Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented.

Published byArthur Hawkins Modified over 9 years ago

Similar presentations

Presentation on theme: "THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented."— Presentation transcript:

1 THE STUDY & EVALUATION OF INTERNAL CONTROL

2 Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented  Large, complex  Strong controls Advanced Systems or Audits SYSTEMS-ORIENTED vs DATA-ORIENTED

3 Chronology of an Audit of Computer-based Accounting System document systems and controls plan and perform tests of systems and controls assess and document adequacy of systems and controls extend tests of systems, transactions and/or balances internal control letter use of/provide third party report for service bureau

4 Chronology of an Audit of a Computer-based Accounting System Document systems and controls Plan and perform tests of systems and controls Assess and document adequacy of systems and controls Extend tests of systems, transactions and/or balances Internal Control letter

5 Understand and document IT environment Review and document application Perform “walk - throughs” DOCUMENT SYSTEMS & CONTROLS

6 IT Strategic Plan IT Business Plan Organization Chart Information Security Policy Technology Summary Application Summary DOCUMENT IT ENVIRONMENT

7 Change Controls Logical access controls Business continuity plans System development policies Operation policies and procedures DOCUMENT IT ENVIRONMENT

8 Prepare Summary Flowchart Detailed flowcharts Narrative description Summary Processing Chart Summary Run Structure Chart REVIEW & DOCUMENT APPLICATION

9 Document Systems and Controls document applications, hardware, software, how EDP costs are accounted for/allocations, organization, policies and procedures, and any special risks review general computer controls document the results of the review

10 Document Systems and Controls document application processing procedures prepare/update summary flowchart then manual phase document computer processing phase update of master files, summarization of data, arith calcs, sorting/merging data, extraction of data from one/more files printing prepare EDP processing report

11 Confirm understanding of system Tests should cover:  key transactions types  related control information  error correction procedures LIMITED TESTS OR “WALK-THROUGHS”

12 Document Tests of Transaction Flows do walk-throughs to ensure that documentation accumulated to date reflects actual system in place trace computer phase recalc invoices, test ageing trace control info and balance procedures obtain and check batch totals

13 Document Tests of Transaction Flows trace error correction procedures select a few errors and check back to original source documents done to determine nature and that error was identified on exception report ensure properly rejected and properly corrected

14 Identify risks - ‘What Could Go Wrong’ Identify controls to mitigate risks Design appropriate tests Document test results PERFORM TESTS OF SYSTEMS & CONTROLS

15 What is the control objective What could happen to defeat objective Is there significant risk Identify key controls WHAT COULD GO WRONG

16 Identify controls to rely on High level versus low level controls Controls covering multiple control objective Interdependency of Controls DESIGN APPROPRIATE TESTS

17 Review of Error/Exception Reports  starts with reported error  point in time test  use of suspense accounts Replicate data entry Recompute procedure Use of test data PROGRAMMED ACCOUNTING PROCEDURES & CONTROLS

18 1.Interval testing 2.Reliance on Program Change Controls  authorised  tested  implemented correctly EXTENT OF PROGRAMMED CONTROL TESTING

19 Make clear it is programmed controls Extent of tests Reliance on change control DOCUMENTATION OF TESTS

20 Objective is to assess overall adequacy of internal control in areas to be relied on Assessment made at both general controls and application controls levels ASSESS ADEQUACY OF SYSTEMS & CONTROLS

21 Has each primary control objective been achieved If not:  document on weakness evaluation schedule  assess impact on individual applications Direct impact objectives:  logical access controls  program change controls EVALUATE GENERAL CONTROLS

22 Use of Evaluation Guides Could material error occur? Id. system efficiencies ADEQUACY OF CONTROLS BY SYSTEM

23 Planning and Performing Tests of Systems and Controls determine whether reliance warranted cost/benefit vs substantive ID key controls where reliance is appropriate consider overlapping manual controls look at related application controls

24 Planning and Performing Tests of Systems and Controls design and record tests arith accuracy (prog errors would be the cause) key totals having no documentary evidence (such as review/existence of a control group) key controls evidenced by completed accounting routines (monthly totals, error logs) key controls evidenced by signatures,initials (initially master file changes)

25 Assessing and Documenting Adequacy of Systems and Controls evaluate adequacy of general and financial controls use computer control evaluation guide assess impact of deficiencies use control weakness evaluation schedule evaluate adequacy of controls in each major system application controls master file changes, data controls, error controls use application control evaluation guide document conclusions

26 General Computer Control Weaknesses Application Control Weakness  reliance on preventive controls  reliance on detective controls Absent Control vs Ineffective Control Specific period control breakdown Reporting to management EXTENDED TESTS & REPORTING

27 Extended Tests of Systems, Transactions, Balances general control weaknesses must evaluate in light of each accounting application if preventive - need to look at associated detective controls if detective- may need to do procedure to check for evidence of errors CAATs, review transactions, reconciliations entire - vs specific period

28 Internal Control Letter basic information risks service opportunities general control weaknesses application control weaknesses practical recommendations

29 Chronology of an Audit of a Computer-based Accounting System Document systems and controls Plan and perform tests of systems and controls Assess and document adequacy of systems and controls Extend tests of systems, transactions and/or balances Internal Control letter

Download ppt "THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented  Small, simple systems  Weaker controls System-Oriented."

Similar presentations

Audit of Autonomous District Councils (in an IT environment using FAAM)

Audit of Autonomous District Councils (in an IT environment using FAAM)
Internal Control and Control Risk

Internal Control and Control Risk
Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.

Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.
Auditing Concepts.

Auditing Concepts.
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.

Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 5 Expenditure Cycle Applications. Expenditure Documents i.Purchase Requisitions ii.Purchase Orders iii.Receiving Report iv.Voucher Systems v.Invoice.

Chapter 5 Expenditure Cycle Applications. Expenditure Documents i.Purchase Requisitions ii.Purchase Orders iii.Receiving Report iv.Voucher Systems v.Invoice.
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
Chapter 9 The Study of Internal Control and Assessment of Control Risk

Chapter 9 The Study of Internal Control and Assessment of Control Risk
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Chapter 13 Auditing Information Technology

Chapter 13 Auditing Information Technology
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
Today’s Lecture application controls audit methodology.

Today’s Lecture application controls audit methodology.
Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.

Chapter 17: Computer Audits ACCT620 Internal Accounting Otto Chang Professor of Accounting.
CHAPTER 11 SUBTANTIVE AUDIT TESTING: Revenue Cycle

CHAPTER 11 SUBTANTIVE AUDIT TESTING: Revenue Cycle
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting

Similar presentations

Ads by Google