Documente Academic
Documente Profesional
Documente Cultură
Auditing Internal Control over Financial Reporting in Conjunction with an Audit of Financial Statements
McGraw-Hill/Irwin
LO# 1
7-2
LO# 1
2. Evaluate the effectiveness of the entitys internal control over financial reporting using suitable control criteria.
3. Support its evaluation with sufficient evidence, including documentation. 4. Present a written assessment of the effectiveness of the entitys internal control over financial reporting as of the end of the entitys most recent fiscal year.
7-3
LO# 2
7-4
LO# 3
LO# 4
LO# 4
LO# 4
Insignificant deficiency
Remote More than remote
LIKELIHOOD
7-8
LO# 5
7-9
LO# 6
Managements Documentation
Management must develop sufficient documentation to support its assessment of the effectiveness of internal control. This documentation may take many forms, such as paper, electronic files, or other media. It also includes policy manuals, job descriptions, flowcharts, and process models.
7-10
LO# 7
7-11
LO# 8
The auditor typically obtains his or her understanding of managements assessment process through inquiry of management and others.
7-12
LO# 8
LO# 8
Controls are effectively designed when they prevent or detect errors or fraud that could result in material misstatements in the financial statements.
7-14
LO# 8
In testing the effectiveness of controls, the auditor needs to consider the nature, timing, and extent of testing.
7-15
However, a major consideration for the external auditor is how much the work performed by others (internal auditors or others working for management) can be relied on in adjusting the nature, timing, or extent of the auditors work.
7-16
LO# 9
2) evaluate the competence and objectivity of the individuals who performed the work, and
3) test some of the work performed by others to evaluate the quality and effectiveness of their work.
7-17
LO# 8
7-18
LO# 10
Written Representations
In addition to the management representations obtained as part of a financial statement audit, the auditor also obtains written representations from management related to the audit of internal control over financial reporting.
Failure to obtain written representations from management, including managements refusal to furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion.
7-19
LO# 11
The auditor must properly document the processes, procedures, judgments, and results relating to the audit of internal control. When an entity has effective internal control over financial reporting, the auditor should be able to perform sufficient testing of controls to assess control risk for all relevant assertions at a low level.
7-20
LO# 12
LO# 13
7-22
LO#
13 & 14
2) the effectiveness of internal control over financial reporting based on the auditors independent audit work.
7-23
LO#
13 & 14
Opinion
A qualified opinion is issued when there is a limitation on the scope of the auditors work. An adverse opinion is required if a material weakness is identified.
7-24
7-27
7-28
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
7-29
7-31
LO# 15
1. A title that includes the word independent. 2. An identification of managements conclusion about the effectiveness of the companys internal control over financial reporting. 3. A definition of internal control over financial reporting. 4. A statement that the auditor planned and performed the audit to obtain reasonable assurance about whether effective internal control is maintained. 5. A statement that an audit includes obtaining an understanding of internal control, valuating managements assessment of testing the design and effectiveness of internal control and any other procedures.
7-33
3.
4.
A statement that the auditor planned and performed the audit to obtain reasonable assurance about whether effective internal control is maintained.
A statement that an audit includes obtaining an understanding of internal control, valuating managements assessment of testing the design and effectiveness of internal control and any other procedures.
7-34
5.
8. The auditors opinion on whether the company maintained effective internal control.
7-35
LO# 15
Unqualified opinion
Adverse opinion
7-36
LO# 15
LO# 16
A significant subsequent event has occurred since the date being reported on.
There is other information contained in managements report on internal control.
7-38
LO# 17
LO# 18
LO# 18
LO# 18
Advanced Module 1: Special Considerations for an Audit of Internal Control Using the work Service
of others. organizations.
7-43
LO# 9
Evaluate the competence and objectivity of the individuals who performed the work.
Test some of the work performed by others to evaluate the quality and effectiveness of their work.
7-44
LO# 19
Yes
Are there specific significant risks? 5 Yes No 130 Are there units that are not important even when aggregated? 60 Yes No 70 Are there documented company-level controls over this group? Yes
Evaluate documents and test controls over significant accounts at each location.
Evaluate documents and test company-level controls over group. Some testing of controls at individual locations.
7-45
No
LO# 20
7-46
LO# 20
LO# 21
Safeguarding of Assets
Safeguarding of assets is defined as policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the companys assets that could have a material effect on the financial statements.
7-48
LO# 22
Description
Reads and extracts data from a client's computer files or databases for further audit testing. Select from files or databases transactions that meet certain criteria. Perform a variety of arithmetic calculations (addition, subtraction, and so on) on transactions, files, and databases. Provide functions supporting various types of audit sampling. Prepares various types of documents and reports.
7-50
Selection operators
Arithmetic functions
Statistical analyses
Report generation
LO# 22
It may be required when the clients computer system is not compatible with the auditors generalized audit software.
Custom software: (1) Is expensive to develop.
LO# 22
Test Data
This is data developed by the auditor to test the application controls in the clients computer programs. The technique can be used to check 1. data validation controls and error detection routines, 2. processing logic controls, 3. arithmetic calculations, and 4. the inclusion of transactions in records, files, and reports.
7-52
Test Data
The objective of this method is to insure the accuracy of the computer processing of transactions. This technique can be used to check: 1. Data validation controls and error detection routines. 2. Processing logic controls.
3. Arithmetic calculations.
4. Inclusion of transactions in records, files, and reports.
7-53
Test Data
The main advantage of this method is that it provides direct evidence of the effectiveness of controls in the clients application programs. However, it has a number of potential disadvantages: 1. It can be very time consuming to create the data.
2. The auditor may not be certain that all relevant conditions or controls are tested.
3. The auditor must be certain that the test data are processed using the clients regular production programs. 4. The auditor must be sure to remove the valid test data from the clients files.
7-54
3. Each different generalized software system has its own characteristics which the auditor must carefully consider before using in a given audit situation.
7-56
1.
Can be used to access client data that is maintained on client files, especially since some client data that is of interest to the auditor may exist only temporarily and only in machine-readable form. Utilize the speed and accuracy of the computer.
Can deal effectively with large quantities of data. Can reduce the auditor's reliance on client IT personnel. Can produce (not always) efficiencies in the audit. This is especially true where applications can be used in ensuing years with little or no modifications.
7-57
2.
3. 4. 5.
2.
3.
Calculations, comparisons, and other data manipulations are more accurately performed.
Staff morale and productivity may be improved by reducing the time spent on clerical tasks such as footing and ticking. The scope of analytical procedures may be broadened. For example, compute ratios or compute ratios for more than just the current and prior years.
4.
5.
6.
7-62
8. 9.
10. Allow easier creation of customized working papers. 11. Computer-generated working papers are generally more legible and consistent. 12. Supervisory-review time may be reduced. 13. Client's personnel may not need to manually prepare as many working paper schedules.
7-63
End of Chapter 7
7-65