Professional Documents
Culture Documents
Fundamentals of Auditing
Chapter 3:
Internal control
Learning objectives
Understand what internal control is and its importance.
1
2/7/2023
References
Document reference
• COSO, Internal Control – Intergrated Framework (New
York: AICPA, 1992).
• ISA/VSA 315, “Identifying and assessing the risks of
material misstatement through understanding the entity
and its environment”
• ISA/VSA 330, “The auditor’s responses to assessed
risks”.
2
2/7/2023
3
2/7/2023
The
importance
of internal
control
4
2/7/2023
Questions
What best describes the purpose of the independent auditors’ consideration of internal control in a
financial statement audit for a public company?
A. To determine the nature, timing, and extent of audit testing.
B. To make recommendations to the client regarding improvements in internal control.
C. To train new auditors on accounting and control systems.
D. To identify opportunities for fraud within the client’s operations
Control
activities
Information
Risk
and
assessment
communication
5
2/7/2023
10
11
6
2/7/2023
12
13
7
2/7/2023
15
8
2/7/2023
16
17
9
2/7/2023
Preventive control: designed to avoid an unintended event or result at the time of initial occurrence
Detective control: designed to discover an unintended event or result after the initial processing has
occurred but before the ultimate objectives has concluded
Corrective controls: designed to take corrective action on discovered mistakes.
18
19
10
2/7/2023
20
21
11
2/7/2023
(IV) Information
and communication
Methods used to identify,
Information
assemble, classify, record,
and report an entity’s Communication
transactions and to maintain
accountability for related
assets
22
23
12
2/7/2023
(V) Monitoring
Management’s ongoing
and periodic assessment
of the effectiveness of the Ongoing evaluations
design and operation of an
Separate evaluation
internal control structure to
determine if it is operating as
intended and modified when
needed
24
25
13
2/7/2023
Controls are designed to cope with routine transactions not non-routine ones
26
Questions
A. Control risk
B. Control activities
C. Control environment
D. Monitoring
27
14
2/7/2023
Questions
The overall attitude and awareness of an entity’s board of directors concerning the importance of
internal control usually is reflected in its:
A. Computer-based controls.
B. System of segregation of duties.
C. Control environment.
D. Safeguards over access to assets.
28
Questions
The philosophy and operating style of management would most likely have a significant influence
on an entity’s control environment when:
29
15
2/7/2023
Questions
Proper segregation of functional responsibilities calls for separation of the functions of:
30
Questions
When considering internal control, an auditor should be aware of the concept of “reasonable
assurance”, which recognizes that:
A. Internal control may be ineffective due to mistakes in judgment and personal carelessness.
B. Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.
C. Establishing and maintaining internal control is an important responsibility of management.
D. The cost of an entity’s internal control should not exceed the benefits expected to be derived.
31
16
2/7/2023
Group discussion
For each case, discuss (i) the case is relevant to which components of internal control and (ii) which items in
the FSs may be involved?
1. The company should issue internal code of conduct for employees in Purchase Department in dealing with
Suppliers.
2. Invoices from suppliers must be approved by authorized person based on the review and compare the
calculation on the invoices, the amounts in Inventory delivery note and the relevant orders.
3. The Internal Auditors should report directly to the BOD, not to the CFO.
4. Periodically count the inventory and adjust the information in accounting book according to the actual counting
numbers.
5. All of the payment vouchers must be stamped with “Paid” when they have been paid.
6. All of the Inventory received notes must be pre-printed with sequential numbers before using.
7. The Management, on monthly basis, reviews the reports on revenue and expense in comparison to the plan, and
analyze the reasons for the fluctuation (if any) in revenue and expenses.
32
33
17
2/7/2023
Phase 2:
Assess the control risk
(preliminary)
Evaluate the design and
implementation of the internal
control Phase 3:
Perform test of controls
audit procedures
Phase 4:
Assess the control risk
and perform substantive
procedures
34
35
18
2/7/2023
Commitment to
competence
Auditors evaluate whether:
Participation by those Management has created and maintained a culture of
charged with
governance honesty and ethical behavior
The control environment elements provide an appropriate
(1) Understanding Management’s foundation for the other components of internal control,
of the Control philosophy and
operating style
Environment Other components are not undermined by deficiencies in
the control environment.
Organizational structure
Assignment of authority
and responsibility
Human resource
policies and practices
36
Estimating the
significance of the Entity’s risk
risks assessment process
No
• Discuss with management whether business risks
Assessing the relevant to financial reporting objectives have been
likelihood of their
occurrence identified and how they have been addressed.
• Evaluate whether the absence of a documented risk
assessment process is appropriate in the
Deciding about circumstances, or determine whether it represents a
actions to address significant deficiency in internal control.
those risks
37
19
2/7/2023
Accounting system
Information system
38
(4) Understanding of
the control activities
39
20
2/7/2023
Internal audit
(if available)
• The nature of the internal audit function’s responsibilities and
how the internal audit function fits in the entity’s
organizational structure; and
• The activities performed, or to be performed, by the internal
audit function.
40
41
21
2/7/2023
42
43
22
2/7/2023
44
45
23
2/7/2023
46
47
24
2/7/2023
48
49
25
2/7/2023
50
51
26
2/7/2023
Questions
52
Controls over financial reporting are often classified as preventative, detective, or corrective.
Which of the following is an example of a detective control?
53
27
2/7/2023
Controls over financial reporting are often classified as preventative, detective, or corrective.
Which of the following is an example of a preventative control?
54
When a CPA decides that the work performed by internal auditors may have an effect on the nature,
timing, and extent of the CPA’s procedures, the CPA should consider the competence and
objectivity of the internal auditors. Relative to objectivity, the CPA should:
A. Consider the organizational level to which the internal auditors report the results of their work.
B. Review the internal auditors’ work.
C. Consider the qualifications of the internal audit staff.
D. Review the training program in effect for the internal audit staffs.
55
28