Chapt 10

Internal Control and Control Risk Chapter 10
2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley
10 - 1
Key Concepts
Managements Responsibility
Mgt establishes and maintains control system
Reasonable Assurance
Internal controls need only provide reasonable, not absolute assurance
Inherent Limitations
No internal control system is perfect only as good as the employees using the system
10 - 2
Clients Concerns
Clients want IC systems for: Reliability of financial reporting Efficiency and effectiveness of operations Compliance with applicable laws and regulations
2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 10 - 3
Auditor Concerns
Auditors want IC systems for: (to comply with second standard of fieldwork) Controls related to reliability of financial reporting Controls over classes of transactions
10 - 4
Effect of Information Technology on Internal Control

Information Technology
IT can improve the effectiveness and efficiency of internal controls.
IT also enhances the timeliness and accuracy of information.

10 - 5
Risks Associated With the Use of Information Technology

Programmed errors Processing incorrect data Unauthorized access
Five Components of Internal Control
Control Environment
Risk Assessment
Control Activities
Information and Monitoring Communication
10 - 7
The Control Environment

Integrity and ethical values Commitment to competence Board of directors or audit committee participation Managements philosophy and operating style
The Control Environment

Organizational structure Assignment of authority and responsibility Human resources policies and practices
Risk Assessment
Managements identification and analysis Identify factors affecting risk. Assess significance of risks and likelihood of occurrence. Determine actions necessary to manage risk.
Control Activities SAS 94

1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance
Adequate Separation of Duties

Custody of assets Authorization of transactions Operational responsibility IT Duties Accounting The custody of related assets Record-keeping responsibility User departments
Proper Authorization of Transactions and Activities

General authorization Management established policies for organization to follow (all transactions of a particular type are approved automatically) Specific authorization apply to individual transactions (each transaction requires approval)
Adequate Documents and Records

Prenumbered consecutively Prepared at the time of transaction Simple enough to ensure understanding Designed for multiple uses Constructed to encourage correct preparation
Physical Control over Assets and Records

Physical precautions Controls related to IT equipment, programs, and data files Backup and recovery procedures
Physical controls
Access controls
Independent Checks on Performance
The need for independent checks arise because internal control tends to change over time unless there is a mechanism for frequent review.
Information and Communication

The purpose of an accounting information and communication system is to initiate, record, process, and report the transactions and to maintain accountability for the related assets.
Monitoring
Managements ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as intended and modified when needed.
Understanding Internal Control and Assessing Control Risk

Obtain Understanding of Internal Control: Design and Operation Assess Control Risk Test Controls
Decide Planned Detection Risk and Substantive Tests

Reasons for Sufficiently Understanding Internal Control

SAS 55 (as amended by SAS 78 and 594 plus AU319) requires the auditor to obtain an understanding of internal control for every audit. Auditability Potential material misstatements Detection risk Design of tests
Minimum audit planning matters
Procedures to Determine Design and Placement of Controls

Update and evaluate auditors previous experience with the entity. Make inquires of client personnel. Read clients policy and systems manuals. Examine documents and records. Observe entity activities and operations.
Documentation of the Understanding
Narrative Flowchart Internal control questionnaire

Assess Control Risk

Identify transaction-related audit objectives. Identify specific controls. Identify and evaluate weaknesses.
Identify and Evaluate Weaknesses

Identify existing controls. Identify the absence of key controls. Determine misstatements that could result. Consider compensating controls.
Communication
Audit committee communications: Reportable conditions letter or oral discussion with committee (required) Management letters (not required)
Tests of Controls
The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls.
Procedures for Tests of Controls

Make inquiries of client personnel. Examine documents, records, and reports. Observe control-related activities. Reperform client procedures.
Extent of Procedures
Extent depends on desired assessment level of control risk
A. Reliance on evidence from prior years audit B. Testing less than the entire audit period C. Rotating tests of controls
Relationship of Assessed Control Risk and Extent of Procedures

Assessed (or desired) Control Risk High Level: Lower Level: Obtaining an Tests of Understanding Only Controls Yes extensive Yes with transaction walk-through Yes with transaction walk-through No Yes some Yes using sample Yes multiple times Yes sampling
Type of Procedure Inquiry Documentation Observation Reperformance
Decide Planned Detection Risk and Design Substantive Tests

The auditor uses the results of the control risk assessment process and tests of controls to determine the planned detection risk and related substantive tests. The auditor links the control risk assessments to the balance-related audit objectives.
End of Chapter 10

Chapt 10

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Chapt 10

Hochgeladen von

Copyright:

Verfügbare Formate

Internal Control and Control Risk Chapter 10

Effect of Information Technology on Internal Control

IT can improve the effectiveness and efficiency of internal controls.

IT also enhances the timeliness and accuracy of information.

Risks Associated With the Use of Information Technology

Five Components of Internal Control

Information and Monitoring Communication

The Control Environment

The Control Environment

Control Activities SAS 94

Adequate Separation of Duties

Proper Authorization of Transactions and Activities

Adequate Documents and Records

Physical Control over Assets and Records

Independent Checks on Performance

Information and Communication

Understanding Internal Control and Assessing Control Risk

Decide Planned Detection Risk and Substantive Tests

Reasons for Sufficiently Understanding Internal Control

Minimum audit planning matters

Procedures to Determine Design and Placement of Controls

Documentation of the Understanding

Narrative Flowchart Internal control questionnaire

Assess Control Risk

Identify and Evaluate Weaknesses

Procedures for Tests of Controls

Relationship of Assessed Control Risk and Extent of Procedures

Type of Procedure Inquiry Documentation Observation Reperformance

Decide Planned Detection Risk and Design Substantive Tests

Das könnte Ihnen auch gefallen