Salih Islam, profile picture
Uploaded bySalih Islam
PDF, PPTX17,489 views

Internal Control

Internal control is a process designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance. It consists of five components: control environment, risk assessment, control activities, information and communication, and monitoring activities. The components work together to help ensure reliable financial reporting, effective and efficient operations, and compliance with laws and regulations. Internal control is important for both management and external auditors, and while it cannot provide absolute assurance, it helps reduce risks of failure to achieve goals.

Embed presentation

Download as PDF, PPTX
Internal Control
Summary of Internal Control Definition A process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding, achievement of (the entity’s) objectives on: –Effectiveness and efficiency of operations –Reliability of financial reporting –Compliance with applicable laws and regulations
Control Objectives •In each area of internal control (financial reporting, operations and compliance) –Control objectives and –Sub objectives exist •Example: Area of financial reporting –Top level objective – prepare and issue reliable financial information –Detailed level applied to A/R sub objectives •All goods shipped are accurately billed in the proper period •Invoices are accurately recorded for all authorized shipments and only for such shipments •Authorized and only authorized sales returns and allowances are accurately recorded •The continued completeness and accuracy of A/R is ensured •Accounts receivable records are safeguarded
Foreign Corrupt Practices Act •Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business •The Act –Requires an effective system of internal control –Makes illegal payment of bribes to foreign officials
Controls over Financial Reporting •Preventive –Aimed at avoiding the occurrence of misstatements in the financial statements –Example: Segregation of duties •Detective –Designed to discover misstatements after they have occurred –Example: Monthly bank reconciliations •Corrective –Needed to remedy the situation uncovered by detective controls –Example: Backups of master file •Controls overlap –Complementary – function together –Redundant – address same assertion or control objective –Compensating – reduces risk existing weakness will result in misstatement
Components of Internal Control •The Control Environment •Risk Assessment •The Accounting Information and Communication System •Control Activities •Monitoring
Control Environment Factors •Integrity and ethical values •Commitment to competence •Board of directors or audit committee •Management philosophy and operating style •Organizational structure •Human resource policies and practices •Assignment of authority and responsibility
Risk Assessment--Factors Indicative of Increased Financial Reporting Risk •Changes in the regulatory or operating environment •Changes in personnel •Implementation of a new or modified information system •Rapid growth of the organization •Changes in technology affecting production processes or information systems •Introduction of new lines of business, products, or processes
Control Activities •Performance reviews •Information processing –General control activities –Application control activities •Physical controls •Segregation of duties –Segregate authorization, recording and custody of assets
Segregation of Duties
Objectives of an Accounting System •Identify and record valid transactions •Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions •Measure the value of transactions appropriately •Determine the time period in which the transactions occurred to permit recording in the proper period •Present properly the transactions and related disclosures in the financial statements
Monitoring •Ongoing monitoring activities –Regularly performed supervisory and management activities –Example: Continuous monitoring of customer complaints •Separate evaluations –Performed on nonroutine basis –Example: Periodic audits by internal audit
Limitations of Internal Control •Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. •Controls that depend on the segregation of duties may be circumvented by collusion •Management may override the structure •Compliance may deteriorate over time
Enterprise Risk Management (ERM) •COSO issued a new internal control framework in 2004 on enterprise risk management. It does not replace the original COSO internal control framework. •It goes beyond internal control to focus on how organizations can effectively manage risks and opportunities. •The auditing standards are still structured around the original COSO internal control framework.
Auditors’ Overall Approach with Internal Control •Overall approach of an audit 1. Plan the audit 2. Obtain an understanding of the client and its environment, including internal control 3. Assess the risks of material misstatement and design further audit procedures 4. Perform further audit procedures 5. Complete the audit 6. Form an opinion and issue the audit report •Steps 2-4 relate most directly to the role of internal control in financial statement audits
2. Obtain an understanding of the client and its environment, including internal control •The understanding of internal control is used to help the auditor to –Identify types of potential misstatements –Consider factors that affect the risks of material misstatement. –Design tests of controls (when applicable) and substantive procedures. •Auditors must consider all five internal control components –Control environment –Accounting information system –Risk assessment –Control activities –Monitoring •Also consider areas difficult to control like nonroutine transactions
Obtaining the Understanding •Procedures include –Inquiring of entity personnel –Observing the application of specific controls –Inspecting documents and reports –Tracing transactions through the information system relevant to financial reporting •May also obtain evidence on operating effectiveness of various controls
Documenting the Understanding of Internal Control •Questionnaires –Typically standardized by firm •Written Narratives –Memos that describe flow of transactions •Flowcharts –Systems flowcharts •Walk-through –Trace one or two transaction through cycle
3. Assess the risks of material misstatement General approach –Identify risks while obtaining an understanding of the client and its environment, including its internal control –Relate the identified risks to what can go wrong at the relevant assertion level –Consider whether the risks are of a magnitude that could result in a material misstatement –Consider the likelihood that the risks could result in a material misstatement
The nature of transactions •Consider the nature of the transactions –Routine transactions—e.g., revenue, purchases, and cash receipts and disbursements –Nonroutine transactions—e.g., taking of inventory, calculating depreciation expense –Estimation transactions—e.g., determining the allowance for doubtful accounts •Generally routine transactions have the strongest controls
Assessing Risks at the Financial Statement Level •Examples –Preparing the period-end financial statements, including the development of significant accounting estimate and preparation of the notes –The selection and application of significant accounting policies –IT general controls –The control environment •Responses to high risks –Assigning more experience staff or those with specialized skills –Providing more supervision and emphasizing the need to maintain professional skepticism –Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed –Increasing the overall scope of audit procedures, including the nature, timing or extent
Assessing Risks at the Assertion Level •Examples –Failure to recognize an impairment loss on a long- lived asset affects only the valuation assertion –Inaccurate counting of inventory at year-end affect the valuation of inventory and the accuracy of cost of goods sold •Responses –Decisions are made here as to the appropriate combination of tests of controls and substantive procedures
4. Perform Further Audit Procedures – Test of Controls (1/2) •Approach: –Identify controls likely to prevent or detect material misstatements –Perform tests of controls to determine whether they are operating effectively •Tests of controls address: –How controls were applied –The consistency with which controls were applied –By whom or by what means (e.g., electronically) the controls were applied
4. Perform Further Audit Procedures – Test of Controls (1/2) •Tests of controls include: –Inquiries of appropriate client personnel –Inspection of documents and reports –Observation of the application of controls –Reperformance of the controls •The results of the tests of controls are used to determine the nature, timing and extent of substantive procedures
Diagram of the Auditors’ Consideration of Internal Control
Other Considerations •Audit decision aids –Checklist, standard form or computer program that helps auditors make a decision by ensuring that they have all relevant information or by assisting them in combining the information. •Use of the work of internal auditors –Must assess internal audit competence and objectivity and test work –Can rely on work of internal audit to reduce amount of testing done by independent auditors
Relationships Among Deficiencies Deficiency in Internal Control Less than Significant Material Significant Deficiency Weakness
Management’s Report on Internal Control under Section 404a •Acknowledgment of responsibility for internal control •An assessment of internal control effectiveness as of the last day of the company’s fiscal yearn using suitable criteria •Support the evaluation with sufficient evidence
Approach to Audit of Internal Control under Section 404b •This section applies to public companies with a market capitalization of $75 million or more. For those companies, the auditors audit internal control as a part of an integrated audit as follows: –Plan the engagement –Use a top-down approach to identify the controls to test –Test and evaluate design effectiveness of internal control –Test and evaluate operating effectiveness of internal control –Form an opinion on effectiveness of internal control over financial reporting
Internal Control in the Small Company •Due to lack of employees, internal control is seldom strong in small businesses •Specific practices for small businesses –Record all cash receipts immediately –Deposit all cash receipts intact daily –Make all payments by serially numbered checks, with exception of petty cash disbursements –Reconcile bank accounts monthly and retain copies –Use serially numbered invoices, Pos, and receiving reports –Issue checks to vendors only in payment of approved invoices that have been matched with purchase orders and receiving reports –Balance subsidiary ledger with control accounts –Prepare comparative financial statements monthly to disclose significant variations in any category of revenue or expense

More Related Content

PPSX
Internal controls
byGeetali Tare
 
PPTX
INTERNAL CONTROL-PPT.pptx
byHeldaMaryA
 
PPTX
8. internal control new
bySyed Osama Rizvi
 
PPTX
Internal control
byiPleaders - Re-engineering Legal education, New Delhi
 
PPTX
Internal controls in auditing
byHardik Shah
 
PPTX
Chapter 2 internal control
byDr Manu H Natesh
 
PPTX
Internal controls (2).pptx
byRaafayDogar
 
PPTX
Internal control system
byHina Varshney
 
Internal controls
byGeetali Tare
 
INTERNAL CONTROL-PPT.pptx
byHeldaMaryA
 
8. internal control new
bySyed Osama Rizvi
 
Internal control
byiPleaders - Re-engineering Legal education, New Delhi
 
Internal controls in auditing
byHardik Shah
 
Chapter 2 internal control
byDr Manu H Natesh
 
Internal controls (2).pptx
byRaafayDogar
 
Internal control system
byHina Varshney
 

What's hot

PPTX
Unit 1 Introduction to Audit
byAjay Nazarene
 
PPTX
9. audit evidence
bySyed Osama Rizvi
 
PPT
Audit procedures
byBilal Ahmed Bhatti
 
PPTX
INTERNATIONAL AUDITING STANDARDS -PPT.pptx
byHeldaMaryA
 
PPTX
Internal Audit
byAhmad Tariq Bhatti
 
PPT
Unit 3 internal control
byRadhika Gohel
 
PPTX
Audit & Assurance
byMd. Mehadi Hassan Bappy
 
PPTX
Unit 1 Introduction to Auditing
byRadhika Gohel
 
PPTX
Practical approach to Risk Based Internal Audit
byManoj Agarwal
 
PPTX
Internal check internal audit internal control
bySriramPurnaKotla
 
PPTX
The role of internal audit department
bySalih Islam
 
PPTX
The Role of Internal Audit
byArmeniaFED
 
PPTX
Internal Audit
byJami Martin
 
PPTX
The Internal Audit Framework
byAhmad Tariq Bhatti
 
PPTX
Audit report
byReal Estate Services
 
PPTX
Ppt on risk based internal audit
byAmitaMistry2
 
PPTX
Coso framework
byDarryl Woolley
 
PDF
Internal audit ppt
byLetzconsult.com
 
PPTX
Internal auditors’ roles and responsibilities
bySalih Islam
 
PPS
Control Self Assessment
byManoj Agarwal
 
Unit 1 Introduction to Audit
byAjay Nazarene
 
9. audit evidence
bySyed Osama Rizvi
 
Audit procedures
byBilal Ahmed Bhatti
 
INTERNATIONAL AUDITING STANDARDS -PPT.pptx
byHeldaMaryA
 
Internal Audit
byAhmad Tariq Bhatti
 
Unit 3 internal control
byRadhika Gohel
 
Audit & Assurance
byMd. Mehadi Hassan Bappy
 
Unit 1 Introduction to Auditing
byRadhika Gohel
 
Practical approach to Risk Based Internal Audit
byManoj Agarwal
 
Internal check internal audit internal control
bySriramPurnaKotla
 
The role of internal audit department
bySalih Islam
 
The Role of Internal Audit
byArmeniaFED
 
Internal Audit
byJami Martin
 
The Internal Audit Framework
byAhmad Tariq Bhatti
 
Audit report
byReal Estate Services
 
Ppt on risk based internal audit
byAmitaMistry2
 
Coso framework
byDarryl Woolley
 
Internal audit ppt
byLetzconsult.com
 
Internal auditors’ roles and responsibilities
bySalih Islam
 
Control Self Assessment
byManoj Agarwal
 

Viewers also liked

PPTX
Audit presentation
byMetafrique group
 
PPT
Audit Principles & Concepts
byspschandel
 
PPSX
Organizational Design And Change
byKing Julian
 
PPTX
Strategic Plan & Change Management
byTriune Global
 
PPTX
ORGANIZATIONAL INNOVATION MODEL
byAPGICO- Associação Portuguesa de Inovação e Criatividade
 
PPTX
Organisational innovation
byCharanya Naidu
 
PPTX
Chapter 11 Managing Change and Innovation
byRayman Soe
 
DOCX
Factors affecting organizational design
byrishikant555
 
DOC
Power and politics in organization
bylearner_j
 
PPTX
Ijarah
byAtika Anuar
 
PPT
Power & politics in organizations
bymdfaizan
 
Audit presentation
byMetafrique group
 
Audit Principles & Concepts
byspschandel
 
Organizational Design And Change
byKing Julian
 
Strategic Plan & Change Management
byTriune Global
 
ORGANIZATIONAL INNOVATION MODEL
byAPGICO- Associação Portuguesa de Inovação e Criatividade
 
Organisational innovation
byCharanya Naidu
 
Chapter 11 Managing Change and Innovation
byRayman Soe
 
Factors affecting organizational design
byrishikant555
 
Power and politics in organization
bylearner_j
 
Ijarah
byAtika Anuar
 
Power & politics in organizations
bymdfaizan
 

Similar to Internal Control

PDF
Internal control
bySALIH AHMED ISLAM
 
PPTX
Audit report- Consideration of Internal Control
bynellynljcoles
 
PDF
Chapter 7
byEasyStudy3
 
PDF
Chapter 7
byEasyStudy3
 
PPTX
The Importance of Internal Controls in Fraud Prevention
byRea
 
PPTX
3. financial controllership
byJudy Ricamara
 
PPT
Arens12e 10
byJohn Sy
 
PPT
Powerpoint.ppt on intrnal cntrol overview
byjcjamerojr
 
PPT
Internal Audit : an independent service to evaluate an organisation's.ppt
bySrabanAhmedMasum
 
PPTX
Week 4 Audit planning and Client evaluation and audit risk assessment.pptx
bytoammel
 
PPTX
topic 3 internal controls..audit.pptx
byvailethmwaisanila
 
PPT
477 10 (5)
bysaramkhan5
 
PPTX
Advanced auditing Chapter Five.Internal control pptx
byseidIbrahim2
 
DOCX
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
bymccormicknadine86
 
PPT
Internal control 1_ricc_revised
byUniversity of St. La Salle-Bacolod BABA
 
PPTX
Sarbanes oxley internal controls
byIllumeo
 
PPTX
01.1. Internal Control System_Oct'21.pptx
bySMMohsinUddin1
 
PDF
Internal Financial Control Over Financial Reporting.pdf
bySBSGLOBAL1
 
PPT
1auditconcepts
byShubham Raj
 
PPTX
Information system control and audit
byAstri Stiawaty
 
Internal control
bySALIH AHMED ISLAM
 
Audit report- Consideration of Internal Control
bynellynljcoles
 
Chapter 7
byEasyStudy3
 
Chapter 7
byEasyStudy3
 
The Importance of Internal Controls in Fraud Prevention
byRea
 
3. financial controllership
byJudy Ricamara
 
Arens12e 10
byJohn Sy
 
Powerpoint.ppt on intrnal cntrol overview
byjcjamerojr
 
Internal Audit : an independent service to evaluate an organisation's.ppt
bySrabanAhmedMasum
 
Week 4 Audit planning and Client evaluation and audit risk assessment.pptx
bytoammel
 
topic 3 internal controls..audit.pptx
byvailethmwaisanila
 
477 10 (5)
bysaramkhan5
 
Advanced auditing Chapter Five.Internal control pptx
byseidIbrahim2
 
Chapter 9Audit Risk AssessmentPrepared by Dr Phil Saj1.docx
bymccormicknadine86
 
Internal control 1_ricc_revised
byUniversity of St. La Salle-Bacolod BABA
 
Sarbanes oxley internal controls
byIllumeo
 
01.1. Internal Control System_Oct'21.pptx
bySMMohsinUddin1
 
Internal Financial Control Over Financial Reporting.pdf
bySBSGLOBAL1
 
1auditconcepts
byShubham Raj
 
Information system control and audit
byAstri Stiawaty
 

More from Salih Islam

PPT
Financial Statements Audit
bySalih Islam
 
PPTX
Internal audits role in compliance
bySalih Islam
 
PPTX
Fraud Investigation
bySalih Islam
 
PPTX
Denetim - Güncel Yaklaşımlar
bySalih Islam
 
PPT
Assessing Strengths and Weaknesses
bySalih Islam
 
PPTX
Audit Fields
bySalih Islam
 
PPTX
It audit methodologies
bySalih Islam
 
PPTX
The Consulting Approach of IA
bySalih Islam
 
PPTX
Summary of work experience
bySalih Islam
 
PPTX
New approaches in internal audit
bySalih Islam
 
PPTX
Internal Audit Primary Mission
bySalih Islam
 
PPTX
Independency
bySalih Islam
 
PPTX
COSO
bySalih Islam
 
PPTX
Internal Audit Methodology
bySalih Islam
 
PPT
Evolving Risk Management
bySalih Islam
 
PPT
Risk Based Audit Approach
bySalih Islam
 
PPT
Audit Cycle
bySalih Islam
 
PPTX
Summary of Work Experience
bySalih Islam
 
PPTX
Corporate Governance
bySalih Islam
 
PPT
The role of auditing in the erm process
bySalih Islam
 
Financial Statements Audit
bySalih Islam
 
Internal audits role in compliance
bySalih Islam
 
Fraud Investigation
bySalih Islam
 
Denetim - Güncel Yaklaşımlar
bySalih Islam
 
Assessing Strengths and Weaknesses
bySalih Islam
 
Audit Fields
bySalih Islam
 
It audit methodologies
bySalih Islam
 
The Consulting Approach of IA
bySalih Islam
 
Summary of work experience
bySalih Islam
 
New approaches in internal audit
bySalih Islam
 
Internal Audit Primary Mission
bySalih Islam
 
Independency
bySalih Islam
 
COSO
bySalih Islam
 
Internal Audit Methodology
bySalih Islam
 
Evolving Risk Management
bySalih Islam
 
Risk Based Audit Approach
bySalih Islam
 
Audit Cycle
bySalih Islam
 
Summary of Work Experience
bySalih Islam
 
Corporate Governance
bySalih Islam
 
The role of auditing in the erm process
bySalih Islam
 

Recently uploaded

PDF
How to Buy Facebook accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
LinkedIn Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
DOCX
How to Buy Old Gmail Accounts Smartly_ 5 Easy Methods (2025) (1).docx
byusnewit shop
 
PDF
Comprehensive consulting casebook from FMS Delhi (2023–24), covering framewor...
byAnshulchauhan866815
 
PDF
ActARion - The Future of Work with AI and Augmented Reality
byOrtwin Verreck
 
PDF
growth-approach-pm-letter-december-2025 (1).pdf
byHenry Tapper
 
PDF
Best Platforms to Buy Verified Wise Accounts in the USA.pdf
by#SEO, #usaallhub, #socialmedia, #USAaccounts, #seoservice, #Digitalmarketer
 
PDF
Step-by-Step Guide to Buying LinkedIn Accounts in 2026.pdf
byasikurrhmanxyzit
 
PDF
Best 11 Places to Purchase Mature Twitter Accounts for Marketing.pdf
byjaksontinder24
 
PDF
24 Best Tiktok Seller Center Services To Buy Online.pdf
byidc1w3adizw383go
 
PDF
Equinox Gold - Corporate Presentation.pdf
byEquinox Gold Corp.
 
PDF
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
PDF
Buy Twitter Accounts — An Educational Overview.pdf
byh3lfp4332e3gctbnm22w
 
PDF
Buy Twitter Accounts and Platforms account in 2026.,..pdf
byh3lfp4332e3gctbnm22w
 
PDF
Dubai Multi Commodities Centre (DMCC) – Supplier Code of Conduct Policy
byDubai Multi Commodity Centre
 
PDF
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
PDF
How to Buy Twitter Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
PDF
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
PDF
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 
How to Buy Facebook accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
LinkedIn Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Old Gmail Accounts Smartly_ 5 Easy Methods (2025) (1).docx
byusnewit shop
 
Comprehensive consulting casebook from FMS Delhi (2023–24), covering framewor...
byAnshulchauhan866815
 
ActARion - The Future of Work with AI and Augmented Reality
byOrtwin Verreck
 
growth-approach-pm-letter-december-2025 (1).pdf
byHenry Tapper
 
Best Platforms to Buy Verified Wise Accounts in the USA.pdf
by#SEO, #usaallhub, #socialmedia, #USAaccounts, #seoservice, #Digitalmarketer
 
Step-by-Step Guide to Buying LinkedIn Accounts in 2026.pdf
byasikurrhmanxyzit
 
Best 11 Places to Purchase Mature Twitter Accounts for Marketing.pdf
byjaksontinder24
 
24 Best Tiktok Seller Center Services To Buy Online.pdf
byidc1w3adizw383go
 
Equinox Gold - Corporate Presentation.pdf
byEquinox Gold Corp.
 
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
Buy Twitter Accounts — An Educational Overview.pdf
byh3lfp4332e3gctbnm22w
 
Buy Twitter Accounts and Platforms account in 2026.,..pdf
byh3lfp4332e3gctbnm22w
 
Dubai Multi Commodities Centre (DMCC) – Supplier Code of Conduct Policy
byDubai Multi Commodity Centre
 
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
How to Buy Twitter Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 

Internal Control

  • 2.
  • 3.
    Summary of InternalControl Definition A process, effected by the entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding, achievement of (the entity’s) objectives on: –Effectiveness and efficiency of operations –Reliability of financial reporting –Compliance with applicable laws and regulations
  • 4.
    Control Objectives •Ineach area of internal control (financial reporting, operations and compliance) –Control objectives and –Sub objectives exist •Example: Area of financial reporting –Top level objective – prepare and issue reliable financial information –Detailed level applied to A/R sub objectives •All goods shipped are accurately billed in the proper period •Invoices are accurately recorded for all authorized shipments and only for such shipments •Authorized and only authorized sales returns and allowances are accurately recorded •The continued completeness and accuracy of A/R is ensured •Accounts receivable records are safeguarded
  • 5.
    Foreign Corrupt PracticesAct •Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business •The Act –Requires an effective system of internal control –Makes illegal payment of bribes to foreign officials
  • 6.
    Controls over FinancialReporting •Preventive –Aimed at avoiding the occurrence of misstatements in the financial statements –Example: Segregation of duties •Detective –Designed to discover misstatements after they have occurred –Example: Monthly bank reconciliations •Corrective –Needed to remedy the situation uncovered by detective controls –Example: Backups of master file •Controls overlap –Complementary – function together –Redundant – address same assertion or control objective –Compensating – reduces risk existing weakness will result in misstatement
  • 7.
    Components of InternalControl •The Control Environment •Risk Assessment •The Accounting Information and Communication System •Control Activities •Monitoring
  • 8.
    Control Environment Factors •Integrity and ethical values •Commitment to competence •Board of directors or audit committee •Management philosophy and operating style •Organizational structure •Human resource policies and practices •Assignment of authority and responsibility
  • 9.
    Risk Assessment--Factors Indicativeof Increased Financial Reporting Risk •Changes in the regulatory or operating environment •Changes in personnel •Implementation of a new or modified information system •Rapid growth of the organization •Changes in technology affecting production processes or information systems •Introduction of new lines of business, products, or processes
  • 10.
    Control Activities •Performancereviews •Information processing –General control activities –Application control activities •Physical controls •Segregation of duties –Segregate authorization, recording and custody of assets
  • 11.
  • 12.
    Objectives of anAccounting System •Identify and record valid transactions •Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions •Measure the value of transactions appropriately •Determine the time period in which the transactions occurred to permit recording in the proper period •Present properly the transactions and related disclosures in the financial statements
  • 13.
    Monitoring •Ongoing monitoringactivities –Regularly performed supervisory and management activities –Example: Continuous monitoring of customer complaints •Separate evaluations –Performed on nonroutine basis –Example: Periodic audits by internal audit
  • 14.
    Limitations of InternalControl •Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. •Controls that depend on the segregation of duties may be circumvented by collusion •Management may override the structure •Compliance may deteriorate over time
  • 15.
    Enterprise Risk Management(ERM) •COSO issued a new internal control framework in 2004 on enterprise risk management. It does not replace the original COSO internal control framework. •It goes beyond internal control to focus on how organizations can effectively manage risks and opportunities. •The auditing standards are still structured around the original COSO internal control framework.
  • 16.
    Auditors’ Overall Approachwith Internal Control •Overall approach of an audit 1. Plan the audit 2. Obtain an understanding of the client and its environment, including internal control 3. Assess the risks of material misstatement and design further audit procedures 4. Perform further audit procedures 5. Complete the audit 6. Form an opinion and issue the audit report •Steps 2-4 relate most directly to the role of internal control in financial statement audits
  • 17.
    2. Obtain anunderstanding of the client and its environment, including internal control •The understanding of internal control is used to help the auditor to –Identify types of potential misstatements –Consider factors that affect the risks of material misstatement. –Design tests of controls (when applicable) and substantive procedures. •Auditors must consider all five internal control components –Control environment –Accounting information system –Risk assessment –Control activities –Monitoring •Also consider areas difficult to control like nonroutine transactions
  • 18.
    Obtaining the Understanding •Procedures include –Inquiring of entity personnel –Observing the application of specific controls –Inspecting documents and reports –Tracing transactions through the information system relevant to financial reporting •May also obtain evidence on operating effectiveness of various controls
  • 19.
    Documenting the Understandingof Internal Control •Questionnaires –Typically standardized by firm •Written Narratives –Memos that describe flow of transactions •Flowcharts –Systems flowcharts •Walk-through –Trace one or two transaction through cycle
  • 21.
    3. Assess therisks of material misstatement General approach –Identify risks while obtaining an understanding of the client and its environment, including its internal control –Relate the identified risks to what can go wrong at the relevant assertion level –Consider whether the risks are of a magnitude that could result in a material misstatement –Consider the likelihood that the risks could result in a material misstatement
  • 22.
    The nature oftransactions •Consider the nature of the transactions –Routine transactions—e.g., revenue, purchases, and cash receipts and disbursements –Nonroutine transactions—e.g., taking of inventory, calculating depreciation expense –Estimation transactions—e.g., determining the allowance for doubtful accounts •Generally routine transactions have the strongest controls
  • 23.
    Assessing Risks atthe Financial Statement Level •Examples –Preparing the period-end financial statements, including the development of significant accounting estimate and preparation of the notes –The selection and application of significant accounting policies –IT general controls –The control environment •Responses to high risks –Assigning more experience staff or those with specialized skills –Providing more supervision and emphasizing the need to maintain professional skepticism –Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed –Increasing the overall scope of audit procedures, including the nature, timing or extent
  • 24.
    Assessing Risks atthe Assertion Level •Examples –Failure to recognize an impairment loss on a long- lived asset affects only the valuation assertion –Inaccurate counting of inventory at year-end affect the valuation of inventory and the accuracy of cost of goods sold •Responses –Decisions are made here as to the appropriate combination of tests of controls and substantive procedures
  • 25.
    4. Perform FurtherAudit Procedures – Test of Controls (1/2) •Approach: –Identify controls likely to prevent or detect material misstatements –Perform tests of controls to determine whether they are operating effectively •Tests of controls address: –How controls were applied –The consistency with which controls were applied –By whom or by what means (e.g., electronically) the controls were applied
  • 26.
    4. Perform FurtherAudit Procedures – Test of Controls (1/2) •Tests of controls include: –Inquiries of appropriate client personnel –Inspection of documents and reports –Observation of the application of controls –Reperformance of the controls •The results of the tests of controls are used to determine the nature, timing and extent of substantive procedures
  • 27.
    Diagram of theAuditors’ Consideration of Internal Control
  • 28.
    Other Considerations •Auditdecision aids –Checklist, standard form or computer program that helps auditors make a decision by ensuring that they have all relevant information or by assisting them in combining the information. •Use of the work of internal auditors –Must assess internal audit competence and objectivity and test work –Can rely on work of internal audit to reduce amount of testing done by independent auditors
  • 29.
    Relationships Among Deficiencies Deficiency in Internal Control Less than Significant Material Significant Deficiency Weakness
  • 30.
    Management’s Report onInternal Control under Section 404a •Acknowledgment of responsibility for internal control •An assessment of internal control effectiveness as of the last day of the company’s fiscal yearn using suitable criteria •Support the evaluation with sufficient evidence
  • 31.
    Approach to Auditof Internal Control under Section 404b •This section applies to public companies with a market capitalization of $75 million or more. For those companies, the auditors audit internal control as a part of an integrated audit as follows: –Plan the engagement –Use a top-down approach to identify the controls to test –Test and evaluate design effectiveness of internal control –Test and evaluate operating effectiveness of internal control –Form an opinion on effectiveness of internal control over financial reporting
  • 32.
    Internal Control inthe Small Company •Due to lack of employees, internal control is seldom strong in small businesses •Specific practices for small businesses –Record all cash receipts immediately –Deposit all cash receipts intact daily –Make all payments by serially numbered checks, with exception of petty cash disbursements –Reconcile bank accounts monthly and retain copies –Use serially numbered invoices, Pos, and receiving reports –Issue checks to vendors only in payment of approved invoices that have been matched with purchase orders and receiving reports –Balance subsidiary ledger with control accounts –Prepare comparative financial statements monthly to disclose significant variations in any category of revenue or expense