Modern Auditing:

Assurance Services and the Integrity

of Financial Reporting, 8th Edition

William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University

Chapter 10 – Understanding Internal Control

Chapter 10 Overview
 Fundamental Concepts of
Internal Controls
• Process integrated with an entity’s
infrastructure

• People implement internal control

• Can only provide reasonable assurance

• Achieve objectives in financial reporting,

compliance, and operations
 Components of Internal Control

• Control Environment

• Risk Assessment

• Control Activities

• Information and Communication

• Monitoring
 Entity Objectives with Internal
Control
• Reliability of financial information

• Compliance with applicable laws

and regulations

• Effectiveness and efficiency of

operations
 Limitations of Internal Control

• Mistakes in Judgment

• Breakdowns

• Collusion

• Management Override

• Cost versus Benefits

 Roles and Responsibilities
• Management

• Board of Directors and Audit

Committee

• Internal Auditors
Roles and Responsibilities (cont.)

• Other Entity Personnel

• Independent Auditors

• Other External Parties

 Study Break
1. _____ is a process that assesses the
quality of internal control
performance over time.
A. Control activities
B. Risk assessment
C. Information and communication
D. Monitoring

D. Monitoring
 Study Break
2. This limitation of an entity’s internal
controls occurs when two or more
individuals act together to perpetrate
and conceal fraud.
A. Breakdowns
B. Collusion
C. Management override
D. Mistakes in judgment

B. Collusion
Components of Internal Control
 Control Environment
• Integrity and Ethical Values

• Commitment to Competence

• Board of Directors and Audit

Committee

• Management’s Philosophy and

Operating Style
 Control Environment (cont.)
• Organizational Structure

• Assignment of Authority and

Responsibility

• Human Resource Policies and

Practices
Risk Assessment Process
Information and Communication

• Information
– Transactions
– Audit Trail or Transaction Trail
– Documents
– Records

• Communication
 Control Activities
• Authorization Controls

• Segregation of Duties
– Transaction authorization
– Custody of assets
– Recorded accountability in accounting
records
Segregation of Duties
 Control Activities (cont.)
• Information Processing Controls
– General Controls

– Computer Application Controls

– Controls over the Financial Reporting

Process
 General Controls
• Organization and Operation Controls

• Systems Development and

Documentation Controls

• Hardware and Systems Software Controls

• Access Controls

• Data and Procedural Controls

 Computer Application Controls

• Input Controls

• Processing Controls

• Output Controls
Controls over the Financial
Reporting Process
 Control Activities (cont.)
• Physical Controls

• Performance Reviews

• Controls over Management

Discretion in Financial Reporting
 Control Activities (cont.)
• Monitoring
– Ongoing monitoring programs

– Separate evaluations

– Element of reporting deficiencies to

the audit committee
Antifraud Programs and Controls
 Study Break
3. Which of the following does not
influence the control environment?
A. Management’s Philosophy
B. Adequate Training
C. Hiring Processes
D. All of the above influence the control
environment

D. All of the above influence the control

environment
 Study Break
4. This component of control activities
ensures that every transaction is
authorized by management acting
within the scope of their authority.
A. Authorization Controls
B. Segregation of Duties
C. Information Processing Controls
D. All of the above

A. Authorization Controls
 Study Break
5. This computer application control is
designed to ensure that the processing
results are correct and only authorized
personnel receive the information.
A. Input Controls
B. Processing Controls
C. Output Controls
D. Data Controls

C. Output Controls
 Understanding Internal Control

Must perform procedures to:

• Understand design of policies and

procedures

• Determine whether the policies and

procedures are operating
 Understanding Internal Control

Auditor uses the understanding to:

• Identify types of potential

misstatements

• Understand factors affecting risk of

material misstatement

• Design further audit procedures

 Effects of Preliminary Audit
Strategies
• Control Environment

• Risk Assessment

• Information and Communication

• Control Activities

• Monitoring
 Procedures to Obtain an
Understanding
• Review previous experience with the
client

• Inquire management, supervisory, and

staff personnel

• Inspect documents and records

• Observe activities and operations

• Trace transactions through system

Documenting the Understanding

• Questionnaires

• Flowcharts

• Decision Tables

• Narrative Memoranda
Questionnaire
Decision Table
Narrative Memoranda
 Study Break
6. All of the following are procedures used
to obtain an understanding of internal
controls except:
A. Inspecting documents
B. Inquiries of client’s customers
C. Inquiries of management
D. All of the above procedures are used

B. Inquiries of client’s customers

 Study Break
7. This form of documentation is a
diagram that uses symbols to identify
the steps involved in processing
information through the accounting
system.
A. Questionnaire
B. Flowchart
C. Decision Table
D. Narrative Memoranda

B. Flowchart