-
Internal Control
- A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding, achievement of (the entity's) objectives on:
- Effectiveness and efficiency of operations
- reliability of financial reporting
- Compliance with applicable laws and regulations
-
Foreign Corrupt Practices Act
- Requires an effective system of internal control
- makes illegal payment of bribes to foreign officials.
-
Controls over financial reporting
- Preventive
- Detective
- Corrective
- Controls overlap
-
Preventive Control
- Aimed at avoiding the occurrence of misstatements in the financial statements
- Ex: segregation of duties
-
Detective control
- Designed to discover misstatements after they have occurred
- Ex: Monthly bank reconciliations
-
Corrective Control
- Needed to remedy the situation uncovered by detective controls
- Ex: Backups of master file
-
Controls Overlap
- Complementary-function together
- Redundant- Address same assertion or control objective
- Compensating-reduces risk existing weakness will result in misstatement
-
Components of Internal Control (COSO)
- Control Enviornment
- Risk Assesment
- Information & Communication System
- Control Activities
- Monitoring
-
Control Activities
- Performance review
- information processing
- general control activities
- Application control activities
- Physical Controls
- Segregation of duties
-
Control Activities
- Custodial- handeling assets
- Recording Functions-preparing reconciliations
- Authorization function-Authorize transactions
-
Objectives of an Accounting System
- Identify and record Valid transactions
- Describe on a timely basis the transactions in sufficent detail to permit proper clasification of transaction
- Measure the value of transactions appropriately
- Determine the time period in which the transactions occurred to permit recording in the proper period
- Present properly the transactions and related disclosures in the financial statements
-
Limitations of Internal Control
- Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue,etc.
- Controls that depend on the segregation of duties may be circumvented by collusion
- Management may override the structure
- compliance may deteriorate over time
-
The role of internal control-Second Field work standard
The auditor must obtain a sufficient understanding of the entity and its environment, including tis internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.
-
Overall approach of an audit
- Plan the audit
- obtain an understanding of the client and its environment, including internal control
- Assess the risks of material misstatement and design further audit procedures
- Perform further Audit Procedures
- Complete the audit
- Form an opinion and issue the audit report
-
Understanding Internal control is used to help the auditor to
- ID types of potential misstatements
- Consider factors that affect the risks of material misstatement
- Design tests of controls (when applicable) and substantive procedures
-
Auditors must consider all five internal control components (COSO)
- Control Activities
- Risk assessment
- Accounting Information System
- Monitoring
- Environment
- Control Environment
-
Obtaining the Understanding- Procedures Include
- Inquiring of entity personnel
- Observing the application of specific controls
- Inspecting documents and reports
- Tracing transactions through the information system relevant to financial reporting
-
Documenting the Understanding of Internal control
- Questionnaires- standardized by the firm
- Written Narratives- Memos that describe flow of transactions
- Flowcharts-System flowcharts
- Walk-through -trace one or two transactions through cycle
-
Assessing the risk of material misstatement-General Approach
- ID risks while obtaining an understanding of the client and its environment, including its internal control
- Relate the identified risks to what can go wrong at the relevant assertion level
- Consider whether the risks are of a magnitude that could result in a material misstatement
- Consider the likelihood that the risks could result in a material misstatement
-
Nature of transactions
- Generally routine transactions have the strongest Controls
- Routine transactions-revenue, purchases, and cash receipts and disbursements
- Non routine transactions- taking of inventory, calculating depreciation expense
- Estimation transactions- determining the allowance for doubtful accounts
-
Assessing Risks at the Financial Statement Level
- Ex:
- Preparing the period-end financial statements, including the development of significant accounting estimate and preparation of the notes.
- The selection and application of significant accounting policies
- IT general controls
- The control enviornment
-
Responses to High Risks at FS level
- Assigning more experience staff or those with specialized skills
- Providing more supervision and empahsizing the need to maintain professional skepticism
- Incorporating additional ellements of undperdictability in the selection of further audit procedures to be performed
-
Assessing risks at the Assertion Level
- Ex:
- Failure to recognize an impairment loss on a long-lived asset affects only the valuation assertion
- Inaccurate counting of inventory at year-end affect the valuation of inventory and the accuracy of cost of goods sold
-
Risks at the Assertion Level- Responses
Decisions are made here as to the appropriate combination of tests of controls and substantive procedures
-
Design and Perform Audit procedures- Test of Controls Approach
- ID controls likely to prevent or detect material misstatements
- Perform tests of controls to determine whether they are operating effectively
-
Design and Perform Audit procedures- Test of Controls Address:
- How controls were applied
- The consistency with which controls were applied
- By whom or by what means the controls were applied
-
Tests of Controls Include:
- Inquiries of appropriate client personnel
- Inspection of documents and reports
- Observations of the application of controls
- Re performance of controls
-
What are the results of the test of control used for?
They are used to determine the nature, timing and extent of substantive procedures
-
Use of the work of internal Auditors
- Must assess internal audit competence and objectivity and test work
- Can rely on work of internal audit to reduce amount of testing done by independent auditors
-
Managements Report of Internal Control Under Section 404a
- Acknowledgement of responsibility for internal control
- An assessment of internal control effectiveness as of the last day of the company's fiscal year using suitable criteria
- Support the evaluation with sufficient evidence
-
Approach to Audit of Internal Control under Section 404b
- Plan the engagement
- Use a top-down approach to identify the controls to test (critical or key controls)
- Test and evaluate design effectiveness of internal control
- Test and evaluate operating effectiveness of internal control
- Form an opinion on effectiveness of internal control over financial reporting
-
Internal Control in the small Company
Due to lack of employees, internal Control is seldom strong in small business
-
Specific practices for small businesses
- Record all cash receipts immediately
- Deposit all cash receipts intact daily
- Make all payments by serially numbered checks, with exception of petty cash disbursement
- Reconcile bank accounts monthly and retain compies
- Use numerical invoices
- Have owner/CEO review bank statements, cancelled checks, journals, etc. to look for unusual items.
|
|