1 / 49

Section 404 Audits of Internal Control and Control Risk

Section 404 Audits of Internal Control and Control Risk. Chapter 10. Learning Objective 1. Describe the three primary objectives of effective internal control. Internal Control Objectives. Reliability of financial reporting. Efficiency and effectiveness of operations.

Download Presentation

Section 404 Audits of Internal Control and Control Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Section 404 Audits of Internal Control and Control Risk Chapter 10

  2. Learning Objective 1 • Describe the three primary • objectives of effective • internal control.

  3. Internal Control Objectives Reliability of financial reporting Efficiency and effectiveness of operations Compliance with laws and regulations

  4. Learning Objective 2 • Contrast management’s • responsibilities for maintaining • and reporting on internal controls • with the auditor’s responsibilities • for understanding, testing, and • reporting on internal controls.

  5. Management and Auditor Responsibilities Relatedto Internal Control Management’s responsibility for establishing internal control Reasonable assurance Inherent limitations

  6. Management and Auditor Responsibilities Relatedto Internal Control Management’s Section 404 reporting responsibilities Design of internal control Operating effectiveness of controls

  7. Management and Auditor Responsibilities Relatedto Internal Control Auditor responsibilities for understanding internal control Control over classes of transactions Auditor responsibilities for testing and reporting on internal control

  8. Transaction-Related Audit Objective – General form Sales Transaction-Related Audit Objectives Recorded transactions exist (existence). Sales are for shipments to existing customers. Existing transactions are recorded (completeness). Existing sales transactions are recorded. Transactions are stated correctly (accuracy). Sales for goods shipped are correctly billed. Sales Transaction-Related Audit Objectives

  9. Transactions are recorded on correct dates (timing). Sales are recorded on the correct dates. Transactions are properly filed (posting and summarization). Sales transactions are properly included in the master files. Sales Transaction-Related Audit Objectives Transaction-Related Audit Objective – General form Sales Transaction-Related Audit Objectives Transactions are properly classified (classification). Sales transactions are properly classified.

  10. Learning Objective 3 • Explain the five components • of the COSO internal • control framework.

  11. Five Components of Internal Control Control environment Risk assessment Information and communication Control activities Monitoring

  12. The Control Environment Integrity and ethical values Commitment to competence Board of directors or audit committee participation Management’s philosophy and operating style

  13. The Control Environment Organizational structure Assignment of authority and responsibility Human resources policies and practices

  14. Risk Assessment Identify factors that may increase risk. Estimate the significance of the risk. Assess the likelihood of the risk. Determine actions necessary to manage the risk.

  15. Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance

  16. Custody of assets Accounting from Authorization of transactions The custody of related assets from Operational responsibility Record-keeping responsibility from IT duties User departments from Adequate Separation of Duties

  17. Proper Authorization of Transactions and Activities General authorization Specific authorization

  18. Adequate Documents and Records Prenumbered consecutively Prepared at the time of transaction Simple enough to ensure understanding Designed for multiple use Constructed to encourage correct preparation

  19. Physical Control over Assetsand Records The most important type of protective measure for safeguarding assets and records is the use of physical precautions.

  20. Independent Checks on Performance The need for independent checks arises because internal control tends to change over time unless there is a mechanism for frequent review.

  21. Information and Communication The purpose of an accounting information and communication system is to… initiate, record, process, and report the entity’s transactions and to maintain accountability for the related assets.

  22. Monitoring Monitoring activities deal with management’s ongoing and periodic assessment of the quality of internal control performance… to determine whether controls are operating as intended and modified when needed.

  23. How the Size of the Business Affects Internal Control In general the SEC believes that small businesses should be expected to adhere to the same internal control standards that apply to larger public companies. The SEC has also stated that the burden to smaller companies can be disproportionate.

  24. Learning Objective 4 • Obtain and document an • understanding of internal control.

  25. Phase 1 Obtain an understanding of internal control: design and operation Phase 3 Design, perform, and evaluate tests of controls Phase 2 Assess control risk. Phase 4 Decide planned detection risk and substantive tests. Four Phases of a Financial Statement Audit

  26. Obtain and Document Understanding of Internal Control SAS 55 and PCAOB Standard 2 both require the auditor to obtain an understanding of internal control for every audit. • Procedures to obtain an understanding: • Design of internal controls • Whether placed in operation • Uses this information as a basis for the • integrated audit.

  27. Methods Used Narrative Flowchart Internal control questionnaire

  28. Narrative 1. The origin of every document and record in the system 2. All processing that takes place 3. The disposition of every document and record in the system 4. An indication of the controls relevant to the assessment of control risk

  29. Evaluating Internal Control Operation Update and evaluate auditor’s previous experience with the entity. Make inquiries of client personnel. Examine documents and records. Observe entity activities and operations. Perform walkthroughs of the accounting system.

  30. Learning Objective 5 • Assess control risk by linking key • controls, significant deficiencies, • and material weaknesses to • transaction-related audit • objectives.

  31. Assess Control Risk Assess whether the financial statements are auditable. Determine assessed control risk supported by the understanding obtained assuming the controls are being followed. Use of a control risk matrix to assess control risk

  32. Control Risk Matrix Auditors use the control risk matrix to identify both controls and weaknesses and to assess control risk.

  33. Control Risk Matrix Identify transaction-related audit objectives. Identify existing controls. Associate controls with transaction-related audit objectives. Identify and evaluate control deficiencies, significant deficiencies, and material weaknesses

  34. SIGNIFICANCE Material LIKELIHOOD Remote Probable Immaterial Evaluating Significant Control Deficiencies Material Weakness

  35. Communicate Internal Control Deficiencies and Related Matters Audit committee communications Management letters

  36. Learning Objective 6 • Describe the process of designing • and performing tests of controls.

  37. Tests of Controls The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests ofcontrols.

  38. Procedures for Tests of Controls 1. Make inquiries of client personnel. 2. Examine documents, records, and reports. 3. Observe control-related activities. 4. Reperform client procedures.

  39. Extent of Procedures Reliance on evidence from prior year’s audit Testing less than the entire audit period

  40. Assessed control risk Type of procedure High level: Procedures to obtain an understanding Lower level: Tests of controls Inquiry Documentation Observation Reperformance Yes–extensive Yes–with transaction walk-through Yes–with transaction walk-through No Yes–some Yes–using sampling Yes–at multiple times Yes–using sampling Relationship of Assessed ControlRisk and Extent of Procedures

  41. Decide Planned Detection Risk and Design Substantive Tests The auditor uses the results of the control risk assessment process and tests of controls to determine the planned detection risk and related substantive tests. The auditor links the control risk assessments to the balance-related audit objectives.

  42. Learning Objective 7 • Understand Section 404 • requirements for auditor • reporting on internal control.

  43. 1 The auditor’s opinion on whether management’s assessment of the effectiveness of internal control over financial reporting as of the end of the fiscal period is fairly stated, in all material respects. Section 404 Reporting on Internal Control

  44. Section 404 Reporting on Internal Control 2 The auditor’s opinion on whether the company maintained, in all material respects, effective internal control over financial reporting as of the specified date.

  45. Types of Opinions Unqualified Adverse Qualified or disclaimer of opinion

  46. Learning Objective 8 • Describe the differences in • evaluating, reporting, and • testing internal control for • nonpublic companies.

  47. Evaluating, Reporting, and Testing Internal Control for Nonpublic Companies 1. Reporting requirements 2. Extent of required internal controls 3. Extent of understanding needed 4. Assessing control risk 5. Extent of tests of controls needed

  48. Internal controls over financial reporting Internal controls used to assess control risk below maximum Controls that must be tested in an audit of internal controls Controls that must be tested in an audit of financial statements Differences in Scope of Controls Tested: Nonpublic Company

  49. End of Chapter 10

More Related