaluation for classes of transactions and account balances at the assertion level. Control risk for some assertions regarding a given balance might be low, and for other assertions regarding the same balance, the control risk might be high. LO5

Phase 2 - Conclusions Control risk may be assessed low, and it seems efficient and cost-effective to test controls leading to a combined approach. Control risk may be assessed low, but it would not be cost-effective or efficient to test those controls. Substantive procedures will provide evidence cheaper than a combined approach. Control risk is assessed high, the auditor will concentrate on substantive procedures and not test controls. LO5