Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation...

16
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Transcript of Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation...

Page 1: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Chapter 6

Internal Control in a Financial

Statement Audit

McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Page 2: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Internal Control

The auditor uses risk assessment procedures to

-obtain an understanding of the entity’s internal control

-identify the types of potential misstatements

-ascertain factors that affect the risk of material

misstatement

-design tests of controls and substantive procedures

The auditor’s understanding of the internal control is a

major factor in determining the overall audit strategy. The

auditor has a responsibility to:

(1) obtain an understanding of internal control and

(2) assess control risk.

LO# 1

6-2

Page 3: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

COSO’s Internal Control –

Integrated Framework

Reliability of

Financial

Reporting

Effectiveness

and Efficiency

of Operations

Compliance

with Laws and

Regulations

Objectives

LO# 2

6-3

Page 4: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

The Effect of Information

Technology on Internal Control

LO# 4

6-4

Page 5: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Components of Internal Control

LO# 5

6-5

Page 6: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

LO# 6

Planning an Audit Strategy Figure 6-3 Flowchart of the Auditor’s Consideration of Internal Control and Its Relation to

Substantive Procedures

6-6

Page 7: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Obtain an Understanding

of Internal Control

Identify types of

potential

misstatement

Design tests of

controls and

substantive

procedures

Pinpoint the

factors that affect

the risk of material

misstatement

The auditor should obtain an understanding of each of

the five components of internal control in order to plan

the audit. This knowledge is used to:

LO# 7

6-7

Page 8: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Documenting the Understanding

of Internal Control

Procedure Manuals

and Organizational

Charts

Flowcharts

Internal Control

Questionnaires Narrative Description

LO# 8

6-8

Page 9: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

The Limitations of an Entity’s

Internal Control

Override of

Internal Control

by Management

Human Errors

or Mistakes

Collusion

LO# 8

6-9

Page 10: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Assessing Control Risk

Identify

specific

controls that

will be relied

upon.

Perform tests

of controls.

Conclude on the

achieved level

of control risk.

LO# 9

6-10

Page 11: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Interim Audit Procedures

Interim Tests of

Controls

1. Assertion being tested not significant

2. Control has been effective in prior audits

3. Efficient use of staff time

Interim

Substantive

Procedures

1. Assertion probably has low control risk

2. May increase the risk of material

misstatements

3. Still requires some year-end testing

LO# 12

6-11

Page 12: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Auditing Accounting Applications

Processed by Service Organizations

In some instances, a client may have some or all of its

accounting transactions processed by an outside service

organization.

Because the client’s

transactions are subjected to

the controls of the service

organization, one of the

auditor’s concerns is the

internal control system in

place at the service

organization.

It is not uncommon for service

organizations to have an auditor

issue one of two types of

reports on their operations.

LO# 13

6-12

Page 13: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Communication of Internal Control-

Related Matters

Significant

Deficiency

Material

Weakness

A Significant deficiency is a deficiency, or a

combination of deficiencies, in internal control

that is less severe than a material weakness, yet

important enough to merit attention by those

charged with governance.

A material weakness is a deficiency, or

combination of deficiencies, in internal control,

such that there is a reasonable possibility that a

material misstatement of the financial

statements will not be prevented, or detected

and corrected.

LO# 14

6-13

Page 14: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Types of Controls in an IT

Environment

General

Controls

1. Data center and network

operations

2. System software

acquisition, change, and

maintenance

3. Access security

4. Application system

acquisition, development,

and maintenance

Application

Controls

1. Data capture controls

2. Data validation controls

3. Processing controls

4. Output controls

5. Error controls

LO# 15

6-14

Page 15: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

Flowcharting Symbols

LO# 16

6-15

Page 16: Chapter 6 · PDF fileChapter 6 Internal Control ... Data capture controls 2. Data validation controls 3. Processing controls 4. Output controls 5. Error controls LO# 15 6-14

End of Chapter 6

6-16