RR Chapter 10

Learning Objective 1
Section 404 Audits of

Internal Control and Describe the three primary
Control Risk objectives of effective
internal control.
Chapter 10
2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 1 2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 2
Internal Control Objectives Learning Objective 2

1. Reliability of financial reporting Contrast managements
2. Efficiency and effectiveness of operations responsibilities for maintaining
and reporting on internal controls
3. Compliance with laws and regulations
with the auditors responsibilities
for understanding, testing, and
reporting on internal controls.
Management and Auditor Management and Auditor

Responsibilities Related Responsibilities Related
to Internal Control to Internal Control
Managements responsibility Managements Section 404
for establishing internal control reporting responsibilities
Reasonable assurance Design of internal control
Inherent limitations Operating effectiveness of controls
2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 1

Management and Auditor
Sales Transaction-related
Responsibilities Related
to Internal Control Audit Objectives
Transaction-related Audit Sales Transaction-related
Auditor responsibilities for Objective General form Audit Objectives
understanding internal control Recorded transactions Sales are for shipments
exist (occurrence) to existing customers
Controls over the reliability
of financial reporting Existing transactions are Existing sales transactions
recorded (completeness) are recorded
Control over classes of transactions
Transactions are stated Sales for goods shipped
Auditor responsibilities for testing correctly (accuracy) are correctly billed
internal control
Sales Transaction-related
Audit Objectives
Transaction-related Audit Sales Transaction-related
Objective General form Audit Objectives Explain the five components
Transactions are correctly Sales transactions are of the COSO internal
filed (posting and correctly included in the
summarization) master files control framework.
Transactions are correctly Sales transactions are
classified (classification) correctly classified
Transactions are recorded Sales are recorded on
on correct dates (timing) the correct dates
Five Components of Internal

The Control Environment
Control
Integrity and ethical values
Commitment to competence
Risk Information and
assessment communication Board of directors or audit
committee participation
Control
Monitoring
activities

The Control Environment Risk Assessment
Managements philosophy and operating style Identify factors that may increase risk
Organizational structure Estimate the significance of the risk
Human resource policies and practices Assess the likelihood of the risk occurring
Determine actions necessary to manage the risk
Control Activities Adequate Separation of Duties

1. Adequate separation of duties Custody of assets from Accounting
2. Proper authorization of transactions and activities Authorization The custody of

from
of transactions related assets
3. Adequate documents and records
Operational Record-keeping
from
4. Physical control over assets and records responsibility responsibility
IT duties from User departments

5. Independent checks on performance
Proper Authorization of Adequate Documents and

Transactions and Activities Records
General authorization Prenumbered consecutively
Specific authorization Prepared at the time of transaction
Designed for multiple use
Constructed to encourage correct preparation

Physical Control Over Assets Independent Checks on
and Records Performance
The most important type of protective The need for independent checks arises
measure for safeguarding assets and because internal control tends to change
records is the use of physical precautions. over time unless there is a mechanism
for frequent review.
Information and
Monitoring
Communication
The purpose of an accounting information Monitoring activities deal with managements
and communication system is to ongoing and periodic assessment of the
quality of internal control performance
initiate, record, process, and report

to determine whether controls are operating
the entitys transactions and to maintain
as intended and modified when needed.
accountability for the related assets.
SEC and COSO Focus on

Smaller Public Companies
The SEC has extended the deadline for Obtain and document an
small public companies compliance
with Section 404 requirements. understanding of internal control.
COSO issued guidance in Internal Control

Over Financial Reporting for Smaller
Public Companies.

Process for Understanding Internal Obtain and Document
Control and Assessing Control Risk Understanding of Internal Control
Obtain an SAS 109 and PCAOB Standard 2 both
understanding of Design, perform,
Phase 1 internal control: Phase 3 and evaluate tests require auditors to obtain an understanding
design and of controls of internal control for every audit.
operation
Procedures to obtain an understanding:
Design of internal controls
Decide planned Whether placed in operation
Assess control detection risk Uses this information as a basis for the
Phase 2 risk Phase 4 and substantive
tests integrated audit
Methods Used Narrative
1. The origin of every document

and record in the system
Narrative
2. All processing that takes place
Flowchart 3. The disposition of every document
Internal and record in the system
control 4. An indication of the controls relevant
questionnaire to the assessment of control risk
Evaluating Internal Control

Operation
Update and evaluate auditors previous Assess control risk by linking key
experience with the entity
controls, significant deficiencies,
Make inquiries of client personnel
and material weaknesses to
Examine documents and records
transaction-related audit
Observe entity activities and operations
objectives.
Perform walk-throughs of the accounting system

Assess Control Risk Control Risk Matrix
Assess whether the financial statements Many auditors use the control risk matrix
are auditable. to assist in the control risk assessment
process.
Determine assessed control risk supported
by the understanding obtained assuming
the controls are being followed.
Use of a control risk matrix to assess

control risk.
Evaluating Significant Control

Control Risk Matrix
Deficiencies
Identify audit objectives SIGNIFICANCE
Material
Identify existing controls
Associate controls with related audit objectives Material

Weakness
Identify and evaluate control deficiencies,
significant deficiencies, and material weaknesses LIKELIHOOD Remote Probable
Immaterial
Identify Deficiencies and

Communications
Weakness
Identify existing controls Communications to those
charged with governance
Identify the absence of key controls
Management letters
Consider the possibility of compensating controls
Decide whether there is a significant deficiency

or material weakness
Determine potential misstatements that could result

Learning Objective 6 Tests of Controls
Describe the process of designing The procedures to test effectiveness of controls

in support of a reduced assessed control
and performing tests of controls. risk are called tests of controls.
Procedures for Tests of

Extent of Procedures
Controls
1. Make inquiries of client personnel Reliance on evidence from prior years audit
2. Examine documents, records, and reports

Testing of controls related to significant risks
3. Observe control-related activities
Testing less than the entire audit period
4. Reperform client procedures
Relationship of Assessed Control Decide Planned Detection Risk and

Risk and Extent of Procedures Design Substantive Tests
Assessed Control Risk The auditor uses the results of the control risk
High level: assessment process and tests of controls to
Type of Procedures to obtain Lower level:
determine the planned detection risk and
procedure an understanding Tests of controls
related substantive tests.
Inquiry Yesextensive Yessome
Documentation Yeswith transaction Yesusing sampling
walk-through The auditor links the control risk assessments
Observation Yeswith transaction Yesat multiple times to the balance-related audit objectives.
walk-through
Reperformance No Yesusing sampling

Section 404 Reporting on
Internal Control
Understand Section 404 1. The auditors opinion on whether managements
assessment of the effectiveness of internal control
requirements for auditor over financial reporting as of the end of the fiscal
reporting on internal control. period is fairly stated, in all material respects.
2. The auditors opinion on whether the company

maintained, in all material respects, effective
internal control over financial reporting as of
the specified date.
Types of Opinions Learning Objective 8

Unqualified Describe the differences in
Adverse evaluating, reporting, and
testing internal control for
Qualified or disclaimer of opinion
nonpublic companies.
Evaluating, Reporting, and Testing

Differences in Scope of
Internal Control for Nonpublic
Companies Controls Tested
1. Reporting requirements
Internal controls over financial reporting
2. Extent of required internal controls
3. Extent of understanding needed

Internal controls used to assess
4. Assessing control risk control risk below maximum
5. Extent of tests of controls needed

Controls that must be tested in Controls that must be tested in
an audit of internal controls an audit of financial statements

End of Chapter 10

RR Chapter 10

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

RR Chapter 10

Încărcat de

Drepturi de autor:

Formate disponibile

Learning Objective 1

Section 404 Audits of

Internal Control Objectives Learning Objective 2

Management and Auditor Management and Auditor

Reasonable assurance Design of internal control

Inherent limitations Operating effectiveness of controls

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 1

Five Components of Internal

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 2

Organizational structure Estimate the significance of the risk

Determine actions necessary to manage the risk

Control Activities Adequate Separation of Duties

2. Proper authorization of transactions and activities Authorization The custody of

IT duties from User departments

Proper Authorization of Adequate Documents and

Specific authorization Prepared at the time of transaction

Designed for multiple use

Constructed to encourage correct preparation

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 3

initiate, record, process, and report

SEC and COSO Focus on

COSO issued guidance in Internal Control

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 4

Methods Used Narrative

1. The origin of every document

Evaluating Internal Control

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 5

Use of a control risk matrix to assess

Evaluating Significant Control

Associate controls with related audit objectives Material

Identify Deficiencies and

Decide whether there is a significant deficiency

Determine potential misstatements that could result

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 6

Describe the process of designing The procedures to test effectiveness of controls

Procedures for Tests of

2. Examine documents, records, and reports

Relationship of Assessed Control Decide Planned Detection Risk and

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 7

2. The auditors opinion on whether the company

Types of Opinions Learning Objective 8

Evaluating, Reporting, and Testing

3. Extent of understanding needed

5. Extent of tests of controls needed

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 8

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 49

2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 10 - 9

S-ar putea să vă placă și