introduction to internal control in a financial statement audit
- 1. 6-1 Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin
- 2. 6-2 Internal Control The auditor uses risk assessment procedures to -obtain an understanding of the entity’s internal control -identify the types of potential misstatements -ascertain factors that affect the risk of material misstatement -design tests of controls and substantive procedures The auditor’s understanding of the internal control is a major factor in determining the overall audit strategy. The auditor has a responsibility to: (1) obtain an understanding of internal control and (2) assess control risk. LO# 1
- 3. 6-3 Internal Control Reliability of Financial Reporting Effectiveness & Efficiency of Operations Compliance with Laws & Regulations Objectives LO# 2
- 4. 6-4 The Effect of Information Technology on Internal Control LO# 4
- 5. 6-5 Components of Internal Control LO# 5
- 6. 6-6 LO# 6 Planning an Audit Strategy Figure 6-3 Flowchart of the Auditor’s Consideration of Internal Control and Its Relation to Substantive Procedures
- 7. 6-7 Obtain an Understanding of Internal Control Identify types of potential misstatements Design tests of controls and substantive procedures Pinpoint the factors that affect the risk of material misstatement The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This knowledge is used to: LO# 7
- 8. 6-8 Documenting the Understanding of Internal Control Procedure Manuals and Organizational Charts Narrative Description Internal Control Questionnaires Flowcharts LO# 8
- 9. 6-9 The Limitations of an Entity’s Internal Control Management Override of Internal Control Human Errors or Mistakes Collusion LO# 8
- 10. 6-10 Assessing Control Risk Identify specific controls that will be relied upon. Perform tests of controls. Conclude on the achieved level of control risk. LO# 9
- 11. 6-11 Interim Audit Procedures Interim Tests of Controls 1. Assertion being tested not significant 2. Control has been effective in prior audits 3. Efficient use of staff time Interim Substantive Procedures 1. Assertion probably has low control risk 2. May increase the risk of material misstatements 3. Still requires some year end testing LO# 12
- 12. 6-12 Auditing Accounting Applications Processed by Service Organizations In some instances, a client may have some or all of its accounting transactions processed by an outside service organization. Because the client’s transactions are subjected to the controls of the service organization, one of the auditor’s concerns is the internal control system in place at the service organization. It is not uncommon for service organizations to have an auditor issue one of two types of reports on their operations. LO# 13
- 13. 6-13 Communication of Internal Control- Related Matters Significant Deficiency Material Weakness A Significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented, or detected and corrected. LO# 14
- 14. 6-14 Types of Controls in an IT Environment General Controls 1. Data center & network operations 2. System software acquisition, change, and maintenance 3. Access security 4. Application system acquisition, development, and maintenance Application Controls 1. Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15
- 16. 6-16 End of Chapter 6 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin