1 / 19

Internal Control

Internal Control. Internal Control Historical Development. Treadway Commission recommendations related to internal control: Competent and involved audit committees Active and objective internal audit function Committee of Sponsoring Organizations (COSO)

Albert_Lan
Télécharger la présentation

Internal Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Control

  2. Internal ControlHistorical Development • Treadway Commission recommendations related to internal control: • Competent and involved audit committees • Active and objective internal audit function • Committee of Sponsoring Organizations (COSO) • Establish a common definition of internal control • Provide a standard against which business and other entities can assess their control systems and determine how to improve them.

  3. Internal Control COSO • COSO Internal Control – Integrated Framework definition of internal control: A process, effected by the entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives on: • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliance with applicable laws and regulations

  4. Components of Internal Control • The Control Environment • Risk Assessment • The Accounting Information and Communication System • Control Activities • Monitoring

  5. Control Environment Factors • Integrity and ethical values • Commitment to competence • Board of directors or audit committee • Management philosophy and operating style • Organizational structure • Assignment of authority and responsibility • Human resource policies and practices

  6. Risk Assessment Factors related to increased financial reporting risk: • Changes in the regulatory or operating environment • Changes in personnel • Implementation of a new or modified information system • Rapid growth of the organization • Changes in technology affecting production processes or information systems • Introduction of new lines of business, products, or processes

  7. Accounting Information and Communication System Objectives: • Identify and record valid transactions • Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions • Measure the value of transactions appropriately • Determine the time period in which the transactions occurred to permit recording in the proper period • Present properly the transactions and related disclosures in the financial statements Chart of Accounts and accounting policies and procedures manual assist in this process.

  8. Control Activities • Performance reviews • Information processing • Authorization • Forms and documents • Physical controls • Periodic reconciliations by third party • Segregation of duties

  9. Monitoring • Ongoing monitoring activities • Continuous monitoring of customer complaints • Reviewing the reasonableness of management reports • Separate evaluations • The internal audit function

  10. Limitations of Internal Control • Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. • Controls that depend on the segregation of duties may be circumvented by collusion • Management may override the structure • Compliance may deteriorate over time

  11. The Auditors’ Consideration of Internal Control • Obtain an understanding • Document the understanding • Determine planned assessed level of control risk • Design and perform additional tests of controls • Reassess control risk • If necessary, modify planned substantive tests

  12. The Auditors’ Consideration of Internal ControlObtain an Understanding Obtaining an understanding should include: • Design of the system of controls • Determine whether controls been placed in operation • Encompass the five components of internal control Provides a basis for: • Assessing control risk • Planning the audit • Identify types of potential misstatements • Consider factors that affect the risk of material misstatements • Design substantive tests

  13. The Auditors’ Consideration of Internal ControlDocumenting Internal Control Forms of Documentation • Questionnaires • Written Narratives • Flowcharts Walk-through tests are used to verify that documented controls have been placed into operation

  14. The Auditors’ Consideration of Internal ControlDetermine the Planned Assessed Level of Control Risk • Weak controls (substantive strategy) • Assess control risk at maximum • No tests of controls necessary in this case • Effective controls (reliance strategy) • Determine efficiency of gathering necessary evidence to justify lower assessment of control risk • To assess control risk at a lower level, must: • Identify controls that are likely to prevent or detect material misstatements • Perform tests of controls to evaluate their effectiveness

  15. The Auditors’ Consideration of Internal ControlDesign and Perform Additional Tests of Controls Additional tests of controls (beyond those performed in obtaining an understanding) should be completed as necessary to support the assessed level of control risk. Audit procedures include: • Inquiries of client personnel • Inspection of documents and reports • Observation of the application of controls • Reperformance of the controls

  16. The Auditors’ Consideration of Internal ControlReassess Control Risk and Modify Planned Substantive Tests • The assessed level of control risk impacts the nature timing and extent of substantive audit procedures. • Auditors must document assessed level of control risk in workpapers. • Should include the basis for any assertions for which control risk is assessed below maximum.

  17. Communication of Internal Control Matters • SAS 112 “Communicating Internal Control Related Matters Identified in the Audit” Three levels of internal control deficiencies: • Control deficiencies - deficiencies in design or operation of internal control • Significant deficiencies – control deficiencies that result in a more than a remote likelihood of a more than inconsequential misstatement.

  18. Communication of Internal Control Matters • Material weaknesses – a significant deficiency that result in more than a remote likelihood of a material misstatement of the financial statements. • Reporting requirements • Auditors are required to report significant deficiencies and material weaknesses to management and the audit committee. • Control deficiencies are typically communicated in a management letter.

  19. SARBOX Perspective • Section 404 requires auditors to assess and report on clients’ assertion concerning the effectiveness of internal controls. • Scope of understanding and testing of controls significantly expanded. • Must obtain understanding and test controls related to all significant account balances, classes of transactions and disclosures. • ALP scoping framework: all significant accounts, locations (or business units) and processes identified and tested. • Level of assurance related to internal controls increased.

More Related