Professional Documents
Culture Documents
Internal Control and Control Risk
Internal Control and Control Risk
Learning Objective 1 Contrast managements need for internal control with the auditors need to consider internal control when designing an audit.
Key Concepts
Managements Responsibility
Reasonable Assurance
Inherent Limitations
Clients Concerns
Reliability of financial reporting
Efficiency and effectiveness of operations
Auditor Concerns
Controls related to reliability of financial reporting
43%
41% 37% 35%
Management investigation
21%
16%
Other sources
Control Environment
Risk Assessment
Control Activities
Commitment to competence
Board of directors or audit committee participation Managements philosophy and operating style
Risk Assessment
Identify factors affecting risk.
Assess significance of risks and likelihood of occurrence. Determine actions necessary to manage risk.
Control Activities
1. Adequate separation of duties
2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance
Accounting
The custody of related assets Record-keeping responsibility User departments
General authorization
Specific authorization
Physical controls
Access controls
The need for independent checks arise because internal control tends to change over time unless there is a mechanism for frequent review.
Monitoring
Managements ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as intended and modified when needed.
Narrative
Flowchart
Internal control questionnaire
Learning Objective 5 Assess control risk by linking strengths and weaknesses of internal control to transactionrelated audit objectives.
Auditors use the control risk matrix to identify both controls and weaknesses and to asses control risk.
Communication
Reportable conditions letter Audit committee communications Management letters
Learning Objective 6 Describe the process of designing and performing tests of controls.
Tests of Controls
The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls.
Extent of Procedures
Reliance on evidence from prior years audit Testing less than the entire audit period
Type of Procedure
Inquiry Documentation
Observation Reperformance
Yes extensive Yes with transaction walk-through Yes with transaction walk-through No
Yes some Yes using sample Yes multiple times Yes sampling
End of Chapter 10