Assurance 4 &5

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Completeness - Assertions about classes of transactions and events, and related disclosures, for the period under audit

All transactions and events that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included

information system and communication:

A component of internal control that includes the financial reporting system, and consists of the procedures and records established to initiate, record, process and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities and equity.

Limitations of internal controls - Unusual transactions

A limitation of internal controls is that they are generally designed to deal with what normally or routinely happens in a business. However, it may be the case that an unusual transaction may occur which does not fit into the normal routines, in which case standard controls may not be relevant to the unusual transaction, and hence mistakes may be made in relation to that unusual transaction.

Walk-through procedure

A procedure that involves tracing a few transactions through the financial reporting system.

Business risk:

A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity's ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies (ISA (UK) 315: para. 12b).

Completeness

All assets, liabilities and equity interests that should have been recorded have been recorded and all related disclosures that should have been included in the financial statements have been included

Accuracy - Assertions about classes of transactions and events, and related disclosures, for the period under audit

Amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been appropriately measured and described

Limitations of internal controls - Human element

An important limitation of controls is the human element. Most controls can only function as well as the people that are implementing them. Controls are not necessarily foolproof. If a human being makes a mistake implementing a control, then that control might be ineffective. Another problem for companies associated with the human element of controls is that of the intention of the people using them. Controls, such as keeping your computer password secret, rely on the integrity of the people being asked to implement them. If people do not understand the importance or relevance of the control they may be less inclined to adhere to it.

Appropriateness

the measure of quality and reliability

Control activities: Authorisation and approvals

Approval of transactions/documents - Transactions/documents should be approved by an appropriate person.

Existence

Assets, liabilities and equity interests exist

Presentation

Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework

Accuracy, valuation and allocation

Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described

Classification

Assets, liabilities, and equity interests have been recorded in the proper accounts

Control activities: Segregation of duties

Assigning different individuals the responsibilities of authorising transactions, recording transactions and maintaining custody of assets

If the quality of evidence is external

Audit evidence from external sources is more reliable than that obtained from the entity's records

Sufficiency

the measure of the quantity of audit evidence.

Classification- Assertions about classes of transactions and events, and related disclosures, for the period under audit

transactions and events have been recorded in the proper accounts

Control activities: Reconciliations

Compare two or more data elements - For example, comparing sales reports by units sold to sales in the statement of profit or loss

Control activities: Verifications

Comparing an item with a policy

general IT controls - Testing and documentation of program changes

Complete testing procedures Documentation standards Approval of changes by computer users and management Training of staff using programs

General IT controls Definition

Controls over the entity's IT processes that support the continued proper operation of the IT environment, including the continued effective functioning of information processing controls and the integrity of information (ie, the completeness, accuracy and validity of information) in the entity's information system) (ISA (UK) 315: para. 12d).

Information processing controls: Definition

Controls relating to the processing of information in IT applications or manual information processes in the entity's information system that directly address risks to the integrity of information (ie, the completeness, accuracy and validity of transactions and other information) (ISA (UK) 315: para. 12e).

general IT controls - Controls to ensure continuity of operations

Storing extra copies of programs and data files off-site Protection of equipment against fire and other hazards Back-up power sources Emergency procedures Disaster recovery procedures eg, availability of back-up computer facilities Maintenance agreements and insurance

If the quality of evidence is written

Evidence in the form of documents (paper or electronic) or written representations are more reliable than oral representations

If the quality of evidence is auditor

Evidence obtained directly by auditors is more reliable than that obtained indirectly or by inference

If the quality of evidence is entity

Evidence obtained from the entity's records is more reliable when related control systems operate effectively

Explicit opinions issued by auditor

In respect of the state of the company's affairs at the end of the financial year In respect of the company's profit or loss for the financial year In relation to the financial reporting framework (IFRS Standards or UK GAAP) In respect of other legal requirements of the Companies Act 2006 The information given in the strategic report and the directors' report is consistent with the financial statements

Items included only by exception

Items included only by exception Adequate accounting records have been kept. Returns adequate for the audit have been received from branches not visited. The financial statements are in agreement with the accounting records and returns. All information and explanations have been received as the auditors think necessary and they have had access at all times to the company's books, accounts and vouchers. Details of directors' emoluments and other benefits have been correctly disclosed in the financial statements. Particulars of loans and other transactions in favour of directors and others have been correctly disclosed in the financial statements.

general IT controls - Controls to prevent wrong programs or files being used

Operation controls over programs Libraries of programs Proper job scheduling

If the quality of evidence is originals

Original documents are more reliable than photocopies, or facsimiles

Control activities: Physical or logical controls

Physical security of assets Authorisation for access to computer programs and data files Periodic counting and comparison with amount shown on accounts

general IT controls - Prevention or detection of unauthorised changes to programs

Segregation of duties Full records of program changes Password protection of programs so that access is limited to computer operations staff Restricted access to central computer by locked doors, keypads Maintenance of program logs Virus checks on software: use of anti-virus software and policy prohibiting use of non-authorised programs or files Back-up copies of programs being taken and stored in other locations Control copies of programs being preserved and regularly compared with actual programs Stricter controls over certain programs (utility programs) by use of read only memory

Limitations of internal controls - Collusion

Staff members may want to override or avoid controls in order to defraud the company. Controls may be bypassed very effectively and secretly by two or more people working together, that is, colluding in fraud.

general IT controls - Development of computer applications

Standards over systems design, programming and documentation Full testing procedures using test data (see Chapter 11) Approval by computer users and management Segregation of duties so that those responsible for design are not responsible for testing Installation procedures so that data is not corrupted in transition Training of staff in new procedures and availability of adequate documentation

general IT controls - Controls to prevent unauthorised amendments to data files

Such as passwords to prevent unauthorised entry, built in controls to permit changes

Audit committees

The audit committee is an important aspect of the control environment of the company. It is a sub-committee of the board of directors responsible for overseeing an entity's internal control structure, financial reporting and compliance with relevant laws and regulations

Tests of controls or tests of detail?

The auditor must choose what kind of procedures to perform. In most cases this will be a mixture of tests of controls and substantive procedures. The auditor must always perform some substantive procedures, no matter how reliable an entity's internal controls are.

Control environment

The control environment includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity's internal control and its importance in the entity. The control environment sets the tone of an organisation, influencing the control consciousness of its people.

segregation of duties

The control of using a number of people in a single system

Entity's risk assessment process:

The entity's risk assessment process is an iterative process for identifying and analysing risks to achieving the entity's objectives, and forms the basis for how management or those charged with governance determine the risks to be managed (ISA (UK) 315: Appendix 3, para. 7).

Control activities:

They are the policies and procedures that help ensure that management directives are carried out.

Presentation - Assertions about classes of transactions and events, and related disclosures, for the period under audit

Transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework

Cut-off- Assertions about classes of transactions and events, and related disclosures, for the period under audit

Transactions and events have been recorded in the correct accounting period

Occurrence - Assertions about classes of transactions and events, and related disclosures, for the period under audit

Transactions and events that have been recorded or disclosed have occurred and such transactions and events pertain to the entity

A company has various objectives:

to ensure it reports its financial position correctly to shareholders to ensure that it operates effectively and efficiently to ensure that it complies with relevant laws and regulations

The auditor must always carry out substantive procedures on material items. In addition, the auditor must carry out the following substantive procedures:

agreeing the financial statements to the underlying accounting records examining material journal entries examining other adjustments made in preparing the financial statements

Other procedures (tests of detail)

may be appropriate to gain information about account balances (for example, inventories or trade receivables), particularly in verifying the assertions of existence and valuation.

Reasons for internal controls

minimising the company's business risks ensuring the continuing effective functioning of the company ensuring the company complies with relevant laws and regulations

The audit committee is comprised of

non-executive directors.

Analytical procedures

tend to be appropriate for large volumes of predictable transactions (for example, wages and salaries).

Rights and obligations

the entity holds or controls the rights to assets, and liabilities are the obligations of the entity


Set pelajaran terkait

Chapter 14: Natural Selection & Adaptation

View Set

Prep U for Brunner and Suddarth's Textbook of Medical Surgical Nursing, 13th Edition Chapter 39: Assessment and Management of Patients With Rheumatic Disorders

View Set

Science Practice Multiple choice

View Set

Business and Society - Chapter 7

View Set