7/23/2019 Chapter 6 Outline 9th Edition http://slidepdf.com/reader/full/chapter-6-outline-9th-edition 1/24 Chapter 6 Internal Control in a Financial Statement Audit Chapter 6 Internal Control in a Financial Statement Audit LO 1 Introduction A. The Importance of Internal Control to Management Management has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded, and that the entity's information system generates information that is reliable for decision making • Management is responsible for providing and maintaining adequate controls over the entity’s assets and records. • trong internal controls ensure that assets and records are properly safeguarded. • Management needs a control system that generates reliable information to make informed decisions about issues such as pricing, cost, and profit. B. The Importance of Internal Control to Auditors • !uditors need assurance about the reliability of the data generated by the information systems. • The auditor uses risk assessment procedures to" #btain an understanding of the entity’s internal control then, Identify key controls and types of potential misstatements then, !scertain $Identify% factors that affect the &#MM and esign tests of controls and substantive procedures • There is an inverse relationship bet(een the reliability of internal control and the amount of substantive evidence required of the auditor. • The auditor’s understanding of the internal control is a ma)or factor in determining the overall audit strategy. !uditors’ responsibilities for internal control include" $*% obtaining an understanding of internal control 1
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Chapter 6 Internal Control in a Financial Statement Audit
• Management and the board are responsible for establishing
mechanisms to communicate and hold individuals accountable for
performance of internal control responsibilities across theorgani1ation and for implementing corrective action as necessary.
•
Management and the board establish incentives and re(ards forreflecting standards of conduct. Incentives should align (ith short2term and long2term ob)ectives
). 'he entitys ris* assessment process
a. !n entity’s risk assessment process is its process for identifying and
responding to business risks. This process includes ho( managementidentifies risks relevant to the preparation of financial statements. 4or each
identified risk, management must"
• stimate their significance
• !ssesses the likelihood of their occurrence and
• ecides on ho( to manage them.
b. The risk assessment process should consider eternal and internal events and
circumstances that may arise and adversely affect the entity’s ability toinitiate, authorie, record, !rocess and re!ort "inancial data consistent with
the assertions o" management in the F#$.
c. #nce risks have been identified, management should consider theirsignificance, the likelihood of their occurrence and ho( they should be
Chapter 6 Internal Control in a Financial Statement Audit
given to factors set forth in policy, such as the nature and volume of purchases,
and their relation to furthering the entity's ob)ectives.
D. Information System and Communication
a. Information is necessary for the entity to carry out internal control
responsibilities that support the achievement of its ob)ectives
1$. 3rinciple 1$4 'he or#aniation obtains or #enerates and uses rele"ant ;uality
information to support the functionin# of internal control.
2The information system relevant to the financial reporting ob)ectives includes the
accounting system and consists of the procedures and records established to
initiate, authori1e, record, process, and report and entity's transactions and tomaintain accountability for the related assets and liabilities. !n effective
accounting system gives appropriate consideration to establishing methods and
records that (ill"
• Identify and record all valid transactions
• escribe on a timely basis the transactions in sufficient detail to permit
proper classification of transactions for financial reporting
• Measure the value of transactions in a manner that permits recording their
proper monetary value in the financial statement $48%.
• etermine the time period in (hich transactions occurred to permit
recording of transactions in the proper accounting period
• 5roperly present the transactions and related disclosures in the financial
statements
1&. 3rinciple 1&4 'he or#aniation internally communicates information includin#
ob!ecti"es and responsibilities for internal control necessary to support the
separate e"aluations to ascertain ,hether the components of internal control are
present and functionin#.
17. 3rinciple 174 'he or#aniation e"aluates and communicates internal controldeficiencies in a timely manner to those parties responsible for ta*in# correcti"e
action includin# senior mana#ement and the board of directors as appropriate.
LO 6 3lannin# an Audit Strate#y
!. The audit risk model states that !&?&MM @ & (here &MM ? I& @C&. The
auditor’s assessment of &MM must consider the level of C& in applying the riskmodel.
0. =o, the auditor determines the appropriate level of C&"
1st step4 3sing the information gathered by performing risk assessment
procedures to evaluate the design o" controls and to determine (hether
the controls have been im!lemented .
2nd step4 decide (hether or not the auditor rely on the controls.
• If the auditor’s risk assessment procedures indicate that the controls are
not properly designed or not implemented, the auditor (ill not rely on the
control. The auditor (ill set control risk at maimum and use substantive procedures to reduce the risk of material misstatement to acceptably lo(
level.
• If the auditor’s risk assessment procedures indicate that the controls are
properly designed or implemented, the auditor (ill rely on the control.
Then, tests of controls are required to be performed to obtain audit
Chapter 6 Internal Control in a Financial Statement Audit
is highly effective may influence the auditor’s decision about (hich
auditing procedures are to be performed.%
ome controls only affect an individual assertion contained in a financial
statement account. $.g. a credit check performed on a customer’s order
specifically related to the valuation assertion for the accounts receivable
balance.
LO 1: 3erformin# 'estin# of Control
3erformin# 'ests of Controls4
Test of controls are performed in order to provide evidence to support the lo(er level
of control risk. 5rocedures that are used for T.#.C include in7uiry, ins!ection o"
documents, observation, re-!er"ormance or combinations o" those !rocedures (i.e.
walkthroughs). $9ote the audit procedures that are 9#T here such as confirmations,
footing and many more. Think about (hy.% The auditor is going to choose controlsto test based on their importance in preventing or detecting a material misstatement.
The auditor (ill need to look at both their design and operating effectiveness.
Test of controls directed to(ard the design e""ectiveness" evaluating (hether
that control is suitably designed to prevent, or detect and correct material
misstatements.
Test of controls directed to(ard the o!erating e""ectiveness" assessing ho( the
control (as applied, the consistency (ith (hich it (as applied during the
audit period, and by (hom it (as applied. The operating effectiveness can be
affected by (hether the control is manual or automated. Manually performed
controls may be sub)ect to human errors and mistakes- (hile automated
controls $if properly designed% should operate more consistently and hence,
does not need to test as many instances.
'ypes of 'ests of Controls (5amplesIn;uiry of appropriate entity personnel. Inquiry of credit manager about the
policies for (riting off uncollectible
accounts.
Inspection of documents, reports, or
electronic files indicating the performance of the control.
Inspect bank reconciliations prepared
by the internal auditors.
Obser"ation of the application of the
control.
#bserve ho( controls are applied to
the handing of cash to ensure that
there is proper segregation of duties.
%eperformance of the application of the control by the auditor.
&eperform the authori1ation controlused for granting credit.
Chapter 6 Internal Control in a Financial Statement Audit
fficient to conduct the tests at that time
b. If the controls are not operating effectively it gives the auditor time to reassesscontrol risk and modify audit plan.
c. The auditor can also inform management so misstatements can be located.
d. !dditional (ork after the interim period, should address"• ignificance of assertion
• The evaluation of design and operations of the relevant controls
• &esults of test of controls
• The length of the remaining period
• The planned substantive procedures in determining the nature and etent
of audit (ork for the remaining of period
0. Interim ubstantive 5rocedures
a. Conducting substantive procedures at interim date may increase &#MM, butcan control this by"
• Considering (hen it is appropriate to eamine an account at an interim
date and by performing selected audit procedures for the period bet(een
the interim date and year end b. Consider these factors"
• Control environment
• !vailability of information at a later date
• 5urpose of ubstantive procedures
• !ssessed &#MM
• 9ature of the class of transactions or account balances
• !bility to perform substantive procedures to cover the remaining period to
reduce &#MMc. ome additional substantive procedures are ordinarily conducted in the
remaining period.
d. If a misstatement detected, must revise the planned procedures for the
remaining period or additional ones at year end.
LO 1$ Auditin# Accountin# Applications 3rocessed by Ser"ice Or#aniations
!. Bhen a service organi1ation provides accounting services to an entity, thoseservices are considered part of the entity's information system and relevant to
financial reporting.
0. !uditor’s Concerns0ecause the entity's transactions are sub)ected to the controls of the service
organi1ation, one auditor concern is the internal control system at the service
organi1ation.
• ignificance of Control of service relies on the nature and materiality of
the transactions and the degree of interaction the transactions activities and
the client’s activities Heample" if client initiates transactions and service
Chapter 6 Internal Control in a Financial Statement Audit
organi1ations eecutes and does !CCT. processing of transactions ? Farge
degree of interaction
• !fter obtaining an understanding of internal control, the auditor identifies
controls that are applied by the entity or the service organi1ation that
might allo( an assessment of reduced control risk.
C. ervice #rgani1ations"
• Mortgage bankers" service mortgages
• Trust departments" invest or hold assets for employee benefit plans
• IT service Center $most freq%" process payroll and related accounting
reports
. The auditors need to understand the client’s internal control components in order
to identify controls that are applied by the client or the service organi1ation that(ill allo( an assessment of reduced control risk.
'ype I and 'ype II %eports
ince service organi1ations process data for many customers, most of the time
auditor issues an attestation report on their operations. ! service organi1ation’s
auditor can issue one of t(o types of reports.
'ype I is a report on management’s description of a service organi1ation’s system
and the suitability of the design of controls at a specific point of time.
• Managements description on the system• Britten assertion by management that the description fairly represents the
system
• The controls are suitable to achieve management’s controls by a certain
date
'ype II is a report on management’s description of a service organi1ation’ssystem and the suitability of the design and operating effectiveness of control.
• Managements description on the system
• Britten assertion by management that the description fairly represents the
system
•
The controls are suitable to achieve management’s controls by a certaindate
Chapter 6 Internal Control in a Financial Statement Audit
Ser"ice or#aniations description of
controls.
Included Included
Information pro"ided by the
independent ser"ice auditorB includes
a description of the ser"ice auditors
tests of operatin# effecti"eness andthe results of those tests
#ptional Included
Other information pro"ided by the
ser"ice or#aniation -e.#. #lossary of
terms/.
#ptional Included
. !n auditor may reduce control risk belo( the ma only on the basis of a service
auditor’s report that includes test of the controls.
4. !lthough a financial statement audits of private companies do not include audit of entity's entire system of internal control, the auditor may discover deficiencies in
the entity's internal controls during the audit.
LO 1& Communicatin# of Internal Control>%elated atters
!. 3nder the arbanes2#ley !ct of +==+ management of public companies must
prepare an assertion on the internal control and the auditor must issue an opinionon the effectiveness of the internal control. 4or !rivate com!anies there’s no need
to audit their internal control but the auditor (ill find deficiencies during the
audit.
• ! control de"iciency in the internal control eists (hen the operation of
control does not allo( management or employees to perform their assignedfunctions.
• ! material weakness is a combination of deficiencies (hen there is areasonable possibility that material misstatement of the financial statements(ill not be prevented, detected and corrected.
• ! signi"icant de"iciency is a combination of deficiencies that is less severe
than material (eakness but important enough to get the attention of those in
charged.
0. amples of circumstances that may be control deficiencies, significant
deficiencies, or material (eakness"
Deficiencies in the desi#n of controls
• Inadequate design of internal control over the preparation of the financial
statements being audited.
• Inadequate design of internal control over a significant account or process.
• Inadequate documentation of the components of internal control.
• Insufficient control consciousness (ithin the organi1ation, for eample, the