Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 3 - Internal Control

    Uploaded by

    My Dg
    21 views20 pages
    The document discusses internal control, including its definition, objectives, and components. It defines internal control as a process effected by management and other personnel designed to provide reasonable assurance of achieving objectives related to operations, reporting, and compliance. The five components of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring activities. The control environment is the foundation and includes factors such as integrity, ethical values, management oversight, accountability, and establishing structure.

    Original Description:

    Chapter 3_Internal control

    Original Title

    Chapter 3_Internal control

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses internal control, including its definition, objectives, and components. It defines internal control as a process effected by management and other personnel designed to provide reasonable assurance of achieving objectives related to operations, reporting, and compliance. The five components of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring activities. The control environment is the foundation and includes factors such as integrity, ethical values, management oversight, accountability, and establishing structure.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    21 views20 pages

    Chapter 3 - Internal Control

    Uploaded by

    My Dg
    The document discusses internal control, including its definition, objectives, and components. It defines internal control as a process effected by management and other personnel designed to provide reasonable assurance of achieving objectives related to operations, reporting, and compliance. The five components of internal control are the control environment, risk assessment, control activities, information and communication, and monitoring activities. The control environment is the foundation and includes factors such as integrity, ethical values, management oversight, accountability, and establishing structure.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 20

    8/28/2020

    INTERNAL CONTROL
    CHAPTER 3

    Auditing Department – School of Accounting - UEH

    Prescribed textbook
    AUDITING & ASSURANCE SERVICES IN AUSTRALIA 7TH -
    Grant Gay& Roger Simnett
    Chapter 7, 8
    KIỂM TOÁN (2017), 7th - Bộ môn Kiểm toán
    Chương 2

    Auditing Department - School of


    2
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 1
    8/28/2020

    Relevant guidance

    ISA/VSA 315 Identifying and Assessing the Risks of Material


    Misstatement through Understanding the
    Entity and Its Environment

    ISA/VSA 330 The Auditor’s Responses to Assessed Risks

    COSO 2013 Internal control – Integrated Framework

    Auditing Department - School of


    3
    Accounting - UEH

    LEARNING OBJECTIVES

    1. Define internal control and describe its general


    objectives
    2. Identify and define each of the components of
    internal control
    3. Identify the steps in a Financial Statement audit by
    which the auditor obtains an understanding of
    internal control and assessed control risk, and the
    methods and procedures used by the auditor in
    each step

    Auditing Department - School of


    4
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 2
    8/28/2020

    CONTENT

    1. Internal control: definition, objectives, components


    and limitations
    2. Auditor’s consideration of internal control in a
    Financial Statement audit, including undertaking
    test of controls

    Auditing Department - School of


    5
    Accounting - UEH

    WHAT IS INTERNAL CONTROL?

    AIMS AT
    • Reliability of financial statements.
    • Compliance with laws and regulations
    • Effectiveness and Efficiency of operations.

    We need to put in place the


    procedures, policies and
    standards to manage those
    Auditing Department - School of
    Accountingrisks!
    6
    - UEH

    Auditing Division - School of Accounting -


    UEH 3
    8/28/2020

    INTERNAL CONTROL is defined as:

    A process,

    effected by an entity’s management, board of


    directors and other personnel ,

    designed to provide reasonable assurance

    regarding the achievement of the entity’s


    objectives related to:

    Operations Reporting Compliance


    • Effectiveness and • Reliability of internal • Compliance with
    Efficiency of operations and external, financial applicable laws and
    and non-financial regulations
    reports
    Auditing Department - School of
    7
    Accounting - UEH

    DEFINITION OF INTERNAL CONTROL


    PROCESS
    Board of
    Directors Operations

    Internal
    Management Reporting
    control

    Other
    Compliance OBJECTIVES
    PEOPLE personel
    REASONABLE
    ASSURANCE

    Auditing Department - School of


    8
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 4
    8/28/2020

    COMPONENTS OF INTERNAL CONTROL

    Auditing Department - School of


    9
    Accounting - UEH

    COMPONENTS OF INTERNAL CONTROL

    1
    • Control environment

    2
    • Risk Assessment

    3
    • Control Activities

    4
    • Information & Communication

    5
    • Monitoring Activities
    Auditing Department - School of
    10
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 5
    8/28/2020

    CONTROL ENVIRONMENT

    • The foundation for the other internal control


    components.
    • Defined by the standards, processes, and structures
    that guided individuals in carrying their duties.

    Auditing Department - School of


    11
    Accounting - UEH

    CONTROL ENVIRONMENT:
    1. Demonstrate Commitment to
    Integrity and ethical values

    5. Enforces
    accountability
    2. Exercises
    oversight
    responsibility
    CONTROL
    ENVIRONMENT

    4. Demonstrates 3. Establishes
    commitment to structure,
    competence authority and
    responsibility

    Auditing Department - School of


    12
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 6
    8/28/2020

    RISK ASSESSMENT
    Management’s process for identifying, analyzing and
    responding to a variety of risks from external and
    internal sources threatening an entity’s ability to
    meet its objectives

    Auditing Department - School of


    13
    Accounting - UEH

    RISK ASSESSMENT

    • Specifies suitable objectives


    • Identifies and analyzes risk
    • Assesses fraud risk
    • Identifies and analyzes significant change

    Auditing Department - School of


    14
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 7
    8/28/2020

    RISK ASSESSMENT
    Objectives

    Risk response

    Risk assessment

    Auditing Department - School of


    15
    Accounting - UEH

    RISK ASSESSMENT
    Investors
    Regulatory framework
    Competitors

    Suppliers Customers

    Employees
    Government

    Associates
    Auditing Department - School of
    16
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 8
    8/28/2020

    Risks related to financial reporting objective


    Financial statement Risk
    RISKs?  The assets do not exist at a
    given date.
     The assets do not belong to the
    entity.
     The assets and liabilities are
    not recorded at the appropriate
    value.
     The revenues and expenses are
    not fully recorded.
     Financial information is not
    presented and disclosed
    properly.
    Auditing Department - School of
    17
    …… Accounting - UEH

    CONTROL ACTIVIES

    • The actions established through policies and


    procedures that help ensure that management’s
    directives to mitigate risks to the achievement of
    objectives are carried out.
    • Be performed at all levels of the entity, at various
    stages within business processes, and over the
    technology environment
    • Include preventive and detective controls

    Auditing Department - School of


    18
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 9
    8/28/2020

    CONTROL ACTIVIES

    • Encompass a range of manual and automated


    activities such as:
    1. Segregation of duties
    2. Authorizations and approvals
    3. Verifications
    4. Physical controls
    5. Controls over standing data
    6. Reconciliations
    7. Supervisory controls

    Auditing Department - School of


    19
    Accounting - UEH

    Segregation of duties

    • Dividing or allocating tasks among various individuals


    making it possible to reduce the risks of error and fraud.
    • Contains four components
    – Custody
    – Authorization
    – Record Keeping
    – Reconciliation

    Auditing Department - School of


    20
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 10
    8/28/2020

    Authorizations and approval


    • Authorization and approval are control activities that
    mitigate the risk of inappropriate transactions.

    • Authorization is the power • Approval is the confirmation


    granted to an employee to or sanction of employee
    perform a task. decisions, events or
    transactions, based on an
    independent review.

    Auditing Department - School of


    21
    Accounting - UEH

    Physical controls

    Physical access restricted

    Physical counts

    Installation of cameras,
    sensors, alarm system, …

    Information protection

    Auditing Department - School of


    22
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 11
    8/28/2020

    INFORMATION AND COMMUNICATION

    • Information is needed at all levels of an entity to


    carry out internal control responsibilities to support
    the achievement of its objectives.
    • Communication is the continual,
    iterative process of providing,
    sharing, and obtaining necessary
    information.

    Auditing Department - School of


    23
    Accounting - UEH

    MONITORING ACTIVITIES

    • Monitoring of controls is the process to assess the


    quality of internal control performance
    over time. Is controls in place in
    • There are ongoing and separate our companies really
    effective ?
    monitoring

    Auditing Department - School of


    24
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 12
    8/28/2020

    LIMITATIONS OF INTERNAL CONTROL


    There are some limitations inherent in all
    control systems  reasonable assurance
    • Faulty judgment in decision making
    • Collusion
    • Errors or mistakes
    • Non-routine transactions
    Can we overcome?
    • Management override of the control
    • Cost-benefit analysis

    Auditing Department - School of


    25
    Accounting - UEH

    AUDITOR’S CONSIDERATION OF INTERNAL


    CONTROL IN A FINANCIAL STATEMENT AUDIT
    Uh… It’s the basis of our
    Why do you need to
    preliminary assessment of
    obtain an understanding
    control risk and an evaluation of
    of our company’s internal
    the extent to which controls may
    control ?
    be relied on to assure the
    accuracy and reliability of
    accounting records.

    Auditing Department - School of


    26
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 13
    8/28/2020

    Steps in the auditor’s consideration of


    internal control (IC)

    Auditing Department - School of


    27
    Accounting - UEH

    Obtain an understanding of IC

    Make preliminary assessment


    of control riks

    No Yes
    Is control risk assessed as
    HIGH?

    Perform tests of controls


    Yes
    Any deviations found indicating Yes Any compensating controls?
    less reliance can be place on IC? No
    No Increase assessed level of
    Perform planned substantive control riks
    procedures
    Perform planned and
    additional substantive
    Auditing Department - School of
    Accounting - UEH
    procedures 28

    Auditing Division - School of Accounting -


    UEH 14
    8/28/2020

    Step 1: Understanding Internal control


    WHAT:
    • Obtain an understanding of all 5 components of IC
    • Consider internal control for each business process

    HOW:
    • Inspect documented policies and procedures
    • Observe entity activities and operations
    • Make inquiries of key management personnel
    • Review the previous years’ audit files

    Auditing Department - School of


    29
    Accounting - UEH

    Documenting the understanding


    Questionnaires Flowcharts
    Narratives
    or checklists

    Walk-through
    Auditing Department - School of
    30
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 15
    8/28/2020

    Auditing Department - School of


    31
    Accounting - UEH

    Step 2: Assessing control risk

    Control risk will be assessed as high when:


    • Entity does not have internal controls High or less
    that relate to specific assertion;
    • Testing of internal controls is likely to than high?
    indicate internal controls are weak; or
    • Testing of internal controls is not the
    most efficient method of obtaining
    audit evidence.

    Auditing Department - School of


    32
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 16
    8/28/2020

    Step 2: Assessing control risk

    1. Identify types of potential misstatements in a


    transaction class, account balance or disclosure for
    each assertion
    2. Consider whether any controls is designed and
    effectively operating to prevent, mitigate or detect
    such misstatements
    3. Assess the level of control risk for that assertion

    Auditing Department - School of


    33
    Accounting - UEH

    Step 3: Performing tests of controls

    • Provide auditor with evidence to support their


    assessment of control risk. When control risk assessed
    at less than high, necessary to gather evidence that
    controls are working.
     performing tests of control to obtain sufficient
    appropriate audit evidence as to the operating
    effectiveness of relevant controls

    Auditing Department - School of


    34
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 17
    8/28/2020

    Step 3: Performing tests of controls

    WHEN: HOW:
    • Control risk assessed at • Inquiry
    less than high and cost
    effective; or • Inspection
    • Substantive procedures • Observation
    alone cannot provide • Reperformance
    sufficient appropriate
    audit evidence at the
    assertion level

    Auditing Department - School of


    35
    Accounting - UEH

    Example of linking objectives to control


    policies and tests of controls for sales
    Special control objectives Common control policies Tests of controls
    and assertions and procedures

    • All sales recorded are “real” • Policy of authorisation of • Select a sample of sales
    transactions for credit and terms transactions from sales
    merchandise actually • Evidence to quantities journal (daily activity
    shipped to customers shipped reconciled to report), check for
    (Occurrence assertion) quantities invoiced appropriate authorisation
    • Monthly statements mailed and trace to shipping
    to customers and queries document file
    followed up • Inspect reconciliation of
    shipments to invoices
    • Observe mailing of
    monthly statements, and
    inquiry about the follow-up
    actions

    Auditing Department - School of Accounting - UEH 36

    Auditing Division - School of Accounting -


    UEH 18
    8/28/2020

    Step 4: Performing substantive procedures


    • Substantive procedures/tests are used to provide
    reasonable assurance of validity and propriety of financial
    report or identify monetary misstatements and thus reduce
    detection risk of auditor.
    •There are two types of substantive procedures
    • Analytical procedures
    • Tests of details of balances and transactions

    Auditing Department - School of


    37
    Accounting - UEH

    Distinguishing tests of controls from substantive


    tests
    Tests of controls Substantive tests
    • Provide evidence on the • Provide evidence on
    operating effectiveness of material misstatements (if
    the controls that the auditor any) in account balances,
    plans to rely on transactions classes and
    disclosures

    Auditing Department - School of


    38
    Accounting - UEH

    Auditing Division - School of Accounting -


    UEH 19
    8/28/2020

    Auditing Division - School of Accounting -


    UEH 20

    You might also like