Overview - Gatton College of Business and Economics
Download
Report
Transcript Overview - Gatton College of Business and Economics
Auditors’ Responsibilities For Internal
Control—AU 319
Understanding The Internal
Control Structure
Policies And Procedures That Increase
Likelihood That Financial Statements Will
Be Prepared In Accordance With GAAP
Generally Only Concerned With Financial
Data
Purpose Of Obtaining An
Understanding
Identify Types Of Potential Misstatements
Determine Risk Of Misstatements
Design Substantive Tests
Responsibility Of The Auditor Is To
Determine Whether Internal Control Policies
And Procedures Are Being Used—not The
Effectiveness Of The Controls
Must Understand
Classes Of Significant Transactions
How Transactions Are Initiated
Accounting Records, Supporting Documents,
Machine-readable Information And Specific
Accounts Involved
Accounting Process
From Initiation To Inclusion In Financial Statements
Financial Reporting Process
Procedures
Previous Workpapers
Inquiries
Inspection Of Documents And Records
Observation Of Activities And Operations
Documenting The Auditor’s Understanding Of
The Internal Control Structure
Flowcharts
Questionnaires
Narrative Descriptions
Assessing Control Risk
“The Assessment Of The Level Of Control
Risk Provides The Auditor With A General
Strategy For Planning The Remaining
Internal Control Structure Evaluation.’
Tests Of Controls
Depends On
Breadth
Of Influence
Relevance
Used To Determine Effectiveness Of
Design
Of Policies And Procedures
Operations Of Policies And Procedures
The Design Of Policies And
Procedures
Adequate To Prevent Or Detect Material
Misstatements
Steps:
– Inquiries
– Inspection Of Documents And Reports
– Observation
– Evaluation Of Documentation
Operations Of Polices And
Procedures
Who Performed
Performed Correctly?
Performed Throughout Period?
Procedures
Inquiries
Inspection Of Documents And Reports
Observation
Reperformance
Can Use The Result Of Tests Of Prior Audits
Consider Control Environment
Reportable Conditions
Matters Coming To The Auditor’s Attention That In
His/Her Judgment Should Be Communicated To The Audit
Committee Because They Represent Significant
Deficiencies In The Design Or Operation Of The Internal
Control Structure, Which Could Adversely Affect The
Organization’s Ability To Record, Process Summarize, And
Report Financial Data Consistent With The Assertions Of
Management In The Financial Statements
PCAOB Proposed Standard
Auditor Attests To Management’s Assessment
Not A Separate Engagement
Integrated Audit Of Internal Control And Financial
Statements
Objective—”to Form An Opinion As To Whether
Management's Assessment Of The Effectiveness
Of The Registrant's Internal Control Over
Financial Reporting Is Fairly Stated N A All
Material Respects.”
Audit Of Internal Control--steps
Planning The Audit
Evaluating The Management’s Process For
Assessing IC
Obtaining An Understanding Of IC
Evaluating Effectiveness
Design
Operation
Forming An Opinion About Effectiveness
Evaluating Management's
Assessment
The More Extensive And Reliable Management’s
Is, The Less Extensive The Auditor’s Work Needs
To Be.
Can Incorporate Work Of IA And Others
Must Assess Competence And Objectivity
Limited Reliance
Auditor Must Perform Work Related To
Company-wide Anti-fraud Programs
Controls That Have A Pervasive Effect
Auditor Must Obtain “Principal Evidence”
Planning The Audit
Knowledge Of Industry
Knowledge Of Business
Extent Of Changes In Operations
Extent Of Changes In IC
Obtain Understanding
Must Understand That Controls Have
Actually Been Implemented And Are
Operating As Designed
Must Perform Walkthroughs
Routine And
Unusual Transactions
Identify Significant Accounts Processes
Identify Relevant Assertions
Evaluating Effectiveness
Design Effectiveness
Will
Controls Be Effective If Operated As
Designed
Are All Necessary Controls In Place?
Inquiry, Observation, Walkthroughs
Specific Evaluation Of Whether The Controls
Are Likely To Prevent Or Detect Financial
Misstatements
Evaluating Effectiveness
Testing Operating Effectiveness
Evaluation As
Of End Of Fiscal Year
Can Test At Different Times And Update
Inquiries, Inspection Of Documentation,
Observation, Reperformance.
May Use Tests By Management, IAs And 3rd
Parties
Read IA Reports
Evaluating Results And Forming An
Opinion
“An Internal Control Deficiency Exists
When The Design Or Operation Of A
Control Does Not Allow The Company’s
Management Or Employees, In The Normal
Course Of Performing Their Assigned
Functions, To Prevent Or Detect
Misstatements On A Timely Basis.”
Evaluating Results And Forming An
Opinion
Significant Deficiency—more Than A Remote
Likelihood Of A Misstatement Of The Annual Or
Interim Financial Statements That Is More Than
Inconsequential In Amount
Material Weakness—more Than A Remote
Likelihood Of A Material Misstatement
Material Weakness=internal Control Is Ineffective
Significant Deficiencies And Material
Misstatements Must Be Communicated In Writing
To Audit Committee
Evaluating Results And Forming An
Opinion
Inadequate Documentation Is A Deficiency
Design
Of Controls
Objectives Of Controls
Qualifications Of People
Process Used To Assess Effectiveness
– Nature And Results Of Tests
Significant Deficiencies
Ineffective Oversight By Audit Committee.
Material Misstatement Not Identified By
Internal Controls.
Significant Uncorrected Deficiencies
Report
No Material Weaknesses—unqualified Opinion.
Cannot Perform All Procedures—qualify Or
Disclaim Opinion
If Opinion Cannot Be Expressed—explain Why
Management Certifies Responsibility Quarterly
Auditor Performs Limited Procedures.
Internal Audit Function—AU 322
Competence
Objectivity
Effectiveness
Internal Controls—COSO Report
Internal Controls
Process
Effected By Management, Board, Personnel
Provides Reasonable Assurance
Objective Oriented
– Effectiveness And Efficiency Of Operations
– Reliability Of Financial Reporting
– Compliance With Applicable Laws And Regulations
Board And Management Have
Reasonable Assurance That
They Understand The Extent To Which The
Entity's Operations Objectives Are Being Achieved
Published Financial Statements Are Being
Prepared Reliably
Applicable Laws And Regulations Are Being
Complied With
Components
Control Environment
Risk Assessment
Control Activities
Information And Communication
Monitoring
Control Environment
Management's Philosophy And Style
Integrity And Ethical Values
Providing And Communicating Moral
Guidance
Commitment To Competence
The Entity's Organization Structure
Control Environment (Cont.)
The Functioning Of The Board Of Directors And
Its Committees, Particularly The Audit Committee
Methods Of Assigning Authority And
Responsibility (Accountability)
Personnel Policies And Practices
External Influences
Personnel Policies And Practices
Recruiting And Hiring
Orientation
Training
Counseling
Recognition
Promotion
Adequate Pay
Job Rotation
Required Vacations
Bonding
Risk Assessment
Estimate The Significance Of The Risk
Assess The Likelihood Of Occurrence
Consider How The Risk Should Be
Managed
Objectives
Mission Statement
Strategic Plan
Entity Level/Activity Level Objectives
Critical Success Factors
Financial Reporting Objectives
Identify And Record All Valid Transactions
Describe On A Timely Basis The
Transactions In Sufficient Detail To Permit
Proper Classification Of Transactions For
Financial Reporting
Financial Reporting Objectives
Measure The Value Of Transactions In A
Manner That Permits Recording Their
Proper Monetary Value In The Financial
Statements
Financial Reporting Objectives
Determine The Time Period In Which Transactions
Occurred To Permit Recording Of Transactions In
The Proper Accounting Period
Present Properly The Transactions And Related
Disclosures In The Financial Statements
Risk Identification
Entity Level
External
Factors
Internal Factors
Techniques To Identify Risks
– Periodic Reviews Of Economic And Industry Factors
– Senior Management Business Planning Conferences
– Meetings With Industry Analysts
Circumstances Demanding Special
Attention
Changes In Operating Environment
New Personnel
New Or Revamped Information Systems
Rapid Growth
New Technology
New Lines, Products, Activities
Corporate Restructuring
Foreign Operations
Control Activities
Top Level Reviews
Direct Functional or Activity Management
Information Processing
Physical Controls
Performance Indicators
Segregation of Duties
Controls Over Information Systems
General Controls
Data Center Operations
System Software
Access Security
System Development and Maintenance
Application Controls
Input
Processing
Output
Error correction
Accounting System
Procedures
Chart Of Accounts
Responds To Organizations Needs
Facilitates Report Preparation
Provides Adequate Description
Account Titles Provide Clear Distinctions
Standardized Journal Entries
Trial Balance
Control Accounts
Control Procedures
Proper Authorization Of Transactions And Activities
General Authorization Vs.
Authorization
Specific
Control Procedures
Segregation Of Duties That Reduce The
Opportunities To Allow Any Person To Be In A
Position To Both Perpetrate And Conceal Errors Or
Irregularities In The Normal Course Of His/Her
Duties--assigning Different People The
Responsibilities Of Authorizing Transactions,
Recording Transactions, And Maintaining Custody
Of Assets.
Control Procedures
Design And Use Of Adequate Documents
And Records To Help Ensure The Proper
Recording Of Transactions And Events,
Such As Monitoring The Use Of
Prenumbered Shipping Documents
Control Procedures
Adequate Safeguards Over Access To And
Use Of Assets And Records, Such As
Secured Facilities And Authorization For
Access To Computer Programs And Data
Files
Physical Security
Fixed Responsibility
Control Procedures
Independent Checks
Clerical Checks
Reconciliations
Comparison Of Assets With Records
Computer-programmed Controls
Management Review Of Accounts
User Review Of Computer Reports
Information And Communication
Information Quality
Content Is Appropriate
Information Is Timely
Information Is Current
Information Is Accurate
Information Is Accessible
Communication
Internal
External
Monitoring
Ongoing Monitoring
Separate Evaluations
Evaluating Control Systems
– Flow Charting
– Testing Internal Controls