Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.

Published byKimberly Price Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit."— Presentation transcript:

1 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit Chapter Six Internal Control in a Financial Statement Audit

2 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-2 Internal Control Reliability of Financial Reporting Effectiveness & Efficiency of Operations Compliance with Laws & Regulations Objectives

3 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-3 Controls Relevant to the Audit Generally, internal controls pertaining to the preparation of financial statements for external purposes are relevant to an audit. Reliability of Financial Reporting Effectiveness & Efficiency of Operations Compliance with Laws & Regulations Objectives

4 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-4 Controls Relevant to the Audit Controls relating to operations and compliance objectives may be relevant when they relate to data the auditor uses to apply auditing procedures. Reliability of Financial Reporting Effectiveness & Efficiency of Operations Compliance with Laws & Regulations Objectives

5 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-5 Components of Internal Control Control Environment Entity’s Risk Assessment Process Information System and Related Business Processes Relevant to Financial Reporting & Communication Control Activities Monitoring of Controls

6 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-6 Components of Internal Control

7 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-7 Components of Internal Control

8 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-8 The Effect of Information Technology on Internal Control

9 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-9 Planning an Audit Strategy Audit Risk Model AR = IR × CR × DR In applying the audit risk model, the auditor must assess control risk. The figure on the next slide presents a flowchart of the auditor’s decision process when considering internal control in planning an audit.

10 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-10

11 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-11 Substantive Strategy After obtaining an understanding of internal control, an auditor may choose to follow a substantive strategy and set control risk at the maximum for some or all assertions because of one or all of the following factors: Controls do not pertain to an assertion. Controls are assessed as ineffective. Testing the effectiveness of controls is inefficient.

12 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-12 Reliance Strategy Obtain Understanding of Internal Control Plan to Rely on Internal Control and Assess Control Risk Below Maximum

13 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-13 Assertions Occurrence Completeness Authorization Accuracy Cutoff Classification

14 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-14 Assertions

15 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-15 Assertions

16 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-16 Obtain an Understanding of Internal Control Identify types of potential misstatements Design tests of controls Consider factors that affect the risk of material misstatement Design substantive procedures The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This knowledge is used to:

17 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-17 Control Environment

18 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-18 The Entity’s Risk Assessment Process The risk assessment process should consider external and internal events and circumstances that may arise and adversely affect the entity’s ability to initiate, record, process and report financial data consistent with the assertions of management in the financial statements. Changes in the operating environment New personnel New or revamped information systems Rapid growth New technology New business models, products, or activities Corporate restructuring Expanded international growth New accounting pronouncements Client business risk can arise or change due to the following circumstances:

19 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-19 Information Systems and Communication An effective accounting system gives appropriate consideration to establishing methods and records that will 1.Identify and record all valid transactions. 2.Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting. 3.Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements. 4.Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period. 5.Properly present the transactions and related disclosures in the financial statements.

20 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-20 Control Activities Control activities are the policies and procedures that help ensure that management’s directives are carried out. Those control activities that are relevant to the audit include Performance reviews Information processing Physical controls Segregation of duties

21 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-21 Monitoring of Controls Monitoring of controls is a process that assesses the quality of internal control performance over time. Internal Auditors An effective internal audit function has clear lines of authority and reporting, qualified personnel, and adequate resources to enable these personnel to carry out their assigned duties.

22 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-22 The Effect of Entity Size on Internal Control While the basic concepts of the five components should be present in all entities, they are likely to be less formal in a small or midsize entity than in a large entity.

23 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-23 The Limitations of an Entity’s Internal Control Management Override of Internal Control Human Errors or Mistakes Collusion

24 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-24 Factors Contributing to Fraud

25 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-25 Documenting the Understanding of Internal Control Procedure Manuals and Organizational Charts Narrative Description Internal Control Questionnaires Flowcharts

26 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-26 Assessing Control Risk Identify specific controls that will be relied upon. Perform tests of controls Conclude on the achieved level of control risk.

27 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-27 Documenting the Achieved Level of Control Risk The auditor’s documents the tests of controls, the linkage of the tests with the assessed risks at the assertion level, and the results of the tests assessment of control risk by using a structured working paper, an internal control questionnaire, or a memorandum. Let’s look at an example from EarthWear Clothiers to see how the control risk for two accounts that differ in terms of their nature, size and complexity is documented.

28 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-28 Documenting the Assessed Level of Control Risk

29 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-29 Substantive Procedures

30 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-30 Timing of Audit Procedures Interim Year End Let’s look at the EarthWear Clothiers example again to see the timing of their audit procedures.

31 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-31 Timing of Audit Procedures

32 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-32 Timing of Audit Procedures Timing of Tests of Controls 1.Assertion being tested not significant 2.Control has been effective in prior audits 3.Efficient use of staff time Timing of Substantive Procedures 1.Assertion probably has low control risk 2.May increase the risk of material misstatements 3.Still requires some year end testing

33 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-33 Use of Prior Period Evidence of Internal Controls (ISA 330) If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits, obtain evidence about whether changes in those specific controls have occurred subsequent to the prior audit. If changes in the specific controls have occurred, test controls in the current audit. If changes in the specific controls have not occurred, document the conclusions reached with regard to reliance, and test controls at least once in every third audit. If the auditor plans to rely on controls to mitigate a significant risk, however, test controls in the current audit.

34 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-34 Auditing Accounting Applications Processed by Service Organizations In some instances, a client may have some or all of its accounting transactions processed by an outside service organization. Because the client’s transactions are subjected to the controls of the service organization, one of the auditor’s concerns is the internal control system in place at the service organization. It is not uncommon for service organizations to have an auditor issue one of two types of reports on their operations.

35 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-35 Auditing Accounting Applications Processed by Service Organizations Report #1 Describes the service organization’s controls and assesses whether they are suitably designed to achieve specified internal control objectives. Report #2 Goes further by testing whether the controls provide reasonable assurance that the related control objectives were achieved during the period. An auditor may reduce control risk below the maximum only on the basis of a service auditor’s report that includes tests of the controls.

36 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-36 Communication of Material Weaknesses of Internal Control Material Weakness ISAs define a material weakness in internal control as one that could have a material effect on the financial statements. Auditing standards (ISA 315) require that the auditor reports to those charged with governance or the appropriate level of management of material weaknesses in the design or implementation of internal control. Communication

37 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-37 Types of Controls in an IT Environment General Controls 1.Data center & network operations 2.System software acquisition, change and maintenance 3.Access security 4.Application system acquisition, development, and maintenance Application Controls 1.Data capture controls 2.Data validation controls 3.Processing controls 4.Output controls 5.Error controls

38 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-38 Types of Controls in an IT Environment

39 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-39 Types of Controls in an IT Environment

40 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-40 Types of Controls in an IT Environment

41 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-41 Flowcharting Symbols

42 Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-42 End of Chapter 6

Download ppt "Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit."

Similar presentations

Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Auditing Concepts.

Auditing Concepts.
Internal Control.

Internal Control.
Internal Control Chapter 7 covers two distinct, but related topics:

Internal Control Chapter 7 covers two distinct, but related topics:
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-1 Chapter 7 CHAPTER 7 THE EFFECT OF INFORMATION TECHNOLOGY ON THE AUDIT.
INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004

CHAPTER 9 UNDERSTANDING INTERNAL CONTROLS Winter 2004
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.

5-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 5 Audit Planning.
Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.

Chapter 12 Auditing the Human Resource Management Process McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Internal Control in a Financial Statement Audit

Internal Control in a Financial Statement Audit
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
INTERNAL CONTROL OVER FINANCIAL REPORTING

INTERNAL CONTROL OVER FINANCIAL REPORTING
Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session 1.8 1 Internal Control and Risk Assessment.

Financial Audit Autonomous Bodies Internal Control and Risk Assessment Session Internal Control and Risk Assessment.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 12-1 Chapter Twelve Auditing the Human Resource Management Process.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 12-1 Chapter Twelve Auditing the Human Resource Management Process.
Auditing Internal Control over Financial Reporting

Auditing Internal Control over Financial Reporting
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 14-1.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved

Similar presentations

Ads by Google