Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Published byScott Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved."— Presentation transcript:

1 Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

2 Management Responsibilities under Section 404 Management must comply with the following requirements in order for the external auditor to complete an audit of ICFR. 1.Accept responsibility for the effectiveness of the entity’s ICFR. 2.Evaluate the effectiveness of the entity’s ICFR using suitable control criteria. 3.Support the evaluation with sufficient evidence, including documentation. 4.Present a written assessment regarding the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year. 1.Accept responsibility for the effectiveness of the entity’s ICFR. 2.Evaluate the effectiveness of the entity’s ICFR using suitable control criteria. 3.Support the evaluation with sufficient evidence, including documentation. 4.Present a written assessment regarding the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year. LO# 1 7-2

3 Auditor Responsibilities under Section 404 and AS5 integrated audit The entity’s independent auditor must audit and report on the effectiveness of ICFR. The auditor is required to conduct an integrated audit of the entity’s ICFR and its financial statements. LO# 2 7-3

4 ICFR Defined ICFR is defined as a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP. Controls include procedures that: 1.Pertain to the maintenance of records that fairly reflect the transactions and dispositions of the assets of the company. 2.Provide reasonable assurance that transactions are recorded in accordance with GAAP. 3.Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets. 1.Pertain to the maintenance of records that fairly reflect the transactions and dispositions of the assets of the company. 2.Provide reasonable assurance that transactions are recorded in accordance with GAAP. 3.Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets. LO# 3 7-4

5 Internal Control Deficiencies Defined Material Not material but significant Not material or significant RemoteReasonably possible or probable Material weakness Significant deficiency Control deficiency Control deficiency L I K E L I H O O D MAGNITUDEMAGNITUDEMAGNITUDEMAGNITUDE LO# 4 Report externally to audit committee and to management Report to audit committee and to management Report to management 7-5

6 Management’s Assessment Process Management must follow a top-down, risk-based approach: 1.Identify financial reporting risks and controls. 2.Evaluate evidence about the operating effectiveness of ICFR. 3.Consider which locations to include in the evaluation. Management must follow a top-down, risk-based approach: 1.Identify financial reporting risks and controls. 2.Evaluate evidence about the operating effectiveness of ICFR. 3.Consider which locations to include in the evaluation. LO# 5 7-6

7 Performing an Audit of ICFR Figure 7-2 LO# 6 7-7

8 Integrating the Audits of Internal Control and Financial Statements An integrated audit is composed of the audits of internal control and the financial statements. The control testing impacts the planned substantive procedures. Also, the results of the substantive procedures are considered in the evaluation of internal control. Tests of internal control Substantive audit procedures LO# 6 7-8

9 Planning the Audit of ICFR  The planning process is similar to the process used for the audit of financial statements.  Consider the following: –Risk assessment and the risk of fraud. –Scaling the audit. –Using the work of others. LO# 7 7-9

10 Using a Top-Down Approach Figure 7-3 LO# 8 7-10

11 Test the Design and Operating Effectiveness of Controls LO# 9   Evaluate design   Test and evaluate operating effectiveness – –Nature: Inquiry, Inspection of documents, observation, and reperformance. – –Timing: Interim vs. “as of” date – –Extent: Consider (1) Nature of the control; (2) Frequency of operation; and (3) Importance of the control. 7-11

12 Evaluate Identified Control Deficiencies LO# 10 7-12

13 Remediation of a Material Weakness   Remediation is the process of correcting a material weakness in the ICFR – –If a material weakness is corrected before the “as of” date, there must be sufficient time for both management and the auditor to test the operating effectiveness of the control – if not, an adverse opinion is still issued. LO# 11 7-13

14 Written Representations In addition to the management representations obtained as part of a financial statement audit, the auditor also obtains written representations from management related to the audit of ICFR. Failure to obtain written representations from management, including management’s refusal to furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion. LO# 12 7-14

15 Auditor Documentation Requirements The auditor must properly document the processes, procedures, judgments, and results relating to the audit of internal control. When an entity has effective ICFR, the auditor should be able to perform sufficient testing of controls to assess control risk for all relevant assertions at a low level. LO# 13 7-15

16 Types of Reports Relating to the Audit of ICFR An unqualified opinion signifies that the client’s internal control is designed and operating effectively (no material weaknesses). A serious scope limitation requires the auditor to disclaim an opinion. An adverse opinion is required if a material weakness is identified. LO# 14 7-16

17 Additional Required Communications in an Audit of ICFR The auditor must communicate in writing to management and the audit committee all significant deficiencies and material weaknesses identified during the audit (AS5). This communication should be made prior to the issuance of the auditor’s report on ICFR. In addition, the auditor should communicate to management, in writing, all control deficiencies identified during the audit and inform the audit committee when such a communication has been made. LO# 15 7-17

18 Management and the auditor should perform the following procedures with respect to the activities performed by the service organization: (1) obtain an understanding of the controls at the service organization that are relevant to the entity’s internal control and the controls at the user organization over the activities of the service organization; and (2) obtain evidence that the controls that are relevant to management’s assessment and the auditor’s opinion are operating effectively. Sometimes a Type 2 report is issued LO# 16 Advanced Module 1: Use of Service Organizations 7-18

19 Advanced Module 2: Computer-Assisted Audit Techniques Computer-assisted audit techniques (CAATs) include: Generalized audit software packages. Generalized audit software packages. Custom audit software. Custom audit software. Test data. Test data. Computer-assisted audit techniques (CAATs) include: Generalized audit software packages. Generalized audit software packages. Custom audit software. Custom audit software. Test data. Test data. LO# 18 7-19

20 End of Chapter 7 7-20

Download ppt "Chapter 7 Auditing Internal Control over Financial Reporting McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Chapter 1 An Introduction to Assurance and Financial Statement Auditing McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.

Chapter 1 An Introduction to Assurance and Financial Statement Auditing McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights.
Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.

Learning Objectives LO1 Describe the current audit environment, including developments in regulatory oversight and provincial regulation of public accountants.
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
An Introduction to Assurance and Financial Statement Auditing

An Introduction to Assurance and Financial Statement Auditing
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 21-1 Chapter 21 CHAPTER 21 ASSURANCE, ATTESTATION, AND OTHER FORMS OF SERVICES.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved Chapter 21 CHAPTER 21 ASSURANCE, ATTESTATION, AND OTHER FORMS OF SERVICES.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
Internal Controls over Financial Reporting

Internal Controls over Financial Reporting
MODERN AUDITING 7th Edition

MODERN AUDITING 7th Edition
Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,

Chapter 2 Professional Standards “All my growth and development led me to believe that if you really do the right thing, and if you play by the rules,
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.

CHAPTER 2 FINANCIAL STATEMENT AUDITS AND AUDITORS’ RESPONSIBILITIES Fall 2007 u G enerally Accepted Auditing Standards u Assurance Provided by an Audit.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Nature of an Integrated Audit

Nature of an Integrated Audit
Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.

Learning Objectives LO1 Describe the association framework. LO2 Determine whether a PA is associated with financial statements. LO3 Describe the three.
Auditing & Assurance Services, 6e

Auditing & Assurance Services, 6e

Similar presentations

Ads by Google