Auditing Principles - CH7 - Internal Control

Card Set Information

Author:
acelaker
ID:
285203
Filename:
Auditing Principles - CH7 - Internal Control
Updated:
2014-10-08 23:27:29
Tags:
Auditing Principles CH7 Internal Control
Folders:

Description:
Auditing Principles - CH7 - Internal Control
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user acelaker on FreezingBlue Flashcards. What would you like to do?


  1. Summary of Internal Control Definition
    • PROCESS effected by the entity’s board of directors, management, and other personnel, designed
    • TO PROVIDE reasonable assurance regarding, achievement of (the entity’s) objectives
  2. 3 things internal control systems do for objectives
    lEffectiveness and efficiency of OPERATIONS

    lReliability of FINANCIAL REPORTING 

    lCOMPLIANCE with applicable laws and regulations
  3. Control Objectives:
    In each area of internal control (financial reporting, operations and compliance)
    • lControl objectives and
    • ex: prepare reliable financial info

    • lSub objectives exist
    • ex: ensure all invoices entered correctly
  4. Foreign Corrupt Practices Act
    lRequires an effective system of internal control

    lMakes illegal payment of bribes to foreign officials

    • ØPassed in 1977 in response to American corporation practice of paying bribes and
    • kickbacks to officials in foreign countries to obtain business
  5. Controls over Financial Reporting
    • Preventive
    • Detective
    • Corrective
    • Controls Overlap
  6. Controls over Financial Reporting - Preventive
    lAimed at avoiding the occurrence of misstatements in the financial statements

    lExample:  Segregation of duties
  7. Controls over Financial Reporting - Detective
    lDesigned to discover misstatements after they have occurred

    lExample:  Monthly bank reconciliations
  8. Controls over Financial Reporting - Corrective
    lNeeded to remedy the situation uncovered by detective controls

    lExample:  Backups of master file
  9. Controls over Financial Reporting - Controls
    overlap
    lComplementary – function together

    lRedundant – address same assertion or control objective

    lCompensating – reduces risk existing weakness will result in misstatement
  10. Components of Internal Control
    ØControl Environment

    ØRisk Assessment

    ØControl Activities

    ØAccounting Information and Communication System

    ØMonitoring
  11. Components of Internal Control - 
    Control Environment
    TOP OF ORGANIZATION

    ØIntegrity and ethical values

    ØCommitment to competence

    ØBoard of directors or audit committee

    ØManagement philosophy and operating style

    ØOrganizational structure

    ØHuman resource policies and practices

    ØAssignment of authority and responsibility
  12. Components of Internal Control - 
    Risk Assessment (FUZZY ONE)
    FACTORS OF INCREASED RISK:

    ØChanges in the regulatory or operating environment

    ØChanges in personnel

    ØImplementation of a new or modified information system

    ØRapid growth of the organization

    ØChanges in technology affecting production processes or information systems

    ØIntroduction of new lines of business, products, or processes
  13. Components of Internal Control - 
    Control Activities
    ØPerformance reviews

    • ØInformation processing
    • lGeneral control activities
    • lApplication control activities

    ØPhysical controls

    • ØSegregation of duties
    • lSegregate authorization, recording and custody of assets
  14. Components of Internal Control - 
    Accounting Information and Communication System
    ØIdentify and record valid transactions

    ØDescribe on a timely basis the transactions in sufficient detail to permit proper classification of transactions

    ØMeasure the value of transactions appropriately

    • ØDetermine the time period in which the transactions occurred to permit recording in the
    • proper period

    ØPresent properly the transactions and related disclosures in the financial statements
  15. Components of Internal Control - Monitoring
    • ØOngoing monitoring activities
    • lRegularly performed supervisory and management activities
    • lExample:  Continuous monitoring of customer complaints

    • ØSeparate evaluations
    • lPerformed on nonroutine basis
    • lExample:  Periodic audits by internal audit
  16. Limitations of Internal Control
    ØErrors may arise from misunderstandings of instructions, mistakes of judgment, fatigue

    ØControls that depend on the segregation of duties may be circumvented by collusion

    ØManagement may override the structure

    ØCompliance may deteriorate over time
  17. COSO ERM FRAMEWORK
    • Internal Environment
    • Objective Setting
    • Event Identification
    • Risk Assessment
    • Risk Response
    • Control Activities
    • Information and Communication
    • Monitoring
  18. Auditors’ Overall Approach with Internal Control
    2-4 for internal control in FINCH AUDITS

    1. Plan the audit

    • 2. Obtain an understanding of the client and its environment, including internal
    • control

    3. Assess the risks of material misstatement and design further audit procedures

    4. Perform further audit procedures

    5. Complete the audit

    6. Form an opinion and issue the audit report
  19. Auditors’ Overall Approach with Internal Control -Obtain an understanding of the client and its environment, including internal control
    • Øhelp the auditor to
    • lIdentify types of potential misstatements
    • lConsider factors that affect the risks of
    • material misstatement.
    • lDesign tests of controls (when applicable) and substantive procedures.

    ØAuditors must consider all five internal control components

    ØAlso consider areas difficult to control like non-routine transactions
  20. Auditors’ Overall Approach with Internal Control -Assess the risks of material misstatement and design further audit procedures
    lIdentify risks while obtaining an understanding of the client and its environment, including its internal control

    lRelate the identified risks to what can go wrong at the relevant assertion level

    lConsider whether the risks are of a magnitude that could result in a material misstatement

    lConsider the likelihood that the risks could result in a material misstatement
  21. Auditors’ Overall Approach with Internal Control -Perform further audit procedures
    • ØApproach:
    • lIdentify controls likely to prevent or detect material misstatements
    • lPerform tests of controls to determine whether they are operating effectively

    • ØTests of controls address:
    • lHow controls were applied
    • lThe consistency with which controls were
    • applied
    • lBy whom or by what means (e.g., electronically) the controls were applied
  22. Obtaining the Understanding
    ØProcedures include:

    • lInquiring of entity personnel
    • lObserving the application of specific controls
    • lInspecting documents and reports
    • lTracing transactions through the information system relevant to financial reporting

    ØMay also obtain evidence on operating effectiveness of various controls
  23. Auditors’ Overall Approach with Internal Control -Perform further audit procedures
    (TEST OF CONTROLS)
    • lInquiries of appropriate client personnel
    • lInspection of documents and reports
    • lObservation of the application of controls
    • lReperformance of the controls

    ØThe results of the tests of controls are used to determine the nature, timing and extent of substantive procedures (“NTE”)
  24. Documenting the Understanding of Internal Control
    • ØQuestionnaires
    • lTypically standardized by firm

    • ØWritten Narratives
    • lMemos that describe flow of transactions

    • ØFlowcharts
    • lSystems flowcharts

    • ØWalk-through
    • lTrace one or two transaction through cycle
    • l“Cradle to Grave”; Live and Historical
  25. The nature of transactions
    lRoutine transactions—e.g., revenue, purchases, and cash receipts and disbursements

    lNon-routine transactions—e.g., taking of inventory, calculating depreciation expense

    lEstimation transactions—e.g., determining the allowance for doubtful accounts

    ØGenerally routine transactions have the strongest controls
  26. Assessing Risks at the Financial Statement Level (“Top Down”)
    • ØExamples:
    • lPreparing the period-end financial statements, including the development of significant accounting estimate and preparation of the notes
    • lThe selection and application of significant accounting policies
    • lIT general controls
    • lThe control environment 

    • ØResponses to high risks
    • lAssigning more experience staff or those with specialized skills
    • lProviding more supervision and emphasizing the need to maintain professional skepticism 
    • lIncorporating additional elements of unpredictability in the selection of further audit procedures to be performed
    • lIncreasing the overall scope of audit procedures, including the nature, timing or extent
  27. Assessing Risks at the Assertion Level
    • ØExamples
    • lFailure to recognize an impairment loss on a long-lived asset affects only the valuation assertion
    • lInaccurate counting of inventory at year-end affect the valuation of inventory and the accuracy of cost of goods sold

    • ØResponses
    • lDecisions are made here as to the appropriate combination of tests of controls and substantive procedures
  28. Consideration of the Work of Internal Auditors
    lCPA can rely on work of internal audit to reduce amount of testing

    lCPA must assess internal audit competence and objectivity

    lIf intent is to rely upon work of internal audit, test that work

    • ØObtaining direct assistance of internal auditors
    • lCan obtain assistance in performing procedures, but CPA remains responsible for the audit.
  29. Service Organizations (What are they)
    • ØComputer  service organizations provide processing services to customers who decide not to invest in their own processing of
    • particular data

    ØExamples: Outsource processing of payroll or Internet sales.
  30. Service Organizations (TERMS)
    lService auditor—provides examination of service organization’s controls.

    lUser Auditor—Uses that report.
  31. Service Organizations (TYPES)
    • lType 1—
    • Management’s description of the system and the suitability of the design of controls

    • lType 2—
    • Attributes of 1, plus assurance on the operating effectiveness of controls
    • •A Type 2 report may provide the user
    • auditor with a basis for assessing control risk below the maximum.
  32. Internal Control Deficiency
    when the design or operation of a control does not allow of performing their assigned functions, to prevent or detect misstatements on a timely basis

    • Less than significant
    • Significant Deficiency
    • Material Weakness

    either: design or operating
  33. Internal Control in the Small Company
    ØDue to lack of employees, internal control is seldom strong in small businesses

    • ØSpecific practices for small businesses
    • lRecord all cash receipts immediately
    • lDeposit all cash receipts intact daily

    • lMake all payments by serially numbered checks, with exception of petty cash disbursements
    • lReconcile bank accounts monthly and retain copies
    • lUse serially numbered invoices, Pos, and
    • receiving reports
    • lIssue checks to vendors only in payment of approved invoices that have been matched
    • with purchase orders and receiving reports
    • lBalance subsidiary ledger with control accounts
    • lPrepare comparative financial statements monthly to disclose significant variations in
    • any category of revenue or expense
  34. Management’s Report on Internal Control under Section 404a
    ØAcknowledgment of responsibility for internal control

    ØAn assessment of internal control effectiveness as of the last day of the company’s fiscal yearn using suitable criteria

    ØSupport the evaluation with sufficient evidence
  35. Approach to Audit of Internal Control under Section 404b
    ØThis section applies to public companies with a market capitalization of $75 million or more. For those companies, the auditors audit internal control as a part of an integrated audit as follows:

    lPlan the engagement

    lUse a top-down approach to identify the controls to test

    lTest and evaluate design effectiveness of internal control

    lTest and evaluate operating effectiveness of internal control

    lForm an opinion on effectiveness of internal control over financial reporting

What would you like to do?

Home > Flashcards > Print Preview