Professional Documents
Culture Documents
INTERNAL CONTROL
- process designed and effected by those charged with governance, management, and other
personnel
- provide reasonable assurance about the achievement of the entity's objectives
2. RISK ASSESSMENT
- BUSINESS RISK is the risk that the entity's business objectives will not be attained as a result of
internal and external factors such as technological developments, changes in customers demand
and other economic changes.
- For audit purposes, the auditor is concerned only with those risks that are relevant to the
preparation of reliable financial statements.
4. CONTROL ACTIVITIES
- are the policies and procedures that help ensure that management directives are carries out.
Specific control procedures that are relevant to financial statement audit would include:
Performance reviews
- Include reviews and analyses of actual performance versus budgets, forecasts, and prior period
performance
Information processing
- A variety of controls are performed to check accuracy, completeness, and authorization of
transactions.
Physical Controls
- encompass the physical security of assets, including adequate safeguards
Segregation of duties
- assigning different people different responsibilities to reduce the opportunities to allow any
person to be in a position to both perpetrate and conceal errors or fraud in the normal course of
the person's duties
5. MONITORING
- is a process of assessing the quality of internal control performance over time.
- involves assessing the design and operation of controls on a timely basis and taking necessary
corrective actions.
- ONGOING MONITORING activities are built into the normal recurring activities of an entity
- SEPARATE EVALUATIONS are monitoring activities that are performed on a non-routine basis,
such as functions performed by internal auditors
Consideration of the entity’s internal control systems involves the following steps:
WALK-THROUGH TEST involves tracing one or two transactions through the entire accounting
systems, from their initial recording at source to their final destination...
Also confirms the auditor’s understanding of how the accounting systems and control
procedure’s function
It is to be emphasized that the auditor is not required to obtain knowledge about the operating
effectiveness of the internal control when obtaining an understanding of the entity’s internal control
system.
The auditor will only test those controls that he or she plans to rely upon.
According to PSA, the auditor should obtain audit evidence through tests of control to support any
assessment of control risk at less than high level.
OBSERVATION
- Looking at the process being performed by others
INSPECTION
- Examination of documents and records to provide evidence of reliability
REPERFORMANCE
- Repeating the activity performed by the client to determine whether proper results were
obtained
Obtaining understanding of the entity’s internal control system and assessing control risks are often done
simultaneously.