AU-lesson5 new

Components of internal control
• the control environment • the entity’s risk assessment process • the information system • control activities • monitoring of controls
• accounting controls • management controls.
Three broad objectives in designing an effective internal control system:
• 1. Reliability of financial reporting. • 2. Efficiency and effectiveness of operations. • 3. Compliance with laws and regulations.
the factors affecting the control environment
• functioning of the board of directors and its committees; • management’s philosophy and operating style; • the entity’s organizational structure • methods of assigning authority and responsibility • management’s control system including the internal audit function, personnel policies and procedures, and segregation of duties
LESSON 5 Internal control
YUEDONG LI
TOPIC 1 Study and evaluation of internal controls
Learning objectives • Describe internal control and explain the two reasons for evaluating internal control. (Level 1) • Differentiate between management and auditor responsibility with respect to internal control, and describe the internal control objectives of interest to both management and auditor. (Level 1) • Describe the components of internal control. (Level 1) • Describe the three phases of internal control evaluation. (Level 1) • Explain internal control for planning purposes, and how an auditor gains a sufficient understanding under a combined approach and a substantive approach. (Level 1)
Two reasons for the evaluation of internal control:
• primarily, to assess control risk and give the auditor a basis for planning the audit and determining the nature, timing, and extent of audit procedures As we all known, a lower control risk assessment for a given assertion, supported by appropriate tests of controls, will reduce the amount of testing required to support specific balances. This is why the auditor evaluates internal controls for planning, so as to ensure that the control risk assessment leads to an adequate development of audit procedures.
the entity’s risk assessment process
• The entity’s risk assessment process is the process for identifying business risks relevant to financial reporting objectives and deciding about actions to address or manage those risks.
Required reading
• Chapter 9, pages 267-291 up to “Audit Procedures and Their Documentation”
Internal Control is
defined in ISA 315.4(c) (Redrafted) as “the process designed, implemented and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations”.
• secondarily, to formulate constructive suggestions to management for improving internal controls
responsibility
• Management is responsible for the design, implementation, and maintenance of internal controls and as such, the process of internal control is primarily aimed at achieving management’s objectives. • Management’s objectives with respect to internal control are to ensure the orderly and efficient conduct of the company’s business.
• Internal control slows the processing of data and may make the accounting system less efficient, at least from a client’s standpoint. • Internal control has traditionally been designed to control recurring (routine) transactions. • The auditor must verify that internal control was in place and working (or not working) during the entire period of reliance (usually the year under review).
the control environment
• The control environment is defined as the attitudes, awareness, and actions of management and those charged with governance concerning the entity’s internal control and its importance to the entity.
Management consideration of internal control • Cost benefit rule • Routine transactions • Competence and integrity of personel
Auditor’s consideration of internal control
Auditor’s consideration of internal control
• The auditor should be cautious whenever there is a significant change in the accounting system during the year. • The auditor should always be aware of the possibility that senior management may override controls.
Auditor’s responsibility
• The auditor’s responsibility with respect to internal control is to gain an understanding of internal control and assess its impact on the audit plan and the audit procedures. As such, the auditor is interested in those management control objectives insofar as they have an effect on control risk. • The auditor is primarily concerned with the reliability of internal controls and whether relying on them is cost-effective from an audit approach standpoint. Cost-effectiveness depends on the complexity of internal controls and the number of tests of controls that would be required to support a control risk assessment below maximum.
Management Control Objectives
• optimizing the use of resources • preventing and detecting error and fraud • safeguarding assets • maintaining reliable control systems