1 evaluation of internal control system. 2 learning objective 1 contrast management’s need for...
TRANSCRIPT
![Page 1: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/1.jpg)
1
Evaluation of Internal ControlSystem
![Page 2: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/2.jpg)
2
Learning Objective 1
Contrast management’s need for
internal control with the auditor’s
need to consider internal control
when designing an audit.
![Page 3: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/3.jpg)
3
Internal Controls - Definition• "Internal control system" means all the policies and
procedures (internal controls) adopted by the management of an entity to assist in achieving management's objective of ensuring, as far as practicable,– the orderly and efficient conduct of its business,
including adherence to management policies, – the safeguarding of assets, – the prevention and detection of fraud and error, – the accuracy and completeness of the accounting
records, – and the timely preparation of reliable financial
information.
![Page 4: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/4.jpg)
4
InherentLimitations
ReasonableAssurance
Management’sResponsibility
Key Concepts
![Page 5: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/5.jpg)
5
Client’s Concerns
Compliance with applicable laws and regulations
Reliability of financial reporting
Efficiency and effectiveness of operations
![Page 6: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/6.jpg)
6
Auditor Concerns
Controls over classes of transactions(more than on account balances)
Controls related to reliability of financial reporting
![Page 7: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/7.jpg)
7
Learning Objective 2
Explain the components
of internal control.
![Page 8: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/8.jpg)
8
Internal Controls – 2 Components(a) “The Control Environment“:
Which means the overall attitude, awareness and actions of directors and management regarding the internal control system and its importance in the entity. Factors affecting include:
– The function of the board of directors and its committees.
– Management's philosophy and operating style.– The entity's organizational structure and methods
of assigning authority and responsibility.– Management's control system including the internal
audit function, personnel policies and procedures and segregation of duties.
![Page 9: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/9.jpg)
9
Internal Controls – 2 Components(b) "control procedures" which means those
policies and procedures in addition to the control environment which management has established to achieve the entity's specific objectives.
“SPAM SOAP”
![Page 10: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/10.jpg)
10
Adequate Separationof Duties
A transaction can be dissected as follows;
C = Custody
A = Authority
R = Recording
E = Execution
![Page 11: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/11.jpg)
11
Proper Authorization of Transactions and Activities
General authorization
Specific authorization
General policies to be followed. Approves all transactions within the limits set by the policy.
Relates to the authorization of individual transaction
![Page 12: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/12.jpg)
12
Adequate Documentsand Records
Prenumbered consecutively
Prepared at the time of transaction
Designed for multiple uses
Constructed to encourage correct preparation
Simple enough to ensure understanding
![Page 13: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/13.jpg)
13
Physical Control overAssets and Records
Physical precautions
Controls related to IT equipment,programs, and data files
Physicalcontrols
Accesscontrols
Backup andrecovery
procedures
![Page 14: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/14.jpg)
14
Independent Checkson Performance
The need for independent checksarise because internal control tendsto change over time unless there isa mechanism for frequent review.
![Page 15: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/15.jpg)
15
The Accounting System
"Accounting system" means the series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records. Such systems identify, assemble, analyze, calculate, classify, record, summarize and report transactions and other events.
![Page 16: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/16.jpg)
16
The Accounting System - Objectives–Transactions are executed in accordance with management's general or specific authorization.–All transactions and other events are promptly recorded in the correct amount, in the appropriate accounts and in the proper accounting period so as to permit preparation of financial statements in accordance with the Sri Lanka Accounting Standards. –Access to assets and records is permitted only in accordance with management's authorization.–Recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken regarding any differences.
![Page 17: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/17.jpg)
17
Learning Objective 3
Explain methods used to
obtain an understanding
of internal control.
![Page 18: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/18.jpg)
18
Understanding Internal Controland Assessing Control Risk
Obtain Understanding of Internal Control:Design and Operation
Assess Control Risk Test Controls
Decide Planned Detection Riskand Substantive Tests
![Page 19: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/19.jpg)
19
Reasons for Sufficiently Understanding Internal Control
SLAuS requires the auditor toobtain an understanding of internal
control for every audit.
Minimum auditplanning matters
• Auditability• Potential material
misstatements• Detection risk• Design of test
![Page 20: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/20.jpg)
20
Procedures to DetermineDesign and Placement
Update and evaluate auditor’s previousexperience with the entity.
Make inquires of client personnel.
Read client’s policy and systems manuals.
Examine documents and records.
Observe entity activities and operations.
![Page 21: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/21.jpg)
21
Documentation ofthe Understanding
Narrative(139)
Narrative(139)
FlowchartFlowchart Internalcontrol
Questionnaire(141)
Internalcontrol
Questionnaire(141)
![Page 22: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/22.jpg)
22
Learning Objective 4
Assess control risk by linking
strengths and weaknesses of
internal control to transaction-
related audit objectives.
![Page 23: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/23.jpg)
23
Assess Control Risk
Obtain sufficient understanding for planning.
Assess whether the entity is auditable.
Determine assessed control risk.
Assess if a lower control risk could be supported.
Determine the appropriate assessed control risk.
![Page 24: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/24.jpg)
24
Assess Control Risk
Identify transaction-related audit objectives.
Identify specific controls.
Identify and evaluate weaknesses.
![Page 25: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/25.jpg)
25
Identify and Evaluate Weaknesses
Identify existing controls.
Identify the absence of key controls.
Determine misstatements that could result.
Consider compensating controls.
![Page 26: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/26.jpg)
26
Communication• As a result of obtaining an understanding of the
accounting and internal control systems and tests of control, the auditor may become aware of weaknesses in the systems. The auditor should make management aware, as soon as practical and at an appropriate level of responsibility, of material weaknesses in the design or operation of the accounting and internal control systems, which have come to the auditor's attention. The communication to management of material weaknesses would ordinarily be in writing.
![Page 27: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/27.jpg)
27
Learning Objective 5
Describe the process of designing
and performing tests of controls.
![Page 28: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/28.jpg)
28
The Need for Test of Controls
If the auditor, after obtaining an understanding of the accounting system and control environment, expects to be able to rely on his assessment of control risk to reduce the extent of substantive procedures, he should make a preliminary assessment of control risk for material financial statement assertions, and plan and perform tests of control to support that assessment.
![Page 29: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/29.jpg)
29
Tests of Controls
The procedures to test effectivenessof controls in support of a reduced
assessed control risk are calledtests of controls.
![Page 30: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/30.jpg)
30
Procedures forTests of Controls
Make inquiries of client personnel.
Examine documents, records, and reports.
Observe control-related activities.
Reperform client procedures.
![Page 31: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/31.jpg)
31
Extent of Procedures
Reliance on evidence from prior year’s audit
Testing less than the entire audit period
![Page 32: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/32.jpg)
32
Decide Planned Detection Riskand Design Substantive Tests
The auditor uses the results of the control riskassessment process and tests of controls todetermine the planned detection risk and
related substantive tests.
![Page 33: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/33.jpg)
33
Decide Planned Detection Riskand Design Substantive Tests
The level of detection risk relates directly to the auditor's substantive procedures. The auditor's control risk assessment, together with the inherent risk assessment, influences the nature, timing and extent of substantive procedures to be performed to reduce detection risk, and therefore audit risk, to an acceptably low level. Some detection risk would always be present even if an auditor were to examine 100 percent of the account balance or class of transactions because, for example, most audit evidence is persuasive rather than conclusive.
![Page 34: 1 Evaluation of Internal Control System. 2 Learning Objective 1 Contrast management’s need for internal control with the auditor’s need to consider internal](https://reader031.vdocument.in/reader031/viewer/2022032606/56649eb35503460f94bba642/html5/thumbnails/34.jpg)
34
Decide Planned Detection Riskand Design Substantive Tests
The auditor should consider the assessed levels of inherent and control risks in determining the nature, timing and extent of substantive procedures required to reduce audit risk to an acceptable level..