Scribd
Upload
68 views38 pages

Internal Control and Risk Assessment Guide

The document discusses internal control and control risk. It describes the objectives of internal control, the responsibilities of management and auditors related to internal control, the five components of the internal control framework, and the process of obtaining an understanding of internal control, assessing control risk, designing and performing tests of controls, and determining planned detection risk and substantive tests.

Uploaded by

Zale Ezekiel
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
68 views38 pages

Internal Control and Risk Assessment Guide

The document discusses internal control and control risk. It describes the objectives of internal control, the responsibilities of management and auditors related to internal control, the five components of the internal control framework, and the process of obtaining an understanding of internal control, assessing control risk, designing and performing tests of controls, and determining planned detection risk and substantive tests.

Uploaded by

Zale Ezekiel
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

BBA 3513 – AUDIT 1

LECTURE 7
Internal Control and Control Risk

Lecturer: Ms Hjh Norhafidah Binti Jafardin


Faculty of Business
Learning Objective 1

Describe the three primary.


Objectives of effective.
Internal control.
Internal Control Objectives

1. Reliability of financial reporting

2. Efficiency and effectiveness of operations

3. Compliance with laws and regulations


Learning Objective 2

Contrast management’s responsibilities for


maintaining and reporting on internal controls
with the auditor’s responsibilities for
understanding, testing, and reporting on
internal controls.
Management and Auditor
Responsibilities Related to Internal Control
 Management’s responsibility for establishing internal control
 Reasonable assurance
 Inherent limitations
 Management’s Section 404 reporting responsibilities
 Design of internal control
 Operating effectiveness of controls
 Auditor responsibilities for understanding internal control
 Controls over the reliability of financial reporting
 Control over classes of transactions
 Auditor responsibilities for testing internal control
Sales Transaction-related Audit Objectives

Transaction-related Audit Sales Transaction-related


Objective – General form Audit Objectives
Recorded transactions Sales are for shipments
exist (occurrence) to existing customers
Existing transactions are Existing sales transactions
recorded (completeness) are recorded
Transactions are stated Sales for goods shipped
correctly (accuracy) are correctly billed
Sales Transaction-related Audit Objectives

Transaction-related Audit Sales Transaction-related


Objective – General form Audit Objectives

Transactions are correctly Sales transactions are


filed (posting and correctly included in the
summarization) master files
Transactions are correctly Sales transactions are
classified (classification) correctly classified
Transactions are recorded Sales are recorded on
on correct dates (timing) the correct dates
Learning Objective 3

Explain the five components of the internal


control framework.
Five Components of Internal Control

Risk Control Information and


Monitoring
assessment activities communication
The Control Environment

 Integrity and ethical values


 Commitment to competence
 Board of directors or audit committee participation
 Management’s philosophy and operating style
 Organizational structure
 Human resource policies and practices
Risk Assessment

 Identify factors that may increase risk

 Estimate the significance of the risk

 Assess the likelihood of the risk occurring

 Determine actions necessary to manage the risk


Control Activities

1. Adequate separation of duties

2. Proper authorization of transactions and activities

3. Adequate documents and records

4. Physical control over assets and records

5. Independent checks on performance


Adequate Separation of Duties

Custody of assets from Accounting

Authorization The custody of


from
of transactions related assets

Operational Record-keeping
from
responsibility responsibility

IT duties from User departments


Proper Authorization of Transactions and
Activities

 General authorization

 Specific authorization
Adequate Documents and Records

 Prenumbered consecutively

 Prepared at the time of transaction

 Designed for multiple use

 Constructed to encourage correct preparation


Physical Control Over Assets and Records

• The most important type of protective measure for


safeguarding assets and records is the use of physical
precautions.
Independent Checks on Performance

• The need for independent checks arises because internal


control tends to change over time unless there is a mechanism
for frequent review.
Information and Communication

• The purpose of an accounting information and communication


system is to initiate, record, process, and report the entity’s
transactions and to maintain accountability for the related
assets.
Monitoring

• Monitoring activities deal with management’s ongoing and


periodic assessment of the quality of internal control
performance to determine whether controls are operating as
intended and modified when needed.
Learning Objective 4

Obtain and document an understanding of


internal control.
Process for Understanding Internal
Control and Assessing Control Risk
Obtain an
understanding of
Phase 1 internal control: design
and operation

Phase 2 Assess control risk

Design, perform, and


Phase 3 evaluate tests of
controls

Decide planned
Phase 4 detection risk and
substantive tests
Phase 1 - Obtain and Document
Understanding of Internal Control

• Auditing standards require auditors to obtain an


understanding of internal control for every audit.

Procedures to obtain an understanding :


 Design of internal controls
 Whether placed in operation
 Uses this information as a basis for the integrated audit
Methods Used

Narrative

Flowchart
Internal
control
questionnaire
Narrative

1. The origin of every document and record in the system

2. All processing that takes place

3. The disposition of every document and record in the system

4. An indication of the controls relevant to the assessment


of control risk
Evaluating Internal Control Operation

 Update and evaluate auditor’s previous experience


with the entity

 Make inquiries of client personnel

 Examine documents and records

 Observe entity activities and operations

 Perform walk-throughs of the accounting system


Learning Objective 5

Assess control risk by linking key


controls, significant deficiencies,
and material weaknesses to
transaction-related audit,
objectives.
Phase 2 - Assess Control Risk

• Assess whether the financial statements are auditable.

• Determine assessed control risk supported by the


understanding obtained assuming the controls are being
followed.

• Use of a control risk matrix to assess control risk.


Control Risk Matrix

• Many auditors use the control risk matrix to assist in the


control risk assessment process.
Control Risk Matrix

 Identify audit objectives

 Identify existing controls

 Associate controls with related audit objectives

 Identify and evaluate control deficiencies,


significant deficiencies, and material weaknesses
Evaluating Significant Control
Deficiencies
SIGNIFICANCE
Material

Material
Weakness

LIKELIHOOD Remote Probable

Immaterial
Identify Deficiencies and Weakness

 Identify existing controls

 Identify the absence of key controls

 Consider the possibility of compensating controls

 Decide whether there is a significant deficiency


or material weakness

 Determine potential misstatements that could result


Communications

 Communications to those charged with governance

 Management letters
Learning Objective 6

Describe the process of designing


and performing tests of controls.
Phase 3 - Design, perform, and evaluate
tests of controls

• The procedures to test effectiveness of controls in support of a


reduced assessed control risk are called tests of controls.
Procedures for Tests of Controls

1. Make inquiries of client personnel

2. Examine documents, records, and reports

3. Observe control-related activities

4. Reperform client procedures


Extent of Procedures

 Reliance on evidence from prior year’s audit

 Testing of controls related to significant risks

 Testing less than the entire audit period


Relationship of Assessed Control
Risk and Extent of Procedures

Assessed Control Risk


High level:
Type of Procedures to obtain Lower level:
procedure an understanding Tests of controls
Inquiry Yes–extensive Yes–some
Documentation Yes–with transaction Yes–using sampling
walk-through
Observation Yes–with transaction Yes–at multiple times
walk-through
Reperformance No Yes–using sampling
Phase 4 - Decide Planned Detection
Risk and Design Substantive Tests

• The auditor uses the results of the control risk assessment


process and tests of controls to determine the planned
detection risk and related substantive tests.

• The auditor links the control risk assessments to the balance-


related audit objectives.

You might also like