Download presentation
Presentation is loading. Please wait.
1
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal Control and Control Risk Principles of Auditing: An Introduction to International Standards on Auditing - Ch. 7 Rick Stephan Hayes, Roger Dassen, Arnold Schilder, Philip Wallage
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal Control and Control Risk Principles of Auditing: An Introduction to International Standards on Auditing - Ch.](http://images.slideplayer.com./27/9213691/slides/slide_1.jpg "7 Rick Stephan Hayes, Roger Dassen, Arnold Schilder, Philip Wallage.")
2
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.2 Internal Control is A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations and safeguarding of assets against unauthorized acquisition, use or disposition.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.2 Internal Control is A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations and safeguarding of assets against unauthorized acquisition, use or disposition.](http://images.slideplayer.com./27/9213691/slides/slide_2.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.2 Internal Control is A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations and safeguarding of assets against unauthorized acquisition, use or disposition.")
3
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.3 International Federation of Accountants Internal Control Definition Internal control— The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.3 International Federation of Accountants Internal Control Definition Internal control— The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.](http://images.slideplayer.com./27/9213691/slides/slide_3.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.3 International Federation of Accountants Internal Control Definition Internal control— The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.")
4
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.4 Internal control is geared to the achievement of objectives in one or more separate overlapping categories: 1 effective operations — relating to effective and efficient use of the entity's resources 2 financial reporting — relating to preparation of reliable published financial statements 3 compliance — relating to the entity's compliance with applicable laws and regulations 4 safeguarding of assets
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.4 Internal control is geared to the achievement of objectives in one or more separate overlapping categories: 1 effective operations — relating to effective and efficient use of the entity s resources 2 financial reporting — relating to preparation of reliable published financial statements 3 compliance — relating to the entity s compliance with applicable laws and regulations 4 safeguarding of assets](http://images.slideplayer.com./27/9213691/slides/slide_4.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.4 Internal control is geared to the achievement of objectives in one or more separate overlapping categories: 1 effective operations — relating to effective and efficient use of the entity s resources 2 financial reporting — relating to preparation of reliable published financial statements 3 compliance — relating to the entity s compliance with applicable laws and regulations 4 safeguarding of assets")
5
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.5 Management Control Objectives Effective Operations goal safeguarding of assets (cash, accounts receivable, accounting records) Financial Reporting Need for accurate information because management has a responsibility to see that statements are prepared fairly in accordance with accounting standards. Auditor is interested primarily in financial reporting controls (especially controls over transactions). Compliance Companies must comply with many laws and regulations including company law, tax law and environmental protection regulations.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.5 Management Control Objectives Effective Operations goal safeguarding of assets (cash, accounts receivable, accounting records) Financial Reporting Need for accurate information because management has a responsibility to see that statements are prepared fairly in accordance with accounting standards.](http://images.slideplayer.com./27/9213691/slides/slide_5.jpg "Auditor is interested primarily in financial reporting controls (especially controls over transactions). Compliance Companies must comply with many laws and regulations including company law, tax law and environmental protection regulations..")
6
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.6 Which of the three categories of management control objectives is the most important to: The External Auditors? Management? Government Auditors? Internal Auditors? The shareholders? Employees?
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.6 Which of the three categories of management control objectives is the most important to: The External Auditors.](http://images.slideplayer.com./27/9213691/slides/slide_6.jpg "Management. Government Auditors. Internal Auditors. The shareholders. Employees .")
7
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.7 Auditor’s Primary Control Consideration and Emphasis To understand an entity’s internal control, the auditor will evaluate the design and implementation of a control. The auditor's primary consideration is whether, and how, a specific control prevents, or detects and corrects, material misstatements in classes of transactions, account balances or disclosures. The heaviest emphasis by auditors is on controls over classes of transactions rather than account balances or disclosures.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.7 Auditor’s Primary Control Consideration and Emphasis To understand an entity’s internal control, the auditor will evaluate the design and implementation of a control.](http://images.slideplayer.com./27/9213691/slides/slide_7.jpg "The auditor s primary consideration is whether, and how, a specific control prevents, or detects and corrects, material misstatements in classes of transactions, account balances or disclosures. The heaviest emphasis by auditors is on controls over classes of transactions rather than account balances or disclosures..")
8
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.8 Design and Implementation of Controls To understand the entity’s internal control the auditor will evaluate the design of a control and judge whether it has been implemented. He determines if the control is designed to prevent, detect, or correct transactions that misstate the account balances. Implementation of a control means that the control exists and that the entity is using it.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.8 Design and Implementation of Controls To understand the entity’s internal control the auditor will evaluate the design of a control and judge whether it has been implemented.](http://images.slideplayer.com./27/9213691/slides/slide_8.jpg "He determines if the control is designed to prevent, detect, or correct transactions that misstate the account balances. Implementation of a control means that the control exists and that the entity is using it..")
9
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.9 Securities Exchange Act Rules require Management must base its evaluation of the effectiveness of the company's internal control over financial reporting on a suitable, recognized control framework established by a body or group that followed due-process procedures, including the broad distribution of the framework for public comment. The report of the Committee of Sponsoring Organizations of the Treadway Commission (known as the COSO report) The Financial Reporting Council, Internal Control Revised Guidance for Directors on the Combined Code, October 2005 (known as the Turnbull Report).
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.9 Securities Exchange Act Rules require Management must base its evaluation of the effectiveness of the company s internal control over financial reporting on a suitable, recognized control framework established by a body or group that followed due-process procedures, including the broad distribution of the framework for public comment.](http://images.slideplayer.com./27/9213691/slides/slide_9.jpg "The report of the Committee of Sponsoring Organizations of the Treadway Commission (known as the COSO report) The Financial Reporting Council, Internal Control Revised Guidance for Directors on the Combined Code, October 2005 (known as the Turnbull Report)..")
10
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.10 Components of COSO Internal Control are Control Environment, Risk Assessment, Control Activities / Control Procedures, Information and Communication and Monitoring.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.10 Components of COSO Internal Control are Control Environment, Risk Assessment, Control Activities / Control Procedures, Information and Communication and Monitoring.](http://images.slideplayer.com./27/9213691/slides/slide_10.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.10 Components of COSO Internal Control are Control Environment, Risk Assessment, Control Activities / Control Procedures, Information and Communication and Monitoring.")
11
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.11 Components of Internal Control Illustration 7.1
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.11 Components of Internal Control Illustration 7.1](http://images.slideplayer.com./27/9213691/slides/slide_11.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.11 Components of Internal Control Illustration 7.1")
12
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.12 Control Environment Control environment—Includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.12 Control Environment Control environment—Includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity.](http://images.slideplayer.com./27/9213691/slides/slide_12.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.12 Control Environment Control environment—Includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity.")
13
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.13 Elements Contributing to a Successful Control Environment (1) Communication and enforcement of integrity and ethical values; (2) Commitment to competence; (3) Participation by those charged with governance - independence and integrity of the board of directors; (4) Management's philosophy and operating style - leadership via control by example; (5) Organizational structure; (6) Assignment of authority and responsibility; and (7) Human resource policies and practices.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.13 Elements Contributing to a Successful Control Environment (1) Communication and enforcement of integrity and ethical values; (2) Commitment to competence; (3) Participation by those charged with governance - independence and integrity of the board of directors; (4) Management s philosophy and operating style - leadership via control by example; (5) Organizational structure; (6) Assignment of authority and responsibility; and (7) Human resource policies and practices.](http://images.slideplayer.com./27/9213691/slides/slide_13.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.13 Elements Contributing to a Successful Control Environment (1) Communication and enforcement of integrity and ethical values; (2) Commitment to competence; (3) Participation by those charged with governance - independence and integrity of the board of directors; (4) Management s philosophy and operating style - leadership via control by example; (5) Organizational structure; (6) Assignment of authority and responsibility; and (7) Human resource policies and practices.")
14
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.14 Risk Assessment The entity’s risk assessment process forms the basis for how management determines the risks to be managed. Auditors assess risks to decide the evidence needed in the audit. If management effectively assesses and responds to risks, the auditor will typically need to accumulate less audit evidence than when management fails to, because control risk is lower.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.14 Risk Assessment The entity’s risk assessment process forms the basis for how management determines the risks to be managed.](http://images.slideplayer.com./27/9213691/slides/slide_14.jpg "Auditors assess risks to decide the evidence needed in the audit. If management effectively assesses and responds to risks, the auditor will typically need to accumulate less audit evidence than when management fails to, because control risk is lower..")
15
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.15 Identify Risks A technique to identify risks involves identifying and prioritizing high risk activities: ¬identify the essential resources of the business and determine which are most at risk; identify possible liabilities which may arise; ®review the risks that have arisen in the past; ¯consider any additional risks imposed by new objectives or new external factors; and °seek to anticipate change by considering problems and opportunities on a continuing basis.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.15 Identify Risks A technique to identify risks involves identifying and prioritizing high risk activities: ¬identify the essential resources of the business and determine which are most at risk; identify possible liabilities which may arise; ®review the risks that have arisen in the past; ¯consider any additional risks imposed by new objectives or new external factors; and °seek to anticipate change by considering problems and opportunities on a continuing basis.](http://images.slideplayer.com./27/9213691/slides/slide_15.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.15 Identify Risks A technique to identify risks involves identifying and prioritizing high risk activities: ¬identify the essential resources of the business and determine which are most at risk; identify possible liabilities which may arise; ®review the risks that have arisen in the past; ¯consider any additional risks imposed by new objectives or new external factors; and °seek to anticipate change by considering problems and opportunities on a continuing basis.")
16
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.16 Information. The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records designed and established to: Initiate, record, process, and report entity transactions Resolve incorrect processing of transactions Process and account for system overrides or bypasses to controls Transfer information from transaction processing systems to the general ledger;
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.16 Information.](http://images.slideplayer.com./27/9213691/slides/slide_16.jpg "The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records designed and established to: Initiate, record, process, and report entity transactions Resolve incorrect processing of transactions Process and account for system overrides or bypasses to controls Transfer information from transaction processing systems to the general ledger;.")
17
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.17 Communication is Communication by the company of the financial reporting roles and responsibilities and individual roles and responsibilities pertaining to internal control over financial reporting. May take such forms as policy manuals and financial reporting manuals. Open communication channels help ensure that exceptions are reported and acted on.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.17 Communication is Communication by the company of the financial reporting roles and responsibilities and individual roles and responsibilities pertaining to internal control over financial reporting.](http://images.slideplayer.com./27/9213691/slides/slide_17.jpg " May take such forms as policy manuals and financial reporting manuals. Open communication channels help ensure that exceptions are reported and acted on..")
18
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.18 Obtain an understanding of the information system and the related business processes relevant to financial reporting in the following areas: The classes of transactions in the entity's operations that are significant to the financial statements. The procedures by which those transactions are initiated, recorded, processed and reported from their occurrence to their inclusion in the financial statements. The related accounting records, supporting information, and specific accounts in the financial statements.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.18 Obtain an understanding of the information system and the related business processes relevant to financial reporting in the following areas: The classes of transactions in the entity s operations that are significant to the financial statements.](http://images.slideplayer.com./27/9213691/slides/slide_18.jpg "The procedures by which those transactions are initiated, recorded, processed and reported from their occurrence to their inclusion in the financial statements. The related accounting records, supporting information, and specific accounts in the financial statements..")
19
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.19 How the information system captures events and conditions, other than transactions, that are significant to the financial statements. The financial reporting process used to prepare the entity's financial statements, including significant accounting estimates and disclosures Obtain an understanding of the information system and the related business processes relevant to financial reporting in the following areas (continued):
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.19 How the information system captures events and conditions, other than transactions, that are significant to the financial statements.](http://images.slideplayer.com./27/9213691/slides/slide_19.jpg "The financial reporting process used to prepare the entity s financial statements, including significant accounting estimates and disclosures Obtain an understanding of the information system and the related business processes relevant to financial reporting in the following areas (continued):.")
20
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.20 accounting transactions correspondence personnel information customer and vendor information entity objectives and standards procedure manuals information about external events, activities and conditions Input for Information System
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.20 accounting transactions correspondence personnel information customer and vendor information entity objectives and standards procedure manuals information about external events, activities and conditions Input for Information System](http://images.slideplayer.com./27/9213691/slides/slide_20.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.20 accounting transactions correspondence personnel information customer and vendor information entity objectives and standards procedure manuals information about external events, activities and conditions Input for Information System")
21
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.21 Information System Input Risk Risk exists at all levels of the information system, but especially related to input. Input should be only by those people and systems with authorized access. Data entry should be secure from unauthorized access. Input should be accurate (correct data is entered correctly), valid (transaction is approved or authorized), and complete. Subsystem should process transactions completely and accurately
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.21 Information System Input Risk Risk exists at all levels of the information system, but especially related to input.](http://images.slideplayer.com./27/9213691/slides/slide_21.jpg " Input should be only by those people and systems with authorized access. Data entry should be secure from unauthorized access. Input should be accurate (correct data is entered correctly), valid (transaction is approved or authorized), and complete. Subsystem should process transactions completely and accurately.")
22
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.22 Output of Information System Qaccounting reports Qbudget reports Qproduction reports Qoperating reports Qcorrespondence Qall the records and files generated by applications software
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.22 Output of Information System Qaccounting reports Qbudget reports Qproduction reports Qoperating reports Qcorrespondence Qall the records and files generated by applications software](http://images.slideplayer.com./27/9213691/slides/slide_22.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.22 Output of Information System Qaccounting reports Qbudget reports Qproduction reports Qoperating reports Qcorrespondence Qall the records and files generated by applications software")
23
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.23 Control Activities (Control Procedures) There are potentially many control activities, but they generally fall into five categories: Performance reviews; Information processing: proper authorization of transactions and activities, General Controls; Information: accuracy, adequate documents and records, Application controls; Physical control over assets and records; adequate Segregation of duties.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.23 Control Activities (Control Procedures) There are potentially many control activities, but they generally fall into five categories: Performance reviews; Information processing: proper authorization of transactions and activities, General Controls; Information: accuracy, adequate documents and records, Application controls; Physical control over assets and records; adequate Segregation of duties.](http://images.slideplayer.com./27/9213691/slides/slide_23.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.23 Control Activities (Control Procedures) There are potentially many control activities, but they generally fall into five categories: Performance reviews; Information processing: proper authorization of transactions and activities, General Controls; Information: accuracy, adequate documents and records, Application controls; Physical control over assets and records; adequate Segregation of duties.")
24
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.24 Performance Reviews These control activities include reviews and analyses of actual performance versus budgets, forecasts, and prior period performance; relating different sets of data – operating or financial – to one another, together with analyses of the relationships and investigative and corrective actions; comparing internal data with external sources of information; and review of functional or activity performance.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.24 Performance Reviews These control activities include reviews and analyses of actual performance versus budgets, forecasts, and prior period performance; relating different sets of data – operating or financial – to one another, together with analyses of the relationships and investigative and corrective actions; comparing internal data with external sources of information; and review of functional or activity performance.](http://images.slideplayer.com./27/9213691/slides/slide_24.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.24 Performance Reviews These control activities include reviews and analyses of actual performance versus budgets, forecasts, and prior period performance; relating different sets of data – operating or financial – to one another, together with analyses of the relationships and investigative and corrective actions; comparing internal data with external sources of information; and review of functional or activity performance.")
25
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.25 Information Processing Proper authorization –Appropriate delegation of authority sets limits on what levels of risk are acceptable General Controls –access to the computer system is limited to people who have a right to the information –back-up and recovery procedures –User ID and general system access
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.25 Information Processing Proper authorization –Appropriate delegation of authority sets limits on what levels of risk are acceptable General Controls –access to the computer system is limited to people who have a right to the information –back-up and recovery procedures –User ID and general system access](http://images.slideplayer.com./27/9213691/slides/slide_25.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.25 Information Processing Proper authorization –Appropriate delegation of authority sets limits on what levels of risk are acceptable General Controls –access to the computer system is limited to people who have a right to the information –back-up and recovery procedures –User ID and general system access")
26
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.26 Information Adequate Documents Well-designed documents in a manual system and preformatted input screens in a CIS Assets are properly controlled and all transactions correctly recorded Document prepared at the time a transaction takes place Document simple enough to be clearly understood, Document designed for multiple use to minimize the number of different forms Document constructed in a manner that encourages correct preparation.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.26 Information Adequate Documents Well-designed documents in a manual system and preformatted input screens in a CIS Assets are properly controlled and all transactions correctly recorded Document prepared at the time a transaction takes place Document simple enough to be clearly understood, Document designed for multiple use to minimize the number of different forms Document constructed in a manner that encourages correct preparation.](http://images.slideplayer.com./27/9213691/slides/slide_26.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.26 Information Adequate Documents Well-designed documents in a manual system and preformatted input screens in a CIS Assets are properly controlled and all transactions correctly recorded Document prepared at the time a transaction takes place Document simple enough to be clearly understood, Document designed for multiple use to minimize the number of different forms Document constructed in a manner that encourages correct preparation.")
27
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.27 Information: Application Controls The chart of accounts Use of serial numbers on documents and input transactions Checks, tickets, sales invoices, purchase orders, stock certificates and many other business papers Systems manuals for computer accounting software should provide sufficient information to make the accounting functions clear Passwords that allow only authorized people admittance to the computer software on line
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.27 Information: Application Controls The chart of accounts Use of serial numbers on documents and input transactions Checks, tickets, sales invoices, purchase orders, stock certificates and many other business papers Systems manuals for computer accounting software should provide sufficient information to make the accounting functions clear Passwords that allow only authorized people admittance to the computer software on line](http://images.slideplayer.com./27/9213691/slides/slide_27.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.27 Information: Application Controls The chart of accounts Use of serial numbers on documents and input transactions Checks, tickets, sales invoices, purchase orders, stock certificates and many other business papers Systems manuals for computer accounting software should provide sufficient information to make the accounting functions clear Passwords that allow only authorized people admittance to the computer software on line")
28
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.28 Segregation of Duties Segregation of duties entail three fundamental functions which must be separated and adequately supervised: authorization recording custody
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.28 Segregation of Duties Segregation of duties entail three fundamental functions which must be separated and adequately supervised: authorization recording custody](http://images.slideplayer.com./27/9213691/slides/slide_28.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.28 Segregation of Duties Segregation of duties entail three fundamental functions which must be separated and adequately supervised: authorization recording custody")
29
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.29 Monitoring Monitoring is assessing the design of controls and their operation on a timely basis and taking necessary corrective actions. Management accomplishes monitoring of controls through ongoing activities, separate evaluations, or a combination of the two.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.29 Monitoring Monitoring is assessing the design of controls and their operation on a timely basis and taking necessary corrective actions.](http://images.slideplayer.com./27/9213691/slides/slide_29.jpg " Management accomplishes monitoring of controls through ongoing activities, separate evaluations, or a combination of the two..")
30
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.30 Evaluation of Monitoring When evaluating the ongoing monitoring the following issues might be considered: 4Periodic comparisons of amounts recorded with the accounting system and with physical assets. 4Responsiveness to internal and external auditor recommendations to strengthen internal controls. 4Extent to which training seminars, planning sessions and other meetings provide information on effective operation of controls. 4Effectiveness of internal audit activities 4Extent to which personnel obtain evidence on internal control function
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.30 Evaluation of Monitoring When evaluating the ongoing monitoring the following issues might be considered: 4Periodic comparisons of amounts recorded with the accounting system and with physical assets.](http://images.slideplayer.com./27/9213691/slides/slide_30.jpg "4Responsiveness to internal and external auditor recommendations to strengthen internal controls. 4Extent to which training seminars, planning sessions and other meetings provide information on effective operation of controls. 4Effectiveness of internal audit activities 4Extent to which personnel obtain evidence on internal control function.")
31
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.31 Design and Implementation of Internal Control Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. Implementation of a control means that the control exists and that the entity is using it. There is little point in assessing the implementation of a control that is not effective, and so the design of a control is considered first. An improperly designed control may represent a significant deficiency in internal control.
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.31 Design and Implementation of Internal Control Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements.](http://images.slideplayer.com./27/9213691/slides/slide_31.jpg " Implementation of a control means that the control exists and that the entity is using it. There is little point in assessing the implementation of a control that is not effective, and so the design of a control is considered first. An improperly designed control may represent a significant deficiency in internal control..")
32
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.32 Methods for Obtaining Controls Audit Evidence Risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls may include: (1) Inquiring of entity personnel. (2) Observing and re-performing the application of a specific control. (3) Inspecting documents and reports, (4) Tracing transactions through the information system
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.32 Methods for Obtaining Controls Audit Evidence Risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls may include: (1) Inquiring of entity personnel.](http://images.slideplayer.com./27/9213691/slides/slide_32.jpg "(2) Observing and re-performing the application of a specific control. (3) Inspecting documents and reports, (4) Tracing transactions through the information system.")
33
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.33 Thank You for Your Attention Any Questions?
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.33 Thank You for Your Attention Any Questions](http://images.slideplayer.com./27/9213691/slides/slide_33.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.33 Thank You for Your Attention Any Questions")
Similar presentations
![[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.](/18/6091758/big_thumb.jpg "[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.>")
