Beruflich Dokumente
Kultur Dokumente
McGraw-Hill/Irwin Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved.
Summary of Internal Control
Definition
A O , effected by the entity¶s board
of directors, management, and other
personnel, designed to provide
reasonable assurance regarding,
achievement of (the entity¶s) objectives
on:
- Dffectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and
regulations
7-2
Control Objectives
In each area of internal control (financial reporting,
operations and compliance)
- Control objectives and
- Subobjectives exist
Dxample: Area of financial reporting
- Top level objective ± prepare and issue reliable financial information
- Detailed level applied to A/R subobjectives
All goods shipped are accurately billed in the proper period
Invoices are accurately recorded for all authorized shipments and
only for such shipments
Authorized and only authorized sales returns and allowances are
accurately recorded
The continued completeness and accuracy of A/R is ensured
Accounts receivable records are safeguarded
7-3
Foreign Corrupt Practices Act
Passed in 1977 in response to American
corporation practice of paying bribes and
kickbacks to officials in foreign countries to
obtain business
The Act
- Requires an effective system of internal control
- Makes illegal payment of bribes to foreign officials
7-4
Controls over Financial Reporting
Preventive
- Aimed at avoiding the occurrence of misstatements in the
financial statements
- Dxample: Segregation of duties
Detective
- Designed to discover misstatements after they have occurred
Corrective
- Needed to remedy the situation uncovered by detective controls
- Dxample: Backups of master file
Controls overlap
- Complementary ± function together
- Redundant ± address same assertion or control objective
- Compensating ± reduces risk existing weakness will result in misstatement
7-5
Components of Internal
Control
7-7
2
Risk Assessment--
Assessment--Factors
Factors Indicative of
Increased Financial Reporting Risk
Changes in the regulatory or operating
environment
Changes in personnel
Implementation of a new or modified information
system
Rapid growth of the organization
Changes in technology affecting production
processes or information systems
Introduction of new lines of business, products, or
processes
7-8
2
Control Activities
Performance reviews
Information processing
- General control activities
- Application control activities
Physical controls
Segregation of duties
- Segregate authorization, recording and
custody of assets
7-9
0
7-10
Objectives of an Accounting System
7-11
Monitoring
Ongoing monitoring activities
- Regularly performed supervisory and
management activities
- Dxample: Continuous monitoring of
customer complaints
Separate evaluations
- Performed on nonroutine basis
- Dxample: Periodic audits by internal audit
7-12
Limitations of Internal Control
7-16
2. Obtain an understanding of the client and
its environment, including internal control
The understanding of internal control is used to help the
auditor to
- Identify types of potential misstatements
- Consider factors that affect the risks of material misstatement.
- Design tests of controls (when applicable) and substantive
procedures.
Auditors must consider all five internal control
components
- Control environment
- Accounting information system
- Risk assessment
- Control activities
- Monitoring
Also consider areas difficult to control like nonroutine
transactions
7-17
Obtaining the Understanding
Procedures include
- Inquiring of entity personnel
- Observing the application of specific controls
- Inspecting documents and reports
- Tracing transactions through the information
system relevant to financial reporting
May also obtain evidence on operating
effectiveness of various controls
7-18
Documenting the Understanding
of Internal Control
Questionnaires
- Typically standardized by firm
Written Narratives
- Memos that describe flow of transactions
Flowcharts
- Systems flowcharts
Walk-through
- Trace one or two transaction through cycle
7-19
7-20
3. Assess the risks of material
misstatement
General approach
- Identify risks while obtaining an understanding of the
client and its environment, including its internal
control
- Relate the identified risks to what can go wrong at the
relevant assertion level
- Consider whether the risks are of a magnitude that
could result in a material misstatement
- Consider the likelihood that the risks could result in a
material misstatement
7-21
The nature of transactions
Consider the nature of the transactions
- Routine transactions²e.g., revenue,
purchases, and cash receipts and
disbursements
- Nonroutine transactions²e.g., taking of
- IT general controls
7-23
Assessing Risks at the
Assertion Level
Dxamples
- Failure to recognize an impairment loss on a
long-lived asset affects only the valuation
assertion
- Inaccurate counting of inventory at year-end
affect the valuation of inventory and the
accuracy of cost of goods sold
Responses
- Decisions are made here as to the
appropriate combination of tests of controls
and substantive procedures
7-24
4. Design and Perform audit
procedures ± test of controls (1 of 2)
Approach:
- Identify controls likely to prevent or detect material
misstatements
- Perform tests of controls to determine whether they
are operating effectively
Tests of controls address:
- How controls were applied
- The consistency with which controls were applied
- By whom or by what means (e.g., electronically) the
controls were applied
7-25
4. Perform further audit proce-
proce-
dures²
dures ²tests of controls (2 of 2)
Tests of controls include:
- ? G of appropriate client personnel
- ? of documents and reports
- of the application of controls
- [ of the controls
Theresults of the tests of controls are
used to determine the nature, timing and
extent of substantive procedures
7-26
Diagram of the
Auditors¶
Consideration
of Internal
Control
7-27
Other Considerations
Audit decision aids
- Checklist, standard form or computer program that
helps auditors make a decision by ensuring that they
have all relevant information or by assisting them in
combining the information.
Use of the work of internal auditors
- Must assess internal audit competence and objectivity
and test work
- Can rely on work of internal audit to reduce amount of
testing done by independent auditors
7-28
Relationships Among Deficiencies
Deficiency in
Internal Control
7-29
Management¶s Report on Internal
Control under Section 404a
Acknowledgment of responsibility for
internal control
An assessment of internal control
effectiveness as of the last day of the
company¶s fiscal yearn using suitable
criteria
Support the evaluation with sufficient
evidence
7-30
Approach to Audit of Internal
Control under Section 404b
Plan the engagement
Use a top-down approach to identify the
controls to test
Test and evaluate design effectiveness of
internal control
Test and evaluate operating effectiveness of
internal control
Form an opinion on effectiveness of internal
control over financial reporting
7-31
2
Internal Control in
the Small Company
Due to lack of employees, internal control is seldom strong in small
businesses
Specific practices for small businesses
- Record all cash receipts immediately
- Deposit all cash receipts intact daily
- Make all payments by serially numbered checks, with exception of petty
cash disbursements
- Reconcile bank accounts monthly and retain copies
- Use serially numbered invoices, Pos, and receiving reports
- Issue checks to vendors only in payment of approved invoices that have
been matched with purchase orders and receiving reports
- Balance subsidiary ledger with control accounts
- Prepare comparative financial statements monthly to disclose significant
variations in any category of revenue or expense
7-32