Highlights - Review For 2nd Exam PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides an overview of key concepts in audit review, including risk assessment procedures, tests of controls, substantive procedures, related party transactions, and assertions. It also discusses inherent risk, control risk, and detection risk, as well as the role of the audit committee.
Full Transcript
**HIGHLIGHTS - REVIEW FOR 2nd EXAM-- Remember to review the presentations.** **Risk Assessment Procedure** - Designed to obtain an understanding of the client and its environment, including its internal control, to assess the RMM. **Test of Controls** - Designed to test the operating effectiveness...
**HIGHLIGHTS - REVIEW FOR 2nd EXAM-- Remember to review the presentations.** **Risk Assessment Procedure** - Designed to obtain an understanding of the client and its environment, including its internal control, to assess the RMM. **Test of Controls** - Designed to test the operating effectiveness of controls in preventing or detecting material misstatements. **Substantive Procedures** - Designed to detect material misstatements of relevant assertions including analytical procedures and tests of details of account balances, transactions and disclosures. **Related Party Transaction** - Individuals or entities who may have dealings with the client in which one party is significantly influenced by the other. **Audit Risk** - The possibility that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. **Inherent Risk** - The possibility of material misstatement of a financial statement assertion before considering any related controls. **Control Risk** - The risk that a material misstatement that could occur in an account will not be prevented or detected and corrected, on a timely basis by internal control. **Detection Risk** - Risk that the auditors' audit fail to detect a misstatement. **Engagement Risk** - Risk of loss or injury to the auditors' reputation by association with a client that goes bankrupt or one whose management lacks integrity. **Professional Skepticism** - A questioning mind, being alert to conditions that may indicate possible misstatements due to fraud or error, and a critical assessment of audit evidence. **Assertions** - Representations of management, explicit or otherwise, that are embodied in the financial statements as used by auditors to consider the different types of potential misstatements that may occur. **Relevant assertion -** A financial statement assertion that has a reasonable possibility of containing a misstatement or misstatements that would cause the financial statements to be materially misstated. The determination of whether an assertion is a relevant assertion is based on inherent risk, without regard to the effect of controls. **Internal Control -** A process designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance. **Material Weakness** - Deficiency in internal control over financial reporting with reasonable possibility of material misstatement will not be prevented or detected on a timely basis. **Significant Deficiency** - Deficiency in internal control over financial reporting that is **less severe**, but merit attention by those responsible for oversight of the company's financial reporting **Walk Through** - A procedure in which an auditor follows a transaction from origination through the company's processes until it is reflected in the company's financial records. **Foreign Corrupt Practice Act** - Makes illegal payment of bribes to foreign officials. **Accounting System** - Method and records established to initiate, authorize record, process, summarize, and report an entity's transactions. **Accounting estimate** - Approximations used in a company's financial statements when there is an inherent lack of precision of measurement (estimation uncertainty). These approximations rely upon management's judgments or assumptions, such as determining the allowance for doubtful accounts, establishing warranty reserves, and assessing assets for impairment. We will consider the term *estimation uncertainty* synonymous with the term *measurement uncertainty*. **Routine transaction** - A transaction for a recurring financial activity recorded in the accounting records in the normal course of business, such as sales, purchases, cash receipts, cash disbursements, and payroll. **Nonroutine transaction** - A transaction that occurs only periodically, such as counting and pricing inventory, calculating depreciation expense, or determining prepaid expenses. **External information source** - An external individual or organization that provides information that is used by the entity in preparing the financial statements, or that provides information used by the auditors as audit evidence. Information provided by management's or the auditors' specialists or a service organization is not considered an external information source with respect to that particular information. **Analytical procedures** - Tests that involve comparisons of financial data for the current year to those of prior years, budgets, nonfinancial data, or industry averages. From a planning standpoint, analytical procedures help the auditors obtain an understanding of the client's business, identify financial statement amounts that appear to be affected by errors or fraud, or identify other potential problems. **Audit committee** - A subcommittee of a company's board of directors that is charged with oversight of the financial reporting process, the audit process, the company's system of internal controls and compliance with laws and regulations. Within this role is responsibility for appointing, compensating, and overseeing the external auditors. Audit committee members are board of directors outside directors (members of the board of directors who are neither officers nor employees of the company). **Audit Data Analytics (ADA)** - Is the examination of large data sets to uncover hidden patterns, unknown correlations, market trends, customer preferences, and other useful business insights. The analysis of patterns, identification of anomalies, or extraction of other useful information in data underlying or related to the subject matter of an audit through analysis, modeling, or visualization. **Audit plan** - A written or electronic document(s) that includes the nature, timing, and extent of audit procedures to be performed by the audit team members in order to obtain sufficient audit evidence. It includes planned risk assessment procedures, planned further audit procedures, and other necessary audit procedures. **Overall audit strategy -** This strategy involves determining overall characteristics of the engagement that define its scope, determining the engagement's reporting objectives to plan the timing of procedures, and considering important factors that will determine the focus of the audit team's efforts. When the overall audit strategy has been established, the auditors start the development of a more detailed audit plan to address the various matters identified in the audit strategy. **Time budget -** An estimate of the time required to perform each step in the audit. **Engagement letter** - An agreement between the CPA firm and the client as to the terms of the audit engagement. The terms of the engagement should include (1) the objectives and scope of the audit, (2) auditor and management responsibilities, (3) inherent limitations of the audit, (4) the applicable financial reporting framework, and (5) the expected form and content of reports to be issued by the auditors. **Further audit procedures** - Substantive procedures for all relevant assertions and tests of controls when the auditors' risk assessment includes an expectation that controls are operating effectively, or when substantive procedures alone do not provide sufficient appropriate audit evidence. The auditors perform risk assessment procedures to obtain an understanding of the client and its environment, including internal control. They then conduct a risk assessment and determine the appropriate further audit procedures. **Fraudulent financial reporting (management fraud) -** Material misstatement of financial statements by management with the intent to mislead financial statement users. **Misappropriation of assets (defalcations)** - Theft of client assets by an employee or officer of the organization. **Interim period** - The time interval from the beginning of audit work to the balance sheet date. Many audit procedures can be performed during the interim period to facilitate early issuance of the audit report. **Risk assessment procedures** - The audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control. These procedures are designed to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels. Risk assessment procedures include (a) **inquiries** of management and others within the entity; (b) **analytical procedures**; and (c) **observation** and other procedures, including inquiries of others outside the entity. **Integrated audit** - An audit where auditors, in addition to an opinion on the financial statements, express an opinion on the effectiveness of a company's internal control over financial reporting, in accordance with PCAOB AS 2201. Public companies with a market capitalization of \$75,000,000 or more are required to undergo integrated audits. **Management review controls** - Reviews conducted by management of estimates and other kinds of financial information for reasonableness. They often involve the use of significant judgment, knowledge, and experience in comparing recorded amounts with expectations of the reviewers. They often are considered monitoring controls but may relate to any of the other COSO components that have the common characteristic of management review of information to identify misstatements or breakdowns in other controls. **Incompatible duties** - Assigned duties that place an individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance. **Risk assessment procedures** - The audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control. These procedures are designed to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels. Risk assessment procedures include (a) inquiries of management and others within the entity; (b) analytical procedures; and (c) observation and other procedures, including inquiries of others outside the entity. **Organizational structure** - The division of authority, responsibility, and duties among members of an organization. **Internal auditors** - Corporation employees who design and execute audit programs to test the effectiveness and efficiency of all aspects of internal control. The primary objective of internal auditors is to evaluate and improve the effectiveness and efficiency of the various operating units of an organization rather than to express an opinion as to the fairness of financial statements. **Fidelity bonds** - A form of insurance in which a bonding company agrees to reimburse an employer for losses attributable to theft or embezzlement by bonded employees. **Service auditor** - A practitioner who reports on the internal controls at a service organization. **User auditor** - An auditor who audits and reports on the financial statements of a user entity **RMM (Risk of Material Misstatement)** is high **↑**substantive tests **↓** DR (Detection Risk) **Audit risk formula** -- AR = RMM (IR \* CR) \* DR **Business characteristics indicative of high inherent risk (ver tablas en páginas 10 y 11):** - Inconsistent profitability of client relative to others in the industry. - Operating results highly sensitive to economic factors. - Going concern problems. - Large misstatements detected in prior audits. - Substantial turnover, questionable reputation, or inadequate accounting skills of the accounting department. **Assertions with High Inherent Risk Involve:** - Difficult-to-audit transactions or balances. - Complex calculations. - Difficult accounting issues. - Significant judgment by management. - Valuations that vary significantly based on economic factors. **Management Objectives (assertions) (PERCCV)** 1. **Completeness -** All assets, liabilities, equity interests, and transactions that should have been recorded have been recorded. To detect understatements. a. Auditor review an entity\'s periodic accounting for the numerical sequence of pre numbered documents such as shipping documents, invoices, checks, requisitions. b. **Tracing** of transactions forward, starting from source documents through their accounting recognition and ultimately to the financial statements. Note that this directional test is the opposite of vouching (the directional test for the existence/occurrence assertion). i. Tracing shipping documents to related sales invoices, shipping documents, subsidiary, general ledger, financial statements. (All items shipped were invoiced) c. Verify that accounts receivable are not overstated. d. Verify that accounts payable are not understated. e. Verify vendor invoices for the items received at the beginning of next accounting period. f. Analytical review procedures. The auditor should consider how certain items might be omitted from the account balance, such as unrecorded liabilities or omissions of pledged assets. g. Observation of processes and procedures. h. Selecting a sample of shipping documents for inspection related to sales made during the year and determine that associated accounts receivable were properly recorded. 2. **Existence or occurrence -** Assets, liabilities, and equity interests exist and recorded transactions have occurred. To detect overstatements. i. Obtain account balance confirmation from bank, customers and vendors. j. All inventory owned by the client is on hand at the time of the inventory count. k. Confirmation of accounts with third parties. (existence, but not ownership) l. Physical observation, inspection, and examination of assets, processes, and procedures. (These provide very persuasive forms of evidence.) m. **Vouching** of transactions from financial statements back to source documents. n. Costs incurred and if the costs represent probable future economic benefit. 3. **Rights and obligations -** The company holds rights to the assets, while liabilities are the obligations of the company. o. Inspect documentary evidence such as property tax bills, purchase documents, and deeds. (Leases have right to use not legal title). p. Examine sales invoices and contracts with customers to determine if any goods are out on consignment with customers. q. Examine vendors' invoices and contracts with vendors to determine if any goods on the inventory listing are owned by vendors. r. Review confirmations of liabilities to determine if receivables have been sold or factored. 4. **Valuation, allocation & accuracy -** All transactions, assets, liabilities, and equity interests are included in the financial statements at proper amounts. s. Auditor review the aging of accounts receivable to evaluate the adequacy of the allowance for doubtful accounts. t. Proper inventory pricing. u. Damaged goods and obsolete inventory has been properly accounted for. v. Perform analytical procedures - Analyze turnover ratios w. Computation of inventory costs (direct labor, material, overhead) x. Review credit rating of customers with delinquent accounts receivable. y. **Inspection** of documentation supporting transactions. z. **Footing** and cross-footing of schedules. a. Independent **recalculation**. Examples would be the aging of accounts receivable to substantiate the value of the allowance account, or the recalculation of depreciation charges. b. A prime area for **recalculation** are estimates made by the client. c. **Reconciliation** of supporting schedules to general ledger line items. 5. **Cutoff -** Transactions and events have been recorded in the **correct accounting period**. d. Review transactions recorded shortly **before and after** the balance sheet date to ascertain that these transactions are assigned to the proper period. e. Review invoices generated for the **last shipping documents** generated at year end. f. Review shipping documents for the invoices generated on the **first day** of the next accounting period. 6. **Presentation and disclosures -** Accounts are described and classified in accordance with generally accepted accounting principles, and financial statement disclosures are complete, appropriate, and clearly expressed. g. **Inspect** loan agreements under which an entity's inventories or accounts receivable are pledged. h. **Verify** the existence of *related party transactions*. (must be disclosed in the notes). i. **Inspection** of documentation supporting transactions. j. **Review** of all related disclosures for compliance with GAAP. **\ ** **Substantive Procedures** - **Analytical procedures**. - **Trend analysis** -- analyze changes in an account balance over time. It would assist the auditor in developing an expectation for the current year. - **Ratio analysis** -- compare relationships between two or more financial statement accounts, or comparisons of account balances to non financial data. - **Tests of details.** - **Tests of account balances** -- address whether there are misstatements in the ending balance of an account. Ex. Confirmation of A/R balance. - **Tests of classes of transactions** (direct test of transactions) -- address whether transactions are valid and have been properly accounted for during the period. Ex. Sales. - **Tests of disclosures** -- address whether financial statement disclosures are properly presented. **Related Party Transactions** - Individuals or entities who may have dealings with the client in which one party is significantly influenced by the other such that it may not pursue its separate interests. - Officers, directors, principal owners, members of immediate families, affiliated companies, such as subsidiaries. - Because the transaction is not conducted arm's length, the auditor should be aware that economic substance of these transactions might differ from their form. - Often been used to facilitate fraudulent financial reporting. - Auditor should determine the business purpose of any significant unusual transactions they encounter. - Disclosure requirements must be met. - A list of all related parties should be prepared at the beginning of the audit so the audit staff may **be alert** of any transaction throughout the engagement. - The list is retained in **auditor's permanent file** for reference and updating in successive engagements. **Data Analytics** - It is the process of using related and unrelated data sets to provide insights into decisions. - It is the examination of large data sets to uncover hidden patterns, unknown correlations, market trends, customer preferences, and other useful business insights. (Ex. ACL & IDEA) - CPA firms increase using data analytic approaches to improve risk assessment, tests of controls and substantive procedures. - In risk assessment, sophisticated data analytics can improve auditors' assessments of risk by significantly increasing the sources of data used. - In tests of controls, data analytics may allow the auditors to use technology to test 100 percent of the items in a population by relating data from multiple sources. - Substantive procedures may be improved by using data from a number of data sources to improve the efficiency and effectiveness of the procedures. **\ ** **Predecessor auditor** - Communicate with predecessor auditor before accepting the new engagement and inquiry about: - Integrity of management. - Disagreements with management over accounting principles. - Predecessor auditors' communications to those charged with governance regarding fraud and noncompliance with laws. - Predecessor auditors' communication to management and those charged with governance concerning internal control significant deficiencies and material weaknesses. - Predecessor's understanding of reason for change of auditors. - Predecessor's understanding of the nature of the company's relationships and transactions with related parties and significant unusual transactions. **Stages of an Audit** 1. **Pre-acceptance phase of the engagement** - **Determine the requirements for the engagement.** - **Financial statements to be audited,** - **Any other requirements -- regulatory filings,** - **Timing of engagement.** - **Firm's ability to meet reporting deadlines.** - **Firm's ability to staff the engagement.** - **Ensure that is in fact independent and will be able to maintain independence throughout the engagement.** - **Consider integrity of client management.** 2. **Audit Planning** - Auditor must obtain and understanding of the client's **industry** and **business**: - **Tour** client facilities - **Obtain** an understanding of client accounting. - **Review** the financial history of the client. - **Inquiry** of client personnel. - Auditors establish an understanding with their client as to the **nature** of services to be provided and the responsibilities of each party. - Develop an overall **audit strategy** and an **audit plan**. - Plan use of **client's staff**, involvement of **other CPAs**, and arrange for **specialists**. - Determine use of **internal auditors**. - Assignment of staff to specific audit areas, based on experience and higher risk areas. - Prepare the **time budget**. - The timing of testing (interim vs. year-end) and audit team meetings. - The extent, location and timing of review of audit work. - Obtain the **engagement letter** from the client. - Agree the **fee arrangements** with the Audit Committee. - Communicate with **the predecessor auditor**. - Deadlines for **interim** and **final** reporting. - Key dates for **meetings** with **management** and those **charged with governance**. 3. **Obtain an Understanding of the Client and its Environment and Internal Control.** - Prepare preliminary **analytical procedures**. - Make **inquiries** of management and others within the entity. - **Tour** of plant and offices. - **Inspect** various documents and records. - **Observe** control activities and operations. - Perform **walk-through** of transactions. - Make **inquiries** to **legal** counsel. - Review information from **external** sources (SEC filings, AICPA industry guides and other). - Document the understanding (**FIND**): - Prepare **flowchart**. - Prepare **checklists/questionnaires**. - Prepare **narratives.** - Documents. 4. **Assess the Risks of Material Misstatement and Design Further Audit Procedures** - Auditors should be alert for **significant risks** that require special audit attention. - Evaluate whether the risks relate **pervasively** to the Financial Statements as a whole and potentially affect many assertions. - Make **inquiries** about **fraud**. - Based on the understanding assess **control** and **inherent** **risk** and document the basis for the conclusion. - Consider what can go wrong, the magnitude involved and the likelihood of a material misstatement. - Considering **fraud risk** factors. - Design **further audit procedures**: - tests of controls (**CRIME**) and - If control risk is less than maximum perform test of controls - If control risk is at maximum do not perform test of controls, perform substantive tests. - substantive tests (**PERCCV**). 5. **Perform Further Audit Procedures** - Perform **tests of controls**. - Perform **inquiry** procedures. - **Inspect** documents for performance. - **Observe** application of procedures. - **Reperform** application of procedures. - Based on the tests of control performed, review and document the assessment of control risk, and review the substantive tests required for an acceptable level of detection risk. - **Analyze results obtained and reassess control risk and substantive tests if required.** - **Confirm** accounts receivable balances. - **Recalculate** the allowance for doubtful accounts. - Perform **analytical procedures**. - Perform **tests of details** of transactions and balances. 6. **Complete the Audit (Chapter 16).** - Search for **unrecorded** **liabilities**. - Perform procedures to identify **loss contingencies**. - Review **minutes** of meetings. - Obtain a **representation letter** from the client. - Perform final **analytical procedures**. - Evaluate audit findings. - Perform review for **subsequent events**. 7. **Form an Opinion and Issue the Audit Report (Chapter 17).** - Public **audit report** reporting on **internal control** and on the **financial statements** for public company. - Public report reporting on the financial statements only for **nonpublic company**. **Engagement Letter includes:** - Client name - Objective and scope of the audit, - Auditor and management responsibilities, - Inherent limitations of an audit, - Applicable financial reporting framework -- GAAP, - Expected form and content of report to be issued by the auditors. - For recurring audits there may be factors that require a revision of the engagement letter such as: - **Management misunderstands** the objective and scope of the audit. - **Change** of senior **management**. - Significant **change** in the **nature** or **size** of the client. - **Change** in **reporting** requirements. - When accepted by client, it **represents** an **executory contract** between the auditor and the client. - **Management responsibilities**: - Financial statements. - Establishing effective internal control over financial reporting. - Compliance with laws and regulations. - Making all records and client personnel available to the auditors. - Providing written representations at end of the audit regarding its responsibilities and belief that the financial statements are free from material misstatement. - **Auditor responsibilities**: - Conducting an audit in accordance with GAAS or PCAOB standards. - Obtaining an understanding of internal control to plan audit and to determine the nature, timing and extent of procedures. - Making communications required by auditing standards. - Conduct of the audit (for example, timing, client assistance). - Use of **specialists** or internal auditors. - Obtaining information from **predecessor** **auditors**. - **Fees** and **billing**. - Other services to be provided, such as examination of internal control over financial reporting. - Limitation or other arrangements regarding liability of auditors or client. - Conditions under which access to the auditors' working papers may be granted to others. **Audit Committee** - Public companies must establish it within the board of directors to take an active role in *[overseeing]* the company's accounting and financial reporting policies and practices. - It is required by NYSE, American Stock Exchange and NASDAQ. - Composed of *at least [three independent d]irectors, nor officers nor employees*, who have no other relationship that might impair their independence. - SOX provides that audit committee members should not receive any consulting, advisory, or other compensatory fee from the company, or be in any way affiliated with the company. - Members must be *[financially literate]*, and at least one member, usually the chairman must be a financial expert. - Must be responsible for appointment, compensation and oversight of the auditors A list of business risk Description automatically generated with medium confidence ![A black and white text on a white background Description automatically generated](media/image2.png) **Overall Response to Fraud Risk** - **Professional skepticism and audit evidence** -- Design procedures to obtain more reliable evidence in support of specific financial statement items or by obtaining additional corroboration of management's explanations or representations concerning material matters, such as third-party confirmation, use of a specialist, or examination of documentation from independent sources. - **Assigning personnel and supervision** -- additional staff with specialized skill and knowledge or assigning more experienced staff. - **Accounting Principles** -- Consider management's selection and application of significant accounting principles, particularly those related to subjective measurements and complex transactions. - **Predictability of auditing procedures** -- Use differing sampling techniques, adjust the timing of testing from what would be expected, or perform procedures at locations on an unannounced basis. **Discovery of fraud.** - Auditors should evaluate the implications for the audit and - Communication to an appropriate level of management, at least one level above the level involved. - If fraud involves senior management or material misstatement communicate to **audit committee** of the board of directors - In very serious situations, auditors may decide to withdraw from the engagement. **Auditors' consideration of internal control is often organized around client's major transaction cycles.** - Revenue (sales and collections) cycle. - Acquisition (purchasing and disbursements) cycle. - Conversion (production) cycle. - Payroll cycle. - Investing cycle. - Financing cycle. **Types of Transactions** - **Routine** transactions Recurring financial statement activities recorded in the accounting records in the normal course of business. - Ex. Sales, purchases, cash disbursements/receipts, and payroll transactions. - **Lower inherent** **risk**, but controls implemented assure proper recording. - **Nonroutine** transactions Involve activities that occur only periodically. - Ex. Taking of physical inventories, calculating depreciation expense, and adjusting financial statements for foreign currency gains and losses. - **High inherent risk**, not part of normal flow of transactions and may need specialized to perform the activity. - **Estimation** transactions Activities that create accounting estimates. - **Highest inherent risk** because involve management **judgments** or assumptions. - Ex. Estimating allowance for uncollectible accounts, establishing warranty reserves and assessing assets for impairment. A diagram of a auditing process Description automatically generated **\ ** **Flowchart Symbols**![A screenshot of a computer Description automatically generated](media/image4.png) **Classifications of Controls** - **Preventive** Controls (ARC) - Aimed at **avoiding** the **occurrence** of misstatements in the financial statements. - Ex: segregation of duties (Authority, Reporting, Custody) and requiring approval of period-ending journal entries. - **Detective** Controls - Designed to **discover** misstatement **after** they have occurred. - Ex. Monthly bank reconciliations could detect misstatements of cash receipts or disbursements. - **Corrective** Controls - Needed to remedy a misstatement detected. - Ex. Maintaining **backup** copies of key transactions and master files to allow the correction of data entry errors. **Controls overlap:** - Complementary -- function together. - Redundant -- address same assertion or control objective. - Compensating -- reduces risk existing weakness will result in misstatement. **Components of Internal Control Structure (CRIME)** - **Control Environment Factors --** Overarching system of controls to govern practices and behaviors. Sets the tone of the organization, influencing the control consciousness of its employees. - Commitment to communication and enforcement of integrity and ethical values by board of directors and senior management. - Board of directors demonstrates independence from management and exercises oversight of internal control. - Establishment of effective organizational structure, including reporting lines, and appropriate authorities and responsibilities (accountability). - Commitment to attract, develop, and retain competent employees. - Holding employees accountable for internal control responsibilities. - Commitment to competence. - Management philosophy and operating style. - Human resources policies and practices. - **Risk Assessment --** How the company sets objectives and manage risks. - Clearly specify objectives to allow the identification and assessment of risks related to those objectives. - Identify and analyze risks to the achievement of its objectives to determine how they may be managed. - Consider potential fraud relating to the achievement of objectives. - Identify and assess ***changes*** that could impact internal control. - Regulatory or operating environment. - New personnel, information systems, technology, business model. - Adoption of new accounting principle or pronouncements. - Corporate restructuring - **Information System --** How information is identified and communicated internally and externally. - Identify and record valid transactions. - Initiating, authorizing, recording, processing, and reporting entity transactions, conditions, and events. - Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions. - Measure the value of transactions appropriately. - Determine the time period in which the transactions occurred to permit recording in the proper period. - Present properly the ***transactions*** and related ***disclosures*** in the financial statements. - Maintain accountability for the assets, liabilities, and equity. - Communicating roles and responsibilities. - **Monitoring --** Overall system of internal control is monitored and improved. - ***Ongoing*** monitoring activities. - Regularly performed ***supervisory*** and ***management*** activities. - - - Separate evaluations: - - - Evaluation of internal control performance. - Other procedures such as mailing customer statements - **Existing Control Activities --** How actions and activities are designed, implemented and tested. - *Transaction control activities.* - *Prenumbering of documents* - *Authorization of transactions* - *Independent checks to maintain asset accountability* - *Documentation of transactions* - *Timely and appropriate financial performance reviews* - *Information processing controls -- general and application controls* - *Physical controls for safeguarding of assets* - *Segregation of duties -- (ARC) no incompatible functions. Segregate authorization, recording and* **c**ustody of assets. **Limitations of Internal Control** - Errors may be made in the performance of controls because of misunderstandings of instructions, mistakes of judgment, carelessness, distraction or fatigue. - Controls that depend on the segregation of duties may be circumvented by **collusion** of two or more people. Management may override internal controls. - Compliance may deteriorate over time. - Due to cost considerations, it is not feasible to provide **absolute** protection from errors, fraud and waste. **Reasonable** assurance is the best that can be achieved. **Documenting the Understanding of Internal Control (FIND)** - **Flowcharts** - Systems flowcharts is a diagram -- a symbolic representation of a system or a series of procedures with each procedure shown in sequence. - An advantage of a flowchart is that it provides a clearer, more specific portrayal of the client's system. - A disadvantage of flowchart is that internal control weaknesses are not identified as prominently as in questionnaires. - **Internal Control Questionnaires** - Typically standardized by firm or industry. - Contains a separate section for each major transaction cycle, enabling the work of completing it to be divided among several audit staff members. - A disadvantage of standardized internal control questionnaires is their lack of flexibility. - Intended as a means for the auditors to document their understanding of internal control. - **Written Narratives** - Memos that describe flow of transactions cycles and controls. - Written version of a flowchart. - It is a description of the auditor's understanding of the system of internal control. - More appropriate for less complex control structures. - **Documents from client** - Policies & Procedures - Operations Manuals - Meeting minutes - Organizational structure - Accounting manuals - Information system manuals **Use of the Work of Internal Auditors** - Work of Internal Auditors may be used in two ways (AICPA AU-C 610 AND PCAOB AS 2605): - Obtaining audit evidence by using the **internal auditors' work** **performed** as a part of their normal responsibilities, and - Using internal auditors to provide **direct assistance** on the external audit. - If external auditors decide to use internal auditors work, they should assess the competence and objectivity of the internal audit function. - Evaluate the internal auditors' policies for hiring, training, and assigning personnel to engagements. - Evaluate whether the internal audit function is adequately and appropriately staffed. - Auditors are adequately trained and proficient by evaluating their education level, professional experience, and professional certifications. - Investigate the internal auditors' policies, programs, procedures, working papers, and reports, and the extent to which internal auditors' activities are supervised and reviewed. - Communicate how the internal auditors' work will be used to those charged with governance. - Obtain a written acknowledgment from management and those charged with governance that the internal auditors will be allowed to perform the work free from any interference. A close-up of a chart Description automatically generated ![A chart with text on it Description automatically generated](media/image6.png)