Beruflich Dokumente
Kultur Dokumente
Please note that I have added a few notes (in this colour) to these slides you may wish to add to your copy
Assurance (International) Study Text for Exams in 2012 chapter 9 ISA 315 http://web.ifac.org/download/a017-2010-iaasb-handbook-isa-315.pdf
23/11/2012
University of Greenwich
IK
Aims
After this session the you should
understand 1. Why and how the auditor assesses the internal controls of the company 2. The implications of perceived sufficient, effective (strong) and perceived insufficient, ineffective (weak) internal controls
23/11/2012 University of Greenwich IK 3
Aims
After this session the you should
understand 1. Why and how the auditor assesses the internal controls of the company 2. The implications of perceived sufficient, effective (strong) and perceived insufficient, ineffective (weak) internal controls
23/11/2012 University of Greenwich IK
components of internal control , the implication for the auditors understanding of the entity and the resulting audit. Discuss the auditors consideration, recording of and testing internal control systems and how this impacts the resulting audit process and communication to the client. Critically consider the various methods of recording internal control systems.
23/11/2012 University of Greenwich IK 5
companies and the limitations inherent to internal control systems. Discuss the 2 types of controls operational within a computerised environment.
23/11/2012
University of Greenwich
IK
(usually directors), management and others WHY? To provide reasonable assurance about achieving objectives of: reliable financial reporting, effective & efficient operations and compliance with laws and regulations.
Based on: http://web.ifac.org/download/a017-2010-iaasb-handbook-isa-315.pdf (ISA 315 paragraph 4)
23/11/2012
University of Greenwich
IK
Directors are not expected to account for every penny (because the WHAT? A process - designed, implemented, cost of control maintained (systems, to do something) would be too great) BY WHOM? Those charged with governance
(usually directors), management and others WHY? To provide reasonable assurance about achieving objectives of: reliable financial reporting, effective & efficient operations and compliance with laws and regulations.
Based on: http://web.ifac.org/download/a017-2010-iaasb-handbook-isa-315.pdf (ISA 315 paragraph 4)
23/11/2012
University of Greenwich
IK
Understanding?
Aids In identifying risk of material misstatement, and to Plan the nature (what kind of procedures), timing (when) and extent (how much) of audit procedures.
Based on BPP Learning (2011) p 155
23/11/2012
University of Greenwich
IK
10
When there are irrelevant, inadequately designed and/or ineffective (i.e. poor or weak) controls
-> Risk of
5.
23/11/2012
Control environment Risk assessment Information system relevant to financial reporting Control activities (formally called control procedures) Monitoring the controls
BPP Learning Media (2011) p155
University of Greenwich IK 12
1. Control environment
23/11/2012
University of Greenwich
IK
13
23/11/2012
University of Greenwich
IK
14
order to assess if these elements have been implemented: 1. Communication (and enforcement of) integrity and ethical values 2. Commitment to competence 3. Participation by those charged with governance
23/11/2012 University of Greenwich IK 16
understand whether the entity has a process (system) to: 1. Identify risks (related to financial reporting objectives) 2. Estimate extent of risks 3. Assess likelihood of risky event occurring 4. Decide on actions to address risks
Based on ISA 315 par 15
23/11/2012 University of Greenwich IK 18
understand whether the entity has a process (system) to: 1. Identify risks (related to financial reporting objectives) 2. Estimate extent of risks 3. Assess likelihood of risky event occurring 4. Decide on actions to address risks
Based on ISA 315 par 15
23/11/2012 University of Greenwich IK 19
management's process did not identify (i.e. considers the adequacy or absence of ICs)
management
23/11/2012
20
and returns Purchases (daybook) DEFINITION and returns Cashbook Procedures and records designed and established to: Petty cashbook Initiate, record, process, and report transactions Journal and to control assets, liabilities and equity; Such as wages and deductions Deal with errors in transaction processing;
3. Information system (AIS) relevant Examples Sales to financial reporting (i.e. (daybook) accounting
information systems - AIS)
Identify and deal with overrides in controls; Transfer information to the GL (General or Nominal ledger) (can you think of an example?)
23/11/2012
University of Greenwich
IK
22
you think of an example?) Ensure disclosable information is appropriately kept (how would an entity know what to disclose?)
23/11/2012
University of Greenwich
IK
25
4. Control activities
Definition: Control activities are the policies and procedures that help ensure that management directives are carried out.
See BPP Learning (2011) p 157
control activities relevant to the audit and how the entity addressed IT risks.
23/11/2012 University of Greenwich IK 26
count, multiple copies, sequential numbering of documents, reconciliations (physical with recorded, different systems against one another), segregation of duties, limiting physical access, comparing internal to external evidence.
See BPP (2011) p158
23/11/2012 University of Greenwich IK 27
How to segregate?
Segregate: 1. Carrying out transactions (segregate this as well) 2. Recording (segregate accounting operations) 3. Safeguarding
Note that Segregation of duties is sometimes regarded as part of the control environment
See BPP Learning Media (2011) p158
23/11/2012
University of Greenwich
IK
28
Example (Class)
How do you think segregation of duties would work for a supermarket - starting with the cashiers money tray?
23/11/2012
University of Greenwich
IK
29
Example (Class)
At this stage (rather unrealistically) we can ignore the
certain times) A different member of staff should collect the monies from the cash registers and complete the bank paying-in slip A third member of staff should record it in the cashbook A fourth member of staff should take the money to the bank Remember ARC
University of Greenwich IK 30
23/11/2012
5. Monitoring controls
Processes to assess effective functioning of
internal controls for the period under review. Both design and functioning of controls need to be assessed on a frequent enough basis, changes to controls are needed when the entitys situation changes.
Based on BPP Learning (2011) page 158
23/11/2012
University of Greenwich
IK
31
Monitoring controls
Things auditor will take into consideration: Internal audit Sources of information Basis for information to be deemed reliable Major monitoring activities over financial reporting and correction of deficiencies.
See BPP Learning Media (2011) p 158
23/11/2012 University of Greenwich IK 32
much more director involvement of ground-level functions and staff. This raises a further issue directors overriding ICs and omitting transactions
23/11/2012
University of Greenwich
IK
36
The auditor must keep a RECORD of the clients system & update this annually
Methods of recording client systems are: 1. Narrative notes, 2. Flowcharts 3. Questionnaires (ICQ (control and control objective focused) & ICEQ (error/omission and detection or prevention focused) 4. Checklists
See BPP Learning Media (2011) p 162-166
The auditor must keep a RECORD of the clients system & update this annually
Methods of recording client systems are: 1)Narrative notes, 2)Flowcharts 3)Questionnaires (ICQ (control and control objective focused) & ICEQ (error/omission and detection or prevention focused) 4)Checklists
See BPP Learning Media (2011) p 162-166
L11c
Audit and assurance J. E. Spencer-Wood
ICEs / ICEQs
Internal control evaluation (questions)
Risk based
December 2010 - 2
40
UNIVERSITY of GREENWICH
L11c
Audit and assurance J. E. Spencer-Wood
ICQs
A series of questions asking if expected ICs exist
Written so that answers indicate
If YES = a strong control If NO = a weak control
All controls would be included An ICQ would usually be drawn up for each internal control cycle
The major cycles are sales, purchases, wages, cash, inventory, non-current assets
December 2010 - 2
41
UNIVERSITY of GREENWICH
L11c
Audit and assurance J. E. Spencer-Wood
ICQs (cont.)
All appropriate internal controls should be included in an ICQ Each answer (yes or no) must be considered individually as (in terms of likely material misstatement) some controls are not as important as others some may be irrelevant
UNIVERSITY of GREENWICH
December 2010 - 2
42
L11c
Audit and assurance J. E. Spencer-Wood
ICEs
Rather than considering all expected ICs, the ICE is based on the likelihood of error or fraud in each cycle
Key (or control) questions are established
Each key question has a supporting bank of detailed questions
Some ICEs are written so that answers indicate If YES = strong control If NO = weak control
December 2010 - 2
43
UNIVERSITY of GREENWICH
L11c
Audit and assurance J. E. Spencer-Wood
ICEs
An ICE too would usually be drawn up for each internal control cycle Example (Sales cycle)
Objective: Are all sales invoices recorded?
A key question in the sales cycle
December 2010 - 2
L11c
Audit and assurance J. E. Spencer-Wood
December 2010 - 2
45
UNIVERSITY of GREENWICH
Time to ponder
Do you think the auditor only records the systems
23/11/2012
University of Greenwich
IK
46
part of his planning process when considering the risk of material misstatement (Based on ISA 315).
However, he only performs controls tests when he
believes the internal control system is sufficiently strong to place reliance on the controls having operated effectively.
23/11/2012
University of Greenwich
IK
47
23/11/2012
University of Greenwich
IK
48
Tests of controls
Performed to obtain evidence about control Control design (prevent or detect and correct material misstatements at the assertion level) Control operation (throughout period)
23/11/2012
University of Greenwich
IK
49
23/11/2012
(Class)
University of Greenwich
IK
50
Assertions (extract from prior lecture) Categories of assertions (ISA 500) Classes of transactions 1. Statement of Comprehensive Income (IS, P&L
a/c)
Occurrence - Actual / in period / by entity Completeness - Nothing left out Accuracy - All data appropriately recorded Cutoff - Correct period Classification - Commission [In the right place - account
coding]
August 2012
51
UNIVERSITY of GREENWICH
Completeness - Nothing left out Accuracy - All data appropriate recorded Valuation and allocation - Appropriate carrying
values* and commission * carrying amounts / NBV
August 2012
52
UNIVERSITY of GREENWICH
August 2012
53
August 2012
54
UNIVERSITY of GREENWICH
controlled to prevent MM
For example
Valuation (assertion) Cost, revaluation, writedowns must not contain MM Existence (assertion) Assets must actually exist etc..
August 2012
55
UNIVERSITY of GREENWICH
Consider: How, with how much consistency, by whom controls are applied.
See BPP Learning Media (2011) p166-167
23/11/2012
University of Greenwich
IK
56
in turn affects nature, timing, extent of further procedures. (i.e. when control tests reveal initial risk assessments were incorrect)
Need to communicate significant deficiencies in
23/11/2012
University of Greenwich
IK
58
In class activity
P 173 Quick quiz
BPP Learning question 15 p368
23/11/2012
University of Greenwich
IK
59
Tutorial preparation
Revise chapter 9 of the textbook
Do tutorial questions 1-3
23/11/2012
University of Greenwich
IK
60