Professional Documents
Culture Documents
McGraw-Hill/Irwin
LO# 1
7-2
LO# 1
2. Evaluate the effectiveness of the entitys ICFR using suitable control criteria.
3. Support its evaluation with sufficient evidence, including documentation. 4. Present a written assessment of the effectiveness of the entitys ICFR as of the end of the entitys most recent fiscal year.
7-3
LO# 2
7-4
LO# 3
ICFR Defined
ICFR is defined as a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP. Controls include procedures that:
1. Pertain to the maintenance of records that fairly reflect the transactions and dispositions of the assets of the company. 2. Provide reasonable assurance that transactions are recorded in accordance with GAAP. 3. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the companys assets.
7-5
LO# 4
7-6
LO# 4
LO# 4
LIKELIHOOD
7-8
LO# 5
7-9
LO# 6
Managements Documentation
Management must develop sufficient documentation to support its assessment of the effectiveness of internal control. This documentation may take many forms, such as paper, electronic files, or other media. It also includes policy manuals, job descriptions, flowcharts, and process models.
7-10
LO# 7
7-11
LO# 8
7-12
LO# 9
LO# 9
LO# 9
LO# 10
7-16
LO# 10
LO# 11
7-18
LO# 12
Test Controls
Evaluate design Test and evaluate operating effectiveness
Nature, timing, and extent
7-19
LO# 13
7-20
LO# 13
7-21
LO# 15
Written Representations
In addition to the management representations obtained as part of a financial statement audit, the auditor also obtains written representations from management related to the audit of ICFR.
Failure to obtain written representations from management, including managements refusal to furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion.
7-22
LO# 16
The auditor must properly document the processes, procedures, judgments, and results relating to the audit of internal control. When an entity has effective ICFR, the auditor should be able to perform sufficient testing of controls to assess control risk for all relevant assertions at a low level.
7-23
LO# 17
Reporting on ICFR
Sarbanes-Oxley requires managements description of internal control to include:
1. A statement of managements responsibility for establishing and maintaining adequate internal control. 2. A statement identifying the framework used by management to conduct the required assessment of the effectiveness of the companys internal control. 3. An assessment of the effectiveness of the companys internal control as of the end of the most recent fiscal year, including an explicit statement as to whether internal control is effective.
7-24
LO# 18
7-25
LO#
13 & 14
7-26
LO#
18 & 19
7-27
LO# 19
Unqualified opinion
Adverse opinion
7-28
LO# 19
Sever limitation
7-29
LO# 17
Safeguarding assets.
7-31
LO# 21
7-32
LO# 21
LO# 23
Safeguarding of Assets
Safeguarding of assets is defined as policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the companys assets that could have a material effect on the financial statements.
7-34
7-35
LO# 23
Description
Reads and extracts data from a client's computer files or databases for further audit testing. Select from files or databases transactions that meet certain criteria. Perform a variety of arithmetic calculations (addition, subtraction, and so on) on transactions, files, and databases. Provide functions supporting various types of audit sampling. Prepares various types of documents and reports.
7-36
Selection operators
Arithmetic functions
Statistical analyses
Report generation
LO# 23
7-37
LO# 23
Test Data
This is data developed by the auditor to test the application controls in the clients computer programs. The technique can be used to check (1) data validation controls and error detection routines, (2) processing logic controls, (3) arithmetic calculations, and (4) the inclusion of transactions in records, files, and reports.
7-38
End of Chapter 7
7-39