Help

profilechuhua aaa
Chapter072.pdf
Home>Business & Finance homework help>Accounting homework help>Help

1

Auditing- A Practical Approach

Chapter 7: UNDERSTANDING AND TESTING THE CLIENT’S SYSTEM OF INTERNAL CONTROLS

Test of Controls FMGT 4310

Auditing 2 7-1

Chapter 7 Learning Objectives 1. Define internal control

2. State the seven generally accepted objectives of internal control activities

3. Understand and describe the elements of internal control at the entity level

4. Identify the different types of controls

5. Explain how to select and design tests of controls

6. Explain the different techniques used to document internal controls

7-2

Chapter 7 Learning Objectives 7. Understand how to interpret the results of

testing of controls

8. Explain how to document tests of controls

9. Describe the importance of identifying strengths and weaknesses in a system of internal controls

10. Explain how to communicate internal control strengths and weaknesses to those charged with governance

7-3

2

What is “internal control”?

… 7-4

Internal Control

Internal control is the process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations

(CAS 315)

7-5

Objectives of Internal Controls

Is an entity’s internal control effective as it relates to recording of transactions and balances? …

7-6

3

Effective internal control meets the following objectives:

1. Real – no fictitious or duplicated transactions

2. Recorded – prevent or detect omission of transactions

3. Valued – correct amounts assigned to transactions

4. Classified – transactions charged to correct account

7-7

O (occurrence)

C (completeness)

A (accuracy)

C (classification)

Effective internal control meets the following objectives:

5. Summarized – transactions summarized and totalled correctly

6. Posted – accumulated totals in transaction file are correctly transferred to the general and subsidiary ledgers

7. Timely – transactions recorded in correct accounting period

7-8

A

A

C (cutoff)

Auditors must:

• Gain understanding of internal controls systems  objectives

• Identify key controls

• Identify control weaknesses

7-9

4

Inherent limitations:

• Human error  control breakdown

• Collusion

• Management override

7-10

Entity-level Internal Controls

1. Control environment

2. Entity’s risk assessment process

3. Information systems

4. Control activities

5. Monitoring of controls

7-11

Entity-level Internal Controls

Consider  Small entities

• Difficult to implement formal controls

• Fewer resources

• Segregation of incompatible functions

• Reliance on owner/manager 7-12

5

Types of Controls

• Controls have two main objectives:

1. To prevent/detect misstatements

2. To support the automated parts of the business

7-13

Types of Controls

• Controls are classified as:

– Manual controls

– Automated (or application) controls

– IT general controls (ITGCs)

– IT-dependent manual controls

7-14

Types of Controls

7-15Copyright John Wiley & Sons Canada, Ltd.

6

7-16

Prevent or Detect?

Types of Controls

• Preventative controls

– Applied to AVOID errors

– May not be any

• physical evidence of performance, or

• evidence of effectiveness of control

7-17

Types of Controls

7-18Copyright John Wiley & Sons Canada, Ltd.

Examples of preventative controls

 Credit check

 Match to MASTER

 Check to price list

 Computer checking

7

Types of Controls

• Detective controls

– DISCOVER fraud/error that occurs

– Usually applied outside normal flow of transactions

7-19

Types of Controls

7-20Copyright John Wiley & Sons Canada, Ltd.

Examples of detective controls

 Reconciliation

 Computer checking

 Periodic review

 Periodic review

Types of Controls

• Manual controls

– Do NOT rely on IT

EXAMPLES?

7-21

8

Types of Controls

• Automated controls rely on IT

– IT General controls (ITGCs)

– Application controls

7-22

Types of Controls

• IT dependent manual controls

– Manual + automated

EXAMPLES?

7-23

Copyright John Wiley & Sons Canada, Ltd. 7-24

Test of Controls

CR= low CR= moderate CR= high

AR= 5%

9

Test of Controls

• Professional judgment required

– Which controls to select for testing?

• Effective/efficient audit evidence

• Key controls  multiple WCGWs

7-25 Key ASSERTIONS

Test of Controls

If internal controls are NOT good, will auditors perform any control testing?

NO- Auditors will test ONLY those controls that we intend to rely upon.

7-26

Test of Controls

• How much testing is required?

– Professional judgment • Control frequency

• Degree of reliance

• Persuasiveness of evidence

• Significance of WCGWs

• Other factors

 Sampling? 7-27

10

Test of Controls

• Testing must provide enough evidence that

Control was effective throughout the period

7-28

Tests of Controls

7-29Copyright John Wiley & Sons Canada, Ltd.

CR= low CR= moderate

Test of Controls

• Testing must provide enough evidence that

Control was effective throughout the period

When to test?

7-30

11

Documenting Internal Controls

– Narratives

– Flowcharts

– Checklists/questionnaires

7-31

Copyright John Wiley & Sons Canada, Ltd.

Example: Credit Sales Process Figure 7.5

7-32

Documenting Internal Controls

Copyright John Wiley & Sons Canada, Ltd. 7-33

Documenting Internal Controls

12

Copyright John Wiley & Sons Canada, Ltd. 7-34

Documenting Internal Controls

Testing Internal Controls

Auditors will use various techniques

– Enquiry

– Observation

– Inspection of physical evidence

– Re-performance

7-35

CAIRORE

Testing Internal Controls

What will auditors be looking for?

– Attribute

• INSPECT signature of approval

• OBSERVE  separation of duties

7-36

CAIRORE

13

Copyright John Wiley & Sons Canada, Ltd. 7-37

Test of Controls

Control (compliance) testing?

Substantive testing?

Testing Internal Controls

Is the internal control effective throughout the period of the audit?

– If YES, we can continue with the audit plan

7-38

Testing Internal Controls

Is the internal control effective throughout the period of the audit?

– If NO,

• Are there compensating controls?

• Otherwise, must update assessment of CR

7-39

14

Copyright John Wiley & Sons Canada, Ltd. 7-40

Management Letters

• After documentation, auditor must assess control system

• Report to “those charged with governance” (CAS 260)

• Auditor applies professional judgment

• Includes management response

7-41

Copyright John Wiley & Sons Canada, Ltd. 7-42

Management Letter