Session 04 - Internal Control and Corporate Governance

7/29/2019 Session 04 - Internal Control and Corporate Governance

http://slidepdf.com/reader/full/session-04-internal-control-and-corporate-governance 1/28

BA 120.1 Auditing Theory

Internal Control and Corporate Governance



Today’s Class Activities – July 7, 14, and 21 (Exam)

Class groups

Internal control over financial reporting Components of internal control

Common internal control actvities

Corporate governance and audits Corporate governance defined

Responsibilities of audit committees

Required communications between audit firm and audit committees

Relationship between corporate governance and audit risk

Generally accepted auditing and attestation standards

“Non-recorded” Exercise



Activities: Next 3 sessions July 7: Internal Control and Corporate Governance

July 14: Overall review for the exam (+ graded

recitation) We will start at 2pm.

uly 21: First Long Examination

1:45pm – 4pm (Exam Proper)

4:15pm – 5:15pm (Discussion)



Review: Materiality Based on PSA 320, A47:

The concept of materiality is applied by the auditor both

in planning and performing the audit, and in evaluating the

effect of identified misstatements on the audit and of

uncorrected misstatements, if any, on the financial

statements and in forming the opinion in the auditor’sreport.



Review: Performance Materiality A student took an admission in an auditing course. Course

contains 60 lectures in total. In order to qualify for exam

entrance, students have to fulfil attendance criteria, i.e.student can be absent from 10 lectures as a whole but not

more than 1 lecture in a week.

Overall Financial Statement Materiality, Planning Materiality,Tolerable Mistatements, and Posting Materiality?

Inverse relationship between materiality and audit risk?



LESSON STRUCTURE

PSA 315

Understanding

the Entity and

Assessing Client

Acceptance and

Retention Decisions

Understanding

the Client

Obtaining

Substantive

Evidence

Wrapping

Up the

Audit

PSA 330

The Auditor’s

Responses to

PSA 200

Overall

Objectives of

Obtaining

Evidence

about Controls

its

Environment

and Assessing

the Risks of

Material

Misstatement

Assessed RisksIndependentAuditor

PSA 260

Communication with Those

Charged with Governance

PSA 265

Communicating Deficiencies in Internal

Control to those Charged with Governance

and Management



What is internal control?

PSA 315 (Redrafted), 4c:

The process designed, implemented and maintained bythose charged with governance, management and other

personnel to provide reasonable assurance about the

achievement of an entit ’s ob ectives with re ard to

reliability of financial reporting, effectiveness and efficiencyof operations, and compliance with laws and regulations.



What is internal control?

PSA 315 (Redrafted), A40:

Internal control is designed, implemented, and maintained toaddress identified business risks that threaten the

achievement of any of the entity’s objectives that concern:

’

The effectiveness and efficiency of its operations; and

Its compliance with applicable laws and regulations.

The way in which internal control is designed, implemented

and maintained varies with an entity’s size and complexity.



Components of internal controlBased on PSA 315, A47:

The control environment

The entity’s risk assessment process

The information system, including the related business

, ,

communication

Control activities

Monitoring of controls



The Control EnvironmentBased on PSA 315, A65:

Includes the governance and management functions and the

attitudes, awareness, and actions of those charged with

governance and management concerning the entity’s

internal control and its importance in the entity. The

control environment sets the tone of an organization,influencing the control consciousness of its people.



The Control Environment - elementsBased on PSA 315, A65:

Communication and enforcement of integrity and ethical

values

Commitment to competence

Management’s philosophy and operating style

Organizational structure

Assignment of authority and responsibility Human resources policies and practices

Example Code of Conduct



The Control Environment A strong control environment is the first, and most

important, line of defense against the risks related to the

accuracy and completeness of financial statements.

However, a strong control environment cannot reduce all

the financial reporting risks to zero. Therefore, management

must implement specific control activities to minimizemisstatements in the financial records.



Risk assessment Involves identification and analysis of the risks of material

misstatement in financial reports.



Risk assessmentRisk can arise or change due to the following circumstances:

Changes in operating environment

New personnel

New or revamped information systems

New technology

New business models, products, or activities

Corporate restructurings

Expanded foreign operations

New accounting pronouncements



Information and CommunicationPSA 315, A77: Information system consists of the procedures

and records designed and established to:

Initiate, record, process and report entity transactions Resolve incorrect processing of transactions

Process and account for system overrides or bypasses to controls

Transfer information from transaction processing systems to the general ledger

Capture information relevant to financial reporting for events and

conditions other than transactions

Ensure information required to be disclosed by the applicable

financial reporting framework is accumulated, recorded, processed,

summarized and appropriately reported in the FS.



Information and CommunicationInformation and communication usually involves a two-way

flow:

From top management to the rest of the organization

From the bottom up, communicating economic

information as well as deviations from the or anization’s

policies (including whistleblower system).



Control activitiesControl activities are the policies and procedures that are

established to assist organizations in accomplishing

objectives and mitigating risks.

Control activities involve two elements:

(a) The design and implementation of the controlsincluding a description of how the control activities

operate; and

(b) The operation of the controlsSample control

register



Preventive vs. Detective Controls Preventive controls are designed to prevent the

occurrence of a misstatement.

Access controls Edit controls

Detective controls provide evidence on whether

processing has been effective in preventing errors. Reconciliation controls



Control activities Authorization

Performance reviews.

Information processing.

Physical controls.

.



Monitoring A process to assess the effectiveness of internal control

performance over time.

Management accomplishes this through ongoing activities,separate evaluations, or a combination of the two.

Internal auditing is often considered a highly effective

mon or ng con ro .



IT Controls integrated into Internal Control General Computer Controls (General-IT controls).

Planning and controlling the data processing function

Controlling applications development and changes to programsand/or data files and records

Controlling access to equipment, data, and programs

Assuring business continuity such that control failures do notaffect data or programs

Controlling data transmission

Application Controls

Input controls

Processing controls

Output controls



Auditor Evaluation of Internal Controls In determining control risk, the auditor will assess control

risk on a scale from high (weak controls) to low (strong

controls). Refer to Exhibit 5.10 (textbook)

Test of controls

Design effectiveness

Operating effectiveness

Substantive tests



What is Corporate Governance?A process by which the owners and creditors of an

organization exert control and require accountability for

the resources entrusted to the organization.

PSA 260 has defined two groups who have responsibilities and

accountabilities as far as corporate governance is concerned:Those charged with governance

Management



Role of Audit CommitteesA standing committee of the board of directors whose

purpose is to oversee the accounting and financial reporting

processes of the company and the financial statementaudits.

Primary responsibilities: Provide oversight of the accounting and financial reporting

processes and of the financial statement audits;

Appoint, compensate, and oversee the external auditor,

including approving any non-audit services to be provided by the

external auditor.

Ensure that the board establishes a whistleblower program.



Matters to be communicatedThe auditor’s responsibilities in relation to the financial

statement audit;

Planned scope and timing of the audit; Significant findings from the audit;

Significant deficiencies in the internal control

Auditor independence



Communication processAuditor shall communicate with those charged with

governance the form, timing, and expected general content of the

communications. Forms of Communication

In writing, when:

,

be adequate Disclosing auditor independence for audited listed entities, as stated in

paragraph 13 of PSA 260.

Significant deficiencies in internal control (shall also discuss this with

management), as stated in PSA 265. Specific legislature or law requires it.



Exercise

Internal Control and Corporate Governance

Session 04 - Internal Control and Corporate Governance

Documents

Transcript of Session 04 - Internal Control and Corporate Governance