Professional Documents
Culture Documents
Auditing: A Risk-Based Approach To Conducting A Quality Audit
Auditing: A Risk-Based Approach To Conducting A Quality Audit
Auditing: A Risk-Based Approach To Conducting A Quality Audit
CHAPTER 3
3-3
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVES
3-5
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 1
3-7
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 2
3-9
Copyright © 2016 South-Western/Cengage Learning
EXHIBIT 3.1 - COSO FRAMEWORK FOR
INTERNAL CONTROL
3-10
Copyright © 2016 South-Western/Cengage Learning
COMPONENTS OF INTERNAL CONTROL
• Control environment
• Set of standards, processes, and structures that
provides the basis for carrying out internal control
across the organization
• Includes the tone at the top regarding importance of:
• Internal control
• Expected standards of conduct
• Risk assessment: Process for identifying and
assessing risks that may affect organizations from
achieving objectives
3-11
Copyright © 2016 South-Western/Cengage Learning
COMPONENTS OF INTERNAL CONTROL
3-14
Copyright © 2016 South-Western/Cengage Learning
COSO COMPONENT: CONTROL
ENVIRONMENT PRINCIPLES
1. The organization demonstrates a commitment to integrity and
ethical values.
3-15
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 4
3-18
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 5
3-20
Copyright © 2016 South-Western/Cengage Learning
COSO COMPONENT: CONTROL ACTIVITIES
PRINCIPLES
3-21
Copyright © 2016 South-Western/Cengage Learning
TRANSACTION PROCESSING
• Business Process Transactions
• Control activities include verifications, reconciliations,
authorizations and approvals
• Accounting Estimates
• Control activities should provide reasonable assurance
that:
• The data are accurate
• The estimates are faithful to the data
• The underlying estimation model reflects current
economic conditions and has proven to provide
reasonable estimates in the past
3-22
Copyright © 2016 South-Western/Cengage Learning
TRANSACTION PROCESSING
3-23
Copyright © 2016 South-Western/Cengage Learning
AUTOMATED AND MANUAL
TRANSACTION CONTROLS
• Input Controls: Designed to ensure that authorized
transactions are correct and complete, and that only
authorized transactions can be input
• Processing controls: Designed to ensure that:
• Correct program used for processing
• All transactions are processed
• Transactions update appropriate files
• Output controls: Designed to ensure that:
• All data are completely processed
• Output is distributed only to authorized recipients
3-24
Copyright © 2016 South-Western/Cengage Learning
OTHER IMPORTANT CONTROL
ACTIVITIES
• Segregation of duties: Protect against risk that
individuals may collude to conceal a fraud
• Requires that a minimum of two employees be
involved such that one does not have:
• Authority and ability to process transactions
• Custodial responsibilities
• Physical controls over assets: Protect and safeguard
assets from accidental or intentional destruction and
theft
3-25
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 6
3-28
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 7
3-30
Copyright © 2016 South-Western/Cengage Learning
COSO COMPONENT – MONITORING
PRINCIPLES
3-31
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 8
3-33
Copyright © 2016 South-Western/Cengage Learning
EXHIBIT 3.6 - STEPS IN MANAGEMENT’S EVALUATION
OF INTERNAL CONTROL OVER FINANCIAL REPORTING
3-34
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 9
3-37
Copyright © 2016 South-Western/Cengage Learning
INDICATORS OF A MATERIAL
WEAKNESS
3-38
Copyright © 2016 South-Western/Cengage Learning
LEARNING OBJECTIVE 10