pd 9184 and its irr-a.ppt
TRANSCRIPT
-
7/25/2019 PD 9184 and its IRR-A.ppt
1/195
1
TRAINING ON INTERNAL CONTROL
EVALUATION
Learning Objectives:
1. To discuss Internal Control Structure (ICS);
2. To link ICS with Risk Based Audit (RBA), fro the !T" tothe AAR#SC $hase;
%. To de&elo$'i$ro&e the skills of $artici$ants on thee&aluation of internal control; and
. To $ro&ide uidance on the utili*ation of the knowledeo+tained in this seinar in the eecution of audit work inthe #RAR $hase and re$ortin of audit results in theC- $hase.
-
7/25/2019 PD 9184 and its IRR-A.ppt
2/195
2
ISA 315(Internatina! Stan"ar"s n A#"iting$
%Understanding the Entity and Its Environment and
Assessing the Risks of Material Misstatementre/uiresthe auditor to0
1. "+tain an understandin of internal control structure and on
audit risks.
2. !se this understandin to identif t$es of $otentialisstateents.
%. Consider factors affectin the risks of $otential
isstateents.
. esin the nature, tiin and etent of further audit
$rocedures.
-
7/25/2019 PD 9184 and its IRR-A.ppt
3/195
%
IT3RA4 C"TR"4 S5ST3# defined0
All the $olicies and $rocedures ado$ted + anaeent to ensure 0
orderl and efficient conduct of its +usiness;
adherence to anaeent $olicies;
safeuardin of assets;
$re&ention and detection of fraud and error; accurac and co$leteness of accountin records; and
tiel $re$aration of relia+le financial inforation.
-
7/25/2019 PD 9184 and its IRR-A.ppt
4/195
nctins' Interna! Cntr!6 reventive Cntr!s7
are desined to $re&ent ad&erse actions or risks frooccurrin.
6 )etective Cntr!s *
are desined to detect an error or ad&erse e&ent after it
occurred +ut within a reasona+le tie to $erit correction.
6 Crrective Cntr!s *
are desined to reed $ro+les disco&ered with detecti&e
controls.
-
7/25/2019 PD 9184 and its IRR-A.ppt
5/195
8
Objectives ' Interna! Cntr!
1. 9inancial re$ortin control o+:ecti&e0
relates to the relia+ilit of the financial re$ortin $ro&ided+ accountin inforation sste and recordin function.
2. "$erations controls o+:ecti&e0
is intended to enhance the effecti&eness and efficienc
of o$erations.
%. Co$liance controls o+:ecti&e0
relates to co$liance with laws and reulations.
-
7/25/2019 PD 9184 and its IRR-A.ppt
6/195
Interna!Cntr! assertins
There are two assertions of anaeent0
6 internal control and
6 financial stateents.
-
7/25/2019 PD 9184 and its IRR-A.ppt
7/195
1
&stablish 'isk (anagement
)rocess
1
a. efine
Risk anaeent
oals and o+:ecti&es Coon lanuae
+. 3sta+lish risk o&ersiht
structures
!T" Assess Risk #anaeent =rocess
Estab!is0 ris5
,anage,ent .rcessGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
6 Doals and o+:ecti&es
6 Coon 4an)ua)e
6 "&ersi)ht structure
In'r,atin 'r
"ecisin ,a5ing
)esign i,.!e,ent ris5,anage,ent .rcessesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk ana)eent strate)iesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk controls
+nitr ris5 ,anage,ent
.rcesses .er'r,ance
Cntin##s!/ i,.rve
ris5 ,anage,ent
ca.abi!ities
Assess agenc/ ris5sGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Identif1 Source #easure
)eve!. ris5
,anage,ent strategiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
A&oid 3,$loit Transfer
Acce$t and reduce
!T" Assess Risk #anaeent =rocess
-
7/25/2019 PD 9184 and its IRR-A.ppt
82/195
>2
Assess Agency 'isk
%dentify
*ource
(easure
a. Chanes in the en&ironent,ke assu$tions, and
o$eration $rocess, and the
i$act of these chanes
+. =rocess or acti&ities to
assess aenc risks and
inforation and inforation
$rocessin (II=)
@
Estab!is0 ris5
,anage,ent .rcessGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
6 Doals and o+:ecti&es
6 Coon 4an)ua)e
6 "&ersi)ht structure
In'r,atin 'r
"ecisin ,a5ing
)esign i,.!e,ent ris5,anage,ent .rcessesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk ana)eent strate)iesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk controls
+nitr ris5 ,anage,ent
.rcesses .er'r,ance
Cntin##s!/ i,.rve
ris5 ,anage,ent
ca.abi!ities
Assess agenc/ ris5sGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Identif1 Source #easure
)eve!. ris5
,anage,ent strategiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
A&oid 3,$loit Transfer
Acce$t and reduce
* 'evelop Risk Management &trategies
-
7/25/2019 PD 9184 and its IRR-A.ppt
83/195
>%
*+'evelop Risk Management &trategies
6 Avoid
6 &+ploit6 Transfer
6 Accept and
'educe
Estab!is0 ris5
,anage,ent .rcessGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
6 Doals and o+:ecti&es6 Coon 4an)ua)e
6 "&ersi)ht structure
In'r,atin 'r
"ecisin ,a5ing
)esign i,.!e,ent ris5
,anage,ent .rcessesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk ana)eent strate)iesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGRisk controls
+nitr ris5 ,anage,ent
.rcesses .er'r,ance
Cntin##s!/ i,.rve
ris5 ,anage,ent
ca.abi!ities
Assess agenc/ ris5sGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Identif1 Source #easure
)eve!. ris5
,anage,ent strategiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
A&oid 3,$loit TransferAcce$t and reduce
, 'esign-Implement Risk Control %roess
-
7/25/2019 PD 9184 and its IRR-A.ppt
84/195
>
,+ 'esign-Implement Risk Control %roess
a. 3nsure i&ision ead
and $rocess'acti&it
owners0 a&e the re/uisite
skill and e$ertise Assue
res$onsi+ilit andaccounta+ilit foranain sinificantrisk.
+. Assess the tieliness,efficienc andeffecti&eness of thedesin of new or
i$ro&ed risk control$rocesses.
Estab!is0 ris5
,anage,ent .rcessGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
6 Doals and o+:ecti&es
6 Coon 4an)ua)e
6 "&ersi)ht structure
In'r,atin 'r
"ecisin ,a5ing
)esign i,.!e,ent ris5
,anage,ent .rcessesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk ana)eent strate)iesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGRisk controls
+nitr ris5 ,anage,ent
.rcesses .er'r,ance
Cntin##s!/ i,.rve
ris5 ,anage,ent
ca.abi!ities
Assess agenc/ ris5sGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Identif1 Source #easure
)eve!. ris5
,anage,ent strategiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
A&oid 3,$loit Transfer
Acce$t and reduce
UTO ? Assess Ris +anage,ent rcess
-
7/25/2019 PD 9184 and its IRR-A.ppt
85/195
>8
(onitor 'isk (anagement )erformance
This includes0
a. !tili*ation of all
a&aila+le Haudit
o$$ortunities
+. Bencharkin aainst
leadin 4D! $ractices,standards set +
o&ernent and, to
the etent a$$lica+le,
international standards
5Estab!is0 ris
,anage,ent .rcessGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
6 Doals and o+:ecti&es6 Coon 4anuae
6 "&ersiht structure
In'r,atin 'r
"ecisin ,aing
)esign i,.!e,ent ris,anage,ent .rcessesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk anaeent strateiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk controls
+nitr ris ,anage,ent
.rcesses .er'r,ance
Cntin##s!/ i,.rve
ris ,anage,ent
ca.abi!ities
Assess agenc/ rissGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Identif Source #easure
)eve!. ris
,anage,ent strategiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
A&oid 3$loit Transfer
Acce$t and reduce
UTO ? Assess Ris +anage,ent rcess
-
7/25/2019 PD 9184 and its IRR-A.ppt
86/195
>
ontinuously %mprove'isk (anagement
apabilities
Estab!is0 ris
,anage,ent .rcessGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
6 Doals and o+:ecti&es6 Coon 4anuae
6 "&ersiht structure
In'r,atin 'r
"ecisin ,a5ing
)esign i,.!e,ent ris
,anage,ent .rcessesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk anaeent strateiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Risk controls
+nitr ris ,anage,ent
.rcesses .er'r,ance
Cntin##s!/ i,.rve
ris ,anage,ent
ca.abi!ities
Assess agenc/ rissGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
Identif Source #easure
)eve!. ris
,anage,ent strategiesGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG
A&oid 3$loit TransferAcce$t and reduce
3nsure that risk anaeent, control and onitorin
$rocesses'acti&ities are continuousl i$ro&ed throuhout the
4D!.
UTO ? Assess Ris +anage,ent rcess
-
7/25/2019 PD 9184 and its IRR-A.ppt
87/195
>?
Agenc/ Ris +anage,entObjectives
-
7/25/2019 PD 9184 and its IRR-A.ppt
89/195
?@
Objectives
6 *trategic hih7le&el oals, alined with and su$$ortin its
ission
6 perations effecti&e and efficient use of its resources
6 'eporting relia+ilit of re$ortin
6 ompliance co$liance with a$$lica+le laws and
reulations.
-
7/25/2019 PD 9184 and its IRR-A.ppt
90/195
?1
QUESTION
-
7/25/2019 PD 9184 and its IRR-A.ppt
91/195
?2
UTO ? In'r,atin rcess &ra,e9r
-
7/25/2019 PD 9184 and its IRR-A.ppt
92/195
?%
As International Standards on Auditing (ISA) 310 states:
%n performing an audit of financial statements, the auditor
should have or obtain knowledge of the business sufficient to
enable the auditor to identify and understand the events,
transactions and practices that, in the auditors judgment, may
have a significant effect on the financial statements or on the
e+amination or audit report
Un"erstan" t0e O.eratins (UTO$
-
7/25/2019 PD 9184 and its IRR-A.ppt
93/195
?
Tools used in the performance of UTO
I&I&
In'r,atin rcess
&ra,e9r (I&$
A more detailed representation of the operationA more detailed representation of the operation
and information flow with the purpose of-and information flow with the purpose of-
Obtaining an #n"erstan"ing ' t0e '!9 ' transactins 'r,
.eratins events an" 'acts 'r, t0eir ince.tin t t0eir
inc!#sin in t0e 'inancia! state,ents an" "isc!s#res>
rvi"ing a %t. "9n 'c#s t i"enti'/ an" !cate errr riss
re!ate" t ./0 priniples1 .20 estimates1 .*0 ritial information
proesses1 .,0 finanial reporting proessan" .30 dislos#res+
UTO ? In'r,atin rcess &ra,e9r
-
7/25/2019 PD 9184 and its IRR-A.ppt
94/195
?8
bjectives
1. "+tain an understandin of the flow of transactions froo$erations, e&ents, and facts fro their ince$tion to their
inclusion in the financial stateents and disclosures.
2. =ro&ide a to$ downJ focus to identif and locate error risks
related to0
$rinci$les
estiates
critical inforation $rocesses
financial re$ortin $rocess
disclosures
UTO ? In'r,atin rcess &ra,e9r
-
7/25/2019 PD 9184 and its IRR-A.ppt
95/195
?
'isk
"ocations
UTO ? In'r,atin rcess &ra,e9r
-
7/25/2019 PD 9184 and its IRR-A.ppt
96/195
? Un"erstan" j#"g,ents an"
esti,ates an" esti,ate rissD> Un"erstan" critica! in'r,atin
.rcesses an" in'r,atin
.rcessing riss
5> Un"erstan" 'inancia! re.rting
.rcesses an" i"enti'/ an" !cate
'inancia! re.rting .rcess riss
> Un"erstan" "isc!s#res an"
i"enti'/ "isc!s#re riss
1
@
D
3
5
UTO ? In'r,atin rcess &ra,e9r
-
7/25/2019 PD 9184 and its IRR-A.ppt
101/195
1@2
1. Accounting )rinciples and )ractices
2. 3udgments and &stimates
4. ritical %nformation )rocesses5. inancial 'eporting )rocess
I"enti'/ Riss
E7.ert
n9!e"ge
C,.!e7ities C0anges (rb!e,s
Are t0ere iss#es
i"enti'ie" b/
acc#nting an"
a#"iting e7.ertst0at in"icate
c#rrent .eri"
ris5s8
Are t0ere
.rcess*re!ate"
ris5s t0at
re:#ire acntr!s*base"
a..rac08
Are t0ere
c0anges in t0e
c#rrent .eri"
t0at in"icatec#rrent .eri"
ris5s8
Are t0ere .rir
r c#rrent
.eri"
.rb!e,s t0atin"icate c#rrent
.eri" ris5s8
Audit Tea Knowled)e
Un"erstan"ing t0e rcess T0r#g0rcess +a..ing
-
7/25/2019 PD 9184 and its IRR-A.ppt
102/195
rcess +a..ing
rcess +a..ing
An activit/ t "c#,ent t0e #n"erstan"ing
' t0e .rcess * taing int cnsi"eratin
t0e activities inv!ve" t0e tas 9ners
t0e '!9 ' transactins an" .rcess,eas#res>
T/.es ' rcess +a.s
-
7/25/2019 PD 9184 and its IRR-A.ppt
103/195
ri,ar/
6 Transactional 9lowcharts
6 =rocess Interfunctional Chart
Secn"ar/
6 9unctional =rocess 9lowchart
6 =hsical 4aout iara
-
7/25/2019 PD 9184 and its IRR-A.ppt
104/195
9acilitates a ore co$rehensi&e identification of $rocess risks
3na+les the identification of $otential $rocess issues such as0
u$lication of effort
Inade/uate or isallocated resources
!nnecessar or non7&alue added acti&ities
9acilitates e&aluation of o&erall effecti&eness of the $rocess
controls
ocuents the audit teas understandin of the $rocess and
ser&es as a continuin audit docuentation for future audits
Transactina! &!9c0art
-
7/25/2019 PD 9184 and its IRR-A.ppt
105/195
6 To $ro&ide a $ictorialre$resentation of each
acti&it in a function
6 To show the se/uence
of tasks for each
acti&it
6 To show the flow of
in$uts and out$uts for
each task in an acti&it
6 To anal*e the
relationshi$ of tasks
in&ol&ed in each acti&it
3asiest to $re$are and u$date #ost coonl used and
understood forat
Dood tool to use for client
$resentations
#r.se
)isa"vantages
A"vantage
s
ifficult to draw in co$le
situations
oes not show inter7functionalrelationshi$s
Transactina! &!9c0art * Sa,.!e
-
7/25/2019 PD 9184 and its IRR-A.ppt
106/195
Enc"es R
#rc0ase Or"er
(O$1
@
3
D
R
1
@
URCASING STA&&
A..rves
O
GENERAL +ANAGER2
RESI)ENT
A..rve" O
1
@
3
D
R
1
URCASING STA&&
A..rve" O
1
@
3
D
R
1
'i!e
T Acc#nting
T )istrib#tin
T Stcr,
)istrib#tes O t
#ser "e.ts>
Sen"s O>
Cn'ir,s
recei.t>
A> T0e Genera! +anager a..rves Os 9it0
va!#e ' 5FFFF an" !ess 90i!e t0e
resi"ent a..rves O abve 5FFFF>
1
@
A..rve" R
1
U."ates O
transactin 'i!e
O
Transactin
&i!e
Generates O
Attac0es R t O
Sen"s R t
Re#esting
)e.t>
1
#rc0ase Or"er
(O$1
@
3
D
URCASING STA&&
T Re#esting
)e.art,ent
A
B
C
rcess Inter*'#nctina! &!9c0art
-
7/25/2019 PD 9184 and its IRR-A.ppt
107/195
Dra$hic de$iction of inter7
functional relationshi$s
Illustrates de$artents in&ol&ed
3as to o&erla tie lines
oes not ha&e set headins and
therefore allows reater flei+ilit
to show all rou$s, sstes ando$erations within functions to +e
a$$ed.
6 To $ro&ide an o&er&iew of the
$rocess to +e a$$ed
6 To show the relationshi$
+etween different di&isions,
de$artents, and sstes that
are $art of the $rocess
6 To show the flow of a:oracti&ities in the $rocess
6 To show the aount of tie
re/uired to $erfor each acti&it
6 To anal*e the $rocess +ein
a$$ed
#r.se
ifficult to draw when se&eral
functions are in&ol&ed
Re/uires lare works$ace
)isa"vantages
A"vantage
s
nctina! rcess &!9c0art * Sa,.!e
-
7/25/2019 PD 9184 and its IRR-A.ppt
108/195
INUT ROCESS OUTUT
Re/uest forCredit #eo
-arit
-alidit
=re$are
C#Fk Sht
T$e
Credit
#eo
=roofs for
Accurac
"+tain
#t..
A$$ro&al
-alid
Accurate
A'2
Credit #eoRe/uest
=ro:ection
Credit
#eo
Credit #eo
Forksheet
iscard
Credit #eo
Forksheet
IITIAT"R
#ARK3TID T3CICIA
S3CR3TAR5
IITIAT"R
#T3C
#T3C
#T3C
#T3C
CR4
1.
2. 5es
8. 5es
%.
.
escri$tion0 The 9unctional =rocess 9lowchart is the for on
which ou show the se/uence of tasks.
rcess +a..ing G#i"e!ines * ri,ar/S/,b!s
-
7/25/2019 PD 9184 and its IRR-A.ppt
109/195
S/,b!s
A#3Acti&it'
=rocessin
ecision
ocuent
3SCRI=TI"
Indicates that an acti&it or task is
+ein $erfored.
Fhen this s+ol a$$ears, the task
se/uence flows to the riht if the
decision is esJ or down if thedecision is noJ.
Re$resents the eneration of a
$hsical docuent. #ulti$le
o&erlain s+ols are used if
ulti$le docuents are enerated.
S5#B"4
S.eci'ic G#i"e!ines in rcess +a..ing
-
7/25/2019 PD 9184 and its IRR-A.ppt
110/195
1. Fhen $re$arin flowcharts at detail le&el, the acti&it +o is
often re$laced + ore s$ecific s+ols, such as0
#anual In$ut Autoated
In$ut
Co$uter
Storae
#anual
9ilin
S.eci'ic G#i"e!ines in rcess +a..ing
-
7/25/2019 PD 9184 and its IRR-A.ppt
111/195
2. "abel origins and destinations. Alwas $rint the oriin of in$ut and
destination of out$ut a+o&e the res$ecti&e s+ols.
#rc0ase Re#est
Sales Re$resentati&e
S.eci'ic G#i"e!ines in rcess +a..ing
-
7/25/2019 PD 9184 and its IRR-A.ppt
112/195
%. $se flow lines carefully. If the line fro one $rocess to another
crosses o&er an alread eistin flow line, draw the secondar line as
shown +elow0
3istin =rocess
Secondar =rocess
S.eci'ic G#i"e!ines in rcess +a..ing
-
7/25/2019 PD 9184 and its IRR-A.ppt
113/195
. 6umber the symbols. u+erin each $rocess s+ol can +e useful
to cross7reference to a sste narrati&e or the sae task nu+er on
a $rocess descri$tion chart.8. 7e sure to connect flows. Alwas use a flowchart connector s+ol
when ou continue a diara to another $ae or carr it o&er to
another $rocess.
Status
re$ort
a$$ro&edE
es Continue flowin the esJ
condition here
D'2@ D'1@
#ake
Chanesto Status
Re$ort
S.eci'ic G#i"e!ines in rcess +a..ing
-
7/25/2019 PD 9184 and its IRR-A.ppt
114/195
. 'emember to denote the responsible department or individual. =lace
the de$artent nae or the Res$onsi+le Indi&idual a+o&e each
$rocess s+ol or area of the a$.
-
7/25/2019 PD 9184 and its IRR-A.ppt
115/195
6 Tie $er acti&it
6 elaJ tie
6 u+er of acti&ities
6 u+er of re&iews
6 Cost of each acti&it
6 3rrors
A'ter C,.!eting t0e rcess +a.
-
7/25/2019 PD 9184 and its IRR-A.ppt
116/195
6 T0e A#"itr S0#!" N9:
ave a g" #n"erstan"ing 't0e .rcess
ave a g" vie9 ' t0e e/
in'r,atin ab#t t0e .rcess
ave a better basis 'r
i"enti'/ing .rcess riss an"
re!ate" cntr!s
Tools used in the performance of UTO
Un"erstan" t0e O.eratins (UTO$
-
7/25/2019 PD 9184 and its IRR-A.ppt
117/195
11>
p f f
ARC)s
AO+s
Agenc/ Ris Cntr! )c#,ents (ARC)s$
A#"it Observatin +e,s (AO+s$
A'Ds are the tools used to documentA'Ds are the tools used to document risks identified,risks identified,
prioriti!ed for further considerations and linked to the financialprioriti!ed for further considerations and linked to the financial
statement accountsstatement accounts. A'Ds are grouped based on the type. A'Ds are grouped based on the type
of risks identified. %t also documents further proceduresof risks identified. %t also documents further procedures
performed to reduce the risks identified to acceptable level.performed to reduce the risks identified to acceptable level.
A(s are the tools to communicate issues and observationsA(s are the tools to communicate issues and observations
noted in the course of the audit. These are forwarded to thenoted in the course of the audit. These are forwarded to themanagement as the need arises.management as the need arises.
As International &tandards on
A diti .I&A0 */3 t t
-
7/25/2019 PD 9184 and its IRR-A.ppt
118/195
11?
A#diting .I&A0 */3 states)
8The auditor should determine which ofthe risks identified are, in the auditors
judgment, risks that require special
audit consideration 9such risks aredefined as 8significant risks:;
-
7/25/2019 PD 9184 and its IRR-A.ppt
119/195
12@
QUESTION
-
7/25/2019 PD 9184 and its IRR-A.ppt
120/195
I"enti'/ Ris Cntr!s
-
7/25/2019 PD 9184 and its IRR-A.ppt
121/195
122
C4A5!"& &TAN'AR' AN' %4!IC6
7or eah fail#re risks and ritial informationproesses1 estimation proesses and finanialreporting proesses risk identified1 the a#ditteam sho#ld identify1 eval#ate and test1 as
appropriate1 the a#ditee(s risk managementstrategy and ontrols in order to determine anyresid#al a#dit risks+
Risk #anaeent Strateies and Controls =rocess9raework
-
7/25/2019 PD 9184 and its IRR-A.ppt
122/195
12%
&ig C>
RC&
Assess A#"itee Ris +anage,ent Strategies
Cntr!s
-
7/25/2019 PD 9184 and its IRR-A.ppt
123/195
12
Risk Control =rocess 9raework Assess a)enc1risksAssess a)enc1risks
Sereate controls + co$onent to0
1. effecti&el e&aluate the desin of
risk controls
2. aii*e the etent of control
reliance
%. recoendations for
i$ro&eent
Assess A#"itee Ris +anage,ent Strategies
Cntr!s
-
7/25/2019 PD 9184 and its IRR-A.ppt
124/195
128
S$ecific Risk Controls
Assess a)enc1risksAssess a)enc1risks
S$ecific Risk Controls
Initial defense in
$re&entin, detectin and
correctin errors
Address risks fro ca$ture
of facts to inclusion in
financial stateents
Assess A#"itee Ris +anage,ent Strategies
Cntr!s
-
7/25/2019 PD 9184 and its IRR-A.ppt
125/195
12
S$ecific Risk ControlsAssess a)enc1risksAssess a)enc1risks
Assess A#"itee Ris +anage,ent Strategies
Cntr!s
-
7/25/2019 PD 9184 and its IRR-A.ppt
126/195
12
6 ISA 315 %Understanding The Entity and AssessingRisksstates t0at it is a ,atter ' t0e a#"itr-s .r'essina!j#"g,ent s#bject t t0e re#ire,ents ' t0is ISA 90et0er acntr! in"ivi"#a!!/ r in c,binatin 9it0 t0ers is re!evantt t0e a#"itr-s cnsi"eratins in assessing t0e riss ',ateria! ,isstate,ent an" "esigning an" .er'r,ing '#rt0er.rce"#res in res.nse t assesse" riss> T0e ISA a!sre#ires t0at in e7ercising t0at j#"g,ent t0e a#"itrcnsi"ers t0e circ#,stances t0e a..!icab!e c,.nent an"'actrs s#c0 as t0e a#"itr-s j#"g,ent ab#t ,ateria!it/ si4e' t0e entit/ a..!icab!e !ega! an" reg#!atr/ re#ire,ents
a,ng t0ers.
C"TR"4 CARACT3RISTICS
Assess A#"itee Ris +anage,ent Strategies
Cntr!s
-
7/25/2019 PD 9184 and its IRR-A.ppt
135/195
1%
Identif
3&aluate esin
Test
C"TR"4 CARACT3RISTICSC"TR"4 CARACT3RISTICS
=R"LI#IT5 T" RISK S"!RC3=R"LI#IT5 T" RISK S"!RC3
RISK SIDI9ICAC3RISK SIDI9ICAC3
4IK34I"" "9 RISK "CC!R3C34IK34I"" "9 RISK "CC!R3C3
=R3ICTABI4IT5 "9 RISK "CC!R3C3=R3ICTABI4IT5 "9 RISK "CC!R3C3
C"TR"4 R34IABI4IT5C"TR"4 R34IABI4IT5
C"TR"4 -3RI9IABI4IT5C"TR"4 -3RI9IABI4IT5
Eva!#ate an" )c#,ent Ris Cntr!s
)esign
-
7/25/2019 PD 9184 and its IRR-A.ppt
136/195
1%. =hsical securit o&er su$$lies stockroo, o&a+le e/ui$ent and
cash &ault
?. etwork and sstes securit with $assword controls
1@. The accountant &erif that the accountin $rinci$les and $ractices are
in accordance with DAS.
11. Co$arin the $urchase order with the &endors in&oice +efore recei$t
of oods
-
7/25/2019 PD 9184 and its IRR-A.ppt
145/195
1
Testing ' Ris Cntr!s t
Re"#ce Ris t Acce.tab!eLeve!
Testin of Risk Controls
-
7/25/2019 PD 9184 and its IRR-A.ppt
146/195
1
Testin of Risk Controls
-
7/25/2019 PD 9184 and its IRR-A.ppt
147/195
1>
I&A **81 The A#ditor(s %roed#res inResponse of Assessed Risks1 par+ 2*states) 9hen the a#ditor(s assessmentof risks of material misstatement at the
assertion level inl#des an e:petationthat ontrols are operating effetively1the a#ditor sho#ld perform tests ofontrols to o;tain s#ffiient appropriate
a#dit evidene that the ontrols wereoperating effetively at relevant timesd#ring the period #nder a#dit+
Testin of Risk Controls
-
7/25/2019 PD 9184 and its IRR-A.ppt
148/195
1?
Fh are tests of controls $erforedE
To o+tain audit e&idence a+out the
effecti&eness of the0
6 esin of the accountin and
internal control sstes;
6 "$eration of the internal controlsthrouhout the $eriod.
Testing of Risk Controls
-
7/25/2019 PD 9184 and its IRR-A.ppt
149/195
18@
Cntr! Re!iance )ecisin Tree
*&O
In case ' vi!atin t r#!es an" reg#!atins
&ra#"
in"icatrt0at9arrantsLAO
'#rt0erinves
tigatin
&ra#"
in"icatrt0at9arrantsLAO
'#rt0erinves
tigatin
Testing of Risk Controls
Control Reliance ecision Tree
-
7/25/2019 PD 9184 and its IRR-A.ppt
150/195
181
Duides the audit
tea in deterinin
which controls
reliance strateies
a +e ado$ted to
ost effecti&el
identif and test
rele&ant controlsto
reduce inforation
$rocessin risks to
an acce$ta+le le&el.
Control Reliance ecision Tree
*&O
In case ' vi!atin t r#!es an" reg#!atins
&ra#"in"icatrt0at9a
rrantsLAO
'#rt0erinvestigatin
&ra#"in"icatrt0at9a
rrantsLAO
'#rt0erinvestigatin
Testing of Risk Controls
-
7/25/2019 PD 9184 and its IRR-A.ppt
151/195
182
*&O
&ra#"
in"ic
atrt0at9
arrants
LAO
'#rt0erinve
stigatin
&ra#"
in"ic
atrt0at9
arrants
LAO
'#rt0erinve
stigatin
In case ' vi!atins t r#!es an" reg#!atins
Re!iance n Testing ervasive Cntr!s an" +nitring
Activities
Testing of Risk Controls
If the desin of the s$ecific, $er&asi&e and, $articularl,
-
7/25/2019 PD 9184 and its IRR-A.ppt
152/195
18%
Denerall ost efficient strate.
onitorin controls are effecti&e..
esined to understand the rior and /ualit of risk owner
onitorin acti&ities.
Tests o$eratin effecti&eness of onitorin and $er&asi&e
controls onl.
owe&er, if testin of o$eratin
effecti&eness of onitorin controls
indicate that the onitorin controls are
not o$eratin effecti&el, then the audit
tea should consider testin s$ecific risk
controls.
3tent of work is
relati&el inial and
the tiin is /uite
flei+le.
Testing of Risk Controls
-
7/25/2019 PD 9184 and its IRR-A.ppt
153/195
18
*&O
In case ' vi!atin t r#!es an" reg#!atins
&ra#"
in"icatrt0at9arrantsLAO
'#rt0erinv
estigatin
&ra#"
in"
icatrt0at9arrantsLAO
'#rt0erinvestigatin
Re!iance n Testing ervasive an" S.eci'ic Ris
Cntr!s
Testing of Risk Controls
If the desin of the s$ecific and $er&asi&e controls are effecti&e
+ut the desin of the onitorin controls are ineffecti&e
-
7/25/2019 PD 9184 and its IRR-A.ppt
154/195
188
Audit tea shouldreconi*e that the lack
of onitorin increases
the risk that a
deficienc in s$ecific
risk controls a not
+e detected andcorrected on a tiel
+asis.
Tests o$eratin effecti&eness of $er&asi&e and s$ecific controls.
+ut the desin of the onitorin controls are ineffecti&e..
=ro&ides a hih deree of
onoin assurance with
onl oderate le&els of
testin.
6 Audit tea should identif onitorin
acti&ities for the auditee to $ut in $lace
for future $eriods.
6 The $ro$osed onitorin acti&ities
a +e included in the ad&isor re$ort
to +e issued to auditee.
owe&er, the a+sence of effecti&e risk
owner onitorin reduces the
confidence the auditor can ha&e
relatin to the consistent a$$lication of
s$ecific risk controls.
Testing of Risk Controls
I3TI9ICATI" and 3-A4!ATI" of esin of
-
7/25/2019 PD 9184 and its IRR-A.ppt
155/195
18
Controls
Control identification and e&aluation of effecti&eness of desin
of the control can usuall +e carried out at the sae tie.
A walkthro#ghof identified controls with$ersonnel who carr out the controls ensures
that the ha&e +een $laced Hin .eratinH.
It is often efficient to deterine whether
controls are Nin o$erationN concurrentl with
controls identification and e&aluation of desineffecti&eness.
Testing of Risk Controls
R3SI!A4 A!IT RISK
-
7/25/2019 PD 9184 and its IRR-A.ppt
156/195
18
S,e re.rtab!e cn"itins are as '!!9s:er'r,ance 'ai!#res ?
6 3&idence of intentional isa$$lication of
accountin $rinci$les
6 3&idence of isre$resentation + client
$ersonnel to the auditor
6 3&idence that o&ernent e$loees or
anaeent lack the /ualifications andtrainin to fulfill their assined functions
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
184/195
1>8
S,e re.rtab!e cn"itins are as '!!9s:
+isce!!ane#s6 A+sence of a sufficient le&el of control
consciousness within the orani*ation
6 9ailure to follow u$ and correct $re&iousl identifiedinternal control structure deficiencies
6 3&idence of sinificant or etensi&e undisclosedrelated $art transactions
6 3&idence of undue +ias or lack of o+:ecti&it +those res$onsi+le for accountin decisions.
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
185/195
1>
G#i"ance 'r C,,#nicating Interna! Cntr!ints
6Avi" !ang#age t0at 0as t0e e''ect ' negating t0e .inine7.resse" in COA*LGSH a#"itr-s re.rt>
6)e!iver interna! cntr! .ints t t0e a#"itee at t0ea..r.riate !eve!s ' res.nsibi!it/ an" re.rt t,anage,ent signi'icant "e'iciencies>
6Certain in'r,atin s0#!" be .rvi"e" 'r eac0 interna!
cntr! .int a!t0#g0 brie' "escri.tins are acce.tab!e>
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
186/195
1>
6 S#ggestins 'r crrecting t0e "e'icienc/>
6 &r a .revi#s!/ re.rte" b#t sti!! #ncrrecte"
"e'icienc/ a re'erence t t0e .revi#s c,,#nicatin>
6 +anage,entHs res.nse t t0e e7tent "ee,e"a..r.riate in t0e circ#,stances>
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
188/195
1>?
T0e A#"it Observatin +e,ran"#,(AO+$
The A"# will contain sinificant
deficiencies that coe to the attention of
the audit tea in the AAR#SC and
constructi&e suestions or i$ro&eents
in internal control or other suestions forincreased efficienc in o$erations.
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
189/195
1?@
Objectives ' t0e AO+
6 To coent on the internal control
sste eained as $art of the audit$rocess; and
6 To ad&ise anaeent, on a tiel+asis, areas where econoies or
i$ro&eent could +e ade.
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
190/195
1?1
A"vantages ' t0e AO+6 It $ro&ides anaeent with the auditors
carefull $re$ared analsis of the $articularsituation and recoendations for action.
6 It can +e referred to when necessar and$assed alon for action without the daner ofdistortion.
6 It is a record of what was said and a
reinder of the ser&ices rendered + theauditor.
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
191/195
1?2
Iss#es Re!ate" t t0e AO+6 Tieliness =ro$t su+ission of the
A"# to the audited aenc is i$ortant.
6 =lannin =lannin for the A"# should +e
an interal $art of $lannin for the audit.
6 9ollow7u$ =re&ious anaeent letters
should +e filed for reference and
su+se/uent follow7u$ + auditors.
SU++ARIE AN) REORT RESULTS
O& EVALUATIONIss#es Re!ate" t t0e AO+
-
7/25/2019 PD 9184 and its IRR-A.ppt
192/195
1?%
Iss#es Re!ate" t t0e AO+
6 =re$arin the 4etter The $riar considerationin $re$arin the A"# is to +e failiar with theintended readers +ackround.
6 #akin Recoendations Brinin the$ro+le to anaeents attention is the real
ser&ice of the A"#. The auditors ser&ice consistsof $ro$osin $ractical suestions for sol&in the$ro+le.
6 =rocessin the #eorandu Before releasinthe A"#, each situation included should +ediscussed with an a$$ro$riate re$resentati&e ofthe audited aenc, one who has the knowledeand res$onsi+ilit for the area under discussion.
SU++ARIE AN) REORT RESULTS
O& EVALUATION
-
7/25/2019 PD 9184 and its IRR-A.ppt
193/195
1?
Recoendations on aterialdeficiencies contained in the
A"#, not acted u$on, shall +e
included in the Coents
and "+ser&ationJ $ortion of
the AAR.
-
7/25/2019 PD 9184 and its IRR-A.ppt
194/195
1?8
QUESTION
-
7/25/2019 PD 9184 and its IRR-A.ppt
195/195
T0an /#La"ies an" Gent!e,en
G" )a/ an"G"