Presentation is loading. Please wait.

Presentation is loading. Please wait.

McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six.

Published byWesley Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six."— Presentation transcript:

1 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six

2 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control Management has the responsibility to maintain controls that provides reasonable assurance that adequate control exists over the entity’s assets and records. The Internal Control System should: -ensure that assets and records are safeguarded -create an environment in which efficiency and effectiveness are encouraged and monitored -generate reliable information for decision-making The auditor needs assurance about the reliability of the data generated by the information system.

3 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control The auditor uses risk assessment procedures to -obtain an understanding of the entity’s internal control -identify the types of potential misstatements -ascertain factors that affect the risk of material misstatement -design tests of controls and substantive procedures The auditor’s understanding of the internal control is a major factor in determining the overall audit strategy. The auditor has a responsibility to: (1) obtain an understanding of internal control and (2) assess control risk.

4 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control Reliability of Financial Reporting Effectiveness & Efficiency of Operations Compliance with Laws & Regulations Objectives

5 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Controls Relevant to the Audit Generally, internal controls pertaining to the preparation of financial statements for external purposes are relevant to an audit. Reliability of Financial Reporting Effectiveness & Efficiency of Operations Compliance with Laws & Regulations Objectives

6 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Controls Relevant to the Audit Controls relating to operations and compliance objectives may be relevant when they relate to data the auditor uses to apply auditing procedures. Reliability of Financial Reporting Effectiveness & Efficiency of Operations Compliance with Laws & Regulations Objectives

7 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 The Effect of Information Technology on Internal Control

8 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Components of Internal Control Control Environment Entity’s Risk Assessment Process Information System and Related Business Processes Relevant to Financial Reporting & Communication Control Activities Monitoring of Controls

9 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Components of Internal Control

10 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Components of Internal Control

11 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 The Effect of Information Technology on Internal Control

12 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 The Entity’s Risk Assessment Process The risk assessment process should consider external and internal events and circumstances that may arise and adversely affect the entity’s ability to initiate, record, process and report financial data consistent with the assertions of management in the financial statements. Changes in the operating environment New personnel New or revamped information systems Rapid growth New technology New business models, products, or activities Corporate restructuring Expanded international growth New accounting pronouncements Client business risk can arise or change due to the following circumstances:

13 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Information Systems and Communication An effective accounting system gives appropriate consideration to establishing methods and records that will: 1.Identify and record all valid transactions. 2.Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting. 3.Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements. 4.Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period. 5.Properly present the transactions and related disclosures in the financial statements.

14 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Control Activities Control activities are the policies and procedures that help ensure that management’s directives are carried out. Those control activities that are relevant to the audit include: Performance reviews Information processing Physical controls Segregation of duties

15 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Monitoring of Controls Monitoring of controls is a process that assesses the quality of internal control performance over time. Internal Auditors An effective internal audit function has clear lines of authority and reporting, qualified personnel, and adequate resources to enable these personnel to carry out their assigned duties.

16 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Planning an Audit Strategy Audit Risk Model AR = IR × CR × DR In applying the audit risk model, the auditor must assess control risk. The figure on the next slide presents a flowchart of the auditor’s decision process when considering internal control in planning an audit.

17 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Planning an Audit Strategy

18 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Substantive Strategy After obtaining an understanding of internal control, an auditor may choose to follow a substantive strategy and set control risk at the maximum for some or all assertions because of one or all of the following factors: Controls do not pertain to an assertion. Controls are assessed as ineffective. Testing the effectiveness of controls is inefficient.

19 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Reliance Strategy Obtain Understanding of Internal Control Plan to Rely on Internal Control and Assess Control Risk Below Maximum

20 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Assertions

21 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Obtain an Understanding of Internal Control Identify types of potential misstatements Design tests of controls and substantive procedures Pinpoint the factors that affect the risk of material misstatement The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This knowledge is used to:

22 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Example Information & Documentation

23 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Obtain an Understanding of Internal Control 1.Understand the control environment. 2.Understand the entity’s risk assessment process. 3.Understand the information system and communications. 4.Understand control activities. 5.Understand monitoring of controls.

24 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Documenting the Understanding of Internal Control Procedure Manuals and Organisational Charts Narrative Description Internal Control Questionnaires Flowcharts

25 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 The Effect of Entity Size on Internal Control While the basic concepts of the five components should be present in all entities, they are likely to be less formal in a small or midsize entity than in a large entity.

26 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 The Limitations of an Entity’s Internal Control Management Override of Internal Control Human Errors or Mistakes Collusion

27 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Factors Contributing to Fraud

28 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Assessing Control Risk Identify specific controls that will be relied upon. Perform tests of controls Conclude on the achieved level of control risk.

29 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Tests of Controls The auditor’s assessment of control risk and the basis for the achieved level can be documented using a structured working paper, an internal control questionnaire, or a memorandum. Let’s look at an example from EarthWear Clothiers to see how the control risk for two accounts that differ in terms of their nature, size and complexity is documented.

30 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Documenting the Assessed Level of Control Risk

31 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Substantive Procedures

32 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Timing of Audit Procedures Interim Year End Let’s look at the EarthWear Clothiers example again to see the timing of their audit procedures.

33 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Timing of Audit Procedures

34 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Timing of Audit Procedures Interim Tests of Controls 1.Assertion being tested not significant 2.Control has been effective in prior audits 3.Efficient use of staff time Interim Substantive Procedures 1.Assertion probably has low control risk 2.May increase the risk of material misstatements 3.Still requires some year end testing

35 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Accounting Applications Processed by Service Organisations In some instances, a client may have some or all of its accounting transactions processed by an outside service organisation. Because the client’s transactions are subjected to the controls of the service organisation, one of the auditor’s concerns is the internal control system in place at the service organisation. It is not uncommon for service organisations to have an auditor issue one of two types of reports on their operations.

36 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing Accounting Applications Processed by Service Organisations Report Type 1 Describes the service organisation’s controls and assesses whether they are suitably designed to achieve specified internal control objectives. Report Type 2 Goes further by testing whether the controls provide reasonable assurance that the related control objectives were achieved during the period. An auditor may reduce control risk below the maximum only on the basis of a service auditor’s report that includes tests of the controls.

37 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Communication of Deficiencies in Internal Control Deficiency A control designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or (2) a control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is missing. A significant deficiency in internal control is a deficiency or combination of deficiencies in internal control that, in the auditor’s professional judgement, is of sufficient importance to merit the attention of those charged with governance. Significant Deficiency

38 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Communication of Deficiencies in Internal Control Auditing standards (ISA 265) require that the auditor communicates in written significant control deficiencies to those charged with governance and management. The auditor should also communicate to management other control deficiencies judged to be of sufficient importance to merit management’s attention. Communication

39 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Examples of Reportable Conditions

40 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Types of Controls in an IT Environment

41 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Computer-Assisted Audit Techniques Computer-assisted audit techniques (CAATs) include: Generalised audit software packages. Custom audit software. Test data.

42 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Generalized Audit Software

43 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Custom Audit Software Custom audit software is generally written by auditors for specific audit tasks. It may be required when the client’s computer system is not compatible with the auditor’s generalized audit software. Custom software: (1) Is expensive to develop. (2) Requires extended development time. (3) May require extensive modification if the client changes its accounting application programs. Custom software: (1) Is expensive to develop. (2) Requires extended development time. (3) May require extensive modification if the client changes its accounting application programs.

44 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Test Data Test data are developed by the auditor to test the application controls in the client’s computer programs. The technique can be used to check (1) data validation controls and error detection routines, (2) processing logic controls, (3) arithmetic calculations, and (4) the inclusion of transactions in records, files, and reports.

45 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Flowcharting Symbols

46 McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 End of Chapter 6

Download ppt "McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Internal Control in a Financial Statement Audit Chapter Six."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
Internal Control Chapter 7 covers two distinct, but related topics:

Internal Control Chapter 7 covers two distinct, but related topics:
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004

CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting

Similar presentations

Ads by Google