Session XVII IMPROVING CORPORATE GOVERNANCE THROUGH INTERNAL CONTROL MECHANISM.
Session 04 - Internal Control and Corporate Governance
-
Upload
earl-anthony-villacarlos-bautista -
Category
Documents
-
view
212 -
download
0
Transcript of Session 04 - Internal Control and Corporate Governance
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 1/28
BA 120.1 Auditing Theory
Internal Control and Corporate Governance
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 2/28
Today’s Class Activities – July 7, 14, and 21 (Exam)
Class groups
Internal control over financial reporting Components of internal control
Common internal control actvities
Corporate governance and audits Corporate governance defined
Responsibilities of audit committees
Required communications between audit firm and audit committees
Relationship between corporate governance and audit risk
Generally accepted auditing and attestation standards
“Non-recorded” Exercise
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 3/28
Activities: Next 3 sessions July 7: Internal Control and Corporate Governance
July 14: Overall review for the exam (+ graded
recitation) We will start at 2pm.
uly 21: First Long Examination
1:45pm – 4pm (Exam Proper)
4:15pm – 5:15pm (Discussion)
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 4/28
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 5/28
Review: Materiality Based on PSA 320, A47:
The concept of materiality is applied by the auditor both
in planning and performing the audit, and in evaluating the
effect of identified misstatements on the audit and of
uncorrected misstatements, if any, on the financial
statements and in forming the opinion in the auditor’sreport.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 6/28
Review: Performance Materiality A student took an admission in an auditing course. Course
contains 60 lectures in total. In order to qualify for exam
entrance, students have to fulfil attendance criteria, i.e.student can be absent from 10 lectures as a whole but not
more than 1 lecture in a week.
Overall Financial Statement Materiality, Planning Materiality,Tolerable Mistatements, and Posting Materiality?
Inverse relationship between materiality and audit risk?
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 7/28
LESSON STRUCTURE
PSA 315
Understanding
the Entity and
Assessing Client
Acceptance and
Retention Decisions
Understanding
the Client
Obtaining
Substantive
Evidence
Wrapping
Up the
Audit
PSA 330
The Auditor’s
Responses to
PSA 200
Overall
Objectives of
Obtaining
Evidence
about Controls
its
Environment
and Assessing
the Risks of
Material
Misstatement
Assessed RisksIndependentAuditor
PSA 260
Communication with Those
Charged with Governance
PSA 265
Communicating Deficiencies in Internal
Control to those Charged with Governance
and Management
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 8/28
What is internal control?
PSA 315 (Redrafted), 4c:
The process designed, implemented and maintained bythose charged with governance, management and other
personnel to provide reasonable assurance about the
achievement of an entit ’s ob ectives with re ard to
reliability of financial reporting, effectiveness and efficiencyof operations, and compliance with laws and regulations.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 9/28
What is internal control?
PSA 315 (Redrafted), A40:
Internal control is designed, implemented, and maintained toaddress identified business risks that threaten the
achievement of any of the entity’s objectives that concern:
’
The effectiveness and efficiency of its operations; and
Its compliance with applicable laws and regulations.
The way in which internal control is designed, implemented
and maintained varies with an entity’s size and complexity.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 10/28
Components of internal controlBased on PSA 315, A47:
The control environment
The entity’s risk assessment process
The information system, including the related business
, ,
communication
Control activities
Monitoring of controls
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 11/28
The Control EnvironmentBased on PSA 315, A65:
Includes the governance and management functions and the
attitudes, awareness, and actions of those charged with
governance and management concerning the entity’s
internal control and its importance in the entity. The
control environment sets the tone of an organization,influencing the control consciousness of its people.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 12/28
The Control Environment - elementsBased on PSA 315, A65:
Communication and enforcement of integrity and ethical
values
Commitment to competence
Management’s philosophy and operating style
Organizational structure
Assignment of authority and responsibility Human resources policies and practices
Example Code of Conduct
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 13/28
The Control Environment A strong control environment is the first, and most
important, line of defense against the risks related to the
accuracy and completeness of financial statements.
However, a strong control environment cannot reduce all
the financial reporting risks to zero. Therefore, management
must implement specific control activities to minimizemisstatements in the financial records.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 14/28
Risk assessment Involves identification and analysis of the risks of material
misstatement in financial reports.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 15/28
Risk assessmentRisk can arise or change due to the following circumstances:
Changes in operating environment
New personnel
New or revamped information systems
New technology
New business models, products, or activities
Corporate restructurings
Expanded foreign operations
New accounting pronouncements
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 16/28
Information and CommunicationPSA 315, A77: Information system consists of the procedures
and records designed and established to:
Initiate, record, process and report entity transactions Resolve incorrect processing of transactions
Process and account for system overrides or bypasses to controls
Transfer information from transaction processing systems to the general ledger
Capture information relevant to financial reporting for events and
conditions other than transactions
Ensure information required to be disclosed by the applicable
financial reporting framework is accumulated, recorded, processed,
summarized and appropriately reported in the FS.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 17/28
Information and CommunicationInformation and communication usually involves a two-way
flow:
From top management to the rest of the organization
From the bottom up, communicating economic
information as well as deviations from the or anization’s
policies (including whistleblower system).
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 18/28
Control activitiesControl activities are the policies and procedures that are
established to assist organizations in accomplishing
objectives and mitigating risks.
Control activities involve two elements:
(a) The design and implementation of the controlsincluding a description of how the control activities
operate; and
(b) The operation of the controlsSample control
register
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 19/28
Preventive vs. Detective Controls Preventive controls are designed to prevent the
occurrence of a misstatement.
Access controls Edit controls
Detective controls provide evidence on whether
processing has been effective in preventing errors. Reconciliation controls
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 20/28
Control activities Authorization
Performance reviews.
Information processing.
Physical controls.
.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 21/28
Monitoring A process to assess the effectiveness of internal control
performance over time.
Management accomplishes this through ongoing activities,separate evaluations, or a combination of the two.
Internal auditing is often considered a highly effective
mon or ng con ro .
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 22/28
IT Controls integrated into Internal Control General Computer Controls (General-IT controls).
Planning and controlling the data processing function
Controlling applications development and changes to programsand/or data files and records
Controlling access to equipment, data, and programs
Assuring business continuity such that control failures do notaffect data or programs
Controlling data transmission
Application Controls
Input controls
Processing controls
Output controls
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 23/28
Auditor Evaluation of Internal Controls In determining control risk, the auditor will assess control
risk on a scale from high (weak controls) to low (strong
controls). Refer to Exhibit 5.10 (textbook)
Test of controls
Design effectiveness
Operating effectiveness
Substantive tests
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 24/28
What is Corporate Governance?A process by which the owners and creditors of an
organization exert control and require accountability for
the resources entrusted to the organization.
PSA 260 has defined two groups who have responsibilities and
accountabilities as far as corporate governance is concerned:Those charged with governance
Management
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 25/28
Role of Audit CommitteesA standing committee of the board of directors whose
purpose is to oversee the accounting and financial reporting
processes of the company and the financial statementaudits.
Primary responsibilities: Provide oversight of the accounting and financial reporting
processes and of the financial statement audits;
Appoint, compensate, and oversee the external auditor,
including approving any non-audit services to be provided by the
external auditor.
Ensure that the board establishes a whistleblower program.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 26/28
Matters to be communicatedThe auditor’s responsibilities in relation to the financial
statement audit;
Planned scope and timing of the audit; Significant findings from the audit;
Significant deficiencies in the internal control
Auditor independence
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 27/28
Communication processAuditor shall communicate with those charged with
governance the form, timing, and expected general content of the
communications. Forms of Communication
In writing, when:
,
be adequate Disclosing auditor independence for audited listed entities, as stated in
paragraph 13 of PSA 260.
Significant deficiencies in internal control (shall also discuss this with
management), as stated in PSA 265. Specific legislature or law requires it.
7/29/2019 Session 04 - Internal Control and Corporate Governance
http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 28/28
Exercise
Internal Control and Corporate Governance