chapter 9 the study of internal control and assessment of control risk
DESCRIPTION
CHAPTER 9 The Study of Internal Control and Assessment of Control Risk. What is internal control ?. Internal control is a process designed to provide reasonable assurance regarding the achievement of management’s ob- jectives regarding:. Internal control is a process designed to - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/1.jpg)
1
CHAPTER 9The Study of
Internal Control and Assessment of
Control Risk
![Page 2: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/2.jpg)
2
What is What is internal internal controlcontrol??
Internal control is a process designed toprovide reasonable assurance regardingthe achievement of management’s ob-jectives regarding:
![Page 3: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/3.jpg)
3
- reliability of financial reporting- operational effectiveness and efficiency- compliance with laws and regulations
Internal control is a process designed toprovide reasonable assurance regardingthe achievement of management’s ob-jectives regarding:
The Foreign Corrupt PracticesAct requires “proper recordkeeping
systems” of SEC companies; i.e., reliable financial statements and ac-
counting records.
![Page 4: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/4.jpg)
4
performpreliminaryanalytical
procedures
Steps in audit planningSteps in audit planning
preplan
understandinternal control
and assesscontrol risk
setmateriality, and
assess acceptableaudit risk andinherent risk
obtainbackgroundinformation
obtain information about client’s legal obligations
![Page 5: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/5.jpg)
5
performpreliminaryanalytical
procedures
Steps in audit planningSteps in audit planning
preplan
Why is an understand- ing of internal control im- portant?
setmateriality, and
assess acceptableaudit risk andinherent risk
understandinternal control
and assesscontrol risk
obtainbackgroundinformation
obtain information about client’s legal obligations
![Page 6: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/6.jpg)
6
Second Fieldwork Standard:A sufficient understanding of internalcontrol is to be obtained to plan the audit and to determine the nature, tim-ing, and extent of tests to be performed.
Why is anunderstanding
of internalcontrol
important?
![Page 7: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/7.jpg)
7
Audit Risk has 3 components Audit Risk has 3 components which combine to make the which combine to make the audit risk modelaudit risk model: (AU 312): (AU 312)
= x xaudit risk
inherent risk
control risk
detection risk
therisk that material
misstatements will not be prevented ordetected by
internal controls
![Page 8: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/8.jpg)
8
- internal control is the client’s respon- sibility and should be designed to help the client attain goals- internal control should provide rea- sonable but not absolute assurance; cost/benefit must be considered- internal control has inherent limita- tions (e.g., misunderstandings, mis- takes, fatigue, carelessness, collusion, management override)
Key Internal Control ConceptsKey Internal Control Concepts
![Page 9: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/9.jpg)
9
What are the components of What are the components of internal control?internal control?
![Page 10: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/10.jpg)
10
the controlenvironment
What are the components of What are the components of internal control?internal control?
![Page 11: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/11.jpg)
11
The control environment is theactions, policies, and procedures thatreflect management’s attitude regard-
ing controls and their importance.
All these controls are unnecessary!
![Page 12: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/12.jpg)
12
Factors related to the Control Environment:Factors related to the Control Environment:
- integrity and ethical values
Does man-agement com-municate com-
pany values andbehavioral stan-
dards to personnelthrough policy state-ments, codes of con-
duct, and by example?
Does managementremove or reduce
incentives or temp-tations that mightprompt personnelto engage in dis-honest, illegal,
or unethicalacts?
![Page 13: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/13.jpg)
13
Factors related to the Control Environment:Factors related to the Control Environment:
- commitment to competence
Does management consider com-petence levels for specific jobs
and how those levels translate into requisite skills and knowledge?
![Page 14: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/14.jpg)
14
Factors related to the Control Environment:Factors related to the Control Environment:
- board of directors or audit committee The audit committee maintains communication between the Board of Directors and internal and external auditors. The committee is composed of outside members of the board. SEC companies are required to have an audit committee.
BOARD OFDIRECTORS
auditcommittee
internalauditors
externalauditors
![Page 15: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/15.jpg)
15
Factors related to the Control Environment:Factors related to the Control Environment:
- management’s philosophy and operating style
![Page 16: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/16.jpg)
16
Factors related to the Control Environment:Factors related to the Control Environment:
- management’s philosophy and operating style Consider the following: - their approach to taking and monitoring business risk
![Page 17: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/17.jpg)
17
Factors related to the Control Environment:Factors related to the Control Environment:- management’s philosophy and operating style Consider the following: - their attitude and actions toward financial reporting
![Page 18: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/18.jpg)
18
Factors related to the Control Environment:Factors related to the Control Environment:
- management’s philosophy and operating style Consider the following: - their emphasis on meeting financial and operating goals
...our bonusesare based on net income.We all want fat bonuses!
What can we do?
![Page 19: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/19.jpg)
19
Factors related to the Control Environment:Factors related to the Control Environment:
- organizational structure The auditor should consider lines of responsibility and authority.
![Page 20: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/20.jpg)
20
What are theformal methods that
management uses to communicateinternal controls to
employees?
Factors related to the Control Environment:Factors related to the Control Environment:- assignment of authority and responsibility
EmployeeHandbook
CompanyPolicies
JobDescription
Memo:
![Page 21: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/21.jpg)
21
Factors related to the Control Environment:Factors related to the Control Environment:
- human resource policies and practices Management should ensure that compe- tent, trustworthy, motivated personnel are employed to meet client goals and objectives.
Employees are the critical com-ponent of effective internal control.
![Page 22: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/22.jpg)
22
With competent, trustworthy, motivated per-sonnel, even a poorly designed system ofinternal control may function adequately.
Employees are the critical com-ponent of effective internal control.
![Page 23: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/23.jpg)
23
Without such personnel, even a well-designed system will probably fail.
With competent, trustworthy, motivated per-sonnel, even a poorly designed system ofinternal control may function adequately.
![Page 24: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/24.jpg)
24
Risk assessment for financial reportingis management’s identification and anal-ysis of risks relevant to financial state-
ment preparation in conformity with GAAP.
riskassessment
What are the components of What are the components of internal control?internal control?
![Page 25: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/25.jpg)
25
controlactivities
Control activities are policies and pro-cedures, in addition to those related to
other components, established to enablethe entity to address risks in the achievement of their objectives.
![Page 26: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/26.jpg)
26
1. Adequate separation of duties - separate custody of assets from accounting
Mr. Controller
Categories of Control ActivitiesCategories of Control Activities
![Page 27: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/27.jpg)
27
1. Adequate separation of duties - separate custody of assets from authorization of transactions
As custodian ofthe corporate auto fleet, I hearby authorize retire- ment of auto #43 because of obso- lescence.
#43
joe
Categories of Control ActivitiesCategories of Control Activities
![Page 28: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/28.jpg)
28
1. Adequate separation of duties - separate operational responsibility from record keeping responsibility
Categories of Control ActivitiesCategories of Control Activities
Example: Ace company has two plants; one inGreat Britain and one in the U.S.A. Manage-ment is deciding whether the plant controllersshould report directly to the plant managersor the corporate vice president of finance.
![Page 29: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/29.jpg)
29
plantcontroller
V.P.-production
V.P.- finance
plant manager
plantcontroller
plant manager
plantcontroller
V.P.-production
V.P.- finance
plant manager
plantcontroller
plant manager
plantcontroller
plant manager
Which arrangement creates a potential conflict of interest?
![Page 30: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/30.jpg)
30
plantcontroller
V.P.-production
V.P.- finance
plant manager
plantcontroller
plant manager
Which arrangement creates a potential conflict of interest?
If the plant controller reports directly to theplant manager, a potential conflict of interestexists. In an effort to make that plant’s resultsappear favorable, the plant manager may at-
tempt to influence the plant controller.
![Page 31: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/31.jpg)
31
1. Adequate separation of duties - separate duties within EDP
Categories of Control ActivitiesCategories of Control Activities
![Page 32: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/32.jpg)
32
What kind of company typically has What kind of company typically has difficulty accomplishing adequate difficulty accomplishing adequate
segregation of duties?segregation of duties?
![Page 33: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/33.jpg)
33
What kind of company typically has What kind of company typically has difficulty accomplishing adequate difficulty accomplishing adequate
segregation of duties?segregation of duties?
Small companies frequently have diffi-culty with segregation of duties because
of fewer employees.
![Page 34: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/34.jpg)
34
Collusion is the defeat of adequate sep-aration of duties wherein employees
cooperate to perpetrate fraud.
...we’re agreed.We’ll be rich be-yond our wildest
dreams!
What is collusioncollusion??
![Page 35: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/35.jpg)
35
What is the most effective way to What is the most effective way to preventprevent collusion? collusion?
![Page 36: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/36.jpg)
36
hire competent, trustworthy,motivatedpersonnel
What is the most effective way to What is the most effective way to preventprevent collusion? collusion?
![Page 37: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/37.jpg)
37
Competent, untrustworthy, motivatedpersonnel oftenknow how to conceal theirfraud.
Why is collusion particularly Why is collusion particularly troublesome for auditors?troublesome for auditors?
![Page 38: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/38.jpg)
38
1. Adequate separation of duties2. Proper authorization of transactions and activities
Categories of Control ActivitiesCategories of Control Activities
![Page 39: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/39.jpg)
39
1. Adequate separation of duties2. Proper authorization of transactions and activities - general authorization - management establishes authorization policies
Categories of Control ActivitiesCategories of Control Activities
accountspayablepolicies &procedures
cashreceiptspolicies &procedures
humanresourcespolicies &procedures
![Page 40: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/40.jpg)
40
I’m thepresident and
I want to approveevery cashpayment!
Categories of Control ActivitiesCategories of Control Activities1. Adequate separation of duties2. Proper authorization of transactions and activities - specific authorization - management makes authorizations on a case-by- case basis.
![Page 41: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/41.jpg)
41
1. Adequate separation of duties2. Proper authorization of transactions and activities3. Adequate documents and records should provide reasonable assurance that all assets are properly controlled and all transactions are correctly recorded.
Categories of Control ActivitiesCategories of Control Activities
![Page 42: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/42.jpg)
42
DocumentDocumentGuidelinesGuidelinesDocumentsshould be:prenumbered and accountedfor
PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price
WAIT FORESTU N I V E R S I T Y
total cost of order
Est. shipment date: Terms of sale (including discounts and freight costs): Carrier:
Internal Use Only: (routing instructions)1.PO made in purchasing 3. receiving notes ship2.Copies to vendor, receiv. 4. acctg. reconciles
U N I V E R S I T Y
![Page 43: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/43.jpg)
43
DocumentDocumentGuidelinesGuidelinesDocumentsshould be:preparedduring or soon after therelated transaction
PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price
WAIT FORESTU N I V E R S I T Y
total cost of order
Est. shipment date: Terms of sale (including discounts and freight costs): Carrier:
Internal Use Only: (routing instructions)1.PO made in purchasing 3. receiving notes ship2.Copies to vendor, receiv. 4. acctg. reconciles
U N I V E R S I T Y
![Page 44: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/44.jpg)
44
DocumentDocumentGuidelinesGuidelinesDocumentsshould be:understand-able andcorrectlydesigned(includingrouting andauthorization)
PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price
WAIT FORESTU N I V E R S I T Y
total cost of order
Est. shipment date: Terms of sale (including discounts and freight costs): Carrier:
Internal Use Only: (routing instructions)1.PO made in purchasing 3. receiving notes ship2.Copies to vendor, receiv. 4. acctg. reconciles
U N I V E R S I T Y
![Page 45: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/45.jpg)
45
DocumentDocumentGuidelinesGuidelines
Documentsshould be:designedformultiplepurposes
bc
PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price
WAIT FORESTU N I V E R S I T Y
total cost of order
Est. shipment date: Terms of sale (including discounts and freight costs): Carrier:
Internal Use Only: (routing instructions)1.PO made in purchasing 3. receiving notes ship2.Copies to vendor, receiv. 4. acctg. reconciles
U N I V E R S I T Y
a
![Page 46: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/46.jpg)
46
2. Proper authorization of transactions and activities3. Adequate documents and records4. Physical control over assets and records - locking rooms, fenced areas, fireproof safes, safe deposit boxes, security guards, backup files
Categories of Control ActivitiesCategories of Control Activities
![Page 47: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/47.jpg)
47
2. Proper authorization of transactions and activities3. Adequate documents and records4. Physical control over assets and records5. Independent checks on performance - those reviewing performance should be independent of those performing a task
Categories of Control ActivitiesCategories of Control Activities
![Page 48: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/48.jpg)
48
5. Independent checks on performance
Categories of Control ActivitiesCategories of Control Activities
Separation of duties is the leastexpensive method of performing
independent checks.
![Page 49: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/49.jpg)
49
informationand
communication
What are the components of What are the components of internal control?internal control?
![Page 50: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/50.jpg)
50
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives.designed to satisfy audit objectives.
informationand
communication
![Page 51: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/51.jpg)
51
- existence - the system should ensure that recorded transactions exist - no fictitious transactions
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives:designed to satisfy audit objectives:
![Page 52: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/52.jpg)
52
- existence- completeness - the system should en- sure that all existing transactions are recorded
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives:designed to satisfy audit objectives:
![Page 53: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/53.jpg)
53
How do the How do the existenceexistence and and completenesscompletenessobjectives differ?objectives differ?
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives:designed to satisfy audit objectives:
- existence- completeness
![Page 54: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/54.jpg)
54
How do the How do the existenceexistence and and completenesscompletenessobjectives differ?objectives differ?
Existence con-cerns the existence offictitious data; i.e., overstatement.
![Page 55: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/55.jpg)
55
How do the How do the existenceexistence and and completenesscompletenessobjectives differ?objectives differ?
Existence con-cerns the existence offictitious data; i.e., overstatement.
Completeness concerns omission of information; i.e., under-
statement.
![Page 56: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/56.jpg)
56
- existence- completeness- accuracy - the system should ensure that recorded transactions are stated at the correct amounts
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives:designed to satisfy audit objectives:
![Page 57: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/57.jpg)
57
- existence- completeness- accuracy- classification - the system should en- sure that transactions are properly classified, possibly through use of a chart of accounts.
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives:designed to satisfy audit objectives:
![Page 58: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/58.jpg)
58
- existence- completeness- accuracy- classification- timing - the system should ensure that transactions are recorded on the cor- rect dates. Generally, transactions should be recorded during or shortly after their occurrence.
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives:designed to satisfy audit objectives:
![Page 59: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/59.jpg)
59
- existence- completeness- accuracy- classification- timing- posting and summarization -the system should ensure that transactions are included in the accounting records and accurately summarized.
The accounting information andThe accounting information andcommunication system should becommunication system should be
designed to satisfy audit objectives:designed to satisfy audit objectives:
![Page 60: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/60.jpg)
60
monitoring
What are the components of What are the components of internal control?internal control?
![Page 61: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/61.jpg)
61
monitoring
Monitoring activities deal with Monitoring activities deal with ongoing or periodic assessmentongoing or periodic assessment
of internal control.of internal control.
![Page 62: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/62.jpg)
62
Internal auditing departmentsInternal auditing departments frequently perform monitoring frequently perform monitoring
activities.activities.
![Page 63: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/63.jpg)
63
monitoringcontrol
activities
riskassessment
the controlenvironment
information andcommunication
What are the components of What are the components of internal control?internal control?
![Page 64: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/64.jpg)
64
ControlExamina-
tionOverview Obtain an understanding
of internal control.
HOW?HOW?
![Page 65: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/65.jpg)
65
ControlExamina-
tionOverview
- review prior year workpapers- interview prior year auditors- interview client personnel- study client policies and procedures- study client documents, records, information and communication system
Obtain an understandingof internal control.
![Page 66: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/66.jpg)
66
ControlExamina-
tionOverview
- narratives- flowcharts- internal control questionnaires
What is aninternal controlquestionnaire?
How do auditors document their under-
standing of internalcontrol?
![Page 67: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/67.jpg)
67
Internal Control QuestionnaireInternal Control Questionnaire
What are theadvantages provided by
an IC questionnaire?
- a series of questions about internal controls and their application to groups of accounts and cycles- generally, a “no” answer indicates an internal control weakness
![Page 68: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/68.jpg)
68
What are theadvantages provided by
an IC questionnaire?
Internal Control QuestionnaireInternal Control Questionnaire
- can be designed to cover most aspects of internal control - is relatively applicable from one en- gagement to another- when complete, can be quickly re- viewed for weaknesses
![Page 69: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/69.jpg)
69
Internal Control QuestionnaireInternal Control Questionnaire
- concentrates on pieces of internal con- trol rather than the system as a whole- has questionable reliability; oral cli- ent responses should be supported by other evidence- may be too standardized for some clients, especially smaller clients
What are thedisadvantages of using
an IC questionnaire?
![Page 70: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/70.jpg)
70
Arefinancial statements
auditable?
ControlExamina-
tionOverview
- management lacks integrity- significantly deficient accounting records or internal controls
When would theWhen would theanswer be answer be NONO??
![Page 71: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/71.jpg)
71
ControlExamina-
tionOverview
Assess control risk, basedon understanding.
![Page 72: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/72.jpg)
72
ControlExamina-
tionOverview
Assess the cost/benefit offurther enhancing under-
standing of internal control.
![Page 73: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/73.jpg)
73
ControlExamina-
tionOverview
high medium low
Assesscontrol
risk.
![Page 74: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/74.jpg)
74
ControlExamina-
tionOverview
- high: poor controls indicate a very risky situation
high medium low
Assesscontrol
risk.
![Page 75: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/75.jpg)
75
ControlExamina-
tionOverview
- high: poor controls indicate a very risky situation- medium: mix of effective and in- effective controls indi- cate a moderate level of risk
high medium low
Assesscontrol
risk.
![Page 76: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/76.jpg)
76
ControlExamina-
tionOverview
- medium: mix of effective and in- effective controls indi- cate a moderate level of risk- low: effective controls indi- cate a low level of risk
high medium low
Assesscontrol
risk.
![Page 77: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/77.jpg)
77
ControlExamina-
tionOverview
Perform tests of controls.
![Page 78: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/78.jpg)
78
ControlExamina-
tionOverview
Decidewhether the initial
internal control assessmentwas appropriate.
![Page 79: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/79.jpg)
79
ControlExamina-
tionOverview
Based on appropriatelevel of detection risk,
perform substantive tests.
![Page 80: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/80.jpg)
80
What are What are reportable conditionsreportable conditions??
Reportable conditions are signifi-cant internal control deficiencieswhich adversely affect financial
data (AU 325).
![Page 81: CHAPTER 9 The Study of Internal Control and Assessment of Control Risk](https://reader033.vdocument.in/reader033/viewer/2022061520/568145ae550346895db2ad25/html5/thumbnails/81.jpg)
81
AU 325requires the auditor to com-
municate (oral or written)with the audit committeeregarding the reportable
conditions.
Reportable conditions are signifi-cant internal control deficiencieswhich adversely affect financial
data (AU 325).