Chapter 3 McGraw-Hill/IrwinCopyright © 2010 The McGraw-Hill Companies, Inc. All rights reserved.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The...
-
Upload
evan-monroe -
Category
Documents
-
view
224 -
download
3
Transcript of Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The...
Chapter 6Chapter 6
Internal Control Internal Control in a Financial in a Financial
Statement AuditStatement Audit
McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
InternalInternal ControlControl
The auditor uses risk assessment procedures to
-obtain an understanding of the entity’s internal control
-identify the types of potential misstatements
-ascertain factors that affect the risk of material misstatement
-design tests of controls and substantive procedures
The auditor’s understanding of the internal control is a major factor in determining the overall audit strategy. The auditor has a responsibility to:
(1) obtain an understanding of internal control and
(2) assess control risk.
LO# 1
6-2
COSOCOSO’’s Internal Control – s Internal Control – Integrated FrameworkIntegrated Framework
Reliability of Financial Reporting
Effectiveness and Efficiency of Operations
Compliance with Laws and
Regulations
Objectives
LO# 2
6-3
The Effect of Information The Effect of Information Technology on Internal ControlTechnology on Internal Control
LO# 4
6-4
Components of Internal ControlComponents of Internal ControlLO# 5
6-5
LO# 6
Planning an Audit StrategyPlanning an Audit StrategyFigure 6-3 Flowchart of the AuditorFigure 6-3 Flowchart of the Auditor’’s Consideration of Internal Control and Its Relation to s Consideration of Internal Control and Its Relation to
Substantive ProceduresSubstantive Procedures
6-6
Obtain an Understanding Obtain an Understanding of Internal Controlof Internal Control
Identify types of potential
misstatement
Design tests of controls and substantive procedures
Pinpoint the factors that affect the risk of material
misstatement
The auditor should obtain an understanding of each of the five components of internal control in order to plan
the audit. This knowledge is used to:
LO# 7
6-7
Documenting the Understanding Documenting the Understanding of Internal Controlof Internal Control
Procedure Manuals and Organizational
ChartsFlowcharts
Internal Control Questionnaires
Narrative Description
LO# 8
6-8
The Limitations of an EntityThe Limitations of an Entity’’s s Internal ControlInternal Control
Override of Internal Control by Management
Human Errors or Mistakes
Collusion
LO# 8
6-9
Assessing Control RiskAssessing Control RiskIdentify specific
controls that will be relied
upon.
Perform tests of controls.
Conclude on the achieved level of control risk.
LO# 9
6-10
Interim Audit ProceduresInterim Audit Procedures
Interim Tests of Controls
1. Assertion being tested not significant2. Control has been effective in prior audits3. Efficient use of staff time
Interim Substantive Procedures
1. Assertion probably has low control risk2. May increase the risk of material
misstatements 3. Still requires some year-end testing
LO# 12
6-11
Auditing Accounting Applications Auditing Accounting Applications Processed by Service OrganizationsProcessed by Service Organizations
In some instances, a client may have some or all of its accounting transactions processed by an outside service
organization.
Because the client’s transactions are subjected to
the controls of the service organization, one of the
auditor’s concerns is the internal control system in
place at the service organization.
It is not uncommon for service organizations to have an auditor
issue one of two types of reports on their operations.
LO# 13
6-12
Communication of Internal Control-Communication of Internal Control-Related MattersRelated Matters
Significant Deficiency
Material Weakness
A Significant deficiency is a deficiency, or a combination of deficiencies, in internal control
that is less severe than a material weakness, yet important enough to merit attention by those
charged with governance.
A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a
material misstatement of the financial statements will not be prevented, or detected
and corrected.
LO# 14
6-13
Types of Controls in an IT Types of Controls in an IT EnvironmentEnvironment
General Controls
1. Data center and network operations
2. System software acquisition, change, and maintenance
3. Access security4. Application system
acquisition, development, and maintenance
Application Controls
1. Data capture controls2. Data validation controls3. Processing controls4. Output controls5. Error controls
LO# 15
6-14
Flowcharting SymbolsFlowcharting SymbolsLO# 16
6-15
End of Chapter 6End of Chapter 6
6-16