Chapter 7 Internal Control - PowerPoint PPT Presentation

1 / 57
About This Presentation
Title:

Chapter 7 Internal Control

Description:

Internal Control If everything seems under control, you're just not going fast enough. Mario Andretti, Race Car Driver – PowerPoint PPT presentation

Number of Views:307
Avg rating:3.0/5.0
Slides: 58
Provided by: RayW72
Category:

less

Transcript and Presenter's Notes

Title: Chapter 7 Internal Control


1
Chapter 7Internal Control
If everything seems under control, you're just
not going fast enough.
Mario Andretti, Race Car
Driver
2
Internal Control
  • Process effected by an entitys board of
    directors, management, and other personnel,
    designed to provide reasonable assurance of
    achievement of objectives in the following
    categories
  • Reliability of Financial Reporting
  • Effectiveness and Efficiency of Operations
  • Compliance with Applicable Laws and Regulations
  • Safeguarding of Assets

3
Parties Interested in Organization's Control
System
  • Board of Directors and Audit Committee
  • Management
  • Regulators
  • Internal and External Auditors
  • Suppliers and Customers
  • Investors and Creditors
  • Customers or others using the Web for commerce

4
Control Objectives
  • In each area of internal control (financial
    reporting, operations and compliance)
  • Control objectives and
  • Subobjectives exist
  • Example Area of Financial Reporting
  • Top Level Objective prepare and issue reliable
    financial information
  • Detailed Level Applied --- A/R subobjectives
  • All goods shipped are accurately billed in the
    proper period
  • Invoices are accurately recorded for all
    authorized shipments and only for such shipments
  • Authorized and only authorized sales returns and
    allowances are accurately recorded
  • The continued completeness and accuracy of A/R is
    ensured
  • Accounts receivable records are safeguarded

5
Controls over Financial Reporting
  • Preventive
  • Aimed at avoiding the occurrence of misstatements
    in the financial statements
  • Example Segregation of Duties
  • Detective
  • Designed to discover misstatements after they
    have occurred
  • Example Monthly Bank Reconciliations
  • Corrective
  • Needed to remedy the situation uncovered by
    detective controls
  • Example Backups of Master File
  • Controls Overlap
  • Complementary function together
  • Redundant address same assertion or control
    objective
  • Compensating reduces risk existing weakness
    will result in misstatement

6
Managements Responsibility for Internal Control
(Sarbanes-Oxley)
  • Certify Companys Financial Statements (Section
    302)
  • Report on Companys Internal Control over
    Financial Reporting (Section 404)
  • Companys annual report must include a statement
  • Management is responsible for establishing and
    maintaining adequate internal control over
    financial reporting
  • Identifying the framework (usually COSO)
    management uses to evaluate the effectiveness of
    the companys internal control.
  • Providing management's assessment of the
    effectiveness of the companys internal control.

7
Auditor Reasons for Sufficiently Understanding
Internal Control
SAS 55 (as amended by SAS 78 and 594 plus AU319)
requires the auditor to obtain an understanding
of internal control for every audit.
Minimum audit planning matters
  • Auditability
  • Potential Material
  • Misstatements
  • Detection Risk
  • Design of Tests

8
Limitations of Internal Control
  • Errors from Misunderstandings of Instructions,
    Mistakes of Judgment, Fatigue, etc.
  • Management Override
  • Circumvented by Collusion
  • Compliance Deteriorates
  • Cost/Benefit Analysis

9
Five Components of Internal Control
Control Environment
Risk Assessment
Information and Communication
Control Activities
Monitoring
10
Interrelatedness of Components of Internal Control
Control Environment
Risk Assessment
Control Procedures
Information and Communication
Monitoring
11
Obtain an Understanding of Internal
Control
Identify types of potential misstatements
Pinpoint the factors that affect the risk of
material misstatement
Design tests of controls and substantive
procedures
12
Control Environment Factors
  • Integrity and Ethical Values
  • Board of Directors, and Audit Committee
  • Effectiveness of Internal Audit Function
  • Managements Philosophy and Operating Style
  • Assignment of Authority and Responsibility
  • Commitment to Competence
  • Human Resource Policies and Practices
  • Organizational Structure

13
Entitys Risk Assessment Process
Risk assessment process should consider external
and internal events and circumstances that may
arise and adversely affect the entitys ability
to initiate, record, process and report financial
data consistent with the assertions of management
in the financial statements.
14
Control Activities
Policies and procedures that help ensure that
managements directives are carried out. Control
procedures relevant to the audit include
Performance Reviews
Information Processing
Physical Controls
Segregation of Duties
15
Pervasive Control Activities
  • Segregation of Incompatible Duties
  • Authorization Policies
  • Documented Transaction Trail
  • Physical Controls to Safeguard Assets
  • Reconciliations
  • Competent, Trustworthy Employees

16
Segregation of Duties
Authorization
Reconciliation
Custody
Recording
17
Adequate Separationof Duties
18
Segregation of Duties
19
Proper Authorization of Transactions and
Activities
General Authorization
Specific Authorization
20
Adequate Documentsand Records
Prenumbered Consecutively
Prepared at Time of Transaction
Simple Enough to Ensure Understanding
Designed for Multiple Uses
Constructed to Encourage Correct Preparation
21
Physical Control overAssets and Records
Physical Precautions
Controls Related to IT Equipment, Programs, and
Data Files
22
Objectives of an Accounting System
  • Identify and record valid transactions
  • Describe on a timely basis the transactions in
    sufficient detail to permit proper classification
    of transactions
  • Measure the value of transactions appropriately
  • Determine the time period in which the
    transactions occurred to permit recording in the
    proper period
  • Present properly the transactions and related
    disclosures in the financial statements

23
Monitoring
Managements process that assesses the quality of
the internal control's performance over time.
  • Ongoing Monitoring Activities
  • Separate Evaluations

24
Effect of Entity Size on Internal Control
While the basic concepts of the five components
should be present in all entities, they are
likely to be less formal in a small or midsize
entity than in a large entity.
25
Internal Control in the Small Company
7-25
  • Due to lack of employees, internal control is
    seldom strong in small businesses
  • Specific Practices for Small Businesses
  • Record all cash receipts immediately
  • Deposit all cash receipts intact daily
  • Make all payments by serially numbered checks,
    with exception of petty cash disbursements
  • Reconcile bank accounts monthly and retain copies
  • Use serially numbered invoices, POS, and
    receiving reports
  • Issue checks to vendors only in payment of
    approved invoices that have been matched with
    purchase orders and receiving reports
  • Balance subsidiary ledger with control accounts
  • Prepare comparative financial statements monthly
    to disclose significant variations in any
    category of revenue or expense

26
Understanding Internal Controland Assessing
Control Risk
Obtain Understanding of Internal Control Design
and Operation
27
Trade-off Between Testing of Controls and
Substantive Testing
More Effective
More Efficient
Substantive Testing
Substantive Testing
Testing of Controls
Year-end
Interim
28
Auditors Overall Approach with Internal Control
  • Overall approach of an audit
  • 1. Plan the audit
  • 2. Obtain an understanding of the client and its
    environment, including internal control
  • 3. Assess the risks of material misstatement and
    design further audit procedures
  • 4. Perform further audit procedures
  • 5. Complete the audit
  • 6. Form an opinion and issue the audit report
  • Steps 2-4 relate most directly to the role of
    internal control in financial statement audits

29
Phase Two - Understanding of Internal Control
  • Performing Walkthroughs
  • Inquires of Management, Accounting and
    Operational Employees
  • Taking Plant and Operational Tours
  • Client Prepared Documentation including
    accounting manuals and program and system
    descriptions
  • Prior Year Audit Work Papers

30
Documenting the Understanding of Internal
Control
Procedure Manuals and Organizational Charts
Narrative Description
Internal Control Questionnaires
Flowcharts
31
Narrative
  • Origin of every document and record
  • in the system

2. All processing that takes place
3. Disposition of every document and record
in the system
4. Indication controls relevant to assessment
of control risk
32
Flowcharting Symbols
33
Payroll System Flowchart
34
Bridge Workpaper
35
Phase Three Assess Risks of Material
Misstatement
  • General Approach
  • Identify risks while obtaining an understanding
    of the client and its environment, including its
    internal control
  • Relate the identified risks to what can go wrong
    at the relevant assertion level
  • Consider whether the risks are of a magnitude
    that could result in a material misstatement
  • Consider the likelihood that the risks could
    result in a material misstatement

36
Nature of Transactions
  • Routine transactionse.g., revenue, purchases,
    and cash receipts and disbursements
  • Nonroutine transactionse.g., taking of
    inventory, calculating depreciation expense
  • Estimation transactionse.g., determining the
    allowance for doubtful accounts
  • Generally routine transactions have the strongest
    controls

37
Assessing Risks Financial Statement Level
  • Responses to High Risks
  • Assigning more experience staff or those with
    specialized skills
  • Providing more supervision and emphasizing the
    need to maintain professional skepticism
  • Incorporating additional elements of
    unpredictability in the selection of further
    audit procedures to be performed
  • Increasing the overall scope of audit procedures,
    including the nature, timing or extent

38
Assessing Risks Assertion Level
  • Examples
  • Failure to recognize an impairment loss on a
    long-lived asset affects only the valuation
    assertion
  • Inaccurate counting of inventory at year-end
    affect the valuation of inventory and the
    accuracy of cost of goods sold
  • Responses
  • Decisions are made here as to the appropriate
    combination of tests of controls and substantive
    procedures

39
Results of Preliminary Assessment of Control Risk
  • Relationship of assessed level of Control Risk
    and subsequent Substantive Testing is Inverse
  • Control Risk High
  • No reliance placed on the client's internal
    controls
  • Amount and rigor of substantive testing must be
    increased
  • Control Risk Low
  • Auditors rely on the client's internal controls
  • Amount and rigor of substantive testing not
    increased
  • Auditor must test the controls to make sure they
    are operating effectively

40
Assessed Control Risk High
  • Review material entries in closing process
  • Review material adjusting entries
  • Review all changes to significant estimates
  • Review all internal audit reports
  • Discuss implications with audit committee

41
Tests of Controls..
. Procedures to test effectiveness of controls
in support of a reduced assessed control risk
42
Phase 4 Design and Perform Audit Procedures
Test of Controls (1 of 2)
  • Approach
  • Identify controls likely to prevent or detect
    material misstatements
  • Perform tests of controls to determine whether
    they are operating effectively
  • Tests of Controls Address
  • How controls were applied
  • The consistency with which controls were applied
  • By whom or by what means (e.g., electronically)
    the controls were applied

43
Audit Procedures Perform Tests of Controls (2 of
2)
  • Tests of Controls Include
  • Inquiries of appropriate client personnel
  • Inspection of documents and reports
  • Observation of the application of controls
  • Reperformance of the controls
  • Results of the tests used to determine the
    nature, timing and extent of substantive
    procedures

44
Dual Direction Test of Payroll Controls
45
Update Assessment of Control Risk Need for
Substantive Testing
  • If testing indicates the control is not operating
    effectively, the auditor will revise the
    preliminary assessment of control risk and
    incorporate this revision into subsequent
    substantive testing

46
Timing of Audit Procedures
47
Interim Audit Procedures
48
AS 5 An Audit of Internal Control over Financial
Reporting That Is Integrated with an Audit of
Financial Statements (for Publicly Traded
Companies)
  • Phases of the Engagement
  • Plan the Engagement
  • Use a Top-Down Approach to Gain an Understanding
  • Identify entity-level controls
  • Walkthroughs
  • Testing Internal Control Effectiveness
  • Design effectiveness
  • Operating effectiveness
  • Evaluating Control Deficiencies
  • Deficiencies
  • Significant deficiencies
  • Material weaknesses
  • Wrapping up Forming an opinion on the
    effectiveness of internal control over financial
    reporting
  • Reporting on Internal Control
  • Review for subsequent changes

49
Communication of Internal Control-Related Matters
Reportable Conditions
Material Weakness
50
Examples of Reportable Conditions
51
Relationships Among Deficiencies
  • Deficiency in
  • Internal Control
  • Less than Significant Material
  • Significant Deficiency Weakness

52
Managements Report on Internal Control under
Section 404a
  • Acknowledgment of responsibility for internal
    control
  • An assessment of internal control effectiveness
    as of the last day of the companys fiscal yearn
    using suitable criteria
  • Support the evaluation with sufficient evidence

53
Reporting to Audit Committee on Internal Control
Related Matters
  • Sarbanes-Oxley requires the report be in writing.
  • Auditor may communicate during or after audit.
  • Communications with management is not required
    however, communications with management or other
    individuals within the entity who may, in the
    auditor's judgment, benefit from the
    communications are not precluded.

54
Control Risk Matrix
Identify transaction-related audit objectives.
Identify existing controls.
Associate controls with transaction-related audit
objectives.
Identify and evaluate control deficiencies, signif
icant deficiencies, and material weaknesses
55
Evaluating Significant Control Deficiencies
Material Weakness
56
Auditors Consideration of Internal Control ---
Summary
  • Obtain an understanding
  • Document the understanding
  • Determine planned assessed level of control risk
  • Design additional tests of control
  • Reassess control risk
  • If necessary, modify planned substantive tests

57
END of CHAPTER 7
Write a Comment
User Comments (0)
About PowerShow.com