Chapter 7: Internal Control

¡Supera tus tareas y exámenes ahora con Quizwiz!

Steps in Internal Control Structure Phase--Non-Public Companies

1. Understand & document components 2. Preliminary assessment of control risk 3. Assess level of control risk using one of two approaches: - a. Lower assessed level of control risk approach: -- Tests of controls -> Assess control risk - b. Primarily substantive test approach -- Assess control risk at 100% 4. Substantive tests phase - Determine nature, extent, & timing for Tests of Details for transactions & acct balances - Conduct Tests of details & analytical procedures

Steps in audit of internal controls - Public company

1. Understand: - Components of ICS: -- Control Environment -- Risk Assessment -- Information and Communication -- Control Activities -- Monitoring - Document: -- Questionnaire -- Flow Chart -- Narrative 2. Preliminary assessment of control risk- Design effectiveness 3. Tests of controls 4. Assess control risk- Operating effectiveness 5. Substantial test phase 6. Report on internal controls 7. Report on FS

Foreign Corrupt Practices Act

1977 Makes illegal payment of bribes to foreign officials - Response to American corporate practice of paying bribes and kickbacks to officials in foreign countries to obtain business - Requires an effective system of internal control

Internal control def

A process ...designed to provide reasonable assurance...regarding achievement of (the entity's) objectives on: - Effectiveness and efficiency of operations - Reliability of financial reporting - Compliance with applicable laws and regulations

Management's Responsibility for Internal Control-Public Companies

Accept responsibility for internal control Assess internal control effectiveness as of the last day of the company's fiscal year Support the assessment with sufficient evidence

Management's Report on Internal Control under Section 404a

Acknowledgment of responsibility for internal control An assessment of internal control effectiveness as of the last day of the company's fiscal year using suitable criteria - Support evaluation with sufficient evidence

Preventative Controls over Financial Reporting

Aimed at avoiding the occurrence of misstatements in the financial statements Example: Segregation of duties

Approach to Audit of Internal Control under Section 404b

Applies to public companies with a market capitalization of $75 million or more For those companies, the auditors audit internal control as a part of an integrated audit as follows: - Plan the engagement - Use a top-down approach to identify the controls to test - Test and evaluate design effectiveness of internal control - Test and evaluate operating effectiveness of internal control - Form an opinion on effectiveness of internal control over financial reporting

Responses to risk of internal control failure at FS level

Assigning more experienced staff or those with specialized skills Providing more supervision and emphasizing the need to maintain professional skepticism Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed Increasing the overall scope of audit procedures, including the nature, timing or extent

Segregation of Duties Control Activities

Authorization Recording Custody

Enterprise Risk Management (ERM)

COSO issued a new internal control framework in 2004 on enterprise risk management - Does not replace the original COSO internal control framework. -- Goes beyond internal control to focus on how organizations can effectively manage risks and opportunities. -- Auditing standards are still structured around the original COSO internal control framework.

Factors Indicative of Increased Financial Reporting Risk (Risk Assessment)

Changes in the regulatory or operating environment Changes in personnel Implementation of a new or modified information system Rapid growth of the organization Changes in technology affecting production processes or information systems Introduction of new lines of business, products, or processes

Performance Review Control Activities

Comparison of actual to budget or forecast Relating different sets of data to one another Overall reviews

Overlapping Controls over Financial Reporting

Complementary - function together Redundant - address same assertion or control objective Compensating - reduces risk existing weakness will result in misstatement

Significant deficiency def

Control deficiency, or combination of control deficiencies, that adversely affects the company's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with GAAP. Leads to more than remote likelihood that a misstatement of the companys annual or interim financial statements that is more than inconsequential will not be prevented or detected

Responses to risk of internal control failure at assertion level

Decisions are made here as to the appropriate combination of tests of controls and substantive procedures

Control deficiency def

Design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.

Detective Controls over Financial Reporting

Designed to discover misstatements after they have occurred Example: Monthly bank reconciliations

Internal Control in the Small Company

Due to lack of employees, internal control is seldom strong in small businesses

Limitations of Internal Control

Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. Controls that depend on the segregation of duties may be circumvented by collusion Management may override the structure Compliance may deteriorate over time

Examples of control risk areas assessed at the assertion level

Failure to recognize an impairment loss on a long-lived asset - Affects only valuation assertion Inaccurate counting of inventory at year-end - Affects valuation of inventory and accuracy of cost of goods sold

Information processing Control Activities

General authorization Specific authorization

Objectives of an Accounting System

Identify and record valid transactions Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions Measure the value of transactions appropriately Determine the time period in which the transactions occurred to permit recording in the proper period Present properly the transactions and related disclosures in the financial statements

General Approach to Assessing the risks of material misstatement

Identify risks while obtaining an understanding of the client and its environment, including its internal control Relate the identified risks to what can go wrong at the relevant assertion level Consider whether the risks are of a magnitude that could result in a material misstatement Consider the likelihood that the risks could result in a material misstatement

Control Objectives

In each area of internal control (financial reporting, operations and compliance) control objectives & sub objectives exist

The Control Environment

Integrity and Ethical Values Commitment to Competence Board of Directors or Audit Committee Management Philosophy and Operating Style Organizational Structure Assignment of Authority and Responsibility Human Resource Policies and Procedures

Corrective Controls over Financial Reporting

Needed to remedy the situation uncovered by detective controls Example: Backups of master file

The Auditors' Consideration of Internal Control--Non-Public Companies

Obtain and document an understanding Test and evaluate the design effectiveness Determine audit strategy - Lower assessed level of control risk than for public co's - Primarily substantive test approach If necessary, design additional tests of controls for operating effectiveness - Reassess control risk -- If necessary, modify planned substantive tests

Monitoring Control Activities

Ongoing monitoring activities - Regularly performed supervisory and management activities - Example: Continuous monitoring of customer complaints Separate evaluations - Performed on nonroutine basis - Example: Periodic audits by internal auditor

Control Activities

Performance reviews Information processing Physical controls Segregation of duties

Approach to Audit of Internal Control-Public Company

Plan the engagement Evaluate management's assessment process Obtain an understanding of internal control Test and evaluate design effectiveness of internal control Test and evaluate operating effectiveness of internal control Form an opinion on control effectiveness

Examples of control risk areas assessed at the FS level

Preparing period-end financial statements - Including development of significant accounting estimates and preparation of notes The selection and application of significant accounting policies IT general controls The control environment

Types of documentation for understanding internal control

Questionnaires - Typically standardized by firm Written Narratives - Memos that describe flow of transactions Flowcharts - Systems flowcharts Walk-through - Trace one or two transactions through cycle

Specific internal control practices for small businesses

Record all cash receipts immediately Deposit all cash receipts intact daily Make all payments by serially numbered checks, with exception of petty cash disbursements Reconcile bank accounts monthly and retain copies Use serially numbered invoices, PO's, and receiving reports Issue checks to vendors only in payment of approved invoices that have been matched with purchase orders and receiving reports Balance subsidiary ledger with control accounts Prepare comparative financial statements monthly to disclose significant variations in any category of revenue or expense

Types of Transaction Cycles

Revenue (sales and collections) Cycle Acquisition (purchases and disbursements) Cycle Conversion (production) Cycle Payroll Cycle Financing Cycle Investing Cycle

Nature of transactions in evaluating controls

Routine transactions—e.g., revenue, purchases, and cash receipts and disbursements Nonroutine transactions—e.g., taking of inventory, calculating depreciation expense Estimation transactions—e.g., determining the allowance for doubtful accounts Generally routine transactions have the strongest controls

Material weakness def

Significant deficiency, or a combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.

Components of Internal Control

The Control Environment Risk Assessment The Accounting Information and Communication System Control Activities Monitoring

Control Objectives Example: Area of financial reporting

Top level objective - prepare and issue reliable financial information Detailed level applied to A/R sub objectives - All goods shipped are accurately billed in the proper period - Invoices are accurately recorded for all authorized shipments and only for such shipments - Authorized and only authorized sales returns and allowances are accurately recorded - The continued completeness and accuracy of A/R is ensured - Accounts receivable records are safeguarded

A System of Internal Control Provides Reasonable Assurance That:

Transactions are executed with the knowledge and authorization of management Transactions are recorded as necessary to permit the preparation of reliable financial statements and maintain accountability for assets Access to assets is limited to authorized individuals Accounting records of assets are compared to existing assets at reasonable intervals and appropriate action is taken with respect to any differences


Conjuntos de estudio relacionados

Mrs. B's Money Management: Control Your Cash Flow

View Set

Amino Acids - Structure to full name

View Set

RN Learning Pharmacology Practice Quiz

View Set