internal controls

4.
4.
Physical controls
5. Segregation of duties
 Custody
characteristics  Authorization
1. A process  Recording
2. Effected by entity`s personnel
3. Reasonable assurance of achieving entity`s Monitoring of controls
objectives “assessment and improvement of internal controls”
inherent limitations: accomplished thru OST
a. Cost-benefit consideration a. ongoing monitoring activities
b. mgt Overriding control b. separate evaluations
c. Collusion c. combination of the two
d. Human error
e. directed at Anticipated types other concepts
4. Geared toward attainment of entity`s entity-wide controls and transaction controls
objectives Entity wide controls Controls on mgt override
a. Financial: reliability of financial reporting risk assessment process
b. Operational: effectiveness and efficiency of monitoring of results of
operations
operations financial closing and
c. Compliance: compliance with applicable reporting controls
laws and regulations risk management policies

Transaction controls Periodic inventory counts

components Bank reconciliation
control Environment Three-way match and
review of supporting
”overall tone of the organization, commitment level of documents of purchases
top management” Review of contracts w/
elements: customers for revenue
1. communication and enforcement of Integrity recognition
and values
2. Mgt philosophy and operating style requirements of effective internal control
3. Commitment to competence all five components of internal control and all relevant
principles must be present and functioning
4. Participation by those cwg
operate together in an integrated manner
5. Assignment of authority and responsibility
6. Human resources policies and procedures parties affecting internal control
7. Organizational structure a. internal parties
b. external parties
Risk assessment procedures
”mgt identification; assessment of business risks” internal control deficiencies
or combination thereof reduces the likelihood of entity
Information and communication system achieving its objectives
”means of recording transactions and communication
responsibilities” Audit procedures: responses to assessed risks
A. risk assessment procedures
Control activities 1. Obtain understanding pf internal control
“control policies and procedures” relevant to audit
1. Authorization a. Design of controls
2. Performance b. Determine whether controls have been
3. Information processing implemented

specific audit procedure

 inquiry
 observation
  inspection
 tracing thru walk-through test

documentation
a. discussion of significant decision reached
b. key elements of understanding obtained
c. identified and assessed ROMM at fs and
assertion level
d. risk identified

forms of control documentation

a. flowcharts
b. narrative descriptions
c. internal control questionnaires
d. risk and control matrices
e. policy and procedure manuals

2. Make preliminary assessment of control risk

a. high or maximum level
b. less than high or below maximum level

B. Further Audit Procedures

1. Perform tests pf control
“obtain sufficient appropriate evidence to
support the preliminary assessment of control”

specific procedures
 Inquiry
 Observation
 Inspection; and
 Reperformance

Recurring audit
a. there have been changes, test the controls
in current audit
b. have not been such changes, test the
controls at least once in every third audit

2. Make re-assessment of control risk

3. Perform substantive procedures

documentation
Understanding Basis for the
Control risk Control risk
of internal control risk
assessment assessment
control assessment
High Yes Yes No
Less than
Yes Yes Yes
high

communication
Deficiency in Control unable to Determine
internal control prevent, or detect whether
and correct individually or in
misstatements combination
constitute
significant
deficiencies

“significant” Deficiency in Communicate in

deficiency in auditor`s writing identified
internal control professional during audit
judgment is of
sufficient
importance