Professional Documents
Culture Documents
Evaluating The Design and Effectiveness of Internal Control
Evaluating The Design and Effectiveness of Internal Control
DESIGN AND
EFFECTIVENESS OF
INTERNAL CONTROL
2
Internal auditing follows a structured, logical, and
organized series of steps and procedures. The audit
process is primarily an evidence-gathering process.
3
PLANNING
• Most important part of the audit
• Entails familiarization with the
objectives, processes, risks and
controls of the auditee and
activity to be audited, and
developing a strategy and
approach in conducting the
audit
• Involves the listing down of
audit activities per audit
engagement
4
Conducting the
Internal Audit Chief audit executive must
establish a risk-based
plan, consistent with the
organization’s goal.
5
Internal auditor must assess
the risks faced and not
detected by the organization.
PREPARING This is called audit risks.
THE RISK-
BASED PLAN Audit risks = Inherent risk x
Control risk x Detection Risk
(AICPA Audit Risk Model )
6
PLANNING
• Internal auditor conduct
preliminary survey to accumulate
relevant information about the
operation to be audited:
objectives, people, processes and
systems.
He can either:
Review previous audits and other
helpful information
Conduct interviews and
walkthroughs
7
ASSESSING
CONTROL RISK
• Auditor must consider
design of controls, if
placed and used, assess
their effectiveness.
• Design refers to the
controls that have been
established, and
effectiveness refers to
how controls function.
8
Risk Control
Matrix
• Tool to help ensure
that internal auditors
adequately account for
risk at the engagement
level and ensure that
all significant risks
identified are
addressed in
subsequent fieldwork.
9
GATHERING
AND
EVALUATING
AUDIT
EVIDENCE
10
AUDIT EVIDENCE
• necessary to support
auditor’s conclusion as to
effectiveness of internal
control.
11
SUFFICIENT VS RELIABLE INFORMATION
• is the best attainable information
SUFFICIENT INFORMATION • Reliability and relevance measure the
quality (appropriateness) of audit
evidence in providing support for the
• is factual, adequate and conclusions on which the auditor’s
convincing. opinion is based.
• Sufficiency is the measure of • The higher the quality, the less
the quantity of audit evidence. evidence may be required.
• The higher the assessed risks,
the more audit evidence is RELIABLE INFORMATION
likely to be required.
12
RELIABLE INFORMATION
13
AUDIT EVIDENCE IS OBTAINED BY
PERFORMING AUDIT PROCEDURES:
Analytical External
Inspection Inquiry
procedures confirmation
9
• Evaluations of financial information
ANALYTICAL made by a study of plausible
PROCEDURES relationships among both financial and
nonfinancial data.
15
CONFIRMATION
• Direct written response to the
auditor from a third party.
Two types:
Positive confirmation – asks the
respondent to reply in all cases either
by indicating agreement or asking the
respondent to fill in information
Negative confirmation – asks the
respondent to reply only in the event
of disagreement with the information
provided in the request.
16
INSPECTION
• Examining records or
documents, internal or
external, in paper or
electronic form, or other
media or physical
examination of asset.
17
INQUIRY
• Seeking of information
of knowledgeable
persons, both financial
and nonfinancial, within
or outside the entity.
• Used extensively
throughout the audit in
addition to other audit
procedures.
18
OBSERVATION
• Looking at a process or
procedure being
performed by others.
• Provides evidence
about performance of
a process but is limited
to the point in time at
which observation
takes place.
19
REPERFORMANCE
• Auditor’s independent
execution of
procedures or controls
that were originally
performed as part of
the entity’s internal
control.
20
RECALCULATION
• Checking the
mathematical accuracy
of documents or
records.
• May be performed
manually or
electronically.
21
AUDIT SAMPLING
• Audit sampling is the
application of an audit
procedure to less than 100
percent of the items within an
account balance or class of
transactions for the purpose of
evaluating some characteristic
of the balance or class
22
TWO GENERAL
APPROACHES TO
AUDIT SAMPLING
• Statistical – produce a scientifically
random sample with test result that
can be quantified in terms of a
confidence level and precision.
• CHARACTERISTICS:
Random selection of the
sample items
The use of probability theory
• Nonstatistical – the decision to select
specific items from a population.
23
SAMPLE SIZE
• Sample size is determined based on the following factors:
Confidence level
Tolerable deviation rate (TDR)
Expected population deviation rate (EPDR)
• Important notes:
25
Random Sampling
26
SYSTEMATIC SELECTION/
INTERVAL SAMPLING
27
STRATIFIED RANDOM
SAMPLING
• If the population is
heterogenous, an
auditor may subdivide it
into more coherent
units, subpopulations or
strata before selecting
random samples from
each unit.
28
CLUSTER SAMPLING
• Clusters already exits,
auditor does not
select the
characteristics for
grouping them.
• The auditor selects
cluster to test and
then decide to sample
items in a cluster or
test them all.
29
HAPHAZARD SAMPLING
30
STOP-AND-GO SAMPLING
• When the auditor expects relatively error-free
population, he may begin testing with a small sample.
• If the sample demonstrates the anticipated low error
rate, the auditor may choose to stop sampling,
otherwise, he will go ahead with further sampling to
full scale statistical sampling.
31
DISCOVERY SAMPLING
32
EVALUATION
• Involves comparing the upper
deviation rate and tolerable rate of
deviation and evaluate the
effectiveness of a control accordingly.
• The upper deviation rate is the sum of
the sample deviation rate and the
allowance for sampling risk.
• If the upper deviation rate is equal or
less than the tolerable deviation rate
= control is effective. Otherwise, not
effective.
33
REPORTING
34
THANK YOU!
berlynsalado@gmail.com