THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small,...
-
Upload
arthur-hawkins -
Category
Documents
-
view
215 -
download
0
Transcript of THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small,...
![Page 1: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/1.jpg)
THE STUDY & EVALUATION OF
INTERNAL CONTROL
![Page 2: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/2.jpg)
• Definition• Professional Standards• Data-Oriented
Small, simple systemsWeaker controls
• System-OrientedLarge, complexStrong controls
• Advanced Systems or Audits
SYSTEMS-ORIENTED vs DATA-ORIENTED
![Page 3: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/3.jpg)
Chronology of an Audit of Computer-based
Accounting System
document systems and
controls
plan and perform tests of systems and controls
assess and document
adequacy of systems and
controls
extend tests of systems, transactions
and/or balances
internal control letter
use of/provide third party report for service bureau
![Page 4: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/4.jpg)
Chronology of an Audit of a
Computer-based Accounting System
Documentsystems and
controls
Plan andperform testsof systems
and controls
Assess anddocument
adequacy ofsystems and
controls
Extend testsof systems,transactions
and/orbalances
InternalControl letter
![Page 5: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/5.jpg)
• Understand and document IT environment
• Review and document application• Perform “walk - throughs”
DOCUMENT SYSTEMS & CONTROLS
![Page 6: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/6.jpg)
• IT Strategic Plan• IT Business Plan• Organization Chart• Information Security Policy• Technology Summary• Application Summary
DOCUMENT IT ENVIRONMENT
![Page 7: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/7.jpg)
• Change Controls• Logical access controls• Business continuity plans• System development policies• Operation policies and procedures
DOCUMENT IT ENVIRONMENT
![Page 8: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/8.jpg)
• Prepare Summary Flowchart• Detailed flowcharts• Narrative description• Summary Processing Chart• Summary Run Structure Chart
REVIEW & DOCUMENT APPLICATION
![Page 9: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/9.jpg)
Document Systems and Controls
• document
• applications,
hardware, software,
how EDP costs are accounted for/allocations,
organization, policies and procedures, and any
special risks
• review general computer controls
• document the results of the review
![Page 10: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/10.jpg)
Document Systems and Controls
• document application processing procedures• prepare/update summary flowchart then manual phase
• document computer processing phase• update of master files,
• summarization of data,
• arith calcs,
• sorting/merging data,
• extraction of data from one/more files
• printing
• prepare EDP processing report
![Page 11: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/11.jpg)
• Confirm understanding of system • Tests should cover:
key transactions typesrelated control informationerror correction procedures
LIMITED TESTS OR “WALK-THROUGHS”
![Page 12: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/12.jpg)
Document Tests of Transaction Flows
• do walk-throughs • to ensure that documentation accumulated to
date reflects actual system in place• trace computer phase
• recalc invoices, test ageing• trace control info and balance procedures
• obtain and check batch totals
![Page 13: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/13.jpg)
Document Tests of Transaction Flows
• trace error correction procedures• select a few errors and check back to original source documents
• done to determine nature and
that error was identified on exception report
• ensure properly rejected and properly corrected
![Page 14: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/14.jpg)
• Identify risks - ‘What Could Go Wrong’
• Identify controls to mitigate risks• Design appropriate tests• Document test results
PERFORM TESTS OF SYSTEMS & CONTROLS
![Page 15: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/15.jpg)
• What is the control objective• What could happen to defeat objective• Is there significant risk• Identify key controls
WHAT COULD GO WRONG
![Page 16: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/16.jpg)
• Identify controls to rely on• High level versus low level controls• Controls covering multiple control
objective• Interdependency of Controls
DESIGN APPROPRIATE TESTS
![Page 17: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/17.jpg)
• Review of Error/Exception Reportsstarts with reported errorpoint in time testuse of suspense accounts
• Replicate data entry• Recompute procedure• Use of test data
PROGRAMMED ACCOUNTING PROCEDURES & CONTROLS
![Page 18: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/18.jpg)
1. Interval testing
2. Reliance on Program Change Controlsauthorisedtestedimplemented correctly
EXTENT OF PROGRAMMED CONTROL TESTING
![Page 19: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/19.jpg)
• Make clear it is programmed controls• Extent of tests• Reliance on change control
DOCUMENTATION OF TESTS
![Page 20: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/20.jpg)
• Objective is to assess overall adequacy of internal control in areas to be relied on
• Assessment made at both general controls and application controls levels
ASSESS ADEQUACY OF SYSTEMS & CONTROLS
![Page 21: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/21.jpg)
• Has each primary control objective been achieved
• If not:document on weakness evaluation scheduleassess impact on individual applications
• Direct impact objectives:logical access controlsprogram change controls
EVALUATE GENERAL CONTROLS
![Page 22: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/22.jpg)
• Use of Evaluation Guides• Could material error occur?• Id. system efficiencies
ADEQUACY OF CONTROLS BY SYSTEM
![Page 23: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/23.jpg)
Planning and Performing Tests of Systems
and Controls • determine whether reliance warranted
• cost/benefit vs substantive
• ID key controls where reliance is appropriate
• consider overlapping manual controls
• look at related application controls
![Page 24: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/24.jpg)
Planning and Performing Tests of Systems
and Controls •design and record tests
• arith accuracy (prog errors would be the cause)
• key totals having no documentary evidence (such as review/existence of a control group)
• key controls evidenced by completed accounting routines (monthly totals, error logs)
• key controls evidenced by signatures,initials (initially master file changes)
![Page 25: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/25.jpg)
Assessing and Documenting Adequacy of
Systems and Controls• evaluate adequacy of general and financial controls
• use computer control evaluation guide
• assess impact of deficiencies
• use control weakness evaluation schedule
• evaluate adequacy of controls in each major system
• application controls
• master file changes, data controls, error controls
• use application control evaluation guide
• document conclusions
![Page 26: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/26.jpg)
• General Computer Control Weaknesses• Application Control Weakness
reliance on preventive controlsreliance on detective controls
• Absent Control vs Ineffective Control• Specific period control breakdown• Reporting to management
EXTENDED TESTS & REPORTING
![Page 27: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/27.jpg)
Extended Tests of Systems, Transactions,
Balances
• general control weaknesses • must evaluate in light of each accounting application
• if preventive -
• need to look at associated detective controls
• if detective-
• may need to do procedure to check for evidence of errors
• CAATs, review transactions, reconciliations
• entire - vs specific period
![Page 28: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/28.jpg)
Internal Control Letter
• basic information• risks• service opportunities
• general control weaknesses
• application control weaknesses
• practical recommendations
![Page 29: THE STUDY & EVALUATION OF INTERNAL CONTROL. Definition Professional Standards Data-Oriented Small, simple systems Weaker controls System-Oriented.](https://reader035.fdocuments.in/reader035/viewer/2022062517/56649ee55503460f94bf4f54/html5/thumbnails/29.jpg)
Chronology of an Audit of a
Computer-based Accounting System
Documentsystems and
controls
Plan andperform testsof systems
and controls
Assess anddocument
adequacy ofsystems and
controls
Extend testsof systems,transactions
and/orbalances
InternalControl letter