Professional Documents
Culture Documents
THE ENTITY’S
INTERNALCONTROL
Without an effective system of
internal control, the entity will not be
able to survive for long.
Obtaining the understanding of the
entity's internal control is part of
planning the audit in order to
identify and assess risks of material
misstatement of the financial
statements, which provides a basis
when the auditor designs and
implements responses to assessed
risks.
OVERVIEW OF RISK
ASSESSMENT
PROCESS
Overview of the Risk Assessment Process
Step 1
Design and perform Procedures to Obtain
Understanding of the Entity, Its
Environment, and Its Internal Control
Step 2
Identify and Assess Risk of Material
Misstatement of Financial Statement
RISK ASSESSMENT
PROCEDURES (RAP)
TO OBTAIN
UNDERSTANDING
OF INTERNAL
CONTROL
In order to obtain understanding of
internal control, this may include:
Inquiring of entity personnel.
Observing the application of specific
controls.
Inspecting documents and reports.
Tracing transaction through the
information system relevant to
financial reporting, also known as
walkthrough test.
NATURE OF
INTERNAL CONTROL
Entity’s Objectives, Strategies, Business Risk, and
Internal Control
Entity
Objectives:
Processes 1. Financial
Internal reporting
Units (auditor’s
Control
primary
People Strategies
concerns)
Business Risks, 2.Operations
Including
3. Compliance
ROMM of F/S
The following concepts about the nature
of internal control can be deduced:
Control Environment ;
Risk assessment process;
The information system, including
the related business processes,
relevant to financial reporting, and
communication;
Control activities; and
Monitoring.
Interactions of Components of
Internal Control
Risk Assessment
Process
Financial
Control
Reporting
Environment
Objectives
Information
Monitoring System and
Communication
Control
Activities
Control Environment
Components of Internal Control Auditor’s Required Understanding
Control Environment
The governance and management Whether:
functions and the attitudes, a. Management, with the oversight of
awareness, and actions of TCWG and TCWG, has created and maintained a
management concerning the entity’s culture of honesty and ethical
internal control and its importance in behavior
the entity. b. The strengths in the control
environment elements collectively
Seven elements are: provide an appropriate foundation
1. Integrity and ethical values for the other components of internal
2. Commitment to competence control, and whether those other
3. Human resource policies and components are not undermined by
practices deficiencies in the control
4. Assignment of authority and environment.
responsibility
5. Management’s philosophy and
operating style
6. Participation by those charged with
governance
7. Organizational structure
Risk Assessment Process
Process for identifying business risks Whether the entity has a process for:
relevant to financial reporting objectives a. Identifying business risks relevant to
and deciding about actions to address those financial reporting objectives;
risks, and the results thereof. b. Estimating the significance of the risks;
c. Assessing the likelihood of their
occurrence; and
d. Deciding about actions to address those
risks.
An Ineffective This will likely require the auditor to performed some additional
Control work such as:
Environment Assigning more experienced audit staff or those with special
skills or using experts.
Conducting more audit procedures at the period end rather
than at an interim date.
Intensifying the nature, timing, or extent of substantive
procedures to be performed.
Similar Types of Test of Controls
Risk assessment
Information systems
Monitoring
The period-end close process
Anti-fraud controls
THE ENTITY’S
TRANSACTION CYCLES
AND CONTROLS
Transaction Cycles refer to certain business
processes or segments into which related
transactions can be conveniently grouped
and for which specific accounting procedures
and control activities are established by an
entity management.
Understanding Internal Control
Through Transaction Cycle
The common divisions of an entity’s
transaction cycles are the following:
Revenue and Receipt Cycle
Purchasing and Payment Cycle
Personnel and Payroll Cycle
Inventory and Production Cycle
Financing and Investing Cycle
INTERNAL CONTROLS
IN SMALLER ENTITIES
Internal control's design, implementation, and
maintenance vary with size and complexity of an entity.
Smaller entities may use less structured means and
simplers processes and procedures to achieve their
objectives.
Do those charged with governance conduct Yes. Based on the reviews of certain
effective oversight of the management? documents, the entity has a formal governance
structure. Board of directors act independently
from management. Three out of nine members
of the board are independent individuals with
considerable expertise in financial matters.
Does management have a proactive Yes. Interviews of top management
attitude toward effectiveness of internal disclosed that it has a proactive attitude
control to mitigate business risks? for effective internal control. Management
has implemented internal auditor’s
recommendation in past that were
feasible.
Does the entity have effective/ Yes. Inspection of the entity’s organization
appropriate organizational structure for chart signifies well defined lines of
planning, controlling and achieving responsibility and authority.
objectives?
Does the entity have policies and Yes. Inspection of HR documents revealed
procedures to ensure effective HR that there are clear personnel policies from
management? bringing prtomotion, demotion and salary
grades to employee tardiness and
absenteeism.
Risk Assesment:
Does the management prevent being Yes. Review of copy of the annual business
surprised by events that were not plan, which did highlight the potential for
previously identified/ assessed that could the economy to impact sales, indicate entity
be detrimental to the entity by planning plan ahead its future courses of actions to
ahead? effectively meet its objectives.
Are Events and conditions that are Yes. The entity’s Accounting Manager
significant to the financial statements and CFO perform review of financial
be captured or recorded in the statements by comparing them with
financial statements? budgets to capture significant
transactions.
Fraud Prevention:
Has a managemenr considered or Yes. Entity’s cash and valuable placed
assessed the risks of fraud occurring in banks and safe depository accounts.
(including management override) Inspection of these accounts revealed
to be the case.
IT General Controls:
Are there policies/procedures to Yes. Evaluation of IT department
ensure effective IT management or IT documents and personnel disclosed that
staff supervision aligned with entity’s IT plans are developed to support the
business objectives, risks and IT plans? whole entity operations.
IT expenses and capital purchases part
of annual budget(if foreseen) to ensure
software is up to date and a back up of
the data is maintained.
WALKTROUGH
TESTS
The auditor shall walkthroughs to achieve the
following objectives: