Presentation is loading. Please wait.

Presentation is loading. Please wait.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

Published byKristian Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT."— Presentation transcript:

1 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT

2 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-2 INTERNAL CONTROL Management’s perspective The auditor’s perspective

3 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-3 INTERNAL CONTROL Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

4 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-4 THE EFFECT OF INFORMATION TECHNOLOGY ON INTERNAL CONTROL The effect of an entity’s use of IT can affect any of the components of internal control. The use of IT affects the way that transactions are initiated, recorded, processed, and reported. See Table 6-1 for the potential benefits and risks to an entity’s internal control from IT.

5 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-5 BENEFITS FROM IT Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data. Enhancement of the timeliness, availability, and accuracy of information. Facilitation of additional analysis of information. Enhancement of the ability to monitor the performance of the entity's activities and its policies and procedures. Reduction in the risk that controls will be circumvented. Enhancement of the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems.

6 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-6 RISKS OF IT Reliance on systems or programs that are inaccurately process data, process inaccurate data, or both. Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions. Unauthorized changes to data in master files. Unauthorized changes to systems or programs. Failure to make necessary changes to systems or programs. Inappropriate manual intervention. Potential loss of data.

7 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-7 PLANNING AN AUDIT STRATEGY Figure 6-2 presents a flowchart of the auditor's decision process when considering internal control in planning an audit. The auditor can choose from two audit strategies: no-reliance or substantive strategy reliance strategy

8 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-8 A SUBSTANTIVE STRATEGY An auditor uses a substantive strategy because of one or all of the following factors:

9 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-9 A RELIANCE STRATEGY An auditor’s decision to follow a reliance strategy involves:

10 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-10 OBTAIN AN UNDERSTANDING OF INTERNAL CONTROL The auditor’s knowledge from understanding internal control is used to: Identify the types of potential misstatements. Consider factors that affect the risk of material misstatement. Design of tests of controls Design substantive tests.

11 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-11 In deciding on the nature and extent of the understanding of the internal control, the auditor should consider the following items: Knowledge obtained from other sources about the types of misstatements that could occur. Information from previous audits. Understanding of the entity's industry and markets. The assessment of inherent risk. Judgments about materiality. The complexity and sophistication of the entity's operations and systems, including IT. OBTAIN AN UNDERSTANDING OF INTERNAL CONTROL

12 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-12 OBTAIN AN UNDERSTANDING OF INTERNAL CONTROL To properly understand an entity’s internal control, the auditor must understand the five components of internal control:

13 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-13 THE CONTROL ENVIRONMENT The control environment sets the tone of the organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure

14 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-14 FACTORS AFFECTING THE CONTROL ENVIRONMENT Integrity and ethical values. A commitment to competence. Participation of the board of directors or audit committee. Management’s philosophy and operating style. Organizational structure. Assignment of authority and responsibility. Human resource policies and procedures.

15 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-15 RISK ASSESSMENT Risk assessment is the entity's identification, analysis, and management of risks relevant to the preparation of financial statements that are fairly presented in conformity with GAAP.

16 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-16 SPECIFIC RISKS Client business risks can arise or change due to:

17 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-17 CONTROL ACTIVITIES Control activities are the policies and procedures that help ensure that necessary actions are taken to address the risks involved in achieving the entity's objectives

18 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-18 CONTROL ACTIVITIES Control activities that are relevant to the audit include: Performance reviews Information processing Physical control Segregation of duties

19 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-19 INFORMATION AND COMMUNICATION SYSTEMS Information and communication support the identification, capture, and exchange of information in form and time frame that enable people to carry out their responsibilities.

20 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-20 An information system consists of infrastructure, software, people, procedures, and data. The information system relevant to the financial reporting objectives, which includes the accounting system, consists of procedures, whether automated or manual, and records established to initiate, record, process, and report entity transactions and to maintain accountability for the related assets and liabilities. INFORMATION SYSTEM

21 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-21 INFORMATION SYSTEM An effective accounting system encompasses methods and records that will: Identify and records all valid transactions. Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting. Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements.

22 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-22 INFORMATION SYSTEM Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period. Present properly the transactions and related disclosures in the financial statements.

23 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-23 COMMUNICATION Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.

24 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-24 MONITORING Monitoring is a process that assesses the quality of the internal control over time. It involves appropriate personnel assessing the design and operation of controls on a timely basis and taking necessary actions.

25 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-25 THE EFFECT OF ENTITY SIZE ON INTERNAL CONTROL The size of the entity may affect how the various components of internal control are implemented. Many small entities have good controls because of significant involvement in day-to-day activities by the owner-manager.

26 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-26 LIMITATIONS OF INTERNAL CONTROL

27 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-27 PROCEDURES TO OBTAIN AN UNDERSTANDING The auditor uses the following audit procedures to obtain an understanding of internal control: Inquiry of appropriate management, supervisory, and staff personnel. Inspection of entity documents and reports. Observation of the entity's activities and operations.

28 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-28 DOCUMENTING THE UNDERSTANDING OF THE INTERNAL CONTROL A number of tools are available to the auditor for documenting the understanding of the internal control including: Copies of the entity's procedures manuals and organizational charts. Narrative descriptions (see Exhibit 6-6). Internal control questionnaires (see Exhibits 6-1). Flowcharts (see Figure 6-4).

29 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-29 ASSESSING CONTROL RISK Assessing control risk below the maximum involves three steps: Identifying specific controls that will be relied upon. Performing tests of controls. Concluding on the assessed level of control risk.

30 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-30 PERFORMING TESTS OF CONTROLS Audit procedures directed towards evaluating the effectiveness of either the design or operation of an internal control are referred to as tests of controls and include:

31 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-31 DOCUMENTING THE ASSESSED LEVEL OF CONTROL RISK Auditing standards state that the auditor should document the basis for his or her conclusions about the assessed level of control risk. The auditor should also document the assessed level of control risk so that the audit risk model can be used.

32 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-32 PERFORMING SUBSTANTIVE TESTS The last step in the decision process is to perform the substantive tests. The level of detection risk for these tests is based on the planned level of audit risk and the assessed levels of inherent and control risk.

33 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-33 TIMING OF AUDIT PROCEDURES Auditing procedures can be conducted at: an interim date, or at year end See Figure 6-5

34 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-34 INTERIM TESTS OF CONTROLS The auditor should consider the following factors in determining the nature and extent of audit work for the remaining period for tests of controls: the significance of the internal control objective the evaluation of the design and operation of the control the planned substantive tests.

35 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-35 INTERIM SUBSTANTIVE TESTS The auditor should consider the following factors when substantive tests are completed at an interim date:

36 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-36 COMMUNICATION OF INTERNAL CONTROL-RELATED MATTERS Auditing standards (AU 325) requires that the auditor report to the audit committee, or to a similar level of authority when the entity does not have an audit committee, matters which are referred to as reportable conditions.

37 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-37 REPORTABLE CONDITIONS Reportable conditions are significant deficiencies in the design or operation of the internal control which could adversely affect the organization's ability to record, process, summarize, and report financial data consistent with management's assertions (see Table 6-7).

38 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-38 REPORTING ON REPORTABLE CONDITIONS The following items should be included in the report: A indication that the purpose of the audit was to report on the financial statements and not to provide assurance on the internal control. The definition of reportable conditions. A statement of restrictions on the distribution on the report See Exhibit 6-7.

39 McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-39 MATERIAL WEAKNESSES A material weakness in internal control is defined as a reportable condition in which the design or operation of one or more of the specific internal control elements does not reduce to a relatively low level the risk that errors or irregularities in amounts that would be material in relation to the financial statements being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions (AU 325.15).

Download ppt "McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
Review of Introduction to Auditing

Review of Introduction to Auditing
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Chapter 5 Risk Assessment: Internal Control Evaluation

Chapter 5 Risk Assessment: Internal Control Evaluation
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004

CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk
Nature of an Integrated Audit

Nature of an Integrated Audit
Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything.

5-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Internal Control Evaluation: Assessing Control Risk “If everything.

Similar presentations

Ads by Google