Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Chapter22
Considering
Considering
Internal
InternalControl
Control
1
Describe the three primary objectives of
effective internal control.
Contrast management’s responsibilities for
maintaining internal control with the auditor’s
responsibilities for evaluating and reporting
on internal control.
Explain the five components of the COSO
internal control framework.
Obtain and document an understanding of
internal control.
2
Assess control risk by linking key controls
and control deficiencies to transaction-related
audit objectives.
Describe the process of designing and
performing tests of controls.
Understand Section 404 requirements for
auditor reporting on internal control.
Describe the differences in evaluating,
reporting, and testing internal control for
nonpublic companies.
3
1
Describe the three primary objectives of
effective internal control.
4
Management has three broad objectives in
designing an effective internal control system
Reliability of
financial
Compliance reporting Efficiency/
with laws and effectiveness
regulations of operations
5
2
Contrast management’s responsibilities for
maintaining and reporting on internal controls
with the auditor’s responsibilities for
understanding, testing, and reporting on
internal control.
6
Management must establish and
maintain the entity’s internal controls
Reasonable Inherent
assurance limitations
7
Management of all public companies are
required to issue an internal control report
that includes the following:
An acknowledgement of responsibility
for internal controls
Results of annual internal control
assessment
8
Management must evaluate the design of
internal controls over financial reporting.
9
10
Must assess control risk in every audit
11
12
Obtains understanding of controls
13
3
Explain the five components of the COSO internal
control framework.
14
15
Integrity and ethical values
Commitment to competence
16
Management’s philosophy
and operating style
17
Identify factors that may increase risk
18
1. Adequate separation of duties
19
Custody of assets from Accounting
Operational Record-keeping
from
responsibility responsibility
20
Transaction Approval Policies
General Specific
Authorization Authorization
21
Prenumbered consecutively
22
The most important type of protective
measure for safeguarding assets and
records is the use of physical precautions.
23
The need for independent checks arises
because internal control tends to change
over time, unless there is frequent
review.
24
The purpose of an accounting information
and communication system
Initiate
Initiate
Report Maintain
Maintain
Record Report Accountability
Record transactions Accountability
transactions for
forRelated
RelatedAssets
Assets
Process
Process
25
Monitoring activities deal with management’s
ongoing and periodic assessment of the
quality of internal control performance…
26
4
Obtain and document an understanding of
internal control.
27
28
Auditing standards require auditors to obtain
an understanding of internal control for every
audit.
29
Narrative
Flowchart
Internal
control
questionnaire
30
1. The origin of every document
and record in the system
2. All processing that takes place
3. The disposition of every document
and record in the system
4. An indication of the controls relevant
to the assessment of control risk
31
Update and evaluate auditor’s previous
experience with the entity
Make inquiries of client personnel
Examine documents and records
Observe entity activities and operations
Perform walk-throughs of the accounting system
32
5
Assess control risk by linking key controls and
control deficiencies to transaction-related audit
objectives.
33
Assess whether the financial statements
are auditable.
34
Many auditors use the control risk matrix
to assist in the control risk assessment
process at the transaction level.
35
Identify audit objectives
36
37
Identify existing controls
39
6
Describe the process of designing and
performing tests of controls.
40
The procedures to test effectiveness of controls
in support of a “reduced assessed control-risk”
are called tests of controls.
41
Inquire of Examine
client personnel documents,
records, reports
Reperform Observe
client control-related
procedures activities
42
Reliance on evidence from prior year’s audit
43
Assessed Control Risk
High level:
Type of Procedures to obtain Lower level:
procedure an understanding Tests of controls
Inquiry Yes–extensive Yes–some
Inspection Yes–with transaction Yes–using sampling
walk-through
Observation Yes–with transaction Yes–at multiple times
walk-through
Reperformance No Yes–using sampling
44
Control risk Planned
assessment detection
process results risk
Related
Tests of
substantive
controls
tests
46
The scope of the auditor’s report on internal control
is limited to obtaining reasonable assurance that
material weaknesses in internal control are
identified.
47
No material weaknesses
Unqualified
No scope restrictions
One or more
material weaknesses Adverse
Qualified or
Scope limitation
disclaimer
48
8
Describe the differences in evaluating,
reporting, and testing internal control for
nonpublic companies.
49
1. Reporting requirements
50
Internal controls over financial reporting
51
Copyright
52