Professional Documents
Culture Documents
Chapter 11
Chapter 11
Chapter 11
- One of the most widely accepted concepts in the theory and practice of auditing is the
importance of the client system of internal control to generate reliable financial information.
- If the auditor is convinced that the client has an excellent system of internal control, one that
includes adequate internal controls for providing reliable data and for safeguarding assets and
records, the amount of audit evidence to be accumulated can be significantly less than when
controls are not adequate.
- In some instances, internal control may be so inadequate as to preclude conducting an effective
audit.
- PSA 315 (Clarified) paragraph 4 (c) defines internal control as the process designed and effected
by those charged with governance, management, other personnel to provide reasonable
assurance about the achievement of the entity objective with regard to reliability of financial
reporting, effectiveness and efficiency of operations and compliance with applicable laws and
regulations.
- It follows that internal control is designed and implemented to address identified business risks
that threaten the achievement of any of these objectives.
- Those objectives fall into three categories:
Reliability of the entity financial reporting
Effectiveness and efficiency of operations
Compliance with applicable laws and regulations
- Whether an entity achieves its objectives relating to financial reporting and compliance is
determined by activities within the entity control.
- However, achieving its objective relating to operations will depend not only on management
decisions but also on competitor actions and other factors outside the entity.
- Means all the policies and procedures (internal control) adopted by the management of an
entity to assist in achieving managements objective of ensuring, as far as practicable, the orderly
and efficient conduct of its business, including adherence to management policies, the
safeguarding of assets, the prevention and detection of fraud and error, the accuracy and
completeness of the accounting records and the timely preparation of reliable financial
information.
- Internal Control structures vary significant from one company to the next factors such as size of
the business, nature of operations, the geographical dispersion of its activities, and objectives of
the organization affect the specific control features of an organization.
- However certain elements or features must be present to have a satisfactory system of control
in almost any large scale organization.
The internal control system extends beyond these matters which relate directly to the functions of the
accounting system and consists of the following components:
a. Control environment
b. Entity risk assessment process
c. Information system, including the related business processes, relevant to financial reporting and
communication.
d. Control activities
e. Monitoring of controls
In 2013, COSO issued the guidance that identifies the five components that support an organization in
achieving its objectives.
Figure 11-2 shows the five components and the principles representative of the fundamental concepts
associated with the components.
Figure 11-2 Five Concepts and the Principles Representative of the Fundamental Concepts Associated
with the Component
A. Control Environment
- Means the overall attitude, awareness and actions of directions and management regarding the
internal control system and its importance in the entity.
- The control environment has an effect on the effectiveness of the specific control procedures.
- A strong control environment, example on with tight budgetary controls and an effective
internal audit function, can significantly complement specific control procedures.
- However, a strong environment does not by itself, ensure the effectiveness of the internal
control system
- Factors reflected the control environment include:
The function of the board of directors and its committees.
Management philosophy and operating style
The entity organization structure and methods of assigning authority and responsibility.
The environment in which internal control operates has an impact on the effectiveness of the specific
control procedures. Several factors comprise the control environment, including:
- Auditor should obtain an understanding of the accounting and internal control systems
sufficient to plan the, audit and develop and effective audit approach.
- The auditor should use professional judgement to assess audit risk and to design audit
procedures to ensure it is reducing to an acceptably low level.
- The auditor understanding of their clients internal control provides therefore a basis both to (1)
plan the audit, and assess control risk.
Figure 11-2 presents a summary of how an auditor considers internal control in planning an audit.
In assessing control risk, and auditor must consider the design of controls, whether they have been
placed in operation and if they are in use their effectiveness.
a. To assess control risk below maximum, an auditor should identify, relevant to each assertion, the
specific controls that are likely to prevent or detect material misstatement in those assertions.
b. To evaluate the effectiveness of controls that have been places in operation, the auditor
performs tests to determine that they are being applied. This is not required in obtaining an
understanding of internal control to plan an audit.
Document of Understanding
- The auditor should document the understanding of the entity internal control structure
elements obtained to plan the audit.
- The form and extent of this documentation is influenced by the size and complexity of the
entity, as well as the nature of the entity internal control structure.
- Example, documentation of the understanding of the internal control structure of a large
complex entity may include flowcharts, questionnaires, or decision tables.
- Small entity however, documentation in the form of a memorandum may be sufficient.
- Generally the more complex the internal control structure and the more extensive the
procedures performed, the more extensive the auditors documentation should be.
In completing the internal control questionnaire, the auditor should consider the following critical
aspects:
Advantages
1. They provide audit assurance that attention is given to presence or absence of all controls listed
and that certain features of the system are not overlooked.
2. They provide a means of obtaining uniform documentation of internal control system reviewed.
3. They provide inexperienced audit staff members with the guidance in performing internal
control reviews.
4. They facilitate the early detection of potential weaknesses in the system.
Disadvantages
1. Auditor may view the questionnaire device for accomplishing an automatic evaluation of
internal control.
2. Controls listed on questionnaires may not suit the particular circumstances of a specific audit.
3. The auditor may overlook pertinent control not included in the questionnaires.
2. Flowcharts
- Symbolic diagram of a specific part of an internal accounting control system indicating the
sequential flow of data and or authority.
- An internal control flowchart uses standardized symbols, interconnecting lines, and annotations
to represent information, documents and document flow.
- It provides a pictorial overview of a client internal control activities.
- It illustrated the interaction of individual, records and controls related to a particular
department or class of transactions.
- Internal control flowcharts generally reflect the segregation of duties by using a column across
the top to reflect different departments and the how documents from the left to right.
- A properly prepared flowchart should reflect all operations movement, delays and filing
procedures associated with whatever is being charted and should also indicate the conversion of
source document into accounting information, example, ledger, journal or computer generated
documents.
Flowcharts have several advantages over other methods of documentation:
1. Higher level of knowledge and training are require to prepare a good flowchart of a complex
system.
2. Flowcharts take more time to prepare and require more knowledge.
3. It is more difficult to spot internal control weaknesses.
- General rule, flowcharts are prepared to be read from the upper left-hand comer of a page to
the bottom right hand comer.
- The flow of information across and downward should be self-explanatory and should indicate
the source and final disposition pf each item.
- Subroutine or secondary information should be recorded on supplementary or supporting
flowcharts to avoid cluttered presentation.
A primary purpose of the internal control flowchart is to communicate effectively. The following
techniques should assist in meeting this goal:
Standardized Symbols. Auditors use a uniform set of symbols developed by the American
National Standards Institution (ANSI).
Flowlines. The flow of documents should be from top to bottom and left to right. Arrowheads
may be used on all lines and should be used when the flow is not standard or is bi-directional.
Documents. When a document is created its source should be indicated. Multiple document
symbols are required when multiple copies of the document are prepared. This disposition of
every copy of each document should be shown.
Processing. Processing symbols are used to identify any procedures applied to documents such
as their being filed.
Annotations. Comments and explanations should be used to make the flowchart easier to
understand or more complete.
Flowchart is an art, and therefore, different individuals may prepare different flowcharts for any given
situation. The critical factor is that flowchart should clearly represent a system. The following guidelines
may be useful in preparing a flowchart:
3. Narrative Description
- Narrative is a written description of a particular or phases or a control system.
- Although useful for describing simple systems, narrative may be adequate when a system is
complicated or frequently revised.
- If the system are extensive and or complex, separate narratives may be prepared for smaller
groups of controls which relate to specific classes of transactions or accounts.
- Some auditors prepare narrative descriptions to accompany internal control questionnaire or
flowcharts in order to provide information not otherwise included.
Figure 11-5 Is an example of a written narrative, describing a segment of a sales accounting system.
Advantages
Disadvatages
1. Auditor may not have the ability to describe the system correctly and concisely.
2. This may require more time and careful study.
3. Auditor may overlook important portions of internal control system.
4. A poorly written internal accounting control narrative can lead to a misunderstanding of the
system thus resulting in the improper design and application of compliance tests.
4.. Internal Control Checklist
- This contains a detailed enumeration of the methods and practices which characterize good
internal control or of item to be considered in reviewing internal control.
- The checklist basically provides only a guide to review the internal control of the auditee and
does not represent a record of the auditor findings.
- In most cases therefore, this tool is used together with the narrative approach.
5. Decision Tables
- the system is depicted as decision points
- Advantages and disadvantages are similar to those of the flowchart approach.
- The primary reason for studying and evaluating internal control is to provide a basis for relying
upon the system and for determining the extent of year end substantive tests to be performed.
- There is an inverse relationship between the effectiveness of internal control and the extent of
detailed audit procedures; more effective systems require less detailed testing.
- Strengths and weaknesses identified during the evaluation of internal accounting control and
tests of compliance will affect the nature, timing and extent of audit procedures.
- It should be remembered that the purpose of an audit engagement is to determine whether the
fs are fairly presented in accordance with financial reporting standards.
- The audit is not specifically designed to search for errors or irregularities, although during the
study and evaluation of internal accounting control system and the performance of substantive
tests, errors or irregularities may be discovered.
- The auditor must consider the audit implication when errors or irregularities are likely to exist.
- Initially, discussion with management personnel may be made.
- If its appears that material errors and irregularities could occur, this fact must be communicated
to the board of directors.
- Furthermore, if additional evidence indicates that theme are irregularities which may materially
affect the fs, it may be appropriate for the auditor to:
1) Qualify his opinion or disclaim an opinion based on an uncertainty conditions.
2) Considers withdrawing from the engagement and notifying the board of directors in writing
the reason for the withdrawals.
- As result of obtaining and understanding of the accounting and internal control systems and test
of control, the auditor may become aware of weaknesses in the system.
- The auditor should make management aware, as soon as practical and at an appropriate level of
responsibility, of material weaknesses in the design or operation of the accounting and internal
control system, which have come to the auditor’s attention.
- The communication to management of material weaknesses would ordinarily be in writing.
- However, if the auditor judges that oral communication is appropriate, such communication
would be documented in the audit working papers.
- It is important to indicate in the communication that only weaknesses which have come to the
auditors attention as a result of the audit have been reported and that the examination has not
been designed to determine the adequacy of internal control for management purposes.
- The auditor purpose of evaluating the prescribed control procedures is to plan substantial tests
that will be effective in detecting the types of errors or irregularities that are possible in the
circumstances.
- However, this information may also be used by auditors as a basis for making constructive
suggestions to clients concerning improvements in internal control.
- Management letter may be made that will contain constructive suggestions or improvements in
internal control or other suggestion for increased efficiency in operations.
- This letter is considered a by product rather than the aim of the audit and is often completed
sometime after the completion of field work.
- The auditor identifies material weaknesses; he has a professional responsibility to communicate
them to both senior management and the board of directors.
- Auditor should issue a written report at the earliest possible that it is documented in the work
papers.
- Auditing standards identify conditions that an auditor may find during an audit that must be
reported to the audit committee or its equivalent.
Reportable Conditions
- Specifically, these are matters coming to the auditors attention that, in his judgement should be
communicated to the audit committee because they represents significant deficiencies in the
design or operation of the internal control structure, which could adversely affect the
organization ability to record, process, summarize and report financial data consistent with the
assertion of management in the fs.
Others
- Conditions noted by the auditor that are considered reportable under this section or that are
the result of agreement with the client should be reported, preferably in writing if information is
communicated orally, the auditor should document the communication by appropriate
memoranda or notations in the working papers.
- The report should state that the communication is intended solely for the information and the
use of the audit committee, management and others within the organization.
- When there are requirements established by governmental authorities to furnish such reports,
specific reference to such regulatory authorities may be made.
Indicate that the purpose of the audit was to report on the fs and not to provide assurance on
the internal control structure.
Include the definition or reportable conditions
Include the restriction on distribution as discussed in the previous paragraph.
If the reportable condition is of such magnitude as to be a material weakness, the report can identify it
separately as a material weakness.
- If no reportable conditions are found, an auditor may not issue a letter stating that.
- Such a letter may mislead users by implying a greater level of assurance about the lack of any
significant deficiencies than the auditor could really provide.
- An auditor may issue a letter indicating that no material weaknesses were found during the
course of an audit.
- Many auditors write management letter to clients.
- Not required by auditing standards, such letter contain suggestions for improving operations
and internal control.
- Internal control matters covered may include reportable conditions that have been
communicated to the audit committee as well as matters not significant enough to be included
in the letter on reportable conditions.