Chapter 7 - Auditing

Slide 7.
Internal Control and Control Risk

Principles of Auditing: An Introduction to
International Standards on Auditing - Ch. 7
Waqar Ali
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.2
A Birds Eye View
Slide 7.3
What does Internal Control

mean?
Slide 7.4
Internal Control
A process, effected by an entitys board of
directors, management and other personnel,
designed to provide reasonable assurance
regarding the achievement of objectives in the
following categories: effectiveness and efficiency
of operations, reliability of financial reporting,
compliance with applicable laws and regulations
and safeguarding of assets against
unauthorized acquisition, use or disposition.
Slide 7.5
Which of the categories of management control

objectives is the most important to:
The External Auditors?

Management?
Internal Auditors?
The shareholders?
Employees?
Slide 7.6
Management Control Objectives
Effective Operations / goal

safeguarding of assets (cash, accounts
receivable, accounting records)
Financial Reporting
Managements FS / true-fair
responsibility
The auditor is interested primarily in
financial reporting controls (especially
controls over transactions why?).
Compliance which laws?
Slide 7.7
Auditors Primary Control

Consideration and Emphasis
Evaluate the design and implementation of a
control.
The auditor's primary consideration:
whether / how, a specific control prevents, or
detects and corrects,
material misstatements in classes of
transactions, account balances or disclosures.
The heaviest emphasis by auditors is on
controls over classes of ___________ rather
than _______________________________.
Slide 7.8
Why do you think internal controls are

important to a business?
Slide 7.9
Because
Slide 7.10
Information Technology Controls -

General
Policies and procedures
Relate to many applications
Support their effective functioning
Examples?
Slide 7.11
IT Controls Application controls

Application controls - controls that apply to
applications that
_________________________ (such as MS
Office, SAP, QuickBooks), rather than the
computer system in general.
Examples?
Slide 7.12
IT Risks
Systems / Programs - inaccurately processing data,
processing inaccurate data
Unauthorized data access / privileges
Destruction of data or improper changes to and input of,
data
IT personnel gaining access privileges (segregation of
duties?)
Unauthorized changes to systems or programs
Failure to make necessary changes to systems or
programs.
Potential loss of data or inability to access data as
required
Slide 7.13
Components
of Internal
Control:
Top-Down
Or
Bottom-Up?
Illustration 7.1
Slide 7.14
Control Environment
Governance and management functions
Attitudes / awareness
Actions of those charged with
governance and management
Concerning the entitys _____________.
Slide 7.15
Cumulative Effect of Controls

Collective effect of various control
environment elements
Strengths in one of the elements might
mitigate weaknesses in another element.
Examples:
HR,
Audit Committee / Independence,
BoDs Earnings Management,
Function specific controls.
All the above: interplay
Slide 7.16
Elements Contributing to a Successful

Control Environment
Communication and enforcement of
integrity and ethical values;
Commitment to competence;
Participation by those charged with
governance - independence;
Management's philosophy and operating
style business risks;
Organizational structure;
Assignment of authority and responsibility;
and
Human resource policies and practices.
Slide 7.17
Integrity and Ethical Values and Commitment

to Competence
Ethics and those responsible for controls
Remove incentives / temptations that prompt
fraudulent or unethical behavior. How?
Companys control environment and culture
(quality / excellence / openness).
BoD expertise (functional experience)
Critical mass of non-executive directors
Why?
Slide 7.18
Managements Philosophy and Operating

Style and Organizational Structure
Management philosophy may create significant

risk. How?
Important organizational considerations:

Clarity of lines of authority;
Level at which policies are established;
Adherence to these policies;
Appropriateness of organizational structure for the
entity. (private equity example)
Slide 7.19
Risk Assessment
Management assesses risks to design
____________.
Auditors assess risks to decide
____________.
Managements effective risk assessment /
response; control risk? Auditor response?
Slide 7.20
Identify Risks
A technique to identify risks involves identifying
and prioritizing high risk activities (students to
pick a business):
1. identify the essential resources of the business
and determine which are most at risk;
2. identify possible liabilities which may arise;
3. review the risks that have arisen in the past;
4. consider any additional risks imposed by new
objectives or new external factors; and
5. seek to anticipate change by considering
problems and opportunities on a continuing
basis.
Slide 7.21
Information Systems, Communication, and

Related Business Processes
Every enterprise must
capture pertinent information (financial and
non-financial forms);
Role of ERPs
communicate to people who need it in a form
and time frame that allows them to perform
business functions.
Financial reporting / audit impact
Examples in Annual Report?
Examples in FSLIs?
Slide 7.22
Two Elements of Control

A policy is that a securities dealer retail branch
manager must monitor (conduct performance
reviews of) customer trades. Other e.g.?
A procedure to effect that policy would be a

review of daily reports of customer trade
activities with attention given to the nature and
volume of securities traded. Other e.g.?
Slide 7.23
Control Activities (Control Procedures)
Slide 7.24
Authorization
Proper Authorization
Appropriate delegation of authority
sets limits on what levels of risk are
acceptable e.g.?
General Controls
access to the computer system is
limited to people who have a right to
the information
back-up and recovery procedures
User ID and general system access
Slide 7.25
Performance
Reviews Independent checks on
performance
By a third party not directly
involved in the activity.
Variance Analysis / Budgetary
Control;
Operating or Financial to one
another;
Comparing internal data with
external sources of information;
Slide 7.26
Information Processing
Well-designed documents in a manual
system and preformatted input screens in a
CIS
Assets are properly controlled and all
transactions correctly recorded why?
Document prepared at the time a
transaction takes place why?
Document simple enough to be clearly
understood
Document designed for multiple use to
minimize the number of different forms
Document constructed in a manner that
encourages correct preparation
Slide 7.27
Information Processing: Application

Controls
Use of serial numbers on documents
and input transactions Audit
Relevance?
Checks, tickets, sales invoices,
purchase orders, stock certificates and
many other business papers
Systems manuals for computer
accounting software should provide
sufficient information to make the
accounting functions clear Navision
Passwords that allow only authorized
people admittance to the computer
software on line
Slide 7.28
Physical Controls
Physical controls are procedures

to ensure the physical security of
assets. Why?
Only individuals who are properly
authorized should be allowed
access to the companys assets.
PwC office / client side
Direct physical access to assets
may be controlled through
physical precautions
Slide 7.29
Segregation of Duties
Explain using a business example, any
audit cycle
Authorization
Recording
Custody
Slide 7.30
Monitoring of Controls
Design / Effectiveness
Ongoing monitoring information:
exception reporting on control
activities,
reports by government
regulators,
feedback from employees,
complaints from customers,
internal auditor reports.
Slide 7.31
Evaluation of Monitoring
Periodic comparisons - accounting
system with physical assets. Assertion?
Response to internal and external
auditor recommendations.
Extent to which training seminars,
planning sessions and other meetings
provide information on effective
operation of controls.
Effectiveness of internal audit activities
Extent to which personnel obtain
evidence on internal control function
Slide 7.32
Hard and Soft Control

Hard: Evident, formal and tangible controls,
e.g.?
Soft: are the intangible factors in an
organization that influence the behavior of
managers and employees. Culture Types?
Consider businesses in these industries:
Media
Financial Sector
Accounting Firms (PK, London, Australia)
Slide 7.33
Methods for Obtaining Controls Audit Evidence

Walkthroughs
Relevant Controls Discussion in light of
cycles/FSLIs; illustrate using examples:
(1) Inquiry
(2) Observation
(3) Re-performance
(3) Inspection
(4) Tracing transactions through the
information system

Chapter 7 - Auditing

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Chapter 7 - Auditing

Diunggah oleh

Hak Cipta:

Format Tersedia

Slide 7.

Internal Control and Control Risk

A Birds Eye View

What does Internal Control

Which of the categories of management control

The External Auditors?

Management Control Objectives

Effective Operations / goal

Compliance which laws?

Auditors Primary Control

Why do you think internal controls are

Information Technology Controls -

IT Controls Application controls

Cumulative Effect of Controls

Elements Contributing to a Successful

Integrity and Ethical Values and Commitment

Managements Philosophy and Operating

Management philosophy may create significant

Important organizational considerations:

Information Systems, Communication, and

Two Elements of Control

A procedure to effect that policy would be a

Control Activities (Control Procedures)

Information Processing: Application

Physical controls are procedures

Hard and Soft Control

Methods for Obtaining Controls Audit Evidence

Anda mungkin juga menyukai