AUDITING: A RISK

ANALYSIS APPROACH
5th edition

Larry F. Konrath

Electronic Presentation
by Harold
O. Wilson
1
Chapter 6

2
 OVERVIEW

Internal Control defined

Internal Control System Components
Control environment
Risk Assessment
Information & Communication
Control Activities
Monitoring

3
 OVERVIEW

Internal Control and Management

Assertions in financial statements
Existence or occurrence
Completeness
Rights & obligations
Valuation & allocation
Presentation & disclosure

4
 OVERVIEW

Inherent Limitations & minimum

substantive tests
Internal Control modifications for
small businesses

5
 LEARNING
OBJECTIVES
•Define internal control
•Describe internal control components
•Relate components to assertions
•Understand minimum testing needs
•Identify effective internal controls
•Relate internal controls & entity sizes

6
 INTERNAL CONTROL
DEFINED
 Internal Control: “The process effected
by an entity’s board of directors,
management, and other personnel designed
to provide reasonable assurance regarding
the achievement of objectives in the
following categories:”

7
 Categories...

 Operations controls (resource uses)

 Financial reporting controls (reliable
published financial statements)
 Compliance controls (laws and regulations)
This clearly relates to all activities of an
organization. Auditors focus on financial
reporting controls.
8
 FIVE COMPONENTS OF
INTERNAL CONTROL
 Control Environment (Prevention controls
& Detection controls)
 Risk assessment
 Information & communication
 Control activities
 Monitoring

9
 1. Control
Environment
 Attitudes (Top management sets the tone!)
 Management must support control,
minimizing risks, personnel policies.
 Management must desire reliable reports,
proper accounting, internal audits.
 Management must promote integrity,
competence & ethical behavior (e.g.,
internal codes of conduct).
10
 2. Risk
Assessment
 Managers assess business risk!
 Operating objectives must be well defined,
addressing resource control and uses
(e.g., technology, related laws,
compliance with controls).
 Financial reporting risks relate to data
processing, potential for error & fraud.

11
 Risk is reduced by proper approvals,
surveillance, processing, procedures,
budgeting, training, “responsibility
accounting,” reviewing variances from
goals, technology, etc.

12
 3. Information &
Communication
 Information requirements (who gets what
data when?)
 Reports consistent with objectives, with
sufficient details for action
 Feedback & revisions (often & proper)
 Commitment to appropriate resources for
effective information systems

13
 Information...

 Identification of information -- controls to

ensure events trigger documents, records
 Capture of information -- computers, manual
procedures
 Processing of information -- journals
(tabulations), ledgers (sorts), systems &
standardizations
 Reporting of information (external, internal)
14
 Communication...

 Employee responsibility
 Employee training
 Employee cooperation

15
 4. Control
Activities
 Policies & procedures to ensure
management directives are followed,
objectives attained, reporting complete
& correct.
 Procedures to prevent errors, fraud.
 Procedures to detect errors, fraud.
 Documentation, approval, verification

16
 Activities...

 Computer Information Systems (CIS)

require input editing, data center
controls, system & program controls,
“controlled reprocessing.”
 Reporting using manuals (guidance for
valuations, classifications, estimates,
adjustments, updates, records retention
 Physical safeguards over access, assets,
records, documents, confidential data)
17
 The Fundamental Principle of
Internal Control
SEGREGATE:

1. Operations Personnel & Functions

2. Custodianships [over assets]
3. Accounting Personnel & Functions

18
 Examples…

 Computer programmers from computer

operators.
 Payroll clerks from general ledger staff
 Bank reconciliations by disinterested parties

19
 5. MONITORING Financial
Reporting Controls
 Transaction cycles emphasis (feedbacks,
corrective actions)
 “Real-time” basis
 Variances from budgets; causes
 Cross corroborations by
employees
 Investigating exceptions
20
 Monitoring…

 Selected internal audit procedures

(confirmations, physical counts, etc.)
 “Effectiveness reviews” (ethics, compliance,
competence, fraud)

21
 6. INHERENT LIMITATIONS
of Internal Control Systems
 No “absolute” assurances (systems,
computers & people temporarily break
down)
 Sampling is not perfect; 100% surveys are
not perfect.
 Collusion can circumvent controls!
and…

22
 Limitations…

 Management may override controls!

There are implications of fraud in

such cases; often, there is nobody
at the top to “supervise” those
at the top.

23
 INTERNAL CONTOL FOR
SMALL BUSINESS
 Effective organization
 Constant management surveillance
 Proper paper controls in place (supporting
documents before checks signed, bank
reconciliations by disinterested parties,
purchase orders)
 Controls over mailing, especially signed
checks
24
 Controls at small
firms…
 Analytical procedures; investigation of
any unusual ratios, etc.; management
must read the financial statements.
 Stringent controls over cash in, cash out;
daily intact deposits; imprest funds,
cash register tapes, receipted deposit
slips direct to owners.
 Executive approvals of write-offs …
of any kind.
25
 Controls at small
firms…
 Samplings & physical counts (inventory);
comparisons with records
 Payrolls signed, and occasionally
distributed, by top management
 Quarterly or annual reviews by external
CPAs (if audits unaffordable)
“It’s not what you own, but
what you can control!”
26
 Critical Terms Review

 Access controls  Financial reporting

 Accounting manual controls
 Alterations (accounts)  Inherent limitations
 Alteration  Internal control
(substance)  Management override
 Chart of accounts  Monitoring
 Collusion  Reasonable assurance
 Control environment  Temporary
 Detection controls breakdowns
27
End of Chapter 6

28