英文版:审计学 变化环境中的概念 第六章
合集下载
英文版:审计学 变化环境中的概念 第二章
What is the enhanced role of audit committees under Sarbanes?
Is designated as the audit client Has oversight responsibilities over the internal audit and financial reporting processes Must be comprised of "outside" directors, i.e. not members of management or have other relationships with the organization Must report on its activities, including the results of significant discussions with the external auditor
The Sarbanes/Oxley Act of 2002 Continued
Audit Committees must have at least one person who is a financial expert. Other members must be knowledgeable in financial accounting and control Audit engagement partners, as well as other partners and managers with significant roles in the audit, must be rotated off the engagement every five years A "cooling off" period before an audit partner or manager can take a high-level position with an audit client without jeopardizing the independence of the public accounting firm Increased disclosure of "off-balance sheet" transactions or agreements that may have a material effect Requires the GAO to study a number of issues including the effect of consolidation on competition with the accounting profession, and an analysis of mandatory audit firm rotation
审计英语课件第6章资料
Audit Plan
➢ The audit plan is more detailed than the overall audit strategy and includes the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
➢ As substantive procedures when their use can be more effective or efficient than tests of details in reducing the detection risk at the assertion level to an acceptably low level;
➢ While performing analytical procedures, the auditor should consider the comparisons of the entity’s financial information with, as follows:
(a) Comparable information for prior periods; (b) Anticipated results of the entity (such as
(b) The relationship between financial information and relevant non-financial information, such as payroll costs to number of employees.
英文版:审计学 变化环境中的概念 第四章
Chapter 4
Audit Risk and Business Risk
Define the Nature of Risk
In this chapter, we identify four critical components of risk that affect the audit approach and audit outcome Enterprise risk - those that affect the operations and potential outcomes organization activities Engagement risk - comes with association with a specific client Financial reporting risk - those that relate directly to the recording transactions and the presentation of the financial statements Audit risk - risk an auditor may provide an unqualified opinion on financial statements that are materially misstated Each of these components can be managed The effectiveness of risk management processes will determine whether the company continues to exist
Risk Factors Affecting the Audit Financial Health of the Organization
Audit Risk and Business Risk
Define the Nature of Risk
In this chapter, we identify four critical components of risk that affect the audit approach and audit outcome Enterprise risk - those that affect the operations and potential outcomes organization activities Engagement risk - comes with association with a specific client Financial reporting risk - those that relate directly to the recording transactions and the presentation of the financial statements Audit risk - risk an auditor may provide an unqualified opinion on financial statements that are materially misstated Each of these components can be managed The effectiveness of risk management processes will determine whether the company continues to exist
Risk Factors Affecting the Audit Financial Health of the Organization
英文版:审计学 变化环境中的概念 第三章
Reflect Upon the Unique Licensure for CPAs
Audits and other attestation reports on financial statements can only be signed by those licensed to practice as CPAs by their state board of accountancy Each state board of accountancy sets its own requirements to become a licensed CPA To become a licensed CPA, a person must pass the CPA exam, meet specific education and experience requirements, and agree to uphold the profession and its code of professional conduct
Prohibited Services, SarbanesOxley Act of 2002 (continued)
Internal audit outsourcing services Management functions or human resources - Broker or dealer, investment advisor, or investment banking services Legal services and expert services unrelated to the audit Any other service that the Board determines, by regulation, is impermissible The Act requires that the client's audit committee preapprove any non-audit services, including tax services, not specifically prohibited
CH06internal control evaluation assessing control risk(审计学,英文版)
4.2 Control objectives and assertions
• 控制目标与财务报表认定紧密相关。
• 控制目标与五项管理声明的联系如表6-6
• P200
4.3 Control procedures
控制程序: • 一般控制程序 • 技术性责任分离 • 错误检查程序
•P201 E6-6
Chapter 6 internal control evaluation: assessing control risk
5. Phases of control evaluation • Phase 1:understanding the internal control • phase 2:assessing ቤተ መጻሕፍቲ ባይዱhe control risk • phase 3:performing test of controls audit procedures
Documentation of the control elements
• 问卷、叙述和流程图。
• Internal control questionnaire and narrative • 对调查表的回答不能作为控制如何有效的最终的 和确定性的证据。通过访谈 —— 调查表形式获得 的证据只是“道听途说”,因为证据的来源是个 别人士,即使是知情人士,但不实际执行控制。 • 支持内部控制调查表的观点认为,审计师不大可 能忘记一些重要的控制点。这样,如果问题的回 答是“否”,则表明内部控制存在某种缺陷或控 制缺失,这样就使得分析变得更加容易。
控制类型测试方法证据检查穿行实验实地观察实物控制控制发生的频率建议测试的样本数量每月一次24每旬一次38每周一次410每日一次1015全年次数在1000次以下2550全年次数在1000次以上50100符合性测试样本数量表controlevaluation内部控制需考虑成本效益原则
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Explain Risk Analysis at the General Control Level
The auditor usually starts with general controls in evaluating control weaknesses Good controls built into a particular application are unlikely to offset weaknesses that affect all aspects of processing Risks at the general level include:
Chapter 6
Computerized Systems: Risks, Controls, and Opportunities
Overview of Computerized Accounting Systems
Most computer systems are highly integrated and networked The computing environment includes hardware, software, telecommunications, data, and people The auditor needs to understand this environment including the risks involved: (see chart on next slide)
Planning &Controlling the Data Processing Function
Segregation of Duties Within Data Processing Data processing personnel should not have access to programs or data except when authorized to make changes, and those changes follow authorized procedures Users should review and test all significant computer program changes Program Development Every organization should have a process to determine that the right applications are acquired, installed and accomplish their objectives
Review General & Application Controls
On larger, more complex audits, the client's computing systems may present major business risks that need to be evaluated Dividing controls as either general or application controls helps the auditor organize his/her evaluation of the client's computing systems General Controls - pervasive data processing control procedures that affect all computerized applications Planning and controlling data processing Controlling applications development Controlling access Maintaining hardware Controlling electronic communications Application Controls - controls related to a particular program
Planning & Controlling the Data Processing Function (Continued)
Program Changes Only authorized changes are made to computer applications All authorized changes are made to computer applications All changes are tested, reviewed, and documented before implementation Only the authorized version of the computer program is run Controlling Access to Equipment, Data, and Programs Access to data is limited to those with a need to know Ability to change, modify, delete data is restricted to authorized persons Control system has ability to identify potential users as authorized or unauthorized Security department actively monitors attempts to compromise the system
Discuss Planning & Controlling the Data Processing Function
Fundamental concepts an auditor should consider when in evaluating the organization and control of the data processing: Authorization for all transactions should originate outside the data processing department Users are responsible for authorization, review, and testing of all application developments and changes in computer programs Access to data is provided only to authorized users Data processing department is responsible for all custodial functions associated with data, data files, software, and related documentation Users, along with data processing, are responsible for the adequacy of application controls built into the system Management should periodically evaluate the information systems function for efficiency, integrity, security, and consistency with organizational objectives Internal audit staff should periodically audit applications and operations
Overview of Computerized Accounting Systems
Computer Processing Area Computer Operations Risks Sabotage, natural disaster, viruses, anything that impairs operations
Data Files Data Communications
List Key Computer Software
Operating systems
Communications Application programs
Access control
Define Interconnected Systems Virtual Private Network (VPN)
Unauthorized use of applications or access of data Company may develop the wrong programs negatively impacting operations Telecommunications systems may not safeguard the system from intruders The wrong data may be processed or wrong files updated Unauthorized personnel may steal or modify company programs or data Hardware may not be secured against attacks or natural disaster Users may inadvertently cause errors in programs or data
Embraces all communications: Fiber optic to wireless e-business (business to business) E-Commerce (business to consumer) Auctions (consumer to consumer) Intranets (within business) Personal digital assistant Application and database processing This type of computerized environment is evolving as the "new economy" demands anytime, puter Programs