Download presentation
Presentation is loading. Please wait.
Published byBeverly Shaw Modified over 9 years ago
1
Chapter 5 Internal Control over Financial Reporting
Copyright © 2010 South-Western/Cengage Learning
2
Audit Opinion Formulation Process
3
LO 1 - Importance of Internal Control to Financial Statement Audits
The quality of internal control over financial reporting is an important part of an organization’s commitment to good governance Internal control processes must effectively address risks that are present between an organization and the accomplishment of its objectives Internal controls are needed because every organization faces significant risks like: corporate failure misuse of corporate assets incorrect or incomplete preparation of financial information
4
LO 2 – COSO Framework for Internal Control
5
COSO: A Framework for Internal Control
Internal controls is a process designed to provide reasonable assurance of achieving the following: Generating reliable financial accounting information Safeguarding assets Complying with applicable laws and regulations Operating efficiently and effectively
6
What are the components of an internal control system?
There is a logical loop to an organization's internal controls, starting with 1. Identification of organizational risks that affect the accomplishment of objectives 2. Design of the control environment 3. Design and implementation of controls activities to prevent or detect errors 4. Communicate the policies effectively through information and communication process 5. Monitoring of the effectiveness of the controls to operate effectively
7
Components of Internal Control
An internal control system consists of five components Risk assessment: process designed to identify and manage risks that may affect its ability to achieve its objectives Control environment: overall attitude, awareness, and actions of significant internal groups to maintain a well-controlled organization (tone at the top) Control activities: policies and procedures established by management to help ensure that internal control objectives are achieved and risks mitigated
8
Components of Internal Control
Information and communication: process of identifying, capturing, and exchanging information in a timely fashion to enable the organization to achieve its objectives Monitoring: process that assesses the quality of internal controls over time
9
Risk Assessment Risk assessment involves the identification and analysis of the risks of material misstatement in financial reports. Failure to identify risks, results in deficiencies in the control processes to mitigate the risks Risk assessment questionnaire is used for identifying the significant risks related to financial reporting and documenting
10
LO 3 - Understanding the Control Environment
Factors an auditor should look at when evaluating an organization's control environment: Integrity and ethical values Board of directors and audit committee Management's philosophy and operating style Organizational structure, including assignment of authority and responsibility Commitment to financial reporting competence Authority and Responsibility Human resource policies and practices
11
Control Activities Control activities are policies and procedures implemented across the organization to reduce the risk of financial reporting misstatements Control activities involve: The design of the control The operations of the control The sources to misstatement includes: Transaction processing
12
Control Activities Organizations use Preventive and Detective controls
Accounting estimates Adjusting and closing entries Organizations use Preventive and Detective controls
13
Information and Communication
Information and communication represent a company’s processes for gathering key financial information to support the achievement of financial reporting objectives Information must be communicated to the right people It must also be assured that substantive issues are report to audit committee for investigation
14
Monitoring Monitoring represents a company’s processes to determine whether internal control over financial reporting is operating effectively Ongoing monitoring processes are designed to identify control failures Effective control system rely heavily on monitoring Internal auditing is a highly effective monitoring control
15
LO 4 - Common Control Activities
Control activities implemented in almost all accounting systems include: Segregation of duties Authorization procedures Adequately documented transaction trail Physical controls to safeguard assets Reconciliation of control accounts with subsidiary ledgers, of transactions recorded with transactions submitted for processing, and of physical counts of assets with recorded assets Competent, trustworthy employees
16
LO 5 - IT Controls Integrated into Internal Control Evaluations
General computer controls are pervasive and affect every computerized system These controls address the following: Planning and controlling the data processing function Controlling applications development and changes to programs and/or data files and records Controlling access to equipment, data, and programs Assuring business continuity such that control failures do not affect data or programs Controlling data transmission
17
IT Controls Integrated into Internal Control Evaluations
Application controls are specific control procedures designed into and around the computer program to ensure that processing objectives are attained The control procedures include: Input Controls Processing Controls Output Controls It leads to better data for decisions and increases the organizational success and sustainability
18
LO 6 - Auditor Evaluation of Internal Controls
The steps in the integrated audit process are: Update information about various risks Consider the possibility of account misstatements Complete preliminary analytical procedures Understand the client’s internal controls Obtain an Understanding of Management’s Risk Assessment Process and the Control Environment
19
LO 6 - Auditor Evaluation of Internal Controls
Obtain an Understanding of Significant Accounts and Disclosures and Their Relevant Assertions Within the Information and Communication System Obtain an Understanding of the Control Activities in Accounting Processes Obtain an Understanding of Management’s Monitoring Activities Identify controls to test Auditor needs to test all the five components of internal control
20
Auditor Evaluation of Internal Controls
Make a plan to test the controls and execute that plan Use “top-down approach” that begins with at financial statement level Consider the results of control testing It is a part of the process designed to conduct the most efficient audit possible while minimizing overall audit risk Conduct substantive audit tests
21
Documentation should show
LO 7 - Documenting the Auditor’s Understanding and Assessment of an Organization’s Internal Controls Documentation should clearly identify each component of the internal control framework Documentation should show How each significant control is tested, The sampling approach used and the size of the sample used in testing, The conclusions of the tests, The individual performing the test, The auditor’s conclusion on the effectiveness of the control, and The implications for the audit of related financial account balances.
22
LO 8 - Management Reports on Internal Control over Financial Reporting
The Sarbanes-Oxley Act of 2002 requires management to implement effective internal controls over financial reporting and to certify that the controls have been implemented properly and are operating effectively To guide management and auditor, SEC and PCAOB provides definitions of Material Weakness Significant Deficiency
23
Material Weakness Deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis
24
Significant Deficiency
Deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.