1 / 81

CHAPTER 9 The Study of Internal Control and Assessment of Control Risk

CHAPTER 9 The Study of Internal Control and Assessment of Control Risk. What is internal control ?. Internal control is a process designed to provide reasonable assurance regarding the achievement of management’s ob- jectives regarding:. Internal control is a process designed to

lester
Télécharger la présentation

CHAPTER 9 The Study of Internal Control and Assessment of Control Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 9The Study ofInternal Control and Assessment of Control Risk

  2. What is internal control? Internal control is a process designed to provide reasonable assurance regarding the achievement of management’s ob- jectives regarding:

  3. Internal control is a process designed to provide reasonable assurance regarding the achievement of management’s ob- jectives regarding: - reliability of financial reporting - operational effectiveness and efficiency - compliance with laws and regulations The Foreign Corrupt Practices Act requires “proper recordkeeping systems” of SEC companies; i.e., reliable financial statements and ac- counting records.

  4. obtain information about client’s legal obligations obtain background information preplan set materiality, and assess acceptable audit risk and inherent risk understand internal control and assess control risk Steps in audit planning perform preliminary analytical procedures

  5. obtain information about client’s legal obligations obtain background information preplan understand internal control and assess control risk Steps in audit planning perform preliminary analytical procedures Why is an understand- ing of internal control im- portant? set materiality, and assess acceptable audit risk and inherent risk

  6. Why is an understanding of internal control important? Second Fieldwork Standard: A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, tim-ing, and extent of tests to be performed.

  7. audit risk inherent risk control risk detection risk = x x the risk that material misstatements will not be prevented or detected by internal controls Audit Risk has 3 components which combine to make the audit risk model: (AU 312)

  8. Key Internal Control Concepts - internal control is the client’s respon- sibility and should be designed to help the client attain goals - internal control should provide rea- sonable but not absolute assurance; cost/benefit must be considered - internal control has inherent limita- tions (e.g., misunderstandings, mis- takes, fatigue, carelessness, collusion, management override)

  9. What are the components of internal control?

  10. What are the components of internal control? the control environment

  11. All these controls are unnecessary! The control environment is the actions, policies, and procedures that reflect management’s attitude regard- ing controls and their importance.

  12. Does management remove or reduce incentives or temp- tations that might prompt personnel to engage in dis- honest, illegal, or unethical acts? - integrity and ethical values Factors related to the Control Environment: Does man- agement com- municate com- pany values and behavioral stan- dards to personnel through policy state- ments, codes of con- duct, and by example?

  13. Factors related to the Control Environment: - commitment to competence Does management consider com- petence levels for specific jobs and how those levels translate into requisite skills and knowledge?

  14. Factors related to the Control Environment: - board of directors or audit committee The audit committee maintains communication between the Board of Directors and internal and external auditors. The committee is composed of outside members of the board. SEC companies are required to have an audit committee. internal auditors BOARD OF DIRECTORS audit committee external auditors

  15. Factors related to the Control Environment: - management’s philosophy and operating style

  16. Factors related to the Control Environment: - management’s philosophy and operating style Consider the following: - their approach to taking and monitoring business risk

  17. Factors related to the Control Environment: - management’s philosophy and operating style Consider the following: - their attitude and actions toward financial reporting

  18. Factors related to the Control Environment: - management’s philosophy and operating style Consider the following: - their emphasis on meeting financial and operating goals ...our bonuses are based on net income. We all want fat bonuses! What can we do?

  19. Factors related to the Control Environment: - organizational structure The auditor should consider lines of responsibility and authority.

  20. Job Description Memo: Factors related to the Control Environment: - assignment of authority and responsibility What are the formal methods that management uses to communicate internal controls to employees? Company Policies Employee Handbook

  21. Factors related to the Control Environment: - human resource policies and practices Management should ensure that compe- tent, trustworthy, motivated personnel are employed to meet client goals and objectives. Employees are the critical com-ponent of effective internal control.

  22. Employees are the critical com-ponent of effective internal control. With competent, trustworthy, motivated per- sonnel, even a poorly designed system of internal control may function adequately.

  23. With competent, trustworthy, motivated per- sonnel, even a poorly designed system of internal control may function adequately. Without such personnel, even a well- designed system will probably fail.

  24. risk assessment What are the components of internal control? Risk assessment for financial reporting is management’s identification and anal- ysis of risks relevant to financial state- ment preparation in conformity with GAAP.

  25. control activities Control activities are policies and pro- cedures, in addition to those related to other components, established to enable the entity to address risks in the achievement of their objectives.

  26. Categories of Control Activities 1. Adequate separation of duties - separate custody of assets from accounting Mr. Controller

  27. Categories of Control Activities 1. Adequate separation of duties - separate custody of assets from authorization of transactions As custodian of the corporate auto fleet, I hearby authorize retire- ment of auto #43 because of obso- lescence. #43 joe

  28. Categories of Control Activities 1. Adequate separation of duties - separate operational responsibility from record keeping responsibility Example: Ace company has two plants; one in Great Britain and one in the U.S.A. Manage- ment is deciding whether the plant controllers should report directly to the plant managers or the corporate vice president of finance.

  29. V.P.- production V.P.- finance plant manager plant manager plant controller plant controller V.P.- production V.P.- finance plant manager plant manager plant controller plant controller Which arrangement creates a potential conflict of interest? plant manager plant controller

  30. Which arrangement creates a potential conflict of interest? V.P.- production V.P.- finance plant manager plant manager plant controller plant controller If the plant controller reports directly to the plant manager, a potential conflict of interest exists. In an effort to make that plant’s results appear favorable, the plant manager may at- tempt to influence the plant controller.

  31. Categories of Control Activities 1. Adequate separation of duties - separate duties within EDP

  32. What kind of company typically has difficulty accomplishing adequate segregation of duties?

  33. What kind of company typically has difficulty accomplishing adequate segregation of duties? Small companies frequently have diffi- culty with segregation of duties because of fewer employees.

  34. What is collusion? Collusion is the defeat of adequate sep- aration of duties wherein employees cooperate to perpetrate fraud. ...we’re agreed. We’ll be rich be- yond our wildest dreams!

  35. What is the most effective way to prevent collusion?

  36. What is the most effective way to prevent collusion? hire competent, trustworthy, motivated personnel

  37. Why is collusion particularly troublesome for auditors? Competent, untrustworthy, motivated personnel often know how to conceal their fraud.

  38. Categories of Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities

  39. accounts payable policies & procedures human resources policies & procedures cash receipts policies & procedures Categories of Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities - general authorization - management establishes authorization policies

  40. Categories of Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities - specific authorization - management makes authorizations on a case-by- case basis. I’m the president and I want to approve every cash payment!

  41. Categories of Control Activities 1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records should provide reasonable assurance that all assets are properly controlled and all transactions are correctly recorded.

  42. PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price WAIT FOREST U N I V E R S I T Y U N I V E R S I T Y total cost of order Est. shipment date: Terms of sale (including discounts and freight costs): Carrier: Internal Use Only: (routing instructions) 1.PO made in purchasing 3. receiving notes ship 2.Copies to vendor, receiv. 4. acctg. reconciles Document Guidelines Documents should be: prenumbered and accounted for

  43. PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price WAIT FOREST U N I V E R S I T Y U N I V E R S I T Y total cost of order Est. shipment date: Terms of sale (including discounts and freight costs): Carrier: Internal Use Only: (routing instructions) 1.PO made in purchasing 3. receiving notes ship 2.Copies to vendor, receiv. 4. acctg. reconciles Document Guidelines Documents should be: prepared during or soon after the related transaction

  44. PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price WAIT FOREST U N I V E R S I T Y U N I V E R S I T Y total cost of order Est. shipment date: Terms of sale (including discounts and freight costs): Carrier: Internal Use Only: (routing instructions) 1.PO made in purchasing 3. receiving notes ship 2.Copies to vendor, receiv. 4. acctg. reconciles Document Guidelines Documents should be: understand- able and correctly designed (including routing and authorization)

  45. a PURCHASE ORDER 32494 Date: Vendor: 234 Reynolda Rd. Winston-Salem, NC27109 Purchasing agent: Quantity Description Price b c WAIT FOREST U N I V E R S I T Y U N I V E R S I T Y total cost of order Est. shipment date: Terms of sale (including discounts and freight costs): Carrier: Internal Use Only: (routing instructions) 1.PO made in purchasing 3. receiving notes ship 2.Copies to vendor, receiv. 4. acctg. reconciles Document Guidelines Documents should be: designed for multiple purposes

  46. Categories of Control Activities 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records - locking rooms, fenced areas, fireproof safes, safe deposit boxes, security guards, backup files

  47. Categories of Control Activities 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance - those reviewing performance should be independent of those performing a task

  48. Categories of Control Activities 5. Independent checks on performance Separation of duties is the least expensive method of performing independent checks.

  49. information and communication What are the components of internal control?

  50. information and communication The accounting information and communication system should be designed to satisfy audit objectives.

More Related