Summary Chapter10
-
Upload
allaboutbookslover -
Category
Documents
-
view
214 -
download
0
Transcript of Summary Chapter10
7/29/2019 Summary Chapter10
http://slidepdf.com/reader/full/summary-chapter10 1/3
Summary: Chapter 10 – Auditor of internal control & control risk
October 5, 2009
IC objectives
3 broad objectives : Reliability of financial reporting, efficiency and effectiveness of operations,
compliance with laws and regulations.
Management and auditor responsibilities for internal control
Management – establish and maintain the entity’s internal control that
1. provide reasonable, but not absolute, assurance that FS are fairly stated
2. inherent limitation – IC can never be completely effective. Its effectiveness depends on
the competency and dependability of people using it.
Section 404 – mgt of all public co .to issue an internal control report stated that
- mgt is responsible for establishing and maintaining and adequate IC structure and
procedures for financing report
- an assessment of effectiveness and efficiency of IC (dealing with the design of IC and
operating effectiveness of control)
Also prepare FS in accordance with GAAP, identify framework used to evaluate the
effectiveness and efficiency, which is called COSO.
Auditor – understand IC (business and environment) to assess risk of materially misstatement.
The auditor concerns about
1. Control over the reliability of financial reporting
2. Control over classes of transactions.
COSO Component of internal control5 components of IC that mgt designs and implements to provide reasonable assurance.
1. Control environment : actions, policies, and procedures that reflect overall attitudes of top
mgt, directors, owners. Auditor should consider
- Integrity and ethical values
- Commitment to competence
- BOD or audit committee participation
- Mgt. philosophy and operating style
- Organization structure
- HR policies and practices
2. Risk assessment
3. Control activities :
- Adequate separation of duties
- Proper authorization of transactions and activities
- Adequate doc. and records
- Physical control over assets and records
- Independence checks on performance
1 of 3
7/29/2019 Summary Chapter10
http://slidepdf.com/reader/full/summary-chapter10 2/3
4. Information and communication
5. Monitoring
Obtain and document understanding of internal control
Procedures to obtain an understanding : gathering evidence about design of IC and
whether they have been implemented.
3 types of documents to obtain and document the understanding :
1. narrative (describe: original of every doc. And record in the system, all processing
that takes place, deposition of every doc. , and record in the system, indication of the
controls relevant to the assessment of control risk)
2. Flowchart
3. IC questionnaire
How to evaluate IC implementation
1. Update & evaluate auditor’s previous experience w/ the entity
2. Make inquiries of client personnel3. Examine doc. and records
4. Observe entity activities and ops
5. Perform walkthroughs of the accounting system
Assess control risk – design whether the entity is auditable.
2 factors determine auditability : integrity if mgt and adequacy of accounting records
1. Assess whether the FS are auditable
2. Determine assessed CR supported by the understanding obtained, assuming the controls
are being followed.
3. Use of a CR Matrix to assess CR :How to assess CR
- Identify audit objectives
- Indentify existing controls
- Associate controls with related audit objectives
- Identify & evaluate control deficiencies, significant deficiencies, and material
weaknesses by identifying existing controls, identifying the absence of key controls,
consider the possibility of compensating controls, deciding whether there is a significant
deficiency or material weakness, determining potential misstatements that could result.
Test of controls
Procedures for test controls
1. Make enquiries of appropriate client personnel
2. Examine doc., records, and reports
3. Observe control-related activities
4. Reperform client procedures
Extent of procedures
2 of 3
7/29/2019 Summary Chapter10
http://slidepdf.com/reader/full/summary-chapter10 3/3
1. Reliance on evidence from prior year’s audit
2. Testing of control related to significant risks
3. Testing less than the entire audit period
Decide planned detection risk and design substantive tests
Section 404 reporting on internal control
Types of opinions
1. Unqualified when : no identified material weakness, no restrictions on the scope of the
auditor’s work
2. Adverse when : material weakness exist.
3. Qualified or disclaimer when: auditor is unable to determine if there are material
weakness, due to restriction on the scope of the audit of IC.
Evaluating, reporting, and testing internal control for nonpublic companiesWhat difference from public co.
1. Reporting requirements – no requirement for nonpublic co.
2. Extent of required ICs – Mgt is responsible for establishing adequate IC in nonpublic co.
like mgt. in public co.
3. Extent of understanding needed – auditor only asses to see whether the statements are
auditable and to evaluate environment for mgt’s attitude toward IC.
4. Assessing CR – the assessment of CR at maximum for any or all control-related
objectives when IC for the objective or objectives are nonexistent or ineffective.
5. Extent of tests of controls needed – auditor will not perform tests of controls when the
auditor assesses CR at maximum because of inadequate controls. .
3 of 3