Beruflich Dokumente
Kultur Dokumente
Standards
Scott Ward
Partner, National Accounting and Auditing Standards
Ernst & Young Australia
control evaluation
• Evaluating overall effectiveness, identifying Evaluating Internal
Controls
improvements and ongoing assessment Considerations for Evaluating Internal Control at the
Entity Level
Evaluating Internal
Controls
Considerations for Documenting Controls at the
Process, Transaction, or Application Level
Evaluating Internal
Evaluating Internal
Controls
Controls
Considerations
Evaluating for Effectiveness,
Overall Documenting Controls at Matters
Identifying the for
Process, Transaction,
Improvement, or Application
and Ongoing AssessmentLevel
of Controls
Financial
Operations Compliance
Reporting
Effective and Compliance with Preparation of
efficient use of applicable laws reliable published
resources and regulations financial
statements
B Internal Control
U
over Financial
Control Environment F S
U
Reporting under
N U Section 404
Risk Assessment N
C
T I
Control Activities I T
O S
N
Information & Communications
S
Monitoring
Evaluate/
ID Significant Accounts and Related Processes Document Processes and Controls
Monitor
Financial
Implications
2003
Financial
Statements
Financial Significant
Process
Statements Accounts
?
Process Significant What Can Controls Evaluate/
Implications
Processes Go Wrong? Monitor
Significant Accounts • Existence (B/S) or Occurrence Types: For Each Assertion Ask: Detect: Monitors for errors Factors in Evaluation:
Selected Based on the (I/S) • Flows of transactions • Where are the points in the flow of Prevent: Prevents an error • Competence, integrity and
extent that Errors of • Routine transactions where errors can occur? Who Performs? continuity of personnel and
importance* could occur • Completeness
• Non-Routine • Example: Programmed Control? degree of supervision;
• Valuation (B/S) or Measurement Accounts: Cash or Payables
(I/S) • Estimation • Identify processing system • Potential for mgmt override
Process: Disbursements
• Rights and Obligations (B/S) • Segregation of duties
Assertion: Valuation
What are the manual and programmed • Stability of controls
procedures to ensure that the amount of a
check or transfer agrees with the amount
approved for payment?
* Errors that individually or collectively could have a material effect on the financial statements, or other matters such as illegal acts, conflicts of interest, and unauthorised management perquisites that, even though they are not material, could adversely affect the company’s reputation or
its relationship with its customers, shareholders, or the public if they were to remain undetected.
• Telstra (Channel 1)
– Post-implementation review of 404 pilot program (Fee A$100k)
– External audit impact as yet undefined
• 404 Steering Committee
• Quarterly report to Audit Committee
• Macquarie Bank (Channel 2 – Technical advisor)
– Technical advisor
– Post-implementation review of 404 Phase 1 Pilot (Fee A$60k)
– Design and review Phase 2 Pilot (Est. Fee A$100k)
• ANZ Bank (Channel 2 – Technical advisor)
– Technical advisor
– Design 404 process and tools, instruct 404 training sessions and facilitate risk and control
workshops (Fee A$40k - ongoing)
1. Plan engagement
2. Understand and evaluate design effectiveness of controls
3. Test operating effectiveness of controls
4. Communicating results and obtaining representations
5. Form opinion on management’s assertion about internal control
effectiveness
• Required communications
– Audit Committee
• Prior to report issuance, report all material weaknesses in writing
• Prior to report issuance, determine awareness of significant deficiencies
• Advise that management informed of all internal control deficiencies of a lesser magnitude
– Communicate all internal control deficiencies to management on a timely basis
• Written representation from management:
– Acknowledge responsibility for internal control
– State an evaluation of effectiveness has been performed and specify criteria
– State assertion about effectiveness of internal control based on criteria as of a specific date
– State all significant deficiencies and material weaknesses disclosed to auditor
– Describe any material fraud, or any fraud involving employees with a significant role in
internal control
– State any significant changes in, or factors that might significantly affect, internal control