Professional Documents
Culture Documents
Chap 6 - Consideration of Internal Control
Chap 6 - Consideration of Internal Control
misstatements in the fs
Assessed level of control risk
o Conclusion reached as a result of the assessment
Internal control
o Process
o Effected by those charged w governance, management, and other personnel
o Provides reasonable assurance of achieving the entity’s objective
o Designed to help the entity’s objective
Process-
o a means of achieving the objective
effected by those charged w governance, mgmt. and other personnel
o management
control environment
maintain policies abd procedures to achieve objectives
o charged w governance
integrity of accounting and financial reporting system thru oversight of mgmt.
o staff personnel
perform respective function
provide reasonable assurance of achieving the entity’s objective bcs
cost-benefit principle
directed at routine transaction
error in human judgement
circumvention (collusion among employees)
management override
procedures becoming inadequate
changes in condition
compliance may deteriorate
obsolete
designed to help achieve the entity’s objective
o operational objective
o compliance objective
o financial reporting objective
main concern of fs audit
components of internal control
o control environment
o risk assessment
o information and communication system
o control activities
o monitoring
control environment
o attitude, awareness, actions towards internal control and its importance
o sets the tone
o foundation for effective internal control
o IMACPA
integrity and ethical values
mgmt. philosophy and operating style
active participation of those charged w governance
commitment to competence
personnel policies and procedures
assignment of responsibility and authority/organizational structure
Risk assessment
o Business risk
Is the risk that the business objectives will not be attained bc of internal and
external factors
o Policies and procedures designed to identify and analyze the risks and take appropriate
actions to manage the said risks
Information and communication sysem
o Communication
Providing an understanding of individual roles and responsibilities pertaining to
internal control over fin rep
Can be electronically, verbally, thru the actions of mgmt.
Control activities
o Policies and procdeures that help ensure that mgmt. directives are carried out
o PIPS
Performance reviews
Information processing
Physical controls
Segregation of duties
o Performance review
Review and analysis
o Information provrdding
Checks accuracy, completeness, and authorization
Computer processing: general and application control
o Physical control
Physical security of asset
Secured facilities
Authorization for access
Periodic counting and comparison
o Segregation of duties
Authorizing
Recording
Maintaining
Monitoring
o To assess the quality of internal control performance
o Done to ensure that IC is operating effectively
o Accomplished thru: -ongoing -separate -combined
Ongoing monitoring
Built into normal recurring activities of an entity
Regular mgmt. and supervisory activities
Ex. preparation of bank recon
Separate
Non-routine basis
Performed by internal auditors
Internal control for small businesses
o Difficulty of segregating duties or having a sep internal audit dept
o Weak, compensated if owner/manager participates
Consideration of internal contro
o ODATD
Obtaining understanding of internal control
Documenting the understanding of accounting and internal control system
Assessing the level of control risk
Performing tests of control
Documenting the assessed level of control risks
o Understanding Internal Control
Design and Implementation
This stage does not consider the efficiency & effectiveness
DESIGN
Can prevent or detect and correct MM
Thru
o Inquiry
o Inspection
o observation
Implementation
Whether control exists and placed in operation
Walk-through test
Sufficient understanding to
Identify potential misstatements
Consider factors that affect the risk of MM
Design audit proc to be performed
o Documenting the understanding
Required
No particular form and extent varies (size & complexity of entity || nature of IC)
Ex of forms
Narrative
Flowchart
Questionnaire
o Assessment of CR
Preliminary Assessment of CR at the assertion level
High CR
Ineffective IC
No test of control
Less than high CR
IC is reliable
Determine if efficient to obtain evidence to assess CR at less than high
o If efficient:
Less than high
Identify policies and procedures that can P/D & C MM
TOC is necessary
Test of control
Obtains evidence abt the EFFECTIVENESS of
o Design of Acc and IC system
o Operation of the IC throughout the period
Will only test those controls that the auditor plans to rely on
The greater the reliance, the more extensive TOC should be
Nature of TOC
Inquiry
Observation
Inspection
Reperformance
Note:
o for controls w no audit trail: inquire and observe
o obtaining understanding of IC and assessing CR are often done
simultaneously
Timing
Usually at interim
o However auditors obtain evidence for the rem period by
Performing TOC for the rem period
Review whether there are changes that affects IC
o In determining whether to test the rem period
Results of the interim test
Length of the rem period
Whether changes occurred
Extent
Determine sample size sufficient to support assessed level of CR
Results of the TOC
Evaluate whether IC is designed and operating as intended
Conclusion based on this evaluation is the ASSESSED LEVEL OF CR
Operating effectiveness and implementation
Implemenation
o Thru risk assessment procedure (understanding)
Whether control exist and if the entity used them
Operating effectiveness
o Thru TOC
Test effectiveness
o How controls were applied
o Consistency
o By whom, by what means
o Documenting the assessed level of CR
At high level
Understanding of IC
Conclusion
At less than high
Understanding of IC
Conclusion
Basis (result of TOC)
o Auditor cannot assess at less than high w/o TOC
Communication of significant deficiency
o Require to report to the app level of mgmt. and those charged w gov
o Should be in writing
o Can be done before or after issuance of audit report
o May be communicated orally but still should be in writing later on
o Auditors not required to identify deficiencies, but if incidentally identified one, must
communicate
o Communicated thru a management letter