©2010 prentice hall business publishing, auditing 13/e, arens/elder/beasley 10 - 1 internal control...
TRANSCRIPT
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 1
Internal Control and Control RiskInternal Control and Control Risk
Chapter 10Chapter 10
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 22
3. Compliance with laws and regulations
2. Efficiency and effectiveness of operations
1. Reliability of financial reporting
Internal Control ObjectivesInternal Control Objectives
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 33
Five Components of Internal Five Components of Internal ControlControl
Riskassessment
Controlactivities
Information andcommunication Monitoring
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 44
The Control EnvironmentThe Control Environment
Integrity and ethical values
Commitment to competence
Board of directors or auditcommittee participation
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 55
The Control EnvironmentThe Control Environment
Management’s philosophy and operating style
Organizational structure
Human resource policies and practices
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 66
Risk AssessmentRisk Assessment
Identify factors that may increase risk
Assess the likelihood of the risk occurring
Determine actions necessary to manage the risk
Estimate the significance of the risk
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 77
Control ActivitiesControl Activities
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 88
Proper Authorization of Proper Authorization of Transactions and ActivitiesTransactions and Activities
General authorization
Specific authorization
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 99
Adequate Documents and Adequate Documents and RecordsRecords
Prenumbered consecutively
Prepared at the time of transaction
Designed for multiple use
Constructed to encourage correct preparation
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1010
Physical Control Over AssetsPhysical Control Over Assetsand Recordsand Records
The most important type of protectivemeasure for safeguarding assets andrecords is the use of physical precautions.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1111
Independent Checks on Independent Checks on PerformancePerformance
The need for independent checks arisesbecause internal control tends to changeover time unless there is a mechanismfor frequent review.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1212
Information and CommunicationInformation and Communication
The purpose of an accounting informationand communication system is to…
initiate, record, process, and reportthe entity’s transactions and to maintainaccountability for the related assets.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1313
MonitoringMonitoring
Monitoring activities deal with management’songoing and periodic assessment of thequality of internal control performance…
to determine whether controls are operatingas intended and modified when needed.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1414
Process for Understanding Internal Process for Understanding Internal Control and Assessing Control RiskControl and Assessing Control Risk
Obtain an understanding of
internal control: design and operation
Assess control risk
Design, perform, and evaluate tests of
controls
Decide planned detection risk and substantive tests
Phase 1
Phase 2
Phase 3
Phase 4
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1515
Obtain and Document Understanding Obtain and Document Understanding of Internal Controlof Internal Control
Auditing standards require auditors to obtain an understanding of internal control for every audit.
Procedures to obtain an understanding: Design of internal controls Whether placed in operation Uses this information as a basis for the
integrated audit
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1616
Methods UsedMethods Used
Narrative
FlowchartInternalcontrol
questionnaire
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1717
NarrativeNarrative
1. The origin of every document and record in the system
2. All processing that takes place
3. The disposition of every document and record in the system
4. An indication of the controls relevant to the assessment of control risk
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1818
Evaluating Internal Control Evaluating Internal Control OperationOperation
Update and evaluate auditor’s previousexperience with the entity
Make inquiries of client personnel
Examine documents and records
Observe entity activities and operations
Perform walk-throughs of the accounting system
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1919
Assess Control RiskAssess Control Risk
Assess whether the financial statementsare auditable.
Determine assessed control risk supportedby the understanding obtained assumingthe controls are being followed.
Use of a control risk matrix to assesscontrol risk.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2020
Control Risk MatrixControl Risk Matrix
Many auditors use the control risk matrixto assist in the control risk assessmentprocess.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2121
Control Risk MatrixControl Risk Matrix
Identify audit objectives
Identify existing controls
Associate controls with related audit objectives
Identify and evaluate control deficiencies,significant deficiencies, and material weaknesses
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2222
Evaluating Significant Control Evaluating Significant Control DeficienciesDeficiencies
MaterialWeakness
LIKELIHOOD
SIGNIFICANCE
Material
Immaterial
ProbableRemote
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2323
Identify Deficiencies and Identify Deficiencies and WeaknessWeakness
Identify existing controls
Identify the absence of key controls
Consider the possibility of compensating controls
Decide whether there is a significant deficiencyor material weakness
Determine potential misstatements that could result
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2424
CommunicationsCommunications
Management letters
Communications to thosecharged with governance
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2525
Tests of ControlsTests of Controls
The procedures to test effectiveness of controlsin support of a reduced assessed controlrisk are called tests of controls.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2626
Procedures for Tests of Procedures for Tests of ControlsControls
1. Make inquiries of client personnel
2. Examine documents, records, and reports
3. Observe control-related activities
4. Reperform client procedures
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2727
Extent of ProceduresExtent of Procedures
Reliance on evidence from prior year’s audit
Testing of controls related to significant risks
Testing less than the entire audit period
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2828
Decide Planned Detection Risk and Decide Planned Detection Risk and Design Substantive TestsDesign Substantive Tests
The auditor uses the results of the control riskassessment process and tests of controls todetermine the planned detection risk andrelated substantive tests.
The auditor links the control risk assessmentsto the balance-related audit objectives.
©2010 Prentice Hall Business Publishing, ©2010 Prentice Hall Business Publishing, Auditing 13/e,Auditing 13/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 29
End of Chapter 10End of Chapter 10