©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 10 - 1 Section 404 Audits of Internal Control and Control.

Slides:



Advertisements
Similar presentations
Section 404 Audits of Internal Control and Control Risk
Advertisements

Internal Control and Control Risk
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control.
Chapter 10 Section 404 Audits of Internal Control and Control Risk
Auditing Computer-Based Information Systems
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
Chapter 9 The Study of Internal Control and Assessment of Control Risk
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Audit of the Sales and Collection Cycle Chapter.
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk
Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions Chapter 14.
Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Audit of the Sales and Collection Cycle Chapter 11.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 10 Internal control and Control Risk.
5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything.
Auditing Internal Control over Financial Reporting
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 5 Internal Control over Financial Reporting
Considering Internal Control
Internal Control in a Financial Statement Audit
BusinessAllstars.com 1 BusinessAllstars.com Presents Copyright © 2004 by Gainbridge Associates All right reserved This material may not be used or reproduced.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
Internal Control in a Financial Statement Audit
9 - 1 ©2003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 9.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.
Evaluation of Internal Control System
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Overall Audit Plan and Audit Program Chapter 13.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.
CHAPTER 5 INTERNAL CONTROL OVER FINANCIAL REPORTING.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
Chapter 9: Introduction to Internal Control Systems
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 7-1 Chapter Seven Auditing Internal Control over Financial Reporting.
BA 427 – Assurance and Attestation Services Lecture 21 Tests of Controls.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Internal Control over Financial Reporting Chapter Seven.
Copyright © 2007 Pearson Education Canada 1 Chapter 11: Overall Audit Plan and Audit Program.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter.
Audit Responsibilities and Objectives
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder ©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder.
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Audit of the Sales and Collection Cycle: Tests of Controls and Substantive.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Section 404 Audits of Internal Control and Control Risk Chapter 10.
©©2012 Pearson Education, Auditing 14/e, Arens/Elder/Beasley Considering Internal Control Chapter 10.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley Overall Audit Plan and Audit Program Chapter 13.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
©2005 Prentice Hall Business Publishing, Auditing and Assurance Services 10/e, Arens/Elder/Beasley Internal Control and Control Risk Chapter 10.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Section 404 Audits of Internal Control and Control Risk
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Internal Control Evaluation: Assessing Control Risk
Defining Internal Control
INTERNAL CONTROLS AND THE ASSESSMENT OF CONTROL RISK
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Section 404 Audits of Internal Control and Control Risk Chapter 10

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Learning Objective 1 Describe the three primary objectives of effective internal Control.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Client’s Concerns Compliance with applicable laws and regulations – SOX: Mgt assessment of I/C effectiveness (material weakness) and auditor independently opines (AS5); NYSE – Internal audit Reliability of financial reporting: SOX certification of F/S Efficiency and effectiveness of operations Master price list, credit approval, Double counts of inventory

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Learning Objective 2 Contrast management’s responsibilities for maintaining internal control with the auditor’s responsibilities for evaluating and reporting on internal control.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Inherent Limitations: Collusion / Override Reasonable Assurance: Cost / Benefit Management’s Responsibility 404: statement and assessment Key Concepts

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Auditor Concerns Controls over classes of transactions: Transaction focus, not balances Controls related to reliability of financial reporting (AS2 →AS5): Never price above competitors Vs. Seg. of duties for cash

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Sales Transaction-related Audit Objectives Sales Transaction-related Audit Objectives Sales are to existing customers CONTROL? Transaction-related Audit Objective – General form Recorded transactions exist (occurrence) Existing sales transactions are recorded Existing transactions are recorded (completeness) Transactions are stated correctly (accuracy) Sales for goods shipped are correctly billed

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Sales Transaction-related Audit Objectives Transactions are correctly classified (classification) Sales transactions are correctly classified Transactions are recorded on correct dates (timing) Sales are recorded on the correct dates Transactions are correctly filed (posting and summarization) Sales transactions are correctly included in the master files CONTROL? Sales Transaction-related Audit Objectives Transaction-related Audit Objective – General form

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Auditor Concerns Opinion on I/Cs: gain an understanding and perform tests of controls (discretion) related to all significant account balances, classes of transactions, disclosures, and related assertions in the F/S. AS5: Risk-based, no opinion on Mgt assessment Public (mandatory) vs. Private (discretion) company

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Learning Objective 3 Explain the five components of the COSO internal control framework.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Five Components of Internal Control Risk Assessment Control Activities Information and Communication Monitoring Control Environment

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Control Environment Integrity and ethical values Commitment to competence Board of directors or audit committee participation Management’s philosophy and operating style

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Control Environment Organizational structure: wide or skinny? Assignment of authority and responsibility: Resources for I/Cs Human resources policies and practices: whistleblowers, exit interviews, competence

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Mgt Risk Assessment Identify factors affecting control risk. Assess significance of risks and likelihood of occurrence. Determine actions necessary to manage risk. Contingency plans

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Control Activities (cycle related) 1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Adequate Separation of Duties Custody of assets Authorization of transactions Operational responsibility IT Duties Accounting The custody of related assets Record-keeping responsibility User departments

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Proper Authorization of Transactions and Activities General authorization: Credit check Automated Specific authorization: To write-off customer A/R account Manual

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Adequate Documents and Records Prenumbered consecutively – exist and comp Prepared at the time of transaction - timing Designed for multiple uses - accuracy Constructed to encourage correct preparation - accuracy Simple enough to ensure understanding -accuracy

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Physical Control over Assets and Records Physical precautions: daily dep. of cash Controls related to IT equipment, programs, and data files Physical controls Access controls Backup and recovery procedures: business continuity

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Independent Checks on Performance The need for independent checks arise because internal control tends to change over time, become n/a, or ignored unless there is a mechanism for frequent review. Internal Auditors/SOX 404/external auditors

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Information and Communication The purpose of an accounting information and communication system is to… initiate, record, process, and report the transactions and to maintain accountability for the related F/S accounts. Does AIS have controls to cover all 6 transaction obj. for each cycle / meet COSO criteria? SOX documentation. Flowcharts, narratives, and questionnaires

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Monitoring Management’s ongoing and periodic assessment of the quality of internal control performance … to determine whether controls are operating as intended and modified when needed. Priority now w/ SOX – material I/C weaknesses disclosed to F/S users, SOX consultants

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley SEC and COSO Focus on Smaller Public Companies The SEC has extended the deadline for small public companies compliance with Section 404 requirements: MGT: 12/15/09 Auditor: 12/15/09 COSO issued guidance in Internal Control Over Financial Reporting for Smaller Public Companies.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Learning Objective 4 Obtain and document an understanding of internal control.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Understanding Internal Control and Assessing Control Risk Obtain Understanding of Internal Control: Design and Operation Assess Prelim. CR Test Controls Final CR -> Decide Planned Detection Risk and Substantive Tests

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Reasons for Sufficiently Understanding Internal Control SAS 109 and AS2/AS5 both require the auditor to obtain an understanding of internal control for every audit. Minimum audit planning matters: CR at max Auditability / AR Potential material misstatements (IR) Detection risk (DR) – meet? Design of tests

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Procedures to Determine Design and Placement Update and evaluate auditor’s previous experience with the entity. Make inquires of client personnel. Read client’s policy and systems manuals – SOX 404 Examine documents and records. Observe entity activities and operations.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Documentation of the Understanding Narrative Flowchart Internal control questionnaire p. 306 Internal control questionnaire p. 306

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Learning Objective 5 Assess control risk by linking key controls, significant deficiencies, and material weaknesses to transaction-related audit objectives.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Assess Control Risk Obtain sufficient understanding for planning. Assess whether the entity is auditable. IT –timing of evidence availability. Need IT audit specialist? Preliminarily assess control risk. Why???? If CR below max. – need to test I/Cs. SAS 94 – If you rely on IT for evidence, you need to test controls of IT – no more auditing around the computer!

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Assess Control Risk Identify transaction-related audit objectives. Identify specific controls – from narrative, flowchart, and/or checklist Identify and evaluate weaknesses – Control Matrix/SOX (design deficiency)

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Control Risk Matrix Auditors use the control risk matrix to identify both controls and weaknesses and to assess control risk. See p. 308

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Communication of Weaknesses Management letters Before = report to audit committee or BOD SOX / AS5 = auditor opines on I/C Reports Significant Deficiencies to Audit Committee and Material Weaknesses to public. Deficiencies due to design vs. operation

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley What is a Material Weakness?? MaterialWeakness LIKELIHOODSIGNIFICANCEMaterial Immaterial ProbableRemote SignificantDeficiency > inconse- > inconse-quential

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Learning Objective 6 Describe the process of designing and performing tests of controls.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls. When do we perform all this CR work?

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Procedures for Tests of Controls Make inquiries of client personnel. Examine documents, records, and reports. Observe control-related activities. Reperform client procedures.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Relationship of Assessed Control Risk and Extent of Procedures Assessed Control Risk MAX Level:Lower Level: Obtaining anTests of Type of ProcedureUnderstanding OnlyControls InquiryYes – extensiveYes – some DocumentationYes – with transactionYes – using walk-through sample ObservationYes – with transactionYes – multiple walk-through times ReperformanceNoYes – sampling

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Decide Planned Detection Risk and Design Substantive Tests The auditor uses the results of the control risk assessment process and tests of controls to assess final control risk and determine the planned detection risk and related substantive tests.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Learning Objectives 7 and 8 Understand Section 404 requirements for reports on internal control. Describe the differences in evaluating, reporting, and testing internal control for nonpublic companies.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Reporting on Internal Control Section 404(b) of the Sarbanes-Oxley Act Section 404(b) of the Sarbanes-Oxley Act restricts the scope of the engagement to internal controls over financial reporting. internal controls over financial reporting. The Act provides that the auditor’s attestation of management’s assessment of internal control for a public company be integrated with the audit of the financial statements. Material Weakness = Adverse opinion on I/C Material Weakness = Adverse opinion on I/C

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Differences in Scope of Controls Tested: Public vs. Non-public Company Internal controls over financial reporting COSO Framework Controls that must be tested in an audit of internal controls (public) Internal controls used to assess control risk below maximum DISCRETIONARY Controls that must be tested in an audit of financial statements (private)

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Public Company Accounting Oversight Board The (PCAOB) has issued guidance (std # 2 or AS2→AS5) for audits of internal control over financial reporting performed in conjunction with an audit of financial statements of public companies. Why test I/Cs for nonpublic companies??

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley EXTRA!!! Describe how information technology affects internal control.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Effect of Information Technology on Internal Control Information Technology IT can improve the effectiveness and efficiency of internal controls. IT also enhances (a) the timeliness and accuracy of information (b) access to information.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley Risks Associated With the Use of Information Technology Programmed errors: transaction goes to wrong account Processing incorrect data: wrong selling price Unauthorized access: Passwords Research: ERP imp. = higher CR, internal control applications improperly installed, imp. team, minimal supervisory review/seg. of duties, lack of training, Role of IT audit specialist/auditor AIS expertise inc.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley End of Chapter 10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.