Professional Documents
Culture Documents
Unit 4 Internal Control
Unit 4 Internal Control
Unit 4 Internal Control
What are the risk, how has management responded to the risk, what types of control are in place
and how are auditors responding to the risk
Business risks are risks that would prevent an entity from achieving its objectives or executing its
strategies.
Some risks of material misstatement that management has determined to be acceptable and has not
designed and implemented any controls in response to these risks. Effectiveness of internal controls
can be impacted by human error, control overriding by management, collusions by many people.
Thus, auditor always have to perform some substantive audit procedures.
5 components of an entity’s internal control
ISA 315: Control environment, risk assessment process, Information system, including the related
business processes relevant to fin reporting and communication, control activities and monitoring of
controls.
Entity level controls: controls relating to the control environment, risk assessment process,
communication and monitoring of controls.
In meeting the requirements of ISA 315, ISA 240 and ISA 550 related to understanding the control
environment, auditor must know about the controls of related party transaction, and significant
transaction outside the course of business.
Auditor must understand IT policies and procedures, software, strategy and budget.
How transactions are initiated, authorized, recorded, processed, corrected where necessary,
transferred and reconciled to GL, and reported to fin statement.
Auditor may perform a walkthrough to test the above control.
Segregation of duties involves the following components of a transaction being allocated to different
employees: Authorization, custody of the Asset, Recording the trans into accounting system and
reconciliation by using access right.
Details of the transaction, documents reviewed, relevant IT application used, date of the
walkthrough, and details of the entity’s personnel the auditor has spoken to.
Understanding control attributes
Risk of control is low when: controls are effectively designed and implemented, thus can place
reliance on the operating effectiveness of controls.
Factors of control
How to control:
Control Evaluation
Control based audit approach over payroll since relevant controls have been designed effectively
and implemented by the company for the year and conduct 100% substantive audit approach over
the fin year close process. For control testing, the team needs to select the minimum number of
controls necessary to address all the identified risks in the payroll process (key controls in the
process).
If the control is part of another process, does not need to be tested.
Also need to consider if the selected for testing control will depend on other controls:
Control is effectively designed when its design achieves its objective to prevent, detect and correct a
material misstatement.