Help

profilechuhua aaa
Chapter07SlidesOnly2.pdf
Home>Business & Finance homework help>Accounting homework help>Help

Auditing- A Practical Approach

Chapter 7: UNDERSTANDING AND TESTING THE CLIENT’S SYSTEM OF INTERNAL CONTROLS

Test of Controls FMGT 4310

Auditing 2 7-1

Chapter 7 Learning Objectives 1. Define internal control 2. State the seven generally accepted

objectives of internal control activities 3. Understand and describe the elements of

internal control at the entity level 4. Identify the different types of controls 5. Explain how to select and design tests of

controls 6. Explain the different techniques used to

document internal controls

7-2

Chapter 7 Learning Objectives 7. Understand how to interpret the results of

testing of controls 8. Explain how to document tests of controls 9. Describe the importance of identifying

strengths and weaknesses in a system of internal controls

10. Explain how to communicate internal control strengths and weaknesses to those charged with governance

7-3

What is “internal control”?

… 7-4

Internal Control

Internal control is the process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations

(CAS 315)

7-5

Objectives of Internal Controls

Is an entity’s internal control effective as it relates to recording of transactions and balances? …

7-6

Effective internal control meets the following objectives:

1. Real – no fictitious or duplicated transactions

2. Recorded – prevent or detect omission of transactions

3. Valued – correct amounts assigned to transactions

4. Classified – transactions charged to correct account

7-7

O (occurrence)

C (completeness)

A (accuracy)

C (classification)

Effective internal control meets the following objectives:

5. Summarized – transactions summarized and totalled correctly

6. Posted – accumulated totals in transaction file are correctly transferred to the general and subsidiary ledgers

7. Timely – transactions recorded in correct accounting period

7-8

A

A

C (cutoff)

Auditors must:

• Gain understanding of internal controls systems  objectives

• Identify key controls • Identify control weaknesses

7-9

Inherent limitations:

• Human error  control breakdown

• Collusion • Management override

7-10

Entity-level Internal Controls

1. Control environment 2. Entity’s risk assessment

process 3. Information systems 4. Control activities 5. Monitoring of controls

7-11

Entity-level Internal Controls

Consider  Small entities • Difficult to implement formal

controls • Fewer resources • Segregation of incompatible

functions • Reliance on owner/manager

7-12

Types of Controls

• Controls have two main objectives: 1. To prevent/detect

misstatements 2. To support the automated parts

of the business

7-13

Types of Controls

• Controls are classified as: – Manual controls – Automated (or application)

controls – IT general controls (ITGCs) – IT-dependent manual controls

7-14

Types of Controls

7-15Copyright John Wiley & Sons Canada, Ltd.

7-16

Prevent or Detect?

Types of Controls

• Preventative controls – Applied to AVOID errors – May not be any

• physical evidence of performance, or

• evidence of effectiveness of control

7-17

Types of Controls

7-18Copyright John Wiley & Sons Canada, Ltd.

Examples of preventative controls

 Credit check

 Match to MASTER

 Check to price list

 Computer checking

Types of Controls

• Detective controls – DISCOVER fraud/error that

occurs – Usually applied outside normal

flow of transactions

7-19

Types of Controls

7-20Copyright John Wiley & Sons Canada, Ltd.

Examples of detective controls

 Reconciliation

 Computer checking

 Periodic review

 Periodic review

Types of Controls

• Manual controls – Do NOT rely on IT

EXAMPLES?

7-21

Types of Controls

• Automated controls rely on IT – IT General controls (ITGCs) – Application controls

7-22

Types of Controls

• IT dependent manual controls

– Manual + automated

EXAMPLES?

7-23

Copyright John Wiley & Sons Canada, Ltd. 7-24

Test of Controls

CR= low CR= moderate CR= high

AR= 5%

Test of Controls

• Professional judgment required – Which controls to select for

testing? • Effective/efficient audit

evidence • Key controls  multiple

WCGWs 7-25 Key ASSERTIONS

Test of Controls

If internal controls are NOT good, will auditors perform any control testing?

NO- Auditors will test ONLY those controls that we intend to rely upon.

7-26

Test of Controls

• How much testing is required? – Professional judgment

• Control frequency • Degree of reliance • Persuasiveness of evidence • Significance of WCGWs • Other factors  Sampling?

7-27

Test of Controls

• Testing must provide enough evidence that Control was effective throughout the period

7-28

Tests of Controls

7-29Copyright John Wiley & Sons Canada, Ltd.

CR= low CR= moderate

Test of Controls

• Testing must provide enough evidence that Control was effective throughout the period When to test?

7-30

Documenting Internal Controls

– Narratives – Flowcharts – Checklists/questionnaires

7-31

Copyright John Wiley & Sons Canada, Ltd.

Example: Credit Sales Process Figure 7.5

7-32

Documenting Internal Controls

Copyright John Wiley & Sons Canada, Ltd. 7-33

Documenting Internal Controls

Copyright John Wiley & Sons Canada, Ltd. 7-34

Documenting Internal Controls

Testing Internal Controls

Auditors will use various techniques – Enquiry – Observation – Inspection of physical evidence – Re-performance

7-35

CAIRORE

Testing Internal Controls

What will auditors be looking for? – Attribute

• INSPECT signature of approval

• OBSERVE  separation of duties

7-36

CAIRORE

Copyright John Wiley & Sons Canada, Ltd. 7-37

Test of Controls

Control (compliance) testing?

Substantive testing?

Testing Internal Controls

Is the internal control effective throughout the period of the audit? – If YES, we can continue with the

audit plan

7-38

Testing Internal Controls

Is the internal control effective throughout the period of the audit? – If NO,

• Are there compensating controls?

• Otherwise, must update assessment of CR

7-39

Copyright John Wiley & Sons Canada, Ltd. 7-40

Management Letters

• After documentation, auditor must assess control system

• Report to “those charged with governance” (CAS 260)

• Auditor applies professional judgment

• Includes management response 7-41

Copyright John Wiley & Sons Canada, Ltd. 7-42

Management Letter