A RISK-BASED APPROACH
TO CONDUCTING A
QUALITY
AUDIT
9th Edition
Karla M. Johnstone | Audrey A. Gramling | Larry E.
Rittenberg
CHAPTER 3
INTERNAL CONTROL OVER FINANCIAL
REPORTING: MANAGEMENTS
RESPONSIBILITIES AND IMPORTANCE TO
THE EXTERNAL AUDITORS
Learning Objectives
1.
2.
3.
3-2
Learning Objectives
4.
5.
6.
3-3
Learning Objectives
7.
8.
3-4
3-5
3-6
3-7
Learning Objective 1
3-9
It led to:
Unreliable financial statements
Failure of the business
Copyright 2014 South-Western/Cengage
Learning
3-10
3-11
Learning Objective 2
DEFINE INTERNAL CONTROL AS PRESENTED IN COSOS
UPDATED INTERNAL CONTROL, INTEGRATED FRAMEWORK
AND IDENTIFY THE COMPONENTS OF INTERNAL CONTROL
3-13
3-14
3-15
3-16
3-17
3-18
Entity-Wide Controls
Operate across an entity and affect multiple
processes, transactions, accounts, and
assertions
3-19
Transaction Controls
Control activities implemented to mitigate
transaction processing risk
Affect certain processes, transactions,
accounts, and assertions
Do not have an entity-wide effect
3-20
Learning Objective 3
3-22
3-23
3-24
3-25
3-26
3-27
3-28
3-29
Board
Senior
Management
Outsourced
Service
Providers
3-30
Organization Demonstrates
Commitment to Competence - COSO
Principle 4
Commitment towards competence is
demonstrated through policies and
procedures to:
Attract
Train
Mentor
Evaluate
Retain employees
3-31
Organization Enforces
Accountability - COSO Principle
5
Individuals held accountable for internal
control responsibilities
Accountability mechanisms
Establishing and evaluating performance
measures
Providing appropriate incentives and
rewards
3-32
Learning Objective 4
Economic recessions
decrease product or
service demand
Increase in competition
Changes in regulation
that make the business
model unsustainable
Changes in the reliability
of source goods that
reduce profitability
3-34
3-35
3-36
3-37
3-38
3-39
Learning Objective 5
3-41
3-42
3-43
3-44
3-45
3-46
3-47
3-48
Output controls
Designed to ensure that:
All data are completely processed
Output is distributed only to authorized
recipients
Copyright 2014 South-Western/Cengage
Learning
3-49
3-50
3-51
3-52
Technology Infrastructure
Provides the support for information
technology to function effectively
Control activities are necessary to check
the technology for any problems and take
corrective action
Other control activities related to
infrastructure
Backup procedures
Disaster recovery plans
Copyright 2014 South-Western/Cengage
Learning
3-53
Security Management
Control activities that limit access to
technologies
Security control activities protect from
inappropriate and unauthorized access
Considerations in security management
related to user access:
Data item access limited to those who are
directly involved
Ability to change, modify, or delete a data
item restricted to those with authorization
Copyright 2014 South-Western/Cengage
Learning
3-54
Security Management
Ability to identify and verify any potential
users as authorized or unauthorized for the
data item and function requested
A security department should actively monitor
attempts to compromise the system and
prepare periodic reports to those responsible
for the integrity and access of data
3-55
3-56
Procedures should:
Put policies into action
Be performed diligently, consistently, and
by appropriate and competent personnel in
a timely manner
Copyright 2014 South-Western/Cengage
Learning
3-57
Learning Objective 6
3-59
3-60
3-61
Shareholders
Business partners
Customers
Regulators
3-62
Learning Objective 7
3-64
3-65
3-66
Learning Objective 8
IDENTIFY MANAGEMENTS RESPONSIBILITIES RELATED TO
INTERNAL CONTROL OVER FINANCIAL REPORTING,
INCLUDING THE FACTORS MANAGEMENT CONSIDERS
WHEN ASSESSING CONTROL DEFICIENCIES
Documentation of Internal
Control
Provide clarity and communication of
standards and expectations
Can be either paper or electronic
Advantages
3-68
Documentation of Internal
Control
Used by external auditors to understand
clients internal control system
Documents supporting managements
assessment as an audit evidence required
Authorization of transactions
Existence of transactions
Support for journal entries
Financial commitments made
Copyright 2014 South-Western/Cengage
Learning
3-69
Authorization of a transaction
Transaction trail
Tracing a transaction from its origination through to
its final disposition, or vice versa
3-70
3-71
3-72
3-73
3-74
Inquiry
Observation
Inspection of documentation making up transaction trail
Reperformance of controls
3-75
3-76
3-77
3-78
3-79
3-80
3-81
3-82