Audit and Internal Control

Week 2 - Internal Control Over Financial Reporting

 LEARNING OUTCOME
 LO 1: Define the objective of external auditing for reliable financial
and internal control information
 LO 2: Explain technique and procedure used by auditor in audit
process
 OUTLINE
• Importance of Internal Control Over Financial Reporting
• Defining Internal Control
• Components and Principles of Internal Control
• Management's Responsibilities Related to Internal Control Over Financial
Reporting
• Importance of Internal Control to the External Audit
 PROFESSIONAL JUDGMENT IN CONTEXT - The
Importance of Effective Internal Control for Reliable
Financial Reporting: KIT Digital

To achieve the objective of reliable financial reporting, organizations need

to have effective controls in place

Such controls were not in place at KIT Digital

• INEFFECTIVE CONTROL: Lack of finance personnel with understanding

of US GAAP
• IMPACT ON RELIABLE FINANCIAL REPORTING: Had not properly
accounted for revenue related to software license agreements
IMPORTANCE OF INTERNAL CONTROL OVER
FINANCIAL REPORTING
 Importance of Internal Control Over Financial
Reporting

• Mitigate risks of not achieving organizational

Internal objectives
• Provide assurance regarding reliability of
control financial information
• Reduce occurrence of unforeseen
helps: circumstances
• Improve quality of information
DEFINING INTERNAL CONTROL
Internal Control, Integrated
Framework
Most widely used
internal control
framework

Published by COSO
(Committee of
Sponsoring
Organizations) Comprehensive
framework of internal
control
COSO’s Internal
Internal control over
Control, Integrated
financial reporting
Framework
Used to assess
effectiveness of:
Controls over
operational and
compliance objectives
 Internal Control - Integrated
Framework
COSO defines internal control as a process:

• Effected by an entity’s board of directors, management, and other

personnel
• Designed to provide reasonable assurance regarding achievement
of objectives relating to operations, reporting, and compliance

Effective internal control needs to:

• Be effectively designed and implemented

• Operate effectively
COSO Framework for Internal Control
 Components of internal control

• Set of standards, processes, and structures

that provides the basis for carrying out
internal control across the organization
Control • Includes the tone at the top regarding
environment importance of:
• Internal control
• Expected standards of conduct

• Process for identifying and assessing risks

Risk
that may affect organizations from achieving
assessment
objectives.
 Components of internal control
Control activities: Actions established by policies and procedures
• Help ensure that management’s directives regarding internal control are carried
out

Information and communication

• Information from internal and external sources
• Communication is the process of providing, sharing, and obtaining necessary
information

Monitoring: Helps determine whether the controls are present

and continuing to function effectively
 Entity-Wide Controls
Operate across Controls related to control environment
an entity and
Controls over management override
affect multiple
processes, Organizations’ risk assessment process
transactions,
accounts, and Centralized processing and controls
assertions
Controls to monitor results of operations

Controls over period-end financial reporting process

Policies that address business control and risk management practices

 Transaction Controls

Control activities implemented to mitigate

transaction processing risk

Affect certain processes, transactions, accounts,

and assertions

• Do not have an entity-wide effect

COMPONENTS AND PRINCIPLES OF INTERNAL
CONTROL
 COSO Component: Control
Environment
• Foundation for all other components of internal control
• A strong control environment protects against risks related to
reliability of financial statements
• Examples of control environment deficiencies
• Low level of control consciousness within an organization
• Audit committee not having independent members
• Absence of an ethics policy within an organization
 Commitment to Integrity and Ethical Values -
COSO Principle 1

Demonstrated through the tone set by the board

and management

Organizations should have:

• Standards of conduct regarding expectations for integrity and

ethical values
• Processes in place to determine if individuals are performing in
accordance with expected standards of conduct
• Processes for identifying and addressing any deviations in expected
conduct
Board of Directors Exercises Oversight
Responsibility - COSO Principle 2

Board of directors includes • Audit committee oversees management

various committees

Board of directors is required to

exercise objective oversight of
the development and
performance of internal control

• Sufficient knowledge and skills to fulfill its

oversight responsibilities
The board should have: • Sufficient number of independent members
to ensure the board’s objectivity
 Management Establishes Structure, Authority, and
Responsibility - COSO Principle 3

• Retains authority over decisions

• Reviews management’s assignments
Board

• Establishes directives, guidance, and controls

Senior Management

• Guides and facilitates senior’s directives

Management

• Understand internal control requirements

Personnel

• Follow management’s scope of authority and responsibility for all

Outsourced Service nonemployees engaged
Providers
 Organization Demonstrates Commitment to
Competence - COSO Principle 4

Commitment
towards • Attract
competence is • Train
demonstrated • Mentor
through • Evaluate
policies and • Retain employees
procedures to:
Organization Enforces Accountability -
COSO Principle 5

Individuals held
accountable for Accountability
internal control mechanisms
responsibilities

Establishing and Providing

evaluating appropriate
performance incentives and
measures rewards
 Organization Enforces Accountability -
COSO Principle 5

• Individuals held accountable for internal control

responsibilities
• Accountability mechanisms
• Establishing and evaluating performance measures
• Providing appropriate incentives and rewards
MANAGEMENT'S RESPONSIBILITIES RELATED TO
INTERNAL CONTROL OVER FINANCIAL
REPORTING
 Documentation of Internal Control
Provide clarity and communication of
standards and expectations
Advantages
• Help train new personnel
• Serve as a reference tool for all employees
• Provide evidence that the controls are
operating
• Enable proper monitoring activities
• Support reporting on internal control
effectiveness
• Used by external auditors to understand client’s
internal control system
 Guidelines for Developing Reliable
Documentation
Pre-numbered paper or computer-generated documents facilitate control
of, and accountability for, transactions

Timely preparation

• Improves credibility and accountability of documents

• Decreases rate of errors on all documents

Authorization of a transaction

Transaction trail

• Tracing a transaction from its origination through to its final disposition, or vice versa
 Reporting on Internal Control Over Financial
Reporting

Sarbanes-Oxley Act of 2002

requires public company Guidelines provided by U.S.
management to annually report Securities and Exchange
on the design and operating Commission (SEC) require:
effectiveness of controls

Suitable criteria be
used as the benchmark
in assessing internal
control effectiveness
(e.g., COSO)
STEPS IN MANAGEMENT’S
EVALUATION OF INTERNAL CONTROL
OVER FINANCIAL REPORTING
Examples of Approaches to Management Testing
of Operating Effectiveness of Control
IMPORTANCE OF INTERNAL CONTROL TO THE
EXTERNAL AUDIT
 Importance of Internal Control FOR
the External Audit
Auditors are
The auditor needs to understand the company’s
required to
identify and assess internal controls to determine appropriate audit
risks of material procedures
misstatement due
to fraud or error

Integrated audit: The effectiveness of the client’s internal control

Occurs when an over financial reporting and
auditor provides
an opinion on:
The financial statements
 Auditor Assessment of Controls

• Management’s documentation of its internal

control
Auditor reviews: • Management’s evaluation and findings
related to internal control effectiveness

Auditor then
gathers evidence • By taking a random sample auditor needs to
on operating independently determine whether the
effectiveness of controls are working
these controls
 Reference
• Karla M. Johnstone. (2016). Auditing : a risk-based approach
to conducting a quality audit. 10th ed. Cengage Learning.
Boston. ISBN: 9781305080577.
• Iain Gray, Stuart Manson, Louise Crawford. (2015). The Audit
Process Principles, Practices and Cases. 06. Cengage
Learning. Hampshire. ISBN: 9781408081709.
Thank You