Professional Documents
Culture Documents
Topic 3 - Internal Control System
Topic 3 - Internal Control System
Topic 3 - Internal Control System
3.1. Management responsibility for internal control v Inherent limitations arise because of:
3.2. Audit strategy and internal control o Control breakdowns as a result of the actions of careless, fatigued
(tiredness) or deviant (abnormal) staff.
3.3. Steps of Internal Control Evaluation by Auditors o The possibility of management override.
o Collusion: secret or illegal cooperation of employees.
o Faulty judgment in decision making.
o The existence of non-routine transactions for which internal controls were
not devised (designed).
2 o Cost-benefit analysis. 4
Review: Why Reasonable Assurance? 3.2. Audit strategy and internal control
Inherent limitations … v Auditor: The risk of material misstatement at the financial report level is
affected by auditor’s understanding of the control environment (ISA 315).
Breakdowns à errors vs mistakes
Cost-benefit analysis 5 7
6 8
3.3. Considering internal Step 1: Obtain the understandings of internal control (IC)
control in a financial report
audit
v For every audit è An auditor must What? How to understand?
obtain sufficient understanding of
internal control to plan the audit and v Understandings of all 5 v An auditor gains an understanding of the control
determine tests to be performed. components of IC environment by:
v Consider internal control for each
business process o Making inquiries of key management personnel
è Steps of Internal Control Evaluation by Auditors (phỏng vấn)
(Figure 1) How to o Inspecting documented policies and
document? procedures (thu thập và nghiên cứu tài liệu)
o Observing activities and operations (quan sát)
1. Obtain the o IC questionnaires and checklists. o Considering past experience with the client
understandings of o Narrative memoranda — written (kinh nghiệm kiểm toán trước đây)
internal control (IC) description of IC policies & procedures.
9 o Flowcharts. 11
3. Performing
Tests of
controls
4. Performing
Substantive
procedures
(Figure 1 (cont.)
Walk-through
10 12
Example:
Typical (1) Assessment of control risk as HIGH
credit sales
flowchart
HIGH control risk
v The auditor may assess control risk as high because the
entity’s internal control policies and procedures in the area:
When? How to perform TOCs? Special control Common control Tests of controls
objectives policies and
procedures
o CR is assessed “at less è Method used by auditor is dependent on whether a
than a high” documentary audit trail (dấu vết) exists. • Occurrence — all • Policy of authorisation • Select sample of sales
o Substantive procedures sales recorded are of credit and terms transactions from
alone is not sufficient If audit trail does exist: bona fide (actual) sales journal (daily
• Evidence of quantities
transactions for shipped reconciled to activity report), check
o Inspect documentation (kiểm tra tài liệu) associated
merchandise actually quantities invoiced for authorisation and
with the transaction for evidence of the control.
shipped trace to shipping
• Monthly statements
Where no audit trail exists: to customers. document file
mailed to customers
and queries followed • Inspect reconciliation
o Observation (quan sát)
up of shipments to
o Inquiry of the control (phỏng vấn)
o Re-performance (thực hiện lại) 17
invoices 19
Eg. 1: Control objectives for sales system – Occurrence — recorded cash receipts are for collection of receivables
è Controls are in place to ensure that: resulting from sales to customers of the entity.
– Occurrence — all sales recorded are bona fide transactions for merchandise – Completeness — all cash receipts are recorded and deposited.
actually shipped to customers. – Accuracy — cash receipts have been recorded correctly as to amount.
– Completeness — all sales shipped are invoiced – Cut-off — cash receipts have been recorded in correct period.
and recorded in accounting records.
– Classification — cash receipts are classified in accordance with
– Accuracy — invoices have been recorded correctly company policy.
as to amount and summarised correctly.
– Cut-off — invoices have been recorded in correct period.
– Classification — sales classified in accordance with written policies.
18 20
Example of linking control objectives Group discussions:
to control policies to tests of controls: cash receipts
• Occurrence — recorded • Cash receipts matched • Select a sample of 2. Please differentiate Tests of controls and Substantive Tests
cash receipts are for to specific sales entries in cash receipts Give examples.
collection of receivables invoices in posting to journal and review
resulting from sales to accounts receivable evidence that they were
customers of the entity. master file. matched to specific
sales invoices.
21 23
22 24