Preview

Internal Control in Financial Statement Audit

Powerful Essays
Open Document
Open Document
3038 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Internal Control in Financial Statement Audit
Table of Contents STAGE B: ASSESSING THE PRELIMINARY LEVEL OF CONTROL RISK 2 ASSESSING CONTROL RISK 2 Assessing control risk below the maximum level 5 Assessing Inherent Risk …………………………………………………………………………………………..…………………5 Relationship Between the Assessments of Inherent and Control Risks…………………………..……..……6 Identifying Specific Controls Relevant to Specific Assertions………………………………………………..……..6 Types of Control Activities that Relate to Financial Statement Assertion……………………………..……..7 STAGE C: OBTAINBING EVIDENTIAL MATTER TO SUPPORT THE ASSESSED LEVEL OF CONTROL RISK…….7 Performing Tests of Controls………………………………………………………………………………………………………7 Nature of Tests of Control…………………………………………………………………………………………………….…….9 Timing of Test of Controls…………………………………………………………………………………………………………..9 Extent of Test of Controls…………………………………………………………………………………………………………..9 STAGE D: EVALUATING THE RESULTS OF THE EVIDENTIAL MATTER…………………………………………………..10 Bibliography………………………………………………………………………………………………………………………………………11 STAGE B: ASSESSING THE PRELIMINARY LEVEL OF CONTROL RISK ASSESSING CONTROL RISK .62 Section 326, Evidential Matter, states that most of the independent auditor 's work in forming an opinion on financial statements consists of obtaining and evaluating evidential matter concerning the assertions in such financial statements. These assertions are embodied in the account balance, transaction class, and disclosure components of financial statements and are classified according to the following broad categories: Existence or occurrence Completeness Rights and obligations Valuation or allocation (measurement) Presentation and disclosure In planning and performing an audit, an auditor considers these assertions in the context of their relationship to a specific account balance or class of transactions. .63 The risk of material misstatement in financial statement assertions consists of inherent risk, control risk, and detection risk. Inherent risk is the susceptibility of an assertion to a


Bibliography: ……………………………………………………………………………………………………………………………………11 STAGE B: ASSESSING THE PRELIMINARY LEVEL OF CONTROL RISK ASSESSING CONTROL RISK .62 Section 326, Evidential Matter, states that most of the independent auditor 's work in forming an opinion on financial statements consists of obtaining and evaluating evidential matter concerning the assertions in such financial statements. These assertions are embodied in the account balance, transaction class, and disclosure components of financial statements and are classified according to the following broad categories: Existence or occurrence Completeness Rights and obligations Valuation or allocation (measurement) Presentation and disclosure In planning and performing an audit, an auditor considers these assertions in the context of their relationship to a specific account balance or class of transactions. .63 The risk of material misstatement in financial statement assertions consists of inherent risk, control risk, and detection risk. Inherent risk is the susceptibility of an assertion to a material misstatement assuming there are no related controls. Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by the entity 's internal control. Detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion. .64 Assessing control risk is the process of evaluating the effectiveness of an entity 's internal control in preventing or detecting material misstatements in the financial statements. Control risk should be assessed in terms of financial statement assertions. .65 After obtaining the understanding of internal control, the auditor may assess control risk at the maximum level for some or all assertions because he or she believes controls are unlikely to pertain to an assertion or are unlikely to be effective, or because evaluating the effectiveness of controls would be inefficient. However, the auditor needs to be satisfied that performing only substantive tests would be effective in restricting detection risk to an acceptable level. For example, the auditor may determine that performing only substantive tests would be effective and more efficient than performing tests of controls for assertions related to fixed assets and to long-term debt in an entity where a limited number of transactions are related to those financial statement components, and when the auditor can readily obtain corroborating evidence in the form of documents and confirmations. In circumstances where the auditor is performing only substantive tests in restricting detection risk to an acceptable level and where the information used by the auditor to perform such substantive tests is produced by the entity 's information system, the auditor should obtain evidence about the accuracy and completeness of the information. .66 In other circumstances, the auditor may determine that assessing control risk below the maximum level for certain assertions would be effective and more efficient than performing only substantive tests. In addition, the auditor may determine that it is not practical or possible to restrict detection risk to an acceptable level by performing only substantive tests for one or more financial statement assertions. In such circumstances, the auditor should obtain evidential matter about the effectiveness of both the design and operation of controls to reduce the assessed level of control risk. .67 In determining whether assessing control risk at the maximum level or at a lower level would be an effective approach for specific assertions, the auditor should consider— The nature of the assertion. The volume of transactions or data related to the assertion. The nature and complexity of the systems, including the use of IT, by which the entity processes and controls information supporting the assertion. The nature of the available evidential matter, including audit evidence that is available only in electronic form. .68 In circumstances where a significant amount of information supporting one or more financial statement assertions is electronically initiated, recorded, processed, or reported, the auditor may determine that it is not possible to design effective substantive tests that by themselves would provide sufficient evidence that the assertions are not materially misstated. For such assertions, significant audit evidence may be available only in electronic form. In such cases, its competence and sufficiency as evidential matter usually depend on the effectiveness of controls over its accuracy and completeness. Furthermore, the potential for improper initiation or alteration of information to occur and not be detected may be greater if information is initiated, recorded, processed, or reported only in electronic form and appropriate controls are not operating effectively. In such circumstances, the auditor should perform tests of controls to gather evidential matter to use in assessing control risk. .69 Examples of situations where the auditor may find it impossible to design effective substantive tests that by themselves would provide sufficient evidence that certain assertions are not materially misstated include the following: An entity that conducts business using IT to initiate orders for goods based on predetermined decision rules and to pay the related payables based on system-generated information regarding receipt of goods. No other documentation of orders or goods received is produced or maintained. An entity that provides electronic services to customers (for example, an Internet service provider or a telephone company) and uses IT to log services provided to users, initiate bills for the services, process the billing transactions, and automatically record such amounts in electronic accounting records that are used to produce the financial statements. .70 Assessing control risk below the maximum level involves— Identifying specific controls relevant to specific assertions. Performing tests of controls. Concluding on the assessed level of control risk. Assessing Inherent Risk In developing the overall audit plan, the auditor should assess inherent risk at the financial statement level. In developing the audit program, the auditor should relate such assessment to material account balances and classes of transactions at the assertion level, or assume that inherent risk is high for the assertion. To assess inherent risk, the auditor uses professional judgment to evaluate numerous factors, examples of which are: At the Financial Statement Level • The integrity of management. • Management experience and knowledge and changes in management during the period, for example, the inexperience of management may affect the preparation of the financial statements of the entity. • Unusual pressures on management, for example, circumstances that might predispose management to misstate the financial statements, such as the industry experiencing a large number of business failures or an entity that lacks sufficient capital to continue operations. • The nature of the entity’s business, for example, the potential for technological obsolescence of its products and services, the complexity of its capital structure, the significance of related parties and the number of locations and geographical spread of its production facilities. • Factors affecting the industry in which the entity operates, for example, economic and competitive conditions as identified by financial trends and ratios, and changes in technology, consumer demand and accounting practices common to the industry. At the Account Balance and Class of Transactions Level • Financial statement accounts likely to be susceptible to misstatement, for example, accounts which required adjustment in the prior period or which involve a high degree of estimation. • The complexity of underlying transactions and other events which might require using the work of an expert. • The degree of judgment involved in determining account balances. • Susceptibility of assets to loss or misappropriation, for example, assets which are highly desirable and movable such as cash. • The completion of unusual and complex transactions, particularly at or near period end. • Transactions not subjected to ordinary processing. Relationship Between the Assessments of Inherent and Control Risks Management often reacts to inherent risk situations by designing accounting and internal control systems to prevent or detect and correct misstatements and therefore, in many cases, inherent risk and control risk are highly interrelated. In such situations, if the auditor attempts to assess inherent and control risks separately, there is a possibility of inappropriate risk assessment. As a result, audit risk may be more appropriately determined in such situations by making a combined assessment. Identifying Specific Controls Relevant to Specific Assertions .71 The auditor’s understanding about internal control should be used to identify the types of potential misstatements that could occur and to consider factors that affect the risk of material misstatement. In assessing control risk, the auditor should identify the controls that are likely to prevent or detect material misstatement in specific assertions. In identifying controls relevant to specific financial statement assertions, the auditor should consider that the controls can have either a pervasive effect on many assertions or a specific effect on an individual assertion, depending on the nature of the particular internal control component involved. For example, the conclusion that an entity 's control environment is highly effective may influence the auditor 's decision about the number of an entity 's locations at which auditing procedures are to be performed or whether to perform certain auditing procedures for some account balances or transaction classes at an interim date. Either decision affects the way in which auditing procedures are applied to specific assertions, even though the auditor may not have specifically considered each individual assertion that is affected by such decisions. .72 Conversely, some control activities may have a specific effect on an individual assertion embodied in a particular account balance or transaction class. For example, the control activities that an entity established to ensure that its personnel are properly counting and recording the annual physical inventory relate directly to the existence assertion for the inventory account balance. .73 Controls can be either directly or indirectly related to an assertion. The more indirect the relationship, the less effective that control may be in reducing control risk for that assertion. For example, a sales manager 's review of a summary of sales activity for specific stores by region ordinarily is indirectly related to the completeness assertion for sales revenue. Accordingly, it may be less effective in reducing control risk for that assertion than controls more directly related to that assertion, such as matching shipping documents with billing documents. .74 General controls relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. The auditor should consider the need to identify not only application controls directly related to one or more assertions, but also relevant general controls. Types of Control Activities that Relate to Financial Statement Assertion Assertion Related Control Activities A/B. Existence/ Occurrence C. Completeness D. Rights and obligations E. Valuation or allocation (measurement) F. Presentation and disclosure Procedures that require documentation, approvals, authorization, verification and reconciliation Procedures that ensure that all transactions that occur are recorded such as accounting for a numerical sequence. Procedures that ensures that the entity has a right to assets or an obligation to pay arising from a transaction. Procedures that ensure that a proper price is charged and that a mathematical accuracy are present in recording and in developing the accounting records and financial statements. Procedures that indicates that a review has been made to ascertain that a transaction has been recorded in the proper account and that the financial statement disclosure have been reviewed by a competent personnel. STAGE C: OBTAINBING EVIDENTIAL MATTER TO SUPPORT THE ASSESSED LEVEL OF CONTROL RISK Performing Tests of Controls .75 Procedures directed toward evaluating the effectiveness of the design of a control are concerned with whether that control is suitably designed to prevent or detect material misstatements in specific financial statement assertions. Procedures to obtain such evidential matter ordinarily include inquiries of appropriate entity personnel; inspection of documents, reports, or electronic files; and observation of the application of specific controls. For entities with complex internal control, the auditor should consider the use of flowcharts, questionnaires, or decision tables to facilitate the application of procedures directed toward evaluating the effectiveness of the design of a control. .76 Procedures to obtain evidential matter about the effectiveness of the operation of a control are referred to as tests of controls (paragraphs .90 through .104 of this section discuss characteristics of evidential matter to consider when performing tests of controls). Tests of controls directed toward the operating effectiveness of a control are concerned with how the control (whether manual or automated) was applied, the consistency with which it was applied during the audit period, and by whom it was applied. These tests ordinarily include procedures such as inquiries of appropriate entity personnel; inspection of documents, reports, or electronic files, indicating performance of the control; observation of the application of the control; and reperformance of the application of the control by the auditor. In some circumstances, a specific procedure may address the effectiveness of both design and operation. However, a combination of procedures may be necessary to evaluate the effectiveness of the design or operation of a control. .77 In designing tests of automated controls, the auditor should consider the need to obtain evidence supporting the effective operation of controls directly related to the assertions as well as other indirect controls on which these controls depend. For example, the auditor may identify a “user review of an exception report of credit sales over a customer’s authorized credit limit” as a direct control related to an assertion. In such cases, the auditor should consider the effectiveness of the user review of the report and also the controls related to the accuracy of the information in the report (for example, the general controls). .78 Because of the inherent consistency of IT processing, the auditor may be able to reduce the extent of testing of an automated control. For example, a programmed application control should function consistently unless the program (including the tables, files, or other permanent data used by the program) is changed. Once the auditor determines that an automated control is functioning as intended (which could be done at the time the control is initially implemented or at some other date), the auditor should consider performing tests to determine that the control continues to function effectively. Such tests might include determining that changes to the program are not made without being subject to the appropriate program change controls, that the authorized version of the program is used for processing transactions, and that other relevant general controls are effective. Such tests also might include determining that changes to the programs have not been made, as may be the case when the entity uses packaged software applications without modifying or maintaining them. .79 To test automated controls, the auditor may need to use techniques that are different from those used to test manual controls. For example, computer-assisted audit techniques may be used to test automated controls or data related to assertions. Also, the auditor may use other automated tools or reports produced by IT to test the operating effectiveness of general controls, such as program change controls, access controls, and system software controls. The auditor should consider whether specialized skills are needed to design and perform such tests of controls. According to PSA 400, auditor should obtain audit evidence through tests of control to support any assessment of control risk which is less than high. The lower the assessment of control risk, the more support the auditor should obtain that accounting and internal control systems are suitably designed and operating effectively. Nature of Tests of Control Inquiry consists of searching for the appropriate information about the effectiveness of internal control from knowledgeable persons inside or outside the entity. Observation refers to looking for the process being performed by others. For example the auditor may observe the payroll payoff procedures or the performance of internal control procedures that leaves no evidence. Inspection involves the examination of documents and records to provide evidence of reliability depending on nature and source and the effectiveness of internal control over their processing. Reperformance involves repeating the activity performed by the client to determine whether proper results were obtained. Timing of Test of Controls Auditors usually perform tests of controls during an interim visit in advance of period end. However, auditors cannot rely on the results of such tests without considering the need to obtain further evidence relating to the remainder of the period. This evidence may be obtained by performing test of control for the remaining period or by reviewing whether there are chances of affecting the entity’s internal control system. In determining whether or not to test the remaining period, the following factors must be considered; The result of the interim test. The length of the remaining period. Whether changes have occurred in the accounting and internal control systems during the remaining period. Extent of Test of Controls The auditor cannot possible examine all transactions related to certain control procedures. In an audit, the auditor should determine the size of a sample sufficient to support the assessed level of control risk. STAGE D: EVALUATING THE RESULTS OF THE EVIDENTIAL MATTER Based on the results of the test of control, ate auditor should evaluate whether the internal controls are designed and operating as intended. The conclusion reached as a result of this evaluation is called the assessed level of control risk. The auditor uses the assessed level of control risk (together with the assessed level of inherent risk) to determine the acceptable level of detection risk. There is an inverse relationship between detection risks and the combined level of inherent and control risk. For example, if the combined assessed level of inherent risk and control risk is high, detection risk needs to be low to reduce audit risk to an acceptable low level. In this regard, the auditor may consider modifying The nature of substantive test from less effective to more effective procedures. The timing of substantive test by performing them at a year-end than at interim. The extent of substantive tests from smaller to larger sample size.
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Powerful Essays

    Asa Tut8
    • 2637 Words
    • 11 Pages

    Asa Tut8

    ASA 330.7a states that the auditor, when designing further audit procedures shall 'consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions and account balance, including the likelihood of material misstatement due to the particular characteristics of the relevant class of transactions or account balance'. In other words this paragraph is referring to the inherent risk of the company. NOT RIGHT…

    • 2637 Words
    • 11 Pages
    Powerful Essays
    Read More
  • Good Essays

    Apollo Shoes Audit Letter
    • 572 Words
    • 3 Pages

    Apollo Shoes Audit Letter

    The audit will include examining evidence supporting the amounts and disclosures in the financial statements and will involve judgment about the number of transactions to be examined and the areas to be tested. Our procedures will include tests of documentary evidence supporting the transactions recorded in the accounts, tests of physical existence of inventories, and direct confirmation of certain assets and liabilities by correspondence with selected customers, creditors, and financial institutions. In connection with our audit of the financial statements, we will obtain an understanding of internal control sufficient to plan the audit and to determine the nature, timing and extent of audit procedures to be…

    • 572 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Pinnacle Case 4
    • 743 Words
    • 3 Pages

    Pinnacle Case 4

    A. Review Part II and identify information that affects your assessment of acceptable audit risk. Note that only some of the situations in Part II will relate to acceptable audit risk. Classify the information based on the three factors that affect acceptable audit risk. • External users’ reliance on financial statements o There is a large amount of debt for a publically held company, and the financial statements will be used rather extensively. o Situation 6: the board of directors has decided to raise significant amount of debt to finance the construction of the new manufacturing plant for the Solar-Electro division.…

    • 743 Words
    • 3 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Xacc/280 Week 8 Assignment Internal Controls Essay Example
    • 1015 Words
    • 4 Pages

    Xacc/280 Week 8 Assignment Internal Controls Essay Example

    There are many rules companies must follow whenever documenting financial information or any other data which is gather during any business transactions. In order for said companies to report financial information internal controls have to be put in place as companies have to adhere to certain laws and regulations. Internal controls can be defined as a process which companies follow in order to ensure all financial reporting is done in a reliable and lawful manner. Some think of it as a system which works within a system as it plays a major role on the success of a company’s accounting system. At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations (Anderson, Chris, 2008). Internal controls in accounting are considered an essential business function which gives companies the growth potential necessary to succeed. Included in the internal controls are the elements of risk assessment, information communication and goes as far as defining the roles and responsibilities of each employee.…

    • 1015 Words
    • 4 Pages
    Better Essays
    Read More
  • Good Essays

    Apollo Shoes Engagement Letter
    • 689 Words
    • 3 Pages

    Apollo Shoes Engagement Letter

    Our procedures will include tests of documentary evidence supporting the transactions recorded in the accounts, tests of the physical existence of inventories, and direct confirmation of receivables and payables and certain other assets and liabilities by correspondence with selected customers, creditors, and financial institutions. Also, we will plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. Because an audit is designed to provide reasonable, but not absolute, assurance and because we will not perform a detailed examination of all transactions, there is a risk that material errors, fraud, or illegal acts, may exist and not be detected by us. In addition, an audit is not designed to detect immaterial errors, fraud, or other illegal acts or illegal acts that…

    • 689 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Assessing Materiality and Risk Simulation
    • 408 Words
    • 2 Pages

    Assessing Materiality and Risk Simulation

    This is the overdue risk for the auditing that the most auditors give an unsuitable appraisal on the financial statements. Auditing risk hast two types, whichever are the auditors would fail to discover concrete misstatements and the auditors would make concrete statements to keep under material misstatement.…

    • 408 Words
    • 2 Pages
    Good Essays
    Read More
  • Better Essays

    Audit Case - RedPack Beer Company
    • 1596 Words
    • 5 Pages

    Audit Case - RedPack Beer Company

    In identifying and assessing the risks of material misstatement, the auditor shall evaluate the degree of estimation uncertainty associated with an accounting estimate. The auditor shall determine whether, in the auditor's judgment, any of those…

    • 1596 Words
    • 5 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    Discussion Questions ASSIGNMENT2
    • 327 Words
    • 1 Page

    Discussion Questions ASSIGNMENT2

    The acceptable audit risks, inherent risk, the preliminary judgment about materiality and performance materiality have significant impact on the whole process of the audit and therefore they should be made in the planning phase. The acceptable audit risk helps the auditor to determine the scope and how much evidence to gather during the audit. Inherent risk is the risk of material misstatement in an account before considering the effectiveness of internal control. The assessment of inherent risk in the planning phase is to help the auditor plan the audit by deciding which parts of the audit to emphasize and the extent of testing. The performance materiality and preliminary judgment about materiality determine the nature, timing and extent of further audit procedures. Therefore, to better perform further audit procedures, these should be made in the early phase of the audit.…

    • 327 Words
    • 1 Page
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Risk 2 ZOU s Fencing
    • 285 Words
    • 1 Page

    Risk 2 ZOU s Fencing

    The team’s Interim and Rollforward planned procedures to test the operating effectiveness of controls were appropriate. However, the additional evidence are required for the rollforward procedure; such as controls tested in prior years, the risk associated, the effectiveness of evidence, any subsequent changes in the internal control over financial reporting since the last audit have been considered in the operating effectiveness testing of the company. Similarly, additional and supporting verifications will be needed for the documents that have been signed by the warehouse director for its validity.…

    • 285 Words
    • 1 Page
    Satisfactory Essays
    Read More
  • Good Essays

    Internal Control Audit Standards
    • 1065 Words
    • 5 Pages

    Internal Control Audit Standards

    If assessed level of risk is at the maximum level, the auditor should document the conclusion and the reasons leading at it. On the other hand, if the assessed level of risk is below the maximum level, what the auditor should do is to document the basis for the conclusion…

    • 1065 Words
    • 5 Pages
    Good Essays
    Read More
  • Good Essays

    Assessing Materiality and Risk Simulation
    • 804 Words
    • 4 Pages

    Assessing Materiality and Risk Simulation

    The objective of the audit of financial statements is to enable the auditor to express an opinion if the financial statements are prepared in accordance with an identified financial reporting framework. The reason that materiality is allocated to those accounts sampled because materiality represents the magnitude of an omission or misstatement of an item in a financial report. The three function of the audit risk are inherent risk (IR), control risk (CR), and detection risk (DR). Every level of audit risk has an opposite connection that exists between assessed levels of controls, inherent risk, and level of detection risk…

    • 804 Words
    • 4 Pages
    Good Essays
    Read More
  • Better Essays

    Audit Program Design Part 2
    • 1854 Words
    • 8 Pages

    Audit Program Design Part 2

    When engaged in auditing a public firm, such as Apollo Shoe Inc., an auditor must determine when to trust in the company’s internal controls and when to ascertain auxiliary testing methods are obligatory to analyze control risks. The sales and collection cycle is rather a substantial fraction of the audit because this unique segment employs a multitude of documentation and records ranging anywhere from customer and sales orders, shipping documents, credit memos, and general journal entries; therefore, a working comprehension of the diverse paperwork is indispensable. “Before auditors can assess control risk and design tests of controls and substantive tests of transactions, they need to understand the business functions and documents and records in a business” (Arens, Elderly, & Beasley, 2012, p. 443).…

    • 1854 Words
    • 8 Pages
    Better Essays
    Read More
  • Satisfactory Essays

    Sarbanes-Oxley Act Of 2002 Case Study
    • 887 Words
    • 4 Pages

    Sarbanes-Oxley Act Of 2002 Case Study

    Internal Control Evaluation and Reporting; with respect to the internal control assessment required by subsection (a), each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement. (Sarbanes Oxley…

    • 887 Words
    • 4 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Auditing Course Project
    • 317 Words
    • 2 Pages

    Auditing Course Project

    | Existing cash disbursement transactions are recorded (completeness)Recorded cash disbursement transactions are stated at the correct amounts (accuracy)…

    • 317 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Sox 404 Guide
    • 30792 Words
    • 124 Pages

    Sox 404 Guide

    D. Who Is Responsible for Internal Controls? ......................................................................... 19 E. F. What Is the Scope of Management’s Assessment of the System of Internal Control Over Financial Reporting?.................................................................................................. 21 Defining the Detailed Scope for Section 404 ....................................................................... 25 1) 2) 3) 4) 5) 6) 7) Using a Top-down and Risk-based Approach to Defining the Scope .......................... 25 The Detailed Process for…

    • 30792 Words
    • 124 Pages
    Powerful Essays
    Read More

Related Topics