Professional Documents
Culture Documents
AUD23 - Lec 8
AUD23 - Lec 8
Learning Objectives
2
Internal Control Objectives
Reliability of
financial
Compliance reporting Efficiency/
with laws and effectiveness
regulations of operations
10-3
Contrast
management’s responsibilities for
maintaining and reporting on internal
controls
with
the auditor’s responsibilities for
understanding, testing, and reporting on
internal control.
10-4
Management’s Responsibilities
for Establishing Internal Control
ØReasonable ØInherent
assurance limitations
10-5
Management’s Assessment of
Internal Controls
10-6
Auditor Responsibilities for
Understanding Internal Control
10-7
Auditor Responsibilities for
Reporting on Internal Control
10-8
FIGURE 11-3 Five Components of Internal Control
Control Environment
Organizational structure
Commitment to Competence
Accountability
10-10
Identify factors that may increase risk
Risk Assessment
10-11
Adequate separation of duties
Control Activities
10-12
Adequate Separation of Duties
Operational Record-keeping
from
responsibility responsibility
10
10-13
-
Proper Authorization of
Transactions and Activities
General Specific
Authorization Authorization
10-14
PRENUMBERED CONSECUTIVELY
10-15
Physical Control Over Assets & Records
10-16
Information and Communication
Initiate
Report Maintain
Record Accountability
transactions
for Related Assets
Process
10-17
Monitoring
10-18
Lec 10 :Part 2
19
required for an audit of only the financial statements.
ant risks
r error Figure 12-1 provides an overview of the process of understanding internal control
nal control
and Assessing Control Risk
trol risk
Process for Understanding Internal Control
FIGURE 12-1
and Assessing Control Risk
l audit
dit plan
Obtain and document
understanding of
Step 1
internal control
design and operation
Design, perform,
Step 3 and evaluate
tests of controls
Decide planned
Step 4 detection risk and
substantive tests
10-20
Obtain and Document Understanding of
Internal Control
10-21
Understanding design of internal control
Narrative
Flowchart
Internal
control
questionnaire
10-22
Narrative
24
Evaluating Internal Control
Operation
10-25
Assess Control Risk
10-26
Control Risk Matrix
10-27
Control Risk Matrix
10-28
5. Determine potential misstatements that could result. This step is intended to iden-
tify specific misstatements that are likely to result because of the significant
deficiency or material weakness. The importance of a significant deficiency or
material weakness is directly related to the likelihood and materiality of potential
misstatements.
SIGNIFICANCE
Material
Material Weakness
LIKELIHOOD
Remote Reasonably Possible
Immaterial
Source: MichaelSource:
Ramos,Michael
“SectionRamos, “Sectionin404
404 Compliance the Compliance in the
Annual Report,” Annual
Journal Report,” Journal
of Accountancy, of 2004, pp. 43–48.
October
Accountancy,
Copyright by American October
Institute 2004,
of CPAs. Allpp. 43–48.
rights reserved. Used with permission.
10-30
Tests of
Controls
10-31
INQUIRE OF CLIENT EXAMINE REPERFORM CLIENT OBSERVE CONTROL-
PERSONNEL DOCUMENTS,RECORDS, PROCEDURES RELATED ACTIVITIES
REPORTS
Extent of Procedures
10-33
Relationship of Assessed Control
Risk and Extent of Procedures
Relationship of Assessed Control Risk and
TABLE 12-1
Extent of Procedures
Assessed Control Risk
High Level: Procedures to Lower Level:
Type of Procedure Obtain an Understanding Tests of Controls*
Inquiry Yes—extensive Yes—some
Inspection Yes—with transaction walkthrough Yes—using sampling
Observation Yes—with transaction walkthrough Yes—at multiple times
Reperformance No Yes—using sampling or audit software
*Note: In an integrated audit for a public company, the auditor will likely combine procedures to obtain an understanding
with tests of controls and perform them simultaneously.
The determination of the appropriate sample size for tests of controls is an impor-
tant audit decision. That topic is covered in Chapter 15. 10-34
Related
Tests of
substantive
controls
tests
Management letters