Evaluation of Internal Control System
Evaluation of Internal Control System. Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal.
Jan 02, 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Evaluation of Internal ControlSystem
Learning Objective 1
Contrast management’s need for
internal control with the auditor’s
need to consider internal control
when designing an audit.
InherentLimitations
ReasonableAssurance
Management’sResponsibility
Key Concepts
Client’s Concerns
Compliance with applicable laws and regulations
Reliability of financial reporting
Efficiency and effectiveness of operations
Auditor Concerns
Controls over classes of transactions
Controls related to reliability of financial reporting
Learning Objective 2
Explain the components
of internal control.
The Control Environment
Integrity and ethical values
Commitment to competence
Board of directors or auditcommittee participation
Management’s philosophyand operating style
The Control Environment
Organizational structure
Assignment of authorityand responsibility
Human resourcespolicies and practices
Risk Assessment
Identify factors affecting risk.
Assess significance of risksand likelihood of occurrence.
Determine actions necessaryto manage risk.
Control Activities
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
Adequate Separationof Duties
Custody of assets Accounting
Authorizationof transactions
The custody ofrelated assets
Operationalresponsibility
Record-keepingresponsibility
IT Duties User departments
Proper Authorization of Transactions and Activities
General authorization
Specific authorization
Adequate Documentsand Records
Prenumbered consecutively
Prepared at the time of transaction
Designed for multiple uses
Constructed to encourage correct preparation
Simple enough to ensure understanding
Physical Control overAssets and Records
Physical precautions
Controls related to IT equipment,programs, and data files
Physicalcontrols
Accesscontrols
Backup andrecovery
procedures
Independent Checkson Performance
The need for independent checksarise because internal control tendsto change over time unless there isa mechanism for frequent review.
Information and Communication
The purpose of an accounting informationand communication system is to…
initiate, record, process, and report thetransactions and to maintain accountability
for the related assets.
Monitoring
Management’s ongoing and periodic assessmentof the quality of internal control performance …
to determine whether controls are operatingas intended and modified when needed.
Learning Objective 3
Explain methods used to
obtain an understanding
of internal control.
Understanding Internal Controland Assessing Control Risk
Obtain Understanding of Internal Control:Design and Operation
Assess Control Risk Test Controls
Decide Planned Detection Riskand Substantive Tests
Reasons for Sufficiently Understanding Internal Control
SLAuS requires the auditor toobtain an understanding of internal
control for every audit.
Minimum auditplanning matters
• Auditability• Potential material
misstatements• Detection risk• Design of test
Procedures to DetermineDesign and Placement
Update and evaluate auditor’s previousexperience with the entity.
Make inquires of client personnel.
Read client’s policy and systems manuals.
Examine documents and records.
Observe entity activities and operations.
Documentation ofthe Understanding
NarrativeNarrative
FlowchartFlowchartInternalcontrol
questionnaire
Internalcontrol
questionnaire
Learning Objective 4
Assess control risk by linking
strengths and weaknesses of
internal control to transaction-
related audit objectives.
Assess Control Risk
Obtain sufficient understanding for planning.
Assess whether the entity is auditable.
Determine assessed control risk.
Assess if a lower control risk could be supported.
Determine the appropriate assessed control risk.
Assess Control Risk
Identify transaction-related audit objectives.
Identify specific controls.
Identify and evaluate weaknesses.
Identify and Evaluate Weaknesses
Identify existing controls.
Identify the absence of key controls.
Determine misstatements that could result.
Consider compensating controls.
The Control Risk Matrix
Auditors use the control risk matrix toidentify both controls and weaknesses
and to asses control risk.
Communication
Reportable conditions letter
Management letters
Audit committee communications
Learning Objective 5
Describe the process of designing
and performing tests of controls.
Tests of Controls
The procedures to test effectivenessof controls in support of a reduced
assessed control risk are calledtests of controls.
Procedures forTests of Controls
Make inquiries of client personnel.
Examine documents, records, and reports.
Observe control-related activities.
Reperform client procedures.
Extent of Procedures
Reliance on evidence from prior year’s audit
Testing less than the entire audit period
Decide Planned Detection Riskand Design Substantive Tests
The auditor uses the results of the control riskassessment process and tests of controls todetermine the planned detection risk and
related substantive tests.
The auditor links the control risk assessmentsto the balance-related audit objectives.
Related Documents
