copyright © 2014 pearson education chapter 10 considering internal control
TRANSCRIPT
Copyright © 2014 Pearson Education
Chapter 10
Considering Internal Control
Chapter 10
Considering Internal Control
Copyright © 2014 Pearson Education10-2
Describe the three primary objectives of effective internal control.
Contrast management’s responsibilities for maintaining internal control with the auditor’s responsibilities for evaluating and reporting on internal control.
Explain the five components of the COSO internal control framework.
Obtain and document an understanding of internal control.
Copyright © 2014 Pearson Education10-3
Assess control risk by linking key controls and control deficiencies to transaction-related audit objectives.
Describe the process of designing and performing tests of controls.
Understand Section 404 requirements for auditor reporting on internal control.
Describe the differences in evaluating, reporting, and testing internal control for nonpublic companies.
Copyright © 2014 Pearson Education
Describe the three primary objectives of effective internal control.
11
10-4
Copyright © 2014 Pearson Education10-5
Management has three broad objectives in designing an effective internal control system
Compliance with laws and
regulations
Reliability of financial reporting Efficiency/
effectiveness of operations
Copyright © 2014 Pearson Education
Contrast management’s responsibilities for maintaining internal control with the auditor’s responsibilities for evaluating and reporting
on internal control.
22
10-6
Copyright © 2014 Pearson Education10-7
Management must establish and maintain the entity’s internal controls
Management’s design and implementation of internal controls is based on two key underlying concepts:
Reasonable assurance
Inherent limitations
Copyright © 2014 Pearson Education10-8
Management of all public companies are required to issue an internal control report that includes the following:An acknowledgement of responsibility
for internal controlsResults of annual internal control
assessment
Copyright © 2014 Pearson Education10-9
Management must evaluate the design of internal controls over financial reporting.
Management must also test the operating effectiveness of those controls.
Copyright © 2014 Pearson Education10-11
Must assess control risk in every audit
Primarily concerned about controls over: • reliability of financial reporting • classes of transactions
Copyright © 2014 Pearson Education10-13
Obtains understanding of controls
Performs tests of controls: significant account balances classes of transactions
disclosures and related financial statement assertions
Copyright © 2014 Pearson Education
Explain the five components of the COSO internal control framework.
33
10-14
Copyright © 2014 Pearson Education10-16
Integrity and ethical values
Commitment to competence
Board of directors or audit committee participation
Copyright © 2014 Pearson Education10-17
Management’s philosophy and operating style
Human resource policies and practices
Organizational structure
Copyright © 2014 Pearson Education10-18
Identify factors that may increase risk
Estimate the significance of the risk
Assess the likelihood of the risk occurring
Determine actions necessary to manage the risk
Copyright © 2014 Pearson Education10-19
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
Copyright © 2014 Pearson Education10-20
Custody of assets
Authorizationof transactions
Operationalresponsibility
IT duties
from
from
from
from
Accounting
The custody ofrelated assets
Record-keepingresponsibility
User departments
Copyright © 2014 Pearson Education10-21
Transaction Approval Policies
General Authorization
Specific Authorization
Copyright © 2014 Pearson Education10-22
Prenumbered consecutively
Prepared at the time of transaction
Designed for multiple use
Constructed to encourage correct preparation
Copyright © 2014 Pearson Education10-23
The most important type of protectivemeasure for safeguarding assets andrecords is the use of physical precautions.
Copyright © 2014 Pearson Education10-24
The need for independent checks arisesbecause internal control tends to changeover time, unless there is frequent review.
Copyright © 2014 Pearson Education10-25
The purpose of an accounting informationand communication system
InitiateInitiate
RecordRecord
ProcessProcess
Reporttransactions
Reporttransactions
Maintain Accountability
for Related Assets
Maintain Accountability
for Related Assets
Copyright © 2014 Pearson Education10-26
Monitoring activities deal with management’songoing and periodic assessment of thequality of internal control performance…
to determine whether controls are operatingas intended and modified when needed.
Copyright © 2014 Pearson Education
Obtain and document an understanding of internal control.
44
10-27
Copyright © 2014 Pearson Education10-29
Auditing standards require auditors to obtain an understanding of internal control for every audit.
Procedure to obtain an understanding: Inspection Inquiry of entity personnel Observation of employees
Copyright © 2014 Pearson Education10-31
1. The origin of every document and record in the system
2. All processing that takes place
3. The disposition of every document and record in the system
4. An indication of the controls relevant to the assessment of control risk
Copyright © 2014 Pearson Education10-32
Update and evaluate auditor’s previousexperience with the entity
Make inquiries of client personnel
Examine documents and records
Observe entity activities and operations
Perform walk-throughs of the accounting system
Copyright © 2014 Pearson Education
Assess control risk by linking key controls and control deficiencies to transaction-related audit
objectives.
55
10-33
Copyright © 2014 Pearson Education10-34
Assess whether the financial statementsare auditable.
Determine assessed control risk supportedby the understanding obtained.
Use a control risk matrix to assesscontrol risk.
Copyright © 2014 Pearson Education10-35
Many auditors use the control risk matrixto assist in the control risk assessmentprocess at the transaction level.
Copyright © 2014 Pearson Education10-36
Identify audit objectives
Identify existing controls
Associate controls with related audit objectives
Identify and evaluate control deficiencies, significant deficiencies, and material weaknesses
Copyright © 2014 Pearson Education10-38
Identify existing controls
Identify the absence of key controls
Consider the possibility of compensating controls
Decide whether there is a significant deficiency or material weakness
Determine potential misstatements that could result
Copyright © 2014 Pearson Education10-39
Auditor must communicate in writing significant deficiencies and material weaknesses to the audit committee
Management letters from the auditor Less significant control weaknesses Ideas for operational improvements
Copyright © 2014 Pearson Education
Describe the process of designing and performing tests of controls.
66
10-40
Copyright © 2014 Pearson Education10-41
The procedures to test effectiveness of controlsin support of a reduced assessed controlrisk are called tests of controls.
Copyright © 2014 Pearson Education10-42
Inquire of client personnel
Reperform client
procedures
Examine documents,
records, reports
Observe control-related
activities
Copyright © 2014 Pearson Education10-43
Reliance on evidence from prior year’s audit
Testing of controls related to significant risks
Testing less than the entire audit period
Copyright © 2014 Pearson Education10-44
Assessed Control Risk
Type ofprocedure
High level:Procedures to obtain
an understandingLower level:
Tests of controls
InquiryInspection
Observation
Reperformance
Yes–extensiveYes–with transaction
walk-throughYes–with transaction
walk-throughNo
Yes–someYes–using sampling
Yes–at multiple times
Yes–using sampling
Copyright © 2014 Pearson Education10-45
Control risk assessment
process results
Tests of controls
Control risk assessments
Planned detection
risk
Related substantive
tests
Balance related audit
objectives
Copyright © 2014 Pearson Education
Understand Section 404 requirements for auditor reporting on internal control.
77
10-46
Copyright © 2014 Pearson Education10-47
The scope of the auditor’s report on internal controlis limited to obtaining reasonable assurance that material weaknesses in internal control are identified.
Copyright © 2014 Pearson Education10-48
No material weaknessesNo scope restrictions
One or more material weaknesses
Scope limitation
Unqualified
Adverse
Qualified or disclaimer
Copyright © 2014 Pearson Education
Describe the differences in evaluating, reporting, and testing internal control for
nonpublic companies.
88
10-49
Copyright © 2014 Pearson Education10-50
1. Reporting requirements
2. Extent of required internal controls
3. Extent of understanding needed
4. Assessing control risk
5. Extent of tests of controls needed
Copyright © 2014 Pearson Education10-51
Internal controls over financial reportingInternal controls over financial reporting
Internal controls used to assesscontrol risk below maximum
Controls that must be tested inan audit of internal controls
Controls that must be tested inan audit of financial statements
Copyright © 2014 Pearson Education10-53
Copyright
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.