chapter-72746.ppt

7/28/2019 chapter-72746.ppt

http://slidepdf.com/reader/full/chapter-72746ppt 1/65

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved

Chapter 7

Auditing Internal Control over Financial

Reporting in Conjunction with an Auditof Financial Statements

7/28/2019 chapter-72746.ppt


7-2

Management Responsibilities

under Section 404

Section 404 of the Sarbanes-Oxley Act requires

managements of publicly traded companies to issue

an internal control report that explicitly accepts

responsibility for establishing and maintaining“adequate” internal control over financial reporting.

LO# 1

7/28/2019 chapter-72746.ppt


7-3

Management Responsibilities

under Section 404Management must comply with the following in order for its public accounting firm to complete an audit of

internal control over financial reporting.

1. Accepts responsibility for the effectiveness of the entity’s

internal control over financial reporting.

2. Evaluate the effectiveness of the entity’s internal control

over financial reporting using suitable control criteria.

3. Support its evaluation with sufficient evidence, including

documentation.

4. Present a written assessment of the effectiveness of the

entity’s internal control over financial reporting as of the

end of the entity’s most recent fiscal year.

LO# 1

7/28/2019 chapter-72746.ppt


7-4

Auditor Responsibilities under

Section 404The entity’s independent auditor must audit and report

on management’s assertion about the effectiveness of

internal control. The auditor is required to conduct an

integrated aud it of the entity’s internal control over

financial reporting and its financial statements.

LO# 2

7/28/2019 chapter-72746.ppt


7-5

Internal Control over Financial

Reporting Defined

Internal control over financial reporting is defined as a

process designed to provide reasonable assurance

regarding the reliability of financial reporting and the

preparation of financial statements in accordance with

GAAP. Controls include procedures that:

1. Pertain to the maintenance of records that fairly reflect the

transactions and dispositions of the assets of the company.

2. Provide reasonable assurance that transactions are

recorded in accordance with GAAP.

3. Provide reasonable assurance regarding prevention or

timely detection of unauthorized acquisition, use or

disposition of the company’s assets.

LO# 3

7/28/2019 chapter-72746.ppt


7-6

Internal Control Deficiencies

Defined A control deficiency exists when the design or operation of a control does not allow management or employees, in

the normal course of performing their assigned functions,

to prevent or detect misstatements on a timely basis.

A significant deficiency is a control deficiency, or

combination of control deficiencies, that adversely affects

the entity’s ability to initiate, authorize, record, process,

or report external financial data reliably in accordance

with GAAP such that there is more than a remotelikelihood that a misstatement of the entity’s annual or

interim financial statements that is more than

inconsequential will not be prevented or detected (AS2,

¶9).

LO# 4

7/28/2019 chapter-72746.ppt

http://slidepdf.com/reader/full/chapter-72746ppt 7/657-7


Defined

A control deficiency may be serious enough that it is to

be considered not only a significant deficiency but also a

material weakness in the system of internal control. A

material weakness is a significant deficiency, or

combination of significant deficiencies, that results inmore than a remote likelihood that a material

misstatement of the annual or interim financial

statements will not be presented or detected (AS2, ¶10).

As illustrated on the next slide, the auditor must consider

two dimensions of the control deficiency: likelihood

(remote or more than remote) and magnitude (material,

consequential, or inconsequential).

LO# 4

7/28/2019 chapter-72746.ppt



Defined

Material

Consequential

Inconsequential

Remote More than remote

Material

weakness

Significantdeficiency

Insignificant deficiency

L I K E L I H O O D

M

A

G

NI

T

U

D

E

LO# 4

7/28/2019 chapter-72746.ppt


Management’s Assessment

Process

Management must:

1. Design and implement an effective system of internal

control. This process involves determining whether a

necessary control is missing or an existing control is notproperly designed.

2. Develop an ongoing assessment process for the internal

controls in place. Management must assess the likelihood

that failure of a control could result in a misstatement.

3. Management must decide which business units to include in

the assessment process.

LO# 5

7/28/2019 chapter-72746.ppt


Management’s Documentation

Management must develop sufficient

documentation to support its assessment of the

effectiveness of internal control. This

documentation may take many forms, such aspaper, electronic files, or other media. It also

includes policy manuals, job descriptions,

flowcharts, and process models.

LO# 6

7/28/2019 chapter-72746.ppt


Framework Used by Management

to Conduct Its AssessmentMost entities use the framework developed by COSO.

This framework identifies three primary objectives of

internal control: (1) reliable financial reporting;

(2) efficiency and effectiveness of operations;

and (3) compliance with laws and regulations.

LO# 7

7/28/2019 chapter-72746.ppt


Performing an Audit of Internal

Control over Financial Reporting

Plan the engagement.

Evaluate management’s assessment process.

The auditor typically obtains his or her understanding of

management’s assessment process through inquiry of

management and others.

LO# 8

7/28/2019 chapter-72746.ppt


7-13


Control over Financial ReportingPlan the engagement.

Evaluate management’s

assessment process.

Obtain and document anunderstanding of internal control.

As part of gaining this understanding the auditor must:

1. Understand and assess

company-level controls.2. Evaluate the effectiveness of

the audit committee.

3. Identify significant

accounts.

4. Identify relevant financial

statement assertions.

5. Identify significant

processes and major classes of transactions.

6. Understand the period-end

financial reporting process.

7. Perform walkthroughs.

8. Identify controls to test.

LO# 8

7/28/2019 chapter-72746.ppt


7-14



Evaluate the management’s

assessment process.


Evaluate the design effectiveness

of internal control.

Controls are effectively designed when they prevent or

detect errors or fraud that could result in material

misstatements in the financial statements.

LO# 8

7/28/2019 chapter-72746.ppt


7-15




assessment process.




Test and evaluate the operating

effectiveness of internal control.

In testing the effectiveness of controls, the auditor needs to

consider the nature, timing , and extent of testing.

LO# 8

7/28/2019 chapter-72746.ppt


7-16

Special Consideration:

Using the Work of Others

AS2 requires the auditor to perform enough of

the audit so that his or her own work provides

the principal evidence for the auditor’s opinion.

However, a major consideration for the external

auditor is how much the work performed by

others (internal auditors or others working for

management) can be relied on in adjusting the

nature, timing, or extent of the auditor’s work.

7/28/2019 chapter-72746.ppt


7/28/2019 chapter-72746.ppt


7-18




assessment process.




Test and evaluate the operating


Form an opinion of the


The auditor should

evaluate all evidence

before forming an opinion

on internal control,

including (1) the adequacyof management’s

assessment, (2) the results

of the auditor’s evaluation,

(3) the negative results of

substantive proceduresperformed, (4) any control

deficiencies.

LO# 8

7/28/2019 chapter-72746.ppt


7-19

Written Representations

In addition to the management representations obtained

as part of a financial statement audit, the auditor also

obtains written representations from management related

to the audit of internal control over financial reporting.

Failure to obtain written

representations from

management, including

management’s refusal to

furnish them, constitutes a

limitation on the scope of the

audit sufficient to preclude an

unqualified opinion.

LO# 10

7/28/2019 chapter-72746.ppt


7-20

Auditor Documentation

Requirements

The auditor must properly document the processes,

procedures, judgments, and results relating to the audit


When an entity has effectiveinternal control over financial

reporting, the auditor should

be able to perform sufficient

testing of controls to assesscontrol risk for all relevant

assertions at a low level .

LO# 11

7/28/2019 chapter-72746.ppt


7-21

Reporting on Internal Control

Sarbanes-Oxley requires management’s description of internal control to include:

1. A statement of management’s responsibility for establishing

and maintaining adequate internal control.

2. A statement identifying the framework used by management toconduct the required assessment of the effectiveness of the

company’s internal control.

3. An assessment of the effectiveness of the company’s internal

control as of the end of the most recent fiscal year, including

an explicit statement as to whether internal control is effective.4. A statement that the public account firm that audited the

financial statements included in the annual report has issued

an attestation report on management’s assessment of internal

control.

LO# 12

7/28/2019 chapter-72746.ppt


7-22

The Auditor’s Report on Internal

Control over Financial Reporting

Once the auditor has completed the audit of internal

control, he or she must issue an appropriate report to

accompany management’s assessment, published in the

company’s annual report.

LO# 13

7/28/2019 chapter-72746.ppt


7-23

Types of Reports Relating to the

Audit of Internal Control

The auditor’s report contains opinions on two separate

items:

1) management’s assessment of the effectiveness of

internal control over financial reporting, and

2) the effectiveness of internal control over financial

reporting based on the auditor’s independent audit

work.

LO#

13 & 14

O#

7/28/2019 chapter-72746.ppt


7-24


Audit of Internal Control

Opinion

An unqualified opinion

signifies that the client’s

internal control is

designed and operating

effectively.

A qualified opinion isissued when there is a

limitation on the scope

of the auditor’s work.

A serious scope

limitation requires the

auditor to disclaim an

opinion.

An adverse opinion is

required if a material

weakness is identified.

LO#

13 & 14

7/28/2019 chapter-72746.ppt


7-25

Auditor’s Paragraph on

Internal Control

We also have audited, in accordance with the standardsof the Public Company Accounting Oversight Board(United States), the effectiveness of the Company'sinternal control over financial reporting as of December 31, 2005, based on criteria established in

Internal Control - Integrated Framework issued by theCommittee of Sponsoring Organizations of the TreadwayCommission (“COSO”), and our report dated February10, 2006, except as to the second, third and fourthparagraphs of Management’s Annual Report on InternalControl over Financial Reporting (as restated), which areas of January 19, 2007, expressed an unqualifiedopinion on management's assessment of, and anadverse opinion on the effective operation of, internalcontrol over financial reporting as of December 31, 2005.

7/28/2019 chapter-72746.ppt


7-26

Internal Control Report

Report of Independent Registered Public Accounting Firmon Internal Control Over Financial Reporting

Board of Directors and ShareownersThe Coca-Cola Company

We have audited management's assessment, included in theaccompanying Report of Management on Internal Control Over Financial Reporting, that The Coca-Cola Company and subsidiariesmaintained effective internal control over financial reporting as of December 31, 2006, based on criteria established in Internal Control —Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (the COSOcriteria). The Coca-Cola Company's management is responsible for

maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financialreporting. Our responsibility is to express an opinion onmanagement's assessment and an opinion on the effectiveness of the Company's internal control over financial reporting based on our audit.

7/28/2019 chapter-72746.ppt


7-27


We conducted our audit in accordance with the standards

of the Public Company Accounting Oversight Board(United States). Those standards require that we plan andperform the audit to obtain reasonable assurance aboutwhether effective internal control over financial reportingwas maintained in all material respects. Our auditincluded obtaining an understanding of internal control

over financial reporting, evaluating management'sassessment, testing and evaluating the design andoperating effectiveness of internal control, and performingsuch other procedures as we considered necessary in thecircumstances. We believe that our audit provides a

reasonable basis for our opinion.

7/28/2019 chapter-72746.ppt


7-28

Internal Control Report A company's internal control over financial reporting is a processdesigned to provide reasonable assurance regarding the

reliability of financial reporting and the preparation of financialstatements for external purposes in accordance with generallyaccepted accounting principles. A company's internal controlover financial reporting includes those policies and proceduresthat (1) pertain to the maintenance of records that, in reasonabledetail, accurately and fairly reflect the transactions and

dispositions of the assets of the company; (2) provide reasonableassurance that transactions are recorded as necessary to permitpreparation of financial statements in accordance with generallyaccepted accounting principles, and that receipts andexpenditures of the company are being made only in accordancewith authorizations of management and directors of the

company; and (3) provide reasonable assurance regardingprevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a materialeffect on the financial statements.

7/28/2019 chapter-72746.ppt


7-29


Because of its inherent limitations,internal control over financial reportingmay not prevent or detect misstatements.

Also, projections of any evaluation of effectiveness to future periods are subjectto the risk that controls may becomeinadequate because of changes inconditions, or that the degree of

compliance with the policies or procedures may deteriorate.

7/28/2019 chapter-72746.ppt


7-30


As indicated in the accompanying Report of Management on

Internal Control Over Financial Reporting, management'sassessment of and conclusion on the effectiveness of internalcontrol over financial reporting did not include the internalcontrols of Kerry Beverages Limited (subsequently renamedCoca-Cola China Industries Limited), Brucephil, Inc., ApollinarisGmbH and TJC Holdings (Pty) Ltd. which are included in the

2006 consolidated financial statements of The Coca-ColaCompany and subsidiaries and constituted approximately6.1 percent of the Company's consolidated total assets as of December 31, 2006 and approximately 1.6 percent of theCompany's consolidated net operating revenues for the year then ended. Our audit of internal control over financial reporting

of The Coca-Cola Company also did not include an evaluation of the internal control over financial reporting of Kerry BeveragesLimited (subsequently renamed Coca-Cola China IndustriesLimited), Brucephil, Inc., Apollinaris GmbH and TJC Holdings(Pty) Ltd.

7/28/2019 chapter-72746.ppt


7-31


In our opinion, management's assessment that

The Coca-Cola Company and subsidiariesmaintained effective internal control over financial reporting as of December 31, 2006, isfairly stated, in all material respects, based on

the COSO criteria. Also, in our opinion, TheCoca-Cola Company and subsidiariesmaintained, in all material respects, effectiveinternal control over financial reporting as of December 31, 2006, based on the COSO

criteria.

7/28/2019 chapter-72746.ppt


7-32


We also have audited, in accordance with the

standards of the Public Company AccountingOversight Board (United States), theconsolidated balance sheets of The Coca-ColaCompany and subsidiaries as of December 31,

2006 and 2005, and the related consolidatedstatements of income, shareowners' equity,and cash flows for each of the three years inthe period ended December 31, 2006, and our report dated February 20, 2007, expressed an

unqualified opinion thereon.

Atlanta, GeorgiaFebruary 20, 2007

LO# 15

7/28/2019 chapter-72746.ppt


7-33

1. A title that includes the word “independent.” 2. An identification of management’s conclusion about the

effectiveness of the company’s internal control over

financial reporting.

3. A definition of internal control over financial reporting.4. A statement that the auditor planned and performed the

audit to obtain reasonable assurance about whether

effective internal control is maintained.

5. A statement that an audit includes obtaining anunderstanding of internal control, valuating management’s

assessment of testing the design and effectiveness of

internal control and any other procedures.

LO# 15

7/28/2019 chapter-72746.ppt


7-34

Elements of the Auditor’s Report

1. A title that includes the word “independent.”

2. An identification of management’s conclusion about theeffectiveness of the company’s internal control over financial reporting.

3. A definition of internal control over financial reporting.

4. A statement that the auditor planned and performed theaudit to obtain reasonable assurance about whether effective internal control is maintained.

5. A statement that an audit includes obtaining anunderstanding of internal control, valuatingmanagement’s assessment of testing the design andeffectiveness of internal control and any other procedures.

7/28/2019 chapter-72746.ppt


7-35

Elements of the Auditor’s Report

6. A paragraph stating that internal control maynot prevent or detect misstatements becauseof inherent limitations.

7. The auditor’s opinion on whether management’s assessment of theeffectiveness of internal control is fairly stated.

8. The auditor’s opinion on whether the companymaintained effective internal control.

LO# 15

7/28/2019 chapter-72746.ppt


7-36


Audit of Internal ControlReport Modification Based on Control Deficiencies

Likelihood/Magnitude

of Misstatement

Type of

Audit Report

Inconsequentialdeficiency

Significant

deficiency

Material

weakness

Unqualified

opinion

Adverse

opinion

LO# 15

LO# 15

7/28/2019 chapter-72746.ppt


7-37


Audit of Internal ControlReport Modification Based on Scope Limitation

Reason for

Scope Limitation

Type of

Audit Report

Minor effect

Management imposed/

more than minor effect

Sever

limitation

Unqualifiedopinion

Disclaim

opinion or

withdraw

Qualified

opinion

LO# 16

7/28/2019 chapter-72746.ppt


7-38

Modifications to Unqualified Report

on Effectiveness of Internal Control

The auditor should modify the standard report if any of

the following conditions exists:

•There is a material weakness in the company’s internal control

over financial reporting.

•There is a restriction on the scope of the engagement.

•The auditor decides to refer to the report of other auditors as

the basis, in part, for the auditor’s own report.

• A significant subsequent event has occurred since the date

being reported on.

•There is other information contained in management’s report

on internal control.

LO# 17

7/28/2019 chapter-72746.ppt


7-39

Additional Required Communications

in an Audit of Internal Control over

Financial Reporting

The auditor must communicate in writing to management

and the audit committee all significant deficiencies and

material weaknesses identified during the audit (AS2).

This communication should be made prior to the issuance

of the auditor’s report on internal control over financial

reporting. In addition, the auditor should communicate to

management, in writing, all control deficiencies identifiedduring the audit and inform the audit committee when

such a communication has been made.

LO# 18

7/28/2019 chapter-72746.ppt


7-40

Integrating the Audits of Internal

Control and Financial Statements

An integrated audit is composed of the audits of internal

control and the financial statements. The control testing

impacts the planned substantive procedures. Also, the

results of the substantive procedures are considered inthe evaluation of internal control.

Tests of internal

control

Substantiveaudit

procedures

LO# 18

7/28/2019 chapter-72746.ppt


7-41

Effect of the Audit of Internal Control

on the Financial Statement Audit

When the auditor performs an integrated audit, he or

she will have access to a large amount of information

about the client’s controls. This information can make

the financial statement audit more efficient and resultin reduced substantive procedures.

Regardless of the level of control risk

in connection with the audit of the

financial statements, auditingstandards require the auditor to

perform some substantive

procedures for all significant accounts

and disclosures.

LO# 18

7/28/2019 chapter-72746.ppt


7-42

Effect of the Financial Statement

Audit on the Audit of Internal ControlThe effectiveness of the audit of internal controls should

lead the auditor to determine the implications of these

findings on the financial statement audit. The auditor’s

evaluation should include:

1. Misstatements detected.

2. The auditor’s risk evaluations in connection with the

selection and application of substantive procedures,

especially those related to fraud.3. Findings with respect to illegal acts and related party

transactions.

4. Indications of management bias in making accounting

estimates and in selecting accounting principles.

Ad d M d l 1 S i l

7/28/2019 chapter-72746.ppt


7-43

Advanced Module 1: Special

Considerations for an Audit of

Internal Control

Special considerationby management

and the auditor

Using the work

of others.

Multilocations

and business

units.

Service

organizations.

Safeguarding

assets.

LO# 9

7/28/2019 chapter-72746.ppt


7-44

Using the Work of Others

In determining the extent to which the auditor may use

the work of others, the auditor should:

• Evaluate the nature of the controls

subjected to the work of others.

• Evaluate the competence and

objectivity of the individuals who

performed the work.

•Test some of the work performed by

others to evaluate the quality and

effectiveness of their work.

Testing Multiple Locations or

LO# 19

7/28/2019 chapter-72746.ppt


7-45

Testing Multiple Locations or

Business Units

Is unit individually

important?

Are there specific significant

risks?

Are there units that are not

important even when

aggregated?

Are there documented

company-level controls over

this group?

No

No

No

No

135 Evaluate documents and test

controls over significant accounts at

each location.

15 Yes

130 Evaluate documents and test

controls over specific risks.

5 Yes

No further action required.70

60 Yes

Evaluate documents and test

company-level controls over group.

Some testing of controls at

individual locations.

Yes

Total number of units = 150

LO# 20

7/28/2019 chapter-72746.ppt


7-46

Use of Service OrganizationsMany companies use service organization to

process transactions. If the service organization’s

services make up part of a company’s information

system, then they are considered part of the

information and communication component of thecompany’s internal control over financial report.

Thus, both management and the auditor must

consider the activities of the service organization.

LO# 20

7/28/2019 chapter-72746.ppt


7-47

Use of Service Organizations

Management and the auditor should perform thefollowing procedures with respect to the activities

performed by the service organization:

(1) obtain an understanding of the controls at

the service organization that are relevant to theentity’s internal control and the controls at

the user organization over the activities of

the service organization and

(2) obtain evidence that the controls whichare relevant to management’s assessment

and the auditor’s opinion are operating effectively.

LO# 21

7/28/2019 chapter-72746.ppt


7-48

Safeguarding of Assets

Safeguarding of assets is defined as policiesand procedures that “provide reasonable

assurance regarding prevention or timely

detection of unauthorized acquisition, use or disposition of the company’s assets that could

have a material effect on the financial

statements.”

7/28/2019 chapter-72746.ppt


7-49

Advanced Module 2:

Computer-Assisted Audit Techniques

Computer-assisted audit techniques include:

• Generalized audit software packages.

• Custom audit software.

• Test data.

Other techniques include parallel simulation,

integrated test facility, and concurrent auditing

techniques. These are discussed in advanced

IT auditing books.

G li d A dit S ftLO# 22

7/28/2019 chapter-72746.ppt


7-50

Generalized Audit Software

Function Description

File or data accessReads and extracts data from aclient's computer files or databases

for further audit testing.

Selection operators

Select from files or databases

transactions that meet certain

criteria.

Arithmetic functions

Perform a variety of arithmetic

calculations (addition, subtraction,

and so on) on transactions, files, and

databases.

Statistical analyses Provide functions supporting varioustypes of audit sampling.

Report generationPrepares various types of documents

and reports.

LO# 22

7/28/2019 chapter-72746.ppt


7-51

Custom Audit Software

Custom audit software is generally written byauditors for specific audit tasks.

It may be required when the client’s computer

system is not compatible with the auditor’s

generalized audit software.

Custom software:

(1) Is expensive to develop.(2) Requires extended development time.

(3) Is limited in scope of functions.

T DLO# 22

7/28/2019 chapter-72746.ppt


7-52

Test Data

This is data developed by the auditor to test

the application controls in the client’scomputer programs. The technique can be

used to check

1.data validation controls and error detection routines,

2.processing logic controls,

3.arithmetic calculations, and

4. the inclusion of transactions in

records, files, and reports.

7/28/2019 chapter-72746.ppt


7-53

Test Data

The objective of this method is to insure theaccuracy of the computer processing of

transactions.

This technique can be used to check:

1. Data validation controls and error detection

routines.

2. Processing logic controls.

3. Arithmetic calculations.

4. Inclusion of transactions in records, files, and

reports.

7/28/2019 chapter-72746.ppt


7-54

Test Data

The main advantage of this method is that it provides

direct evidence of the effectiveness of controls in the

client’s application programs.

However, it has a number of potential disadvantages:

1. It can be very time consuming to create the data.2. The auditor may not be certain that all relevant

conditions or controls are tested.

3. The auditor must be certain that the test data are

processed using the client’s regular production

programs.

4. The auditor must be sure to remove the valid test

data from the client’s files.

7/28/2019 chapter-72746.ppt


7-55

Integrated Test Facility

Auditor merges it data with client live data.

The advantage is that the auditor probably has

greater assurance that he/she is testing the

program(s) that the client actually uses.

The auditor must be sure to remove the test

data from the client’s files. If the auditor is

testing a payroll application, I would hate tohave the client pay social security and

Medicare taxes based on test data.

C t A i t d A dit

7/28/2019 chapter-72746.ppt


7-56

Computer-Assisted Audit

Techniques - Substantive Tests

Generalized audit software (GAS)

1. Can be used on a number of different computersand can access files with may differing file/record

formats.

2. Auditor does not have to have a completeunderstanding of the client's hardware andsoftware features.

3. Each different generalized software system has itsown characteristics which the auditor mustcarefully consider before using in a given auditsituation.

C t A i t d A dit

7/28/2019 chapter-72746.ppt


7-57



Advantages of using computer audit software:

1. Can be used to access client data that is maintained on

client files, especially since some client data that is of

interest to the auditor may exist only temporarily and

only in machine-readable form.

2. Utilize the speed and accuracy of the computer.

3. Can deal effectively with large quantities of data.

4. Can reduce the auditor's reliance on client ITpersonnel.

5. Can produce (not always) efficiencies in the audit. This

is especially true where applications can be used in

ensuing years with little or no modifications.

C t A i t d A dit

7/28/2019 chapter-72746.ppt


7-58



Types of audit tasks (tests) that may be performed

using computer audit software systems include:

1. Selecting and printing confirmations.

2. Selecting and printing audit samples For example, selecting a sample of inventory items

for the purpose of performing pricing tests.

3. Comparing data on separate files to determine if

the data agree For example, comparing theunits of measure on the perpetual inventory file

with the physical count file to see if they agree

for each inventory item.

C t A i t d A dit

7/28/2019 chapter-72746.ppt


7-59



4. Summarizing and analyzing data For example,

footing the accounts receivable or perpetual

inventory files or aging accounting receivable.

5. Examining records for quality (i.e., completeness,consistency, valid conditions, etc.) For example,

determining all inventory accounts with zero or

negative unit cost amounts or customer records

for which accounts balances exceed credit limits.

6. Testing calculations and making computations

For example, recalculating extensions for

inventory items and comparing these with the

client's values per the inventory file.

7/28/2019 chapter-72746.ppt


7-60



7. Resequencing records on the computer For example, resequencing inventory itemson the inventory file by location in order to

facilitate test counts of a sample selectedfrom those items.

8. Comparing data on a computer file withdata obtained through other audit

procedures For example, comparinginventory test counts with the respectiveinventory quantities per the inventorymaster file.

U f Mi t

7/28/2019 chapter-72746.ppt


7-61

Use of Microcomputers as an

Audit Tool Microcomputer software has been developed to improve the

efficiency and effectiveness of the audit.

Many types of microcomputer audit software are available toaid in the performance of audit procedures that otherwise

would be performed manually.

Types of microcomputer software used on audits include thefollowing:

1. Electronic spreadsheets programs

2. Trial balance and workpaper generation programs3. Audit program and audit correspondence generator

programs

4. Engagement management programs.

5. Data retrieval and conversion programs

Potential Benefits of Using a

7/28/2019 chapter-72746.ppt


7-62


Microcomputer as an Audit Tool1. Time may be saved by eliminating manual footing,

crossfooting, and other routine comparisons.

2. Calculations, comparisons, and other data manipulationsare more accurately performed.

3. Staff morale and productivity may be improved by

reducing the time spent on clerical tasks such as footingand ticking.

4. The scope of analytical procedures may be broadened.For example, compute ratios or compute ratios for morethan just the current and prior years.

5. Calculating the results analytical procedures may bemore efficiently performed.

6. Graphics capabilities may allow the auditor to generate,display, and evaluate various financial and nonfinancial

relationships graphically.


7/28/2019 chapter-72746.ppt


7-63


Microcomputer as an Audit Tool

7. Facilitate audit sampling by determining optimum samplesize for required levels of precision and reliability andgenerating random numbers.

8. Prepare and revise flowcharts which depict the flow of transactions in a client's system.

9. Potential weaknesses in a client's internal accountingcontrol system may be more readily identified.

10. Allow easier creation of customized working papers.

11. Computer-generated working papers are generally morelegible and consistent.

12. Supervisory-review time may be reduced.

13. Client's personnel may not need to manually prepare asmany working paper schedules.

P t ti l B fit f U i

7/28/2019 chapter-72746.ppt


7-64


Microcomputer as an Audit Tool

14. Allow easier storing & accessing of working papers.

15. Generate and analyze engagement managementinformation such as time budgets and comparisons of actual time vs. budgeted time.

16. Assign personnel to engagements.

17. Allow easier generation of custom audit programs.

18. Allow easier generation and modification of standardizedaudit correspondence such as engagement letters, clientrepresentation letters, and attorney letters.

19. Allow access to and perform audit tests on client datathat are stored in computer files.

7/28/2019 chapter-72746.ppt


End of Chapter 7

chapter-72746.ppt

Documents

Transcript of chapter-72746.ppt