Audits Of Internal Control And Control Risk PDF

Summary

This document discusses audits of internal control and control risk, covering topics such as internal control systems, policies, procedures, objectives, and responsibilities. It also includes information on risk assessment, control activities, and monitoring.

Full Transcript

Audits of Internal Control and
Control Risk
Chapter 8

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 510
- 5- 1
 Internal Control
A system of internal control Tr
consists of policies and ue
da

da alse
ta
procedures designed to provide

ta
F
management with reasonable
assurance that the company ACCOUNTING
achieve its objectives and Data
goals. G
AA
P

These policies and procedures
are called controls and
collectively they make up the
entity’s Internal Control

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 2
 Internal Control Objectives
Management has three broad objectives in
designing an efective internal control system

Reliability of
fnancial
Compliance reporting Efciency and
with laws and efectiveness
regulations of operations
Unlike management, Auditor internal control objectives
do not include efciency and efectiveness of operation
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 3
 Responsibilities for Internal
Control
Management Auditors

Is responsible for establishing , maintaining,Is responsible for understanding ,
testing , and reporting on the operating testing ,and reporting on the operating
efectiveness of the entity’s internal controlefectiveness of the entity’s internal
Control.

Management’s design and The auditors obtain the understanding
implementation of internal controls is of internal control to assess control
based on: risk in every audit and to be able to
1-Reasonable assurance To design the nature ,timing, and
2-Inherent limitations extent of further audit procedure

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 4
 Five Components of Internal
Control
COSO’S Internal Control Integrated Framework is
one of the most widely accepted internal control
Framework.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 5
 1/The Control Environment

consist of the action’s policies, and procedure
that refect the overall attitude of top managem
directors ,and owners of an entity about interna
control and its importance to the entity.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 6
 2/ Risk Assessment
- The risk assessment process look at how
management assesses material risks which might arise.
-It has to estimate the signifcance of those risks and the
likelihood that are occurring

The risk might include :
1/ rapid technology changes
2/ Entrance of new competitors

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 7
 3/ Control Activities

Are the policies and procedure that help ensure that
necessary action is taken to address risk. The control
activities fall into the following fve types:

1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 8
 4/ Information and
Communication
The purpose of an accounting information
and communication system

Initiate
Initiate
Report Maintain
Maintain
Record Report Accountability
Record transactions Accountability
transactions for
forRelated
RelatedAssets
Assets
Process
Process
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 9
 Monitoring

Monitoring activities deal with management’s
ongoing and periodic assessment of the
quality of internal control performance…

to determine whether controls are operating
as intended and modifed when needed.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 10
 Process for Understanding
Internal Control and Assessing
Control Risk

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 11
 Obtain and Document
Understanding of Internal
Control design and operation
Auditing standards require auditors to obtain
and document an understanding of internal
control for every audit.

In addition to the understanding of the
design , the auditor must consider whether
the designed control implemented in practice

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 12
 Assess Control Risk

The auditor obtain Assess whether the fnancial statements
an understanding are auditable.
of the design and
implementation of
internal control to
Determine assessed control risk supported
Make a preliminary
by the understanding obtained assuming
assessment of
the controls are being followed.
control risk as
part of the auditors
overall assessment
Of the risk of material Use a control risk matrix to assess
Misstatements control risk.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 13
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 14
 Identify Defciencies and
Material Weaknesses
 Identify existing controls

Identify the absence of key controls

Consider the possibility of compensating controls

Decide whether there is a signifcant defciency
or material weakness

Determine potential misstatements that could re
©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 15
 Tests of Controls

The procedures to test efectiveness of controls
in support of a reduced assessed control
risk are called tests of controls.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 16
 Procedures for Tests of
Controls
Examine
Inquire of documents,
client personnel records, and
reports

Reperform Observe
client control-related
procedures activities

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 17
 Decide Planned Detection Risk
and Design Substantive Tests
Control risk Planned
assessment detection
process results risk

Related
Tests of
substantive
controls
tests
The auditor uses the results of the control risk assessment process and
The auditor uses the results of the control risk assessment process and
tests
testsofofcontrols
controlstodetermine
todeterminethe
theplanned
planneddetection
detectionrisk
riskand
andrelated
related
substantive
substantivetests.
tests.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 18
 Section 404 Reporting on
Internal Control
The scope of the auditor’s report on internal cont
is limited to obtaining reasonable assurance that
material weaknesses in internal control are
identifed.

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 19
 Types of Opinions

No material weaknesses
Unqualifed
No scope restrictions

One or more
material weaknesses Adverse

Qualifed or
Scope limitation
disclaimer

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 20
 Communications to Those
Charged with Governance
 Auditor must communicate in writing
signifcant defciencies and material
weaknesses to the audit committee

 Management letters from the auditor
less signifcant control weaknesses
ideas for operational improvements

©2012 Prentice Hall Business Publishing, Auditing 14/e, Arens/Elder/Beasley 10 - 21