Modern Auditing:

Assurance Services and the Integrity

of Financial Reporting, 8th Edition

William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University

Chapter 10 Understanding Internal Control

Chapter 10 Overview
 Fundamental Concepts of
Internal Controls
Process integrated with an entitys
infrastructure

People implement internal control

Can only provide reasonable assurance

Achieve objectives in financial reporting,

compliance, and operations
 Components of Internal Control

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring
 Entity Objectives with Internal
Control
Reliability of financial information

Compliance with applicable laws

and regulations

Effectiveness and efficiency of

operations
 Limitations of Internal Control

Mistakes in Judgment

Breakdowns

Collusion

Management Override

Cost versus Benefits

 Roles and Responsibilities
Management

Board of Directors and Audit

Committee

Internal Auditors
Roles and Responsibilities (cont.)

Other Entity Personnel

Independent Auditors

Other External Parties

 Study Break
1. _____ is a process that assesses the
quality of internal control
performance over time.
A. Control activities
B. Risk assessment
C. Information and communication
D. Monitoring

D. Monitoring
 Study Break
2. This limitation of an entitys internal
controls occurs when two or more
individuals act together to perpetrate
and conceal fraud.
A. Breakdowns
B. Collusion
C. Management override
D. Mistakes in judgment

B. Collusion
Components of Internal Control
 Control Environment
Integrity and Ethical Values

Commitment to Competence

Board of Directors and Audit

Committee

Managements Philosophy and

Operating Style
 Control Environment (cont.)
Organizational Structure

Assignment of Authority and

Responsibility

Human Resource Policies and

Practices
Risk Assessment Process
Information and Communication

Information
Transactions
Audit Trail or Transaction Trail
Documents
Records

Communication
 Control Activities
Authorization Controls

Segregation of Duties
Transaction authorization
Custody of assets
Recorded accountability in accounting
records
Segregation of Duties
 Control Activities (cont.)
Information Processing Controls
General Controls

Computer Application Controls

Controls over the Financial Reporting

Process
 General Controls
Organization and Operation Controls

Systems Development and

Documentation Controls

Hardware and Systems Software Controls

Access Controls

Data and Procedural Controls

 Computer Application Controls

Input Controls

Processing Controls

Output Controls
Controls over the Financial
Reporting Process
 Control Activities (cont.)
Physical Controls

Performance Reviews

Controls over Management

Discretion in Financial Reporting
 Control Activities (cont.)
Monitoring
Ongoing monitoring programs

Separate evaluations

Element of reporting deficiencies to

the audit committee
Antifraud Programs and Controls
 Study Break
3. Which of the following does not
influence the control environment?
A. Managements Philosophy
B. Adequate Training
C. Hiring Processes
D. All of the above influence the control
environment

D. All of the above influence the control

environment
 Study Break
4. This component of control activities
ensures that every transaction is
authorized by management acting
within the scope of their authority.
A. Authorization Controls
B. Segregation of Duties
C. Information Processing Controls
D. All of the above

A. Authorization Controls
 Study Break
5. This computer application control is
designed to ensure that the processing
results are correct and only authorized
personnel receive the information.
A. Input Controls
B. Processing Controls
C. Output Controls
D. Data Controls

C. Output Controls
 Understanding Internal Control

Must perform procedures to:

Understand design of policies and

procedures

Determine whether the policies and

procedures are operating
 Understanding Internal Control

Auditor uses the understanding to:

Identify types of potential

misstatements

Understand factors affecting risk of

material misstatement

Design further audit procedures

 Effects of Preliminary Audit
Strategies
Control Environment

Risk Assessment

Information and Communication

Control Activities

Monitoring
 Procedures to Obtain an
Understanding
Review previous experience with the
client

Inquire management, supervisory, and

staff personnel

Inspect documents and records

Observe activities and operations

Trace transactions through system

Documenting the Understanding

Questionnaires

Flowcharts

Decision Tables

Narrative Memoranda
Questionnaire
Decision Table
Narrative Memoranda
 Study Break
6. All of the following are procedures used
to obtain an understanding of internal
controls except:
A. Inspecting documents
B. Inquiries of clients customers
C. Inquiries of management
D. All of the above procedures are used

B. Inquiries of clients customers

 Study Break
7. This form of documentation is a
diagram that uses symbols to identify
the steps involved in processing
information through the accounting
system.
A. Questionnaire
B. Flowchart
C. Decision Table
D. Narrative Memoranda

B. Flowchart