Scribd
Upload
88 views20 pages

Chapter 10- Internal Control

Uploaded by

Mohammed Shoman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
88 views20 pages

Chapter 10- Internal Control

Uploaded by

Mohammed Shoman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

SECTION 404 AUDITS

OF INTERNAL CONTROL
AND CONTROL RISK

Chapter 10
Learning Objectives
1. Describe the three primary objectives of effective internal control.
2. Contrast management’s responsibilities for maintaining internal control with the auditor’s
responsibilities for evaluating and reporting on internal control.
3. Explain the five components of the COSO internal control framework
4. Obtain and document an understanding of internal control.
5. Assess control risk by linking key controls and control deficiencies to transaction-related
audit objectives.
6. Describe the process of designing and performing tests of controls.
7. Understand Section 404 requirements for auditor reporting on internal control.
8. Describe the differences in evaluating, reporting, and testing internal control for nonpublic
companies.
Internal Control Objectives
OBJECTIVE 10-1 : Describe The Three Primary Objectives Of Effective Internal Control.

Management typically has three broad objectives in


designing an effective internal control system:

1. Reliability of financial reporting.

2. Efficiency and effectiveness of operations.

3. Compliance with laws and regulations.


Management And Auditor Responsibilities For Internal Control
OBJECTIVE 10-2: Contrast management’s responsibilities for maintaining internal control with the auditor’s responsibilities for evaluating an d
reporting on internal control.

Management, not the auditor, must establish


and maintain the entity’s internal controls.
Management
Responsibilities
For Internal
Control also required to report on the operating
effectiveness of those controls
Two key concepts underlie management’s design
and implementation of internal control:

 Reasonable Assurance

➢A company should develop internal controls that provide reasonable, but not
absolute, assurance that the financial statements are fairly stated.

 Inherent Limitations

➢Internal controls can never be completely effective, regardless of the care followed
in their design and implementation. its effectiveness depends on the competency
and dependability of the people using it.
Management And Auditor Responsibilities For Internal Control
OBJECTIVE 10-2: Contrast management’s responsibilities for maintaining internal control with the auditor’s responsibilities for evaluating an d
reporting on internal control.

The auditor’s responsibilities include understanding and


Auditor testing internal control over financial reporting.
Responsibilities
For Internal
Control auditors of larger public companies have been required to
issue an audit report on the operating effectiveness of
those controls.
Auditor Responsibilities for Understanding
Internal Control
 Must assess control risk in every audit

The auditor obtains an understanding of internal control to assess control risk in every
audit.

Auditors are primarily concerned about controls over the reliability of financial
reporting and controls over classes of transactions.

Auditors emphasize internal control over classes of transactions rather than account
balances because the accuracy of accounting system outputs depends heavily on the
accuracy of inputs and processing (transactions).
Auditor Responsibilities for Testing
Internal Control

Obtains an understanding of controls


Performs tests of controls:
✓ significant account balances
✓ classes of transactions
✓ disclosures and related financial
✓ statement assertions
COSO COMPONENTS OF INTERNAL
CONTROL
COSO’s Internal Control-Integrated Framework, the most
widely accepted internal control framework in the United States
describes five components of internal control that management
designs and implements to provide reasonable assurance that its
control objectives will be met.
Each component contains many controls, but auditors
concentrate on those designed to prevent or detect material
misstatements in the financial statements.
The COSO Internal Control Components

The control environment serves as the umbrella for the other four
components. Without an effective control environment, the other four are
unlikely to result in effective internal control, regardless of their quality.
1-Control Environment

The control environment consists of the actions,


policies, and procedures that reflect the overall
attitudes of top management, directors, and owners
of an entity about internal control and its importance
to the entity.
To understand and assess the control environment,
auditors should consider the most important control
subcomponents.
1- Integrity and Ethical Values
➢Integrity and ethical values are the product of the entity’s ethical and behavioral
standards, as well as how they are communicated and reinforced in practice.
2- Commitment to Competence
➢Competence is the knowledge and skills necessary to accomplish tasks that define an
individual’s job.
3- Board of Director or Audit Committee Participation
➢The board of directors is essential for effective corporate governance because it has the
ultimate responsibility to make sure management implements proper internal control
and financial reporting processes.
4- Management’s Philosophy and Operating Style
➢ Management, through its activities, provides clear signals to employees about the importance of
internal control. For example, does management take significant risks, or is it risk averse?
5- Organizational Structure
➢ The entity’s organizational structure defines the existing lines of responsibility and authority. By
understanding the client’s organizational structure, the auditor can learn the management and
functional elements of the business and perceive how controls are implemented.
6- Human Resource Policies and Practices
➢ The most important aspect of internal control is personnel. If employees are competent and
trustworthy, other controls can be absent, and reliable financial statements will still result.
2-Risk Assessment
Risk assessment for financial reporting is management’s identification
and analysis of risks relevant to the preparation of financial statements in
conformity with appropriate accounting standards.

Once management identifies a risk, it estimates the significance of that


risk, assesses the likelihood of the risk occurring, and develops specific
actions that need to be taken to reduce the risk to an acceptable level.
While management assesses risks as a part of
designing and operating internal controls to minimize
errors and fraud, auditors assess risks to decide the
evidence needed in the audit.
3-Control Activities
 Control activities are the policies and procedures, in addition to those included in the
other four control components, that help ensure that necessary actions are taken to
address risks to the achievement of the entity’s objectives.

 There are potentially many such control activities in any entity, including both manual
and automated controls.
The control activities generally fall into the
following five types, which are discussed next:

1. Adequate separation of duties

2. Proper authorization of transactions and activities

3. Adequate documents and records

4. Physical control over assets and records

5. Independent checks on performance


3-Information and Communication

The purpose of an entity’s accounting information and


communication system is to initiate, record, process, and report
the entity’s transactions and to maintain accountability for the
related assets.
4-Monitoring
Monitoring activities deal with ongoing or periodic assessment
of the quality of internal control by management to determine
that controls are operating as intended and that they are
modified as appropriate for changes in conditions.

You might also like