SlideShare uma empresa Scribd logo

Chapter 1: Auditing and Internal Control

Transferir como PPTX, PDF
J
jayussuryawan

This document provides an overview of auditing concepts including: - The differences between attestation and advisory services, and the relationship between external, internal, and fraud audits. - Key standards and frameworks for internal control including COSO and Sarbanes-Oxley. - The audit process including planning, testing of controls, and substantive tests using CAATTs software. - How management assertions and audit objectives guide audit procedures and evidence collection.

Educação
1 de 31
Chapter 1: Auditing and Internal Control IT Auditing, Hall, 4e
Learning Objectives • Know the difference between attest services and advisory services and be able to explain the relationship between the two. • Understand the structure of an audit and have a firm grasp of the conceptual elements of the audit process. • Understand internal control categories presented in the COSO framework. • Be familiar with the key features of Section 302 an 404 of the Sarbanes-Oxley Act. • Understand the relationship between general controls, application control, and financial data integrity. 1
Auditing • Information technology (IT) developments have had tremendous impact on auditing. • Business organizations undergo different types of audits for different purposes. • Most common are external (financial) audits, internal audits and fraud audits. 2
External (Financial) Audits • Independent attestation performed by an expert (i.e., CPA) who expresses an opinion regarding the fair presentation of financial statements. • Required by SEC for all public companies. • Key concept is independence: • Similar to a trial by judge. • Auditor collects evidence and renders opinion. • Basis of public confidence in financial statements. • Strict rules must be followed. • Defined by SEC, FASB, AICPA and SOX. 3
Attest Service vs. Advisory Services • Requirements of attestation services: • Written assertions and practitioner’s written report. • Formal establishment of measurement criteria. • Limited to examination, review, and application of agreed- upon procedures. • Advisory services are offered to improve client’s operational effectiveness and efficiency. • SOX greatly restricts the types of non-audit services auditors may render to audit clients. • Unlawful to provide many accounting, financial, internal audit, management, human resource or legal services unrelated to the audit. 4
Internal Audits • Internal auditing is an independent appraisal function to examine and evaluate activities within, and as a service to, an organization. • Internal auditors perform a wide variety of activities including financial, operational, compliance and fraud audits. • Auditors may work for the organization or task may be outsourced. • Independence is self-imposed, but auditors represent the interests of the organization. 5
External vs. Internal Auditors • External auditors represent outsiders while internal auditors represent organization’s interests. • Internal auditors often cooperate with and assist external auditors in some aspects of financial audits. • Extent of cooperation depends upon the independence and competence of the internal audit staff. • External auditors can rely in part on evidence gathered by internal audit departments that are organizationally independent and report to the board of directors’ audit committee. 6
Fraud Audits • Recent increase in popularity as a corporate governance tool. • Objective to investigate anomalies and gather evidence of fraud that may lead to criminal convictions. • May be initiated by management who suspect employee fraud or the board of directors who suspect executive fraud. 7
Role of Audit Committee • Subcommittee of the board of directors • Usually three members who are outsiders. • SOX requires at least one member must be a “financial expert”. • Serves as independent “check and balance” for the internal audit function. • SOX mandates that external auditors report to the audit committee: • Committee hires and fires auditors and resolve disputes. 8
Auditing Standards • Three classes of auditing standards: general qualification, field work, and reporting. • Specific guidance provided by AICPA Statements on Auditing Standards (SASs) as authoritative interpretations of GAAS. • First one issued in 1972. • If recommendations are not followed, auditor must be able to show why a SAS does not apply to a given situation. • Conducing an audit is a systematic and logical process that applies to all forms of information systems. 9
General Standards Standards of Field Work Reporting Standards 1. The auditor must have adequate technical training and proficiency. 1. Audit work must be adequately planned. 1. The auditor must state in the report whether financial statements were prepared in accordance with generally accepted accounting principles. 2. The auditor must have independence of mental attitude. 2. The auditor must gain a sufficient understanding of the internal control structure. 2. The report must identify those circumstances in which generally accepted accounting principles were not applied. 3. The auditor must exercise due professional care in the performance of the audit and the preparation of the report. 3. The auditor must obtain sufficient, competent evidence. 3. The report must identify any items that do not have adequate informative disclosures. 4. The report shall contain an expression of the auditor’s opinion on the financial statements as a whole. Generally Accepted Auditing Standards 10
Auditing Standards • Management assertions and audit objectives: • Existence or Occurrence; Completeness; Rights and Obligations; Valuation or Allocation; Presentation and Disclosure. • Auditors develop audit objectives and design audit procedures based on these assertions. • Auditors seek evidential matter that corroborates assertions. • Auditor must determine whether internal control weaknesses and misstatements are material. • Auditors must communicate the results of their tests, including an audit opinion. 11
Management Assertions Audit Objectives Audit Procedure Existence or occurrence Inventories listed on the balance sheet exist. Observe the counting of physical inventory. Completeness Accounts payable include all obligations to vendors for the period. Compare receiving reports, supplier invoices, purchase orders, and journal entries for the period and the beginning of the next period. Rights and obligations Plant and equipment listed in the balance sheet are owned by the entity. Review purchase agreements, insurance policies, and related documents. Valuation or allocation Accounts receivable are stated at net realizable value. Review entity’s aging of accounts and evaluate the adequacy of the allowance for uncorrectable accounts. Presentation and disclosure Contingencies not reported in financial accounts are properly disclosed in footnotes. Obtain information from entity lawyers about the status of litigation and estimates of potential loss. Audit Objectives and Audit Procedures Based on Management Assertions 12
Audit Risk • Probability that auditor will render unqualified (clean) opinion on financial statements that are, in fact, materially misstated. • Inherent risk (IR) is associated with unique characteristics of client’s business or industry. • Control risk (CR) is the likelihood the control structure is flawed because controls are either absent or inadequate to prevent or detect errors. • Detection risk (DR) is the risk auditors are willing to take that errors not detected or prevented by the control structure will not be detected by the auditor. 13
Audit Risk • Audit risk components in a model used to determine the scope, nature and timing of substantive tests: • Audit risk model: AR = IR x CR x DR • If acceptable audit risk is 5%, the planned detection risk will depend upon the control structure. • The stronger the internal control structure, the lower the control risk and the less substantive testing the auditor must do. • Substantive tests are labor intensive and time consuming, which drives up audit costs and cause disruption. • Management’s best interests are served by a strong internal control structure. 14
The IT Audit 15
The IT Audit • First step is audit planning which includes the analysis of audit risk. • Techniques for gathering evidence include questionnaires, management interviews, reviewing system documentation and observing activities. • Objective of tests of controls is to determine if adequate controls are in place and functioning. • Third phase focuses on financial data and a detailed investigation of specific account balances and transactions through substantive tests. • Files may be extracted using Computer-Assisted-Audit Tools and Techniques (CAATTs) software. 16
Internal Control • Management required by law to establish and maintain adequate system of internal controls. • Brief history of internal control legislation: • SEC Acts of 1933 and 1934. • Copyright Law of 1976. • Foreign Corrupt Practices (FCPA) of 1977 requires companies registered with the SEC to: • Keep records that fairly and reasonably reflect firm’s transactions and financial position. • Maintain a system of internal control that provides reasonable assurance that organization objectives are met. • Committee of Sponsoring Organizations - 1992 17
Internal Control • Sarbanes-Oxley Act of 2002 (SOX) requires management of public companies to implement adequate internal control system over their financial reporting process. Under Section 302: • Managers must certify organization’s internal controls quarterly and annually. • External auditors must perform certain procedures quarterly to identify any material control modifications that may impact financial reporting. • Section 404 requires management of public companies to access the effectiveness of their internal controls in an annual report. 18
Internal Control System • Internal control system comprises policies, practices, and procedures to achieve four broad objectives: • Safeguard assets of the firm. • Ensure accuracy and reliability of accounting records and information. • Promote efficiency in the firm’s operations. • Measure compliance with management’s prescribed policies and procedures. 19
Modifying Principles • Management responsibility made law by SOX. • Objectives should be achieved regardless of the data processing method used. • Every system has limitations on its effectiveness including: possibility of error, circumvention, management override and changing conditions. • System should provide reasonable assurance that broad objectives are met. • Cost to achieve improved control should not outweigh benefits. • Cost of correcting material weaknesses is offset by benefits. 20
The PDC Model 21
The PDC Model • Preventive controls are passive techniques designed to reduce frequency of undesirable events occurring. • More cost effective than detecting and correcting problems after they occur. • Detective controls are devices, techniques and procedures to identify and expose undesirable events that eluded the preventive controls. • Corrective controls fix the identified problem. 22
COSO Internal Control Framework • The control environment is the foundation for the other four control components and includes: • Management integrity and ethical values, organizational structure, board of director participation and management’s philosophy and operating style. • A risk assessment must be performed to identify, analyze and manage financial reporting risks. • An effective accounting information system will: • Identify and record all valid financial transactions, provide timely information and adequately measure and record transactions. 23
COSO Internal Control Framework • Monitoring is the process by which the quality of internal control design and operation can be assessed. • Control activities are policies and procedures to ensure actions to deal with identified risk. • Physical controls relate primarily to human activities employed in accounting systems. • Information technology controls. 24
COSO Internal Control Framework 25
Physical Controls • Transaction authorization is to ensure all processed transactions are valid. • May be general (sales only to authorized customer) or specific (extending the credit limit of a customer). • Segregation of duties is designed to: • Separate transaction authorization from processing. • Separate asset custody from recordkeeping. • Ensure a successful fraud requires collusion between individuals with incompatible responsibilities. • Supervision is a compensating control for small organizations that cannot achieve adequate segregation of duties. 26
Physical Controls • Accounting records are source documents, journals and ledgers that provide an audit trail. • Information needed for day to day operations and essential in the financial audit process. • Access controls ensure only authorized personnel have assess to firm’s assets. • Verification procedures are independent checks to identify errors and misrepresentations in the accounting system. • Management can assess the performance of individuals, the integrity of the transaction processing system, and data correctness. 27
IT Controls • Application controls ensure validity, completeness, and accuracy of financial transactions. • Includes check digits, batch balancing and payroll limits. • General controls apply to all systems and include: • IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures. • General controls needed to support functioning of application controls. Both needed to ensure accurate financial reporting. 28
IT Controls 29
Audit Implications of SOX • Expanded role of auditors: • Must attest to quality of client organization’s internal controls with a separate audit opinion. • Possible to render a qualified opinion on controls and an unqualified opinion on financial statements. • PCAOB Standard No. 5 requires auditors to understand: • Transaction flows including controls pertaining to how transactions are initiated, authorized, recorded, and reported. • Auditors responsible for detecting fraudulent activity. 30

Recomendados

Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controlTommy Zul Hidayat
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of ControlsSazzad Hossain, ITP, MBA, CSCA™
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Sazzad Hossain, ITP, MBA, CSCA™
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 
Audit & Assurance
Audit & Assurance Audit & Assurance
Audit & Assurance Md. Mehadi Hassan Bappy
 
Lecture slide, chapter 1, An Overview of Auditing
Lecture slide, chapter 1, An Overview of AuditingLecture slide, chapter 1, An Overview of Auditing
Lecture slide, chapter 1, An Overview of AuditingSazzad Hossain, ITP, MBA, CSCA™
 

Recomendados

Chapter 1 auditing and internal control
Chapter 1 auditing and internal controlChapter 1 auditing and internal control
Chapter 1 auditing and internal controlTommy Zul Hidayat
 
Chapter 11, Tests of Controls
Chapter 11, Tests of ControlsChapter 11, Tests of Controls
Chapter 11, Tests of ControlsSazzad Hossain, ITP, MBA, CSCA™
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Sazzad Hossain, ITP, MBA, CSCA™
 
Computer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and TechniquesComputer-Assisted Audit Tools and Techniques
Computer-Assisted Audit Tools and Techniques_supriadi
 
Audit & Assurance
Audit & Assurance Audit & Assurance
Audit & Assurance Md. Mehadi Hassan Bappy
 
Lecture slide, chapter 1, An Overview of Auditing
Lecture slide, chapter 1, An Overview of AuditingLecture slide, chapter 1, An Overview of Auditing
Lecture slide, chapter 1, An Overview of AuditingSazzad Hossain, ITP, MBA, CSCA™
 
Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...
Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...
Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...Vhena Pilongo
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkAziz Fataliyev, Internal Audit Practitioner
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlZefren Edior
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksjayussuryawan
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approachkzoe1996
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15David Julian
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit FrameworkAhmad Tariq Bhatti
 
Planning of audit
Planning of auditPlanning of audit
Planning of auditFoluwa Amisu
 
Lecture 11, Chapter 18, Completing the audit
Lecture 11, Chapter 18, Completing the auditLecture 11, Chapter 18, Completing the audit
Lecture 11, Chapter 18, Completing the auditSazzad Hossain, ITP, MBA, CSCA™
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
Lecture 9, Chapter 13, Audit Sampling
Lecture 9, Chapter 13, Audit SamplingLecture 9, Chapter 13, Audit Sampling
Lecture 9, Chapter 13, Audit SamplingSazzad Hossain, ITP, MBA, CSCA™
 
Chapter 3
Chapter 3Chapter 3
Chapter 3EasyStudy3
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptIbrahim Jimalle
 
The “internal audit” versus “external audit” in details
The “internal audit” versus “external audit” in detailsThe “internal audit” versus “external audit” in details
The “internal audit” versus “external audit” in detailsMohammad Wahid Abdullah Khan
 
Ch 10. documentation
Ch 10. documentationCh 10. documentation
Ch 10. documentationSazzad Hossain, ITP, MBA, CSCA™
 
Audit procedures
Audit proceduresAudit procedures
Audit proceduresDarryl Woolley
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Unit 1 Introduction to Auditing
Unit 1 Introduction to AuditingUnit 1 Introduction to Auditing
Unit 1 Introduction to AuditingRadhika Gohel
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditingHardik Shah
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)sakura rena
 

Mais conteúdo relacionado

Mais procurados

Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...
Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...
Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...Vhena Pilongo
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlZefren Edior
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksjayussuryawan
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approachkzoe1996
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Sreekanth Narendran
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditorsminkhollow
 
The “internal audit” versus “external audit” in details
The “internal audit” versus “external audit” in detailsThe “internal audit” versus “external audit” in details
The “internal audit” versus “external audit” in detailsMohammad Wahid Abdullah Khan
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Unit 1 Introduction to Auditing
Unit 1 Introduction to AuditingUnit 1 Introduction to Auditing
Unit 1 Introduction to AuditingRadhika Gohel
 

Mais procurados (20)

Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...
Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...
Chapter 6: Transaction Processing and Financial Reporting Systems Overview (C...
 
COSO Internal Control - Integrated Framework
COSO Internal Control - Integrated FrameworkCOSO Internal Control - Integrated Framework
COSO Internal Control - Integrated Framework
 
Technology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal ControlTechnology Auditing, Assurance, Internal Control
Technology Auditing, Assurance, Internal Control
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
Test Data Approach
Test Data ApproachTest Data Approach
Test Data Approach
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Planning of audit
Planning of auditPlanning of audit
Planning of audit
 
Lecture 11, Chapter 18, Completing the audit
Lecture 11, Chapter 18, Completing the auditLecture 11, Chapter 18, Completing the audit
Lecture 11, Chapter 18, Completing the audit
 
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
Information Systems Control and Audit - Chapter 4 - Systems Development Manag...
 
Risk Assessment For Internal Auditors
Risk Assessment For Internal AuditorsRisk Assessment For Internal Auditors
Risk Assessment For Internal Auditors
 
Lecture 9, Chapter 13, Audit Sampling
Lecture 9, Chapter 13, Audit SamplingLecture 9, Chapter 13, Audit Sampling
Lecture 9, Chapter 13, Audit Sampling
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
The “internal audit” versus “external audit” in details
The “internal audit” versus “external audit” in detailsThe “internal audit” versus “external audit” in details
The “internal audit” versus “external audit” in details
 
Ch 10. documentation
Ch 10. documentationCh 10. documentation
Ch 10. documentation
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 
Unit 1 Introduction to Auditing
Unit 1 Introduction to AuditingUnit 1 Introduction to Auditing
Unit 1 Introduction to Auditing
 

Destaque

Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditingHardik Shah
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)sakura rena
 
Internal Auditing - Performance Standards
Internal Auditing - Performance StandardsInternal Auditing - Performance Standards
Internal Auditing - Performance Standardsaldenmae
 
Topic 3 Accounting System And Control
Topic 3 Accounting System And ControlTopic 3 Accounting System And Control
Topic 3 Accounting System And Controlguest441011
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditingKhalid Aziz
 
ACCA Completion Certificate
ACCA Completion CertificateACCA Completion Certificate
ACCA Completion CertificateZeeshan Rasheed
 
Internal Environment And Uniqueness Of The Cell
Internal Environment And Uniqueness Of The CellInternal Environment And Uniqueness Of The Cell
Internal Environment And Uniqueness Of The Cellshida abd talib
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditinggrifff
 
ACCA FUNDAMENTAL LEVEL CERTIFICATES
ACCA FUNDAMENTAL LEVEL CERTIFICATESACCA FUNDAMENTAL LEVEL CERTIFICATES
ACCA FUNDAMENTAL LEVEL CERTIFICATESEdwin Tan
 
Internal Controls
Internal ControlsInternal Controls
Internal Controlsmscuttle
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
New_Product_Development_Process, A_seminar_by_Mohan_Kumar_G
New_Product_Development_Process, A_seminar_by_Mohan_Kumar_GNew_Product_Development_Process, A_seminar_by_Mohan_Kumar_G
New_Product_Development_Process, A_seminar_by_Mohan_Kumar_GMohan Kumar G
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 

Destaque (20)

Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditing
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)
 
Acca Certificate
Acca CertificateAcca Certificate
Acca Certificate
 
Internal Auditing - Performance Standards
Internal Auditing - Performance StandardsInternal Auditing - Performance Standards
Internal Auditing - Performance Standards
 
Certificate ACCA F
Certificate ACCA FCertificate ACCA F
Certificate ACCA F
 
Topic 3 Accounting System And Control
Topic 3 Accounting System And ControlTopic 3 Accounting System And Control
Topic 3 Accounting System And Control
 
DIPIFR-diploma
DIPIFR-diplomaDIPIFR-diploma
DIPIFR-diploma
 
ACCA
ACCAACCA
ACCA
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditing
 
ACCA Completion Certificate
ACCA Completion CertificateACCA Completion Certificate
ACCA Completion Certificate
 
Internal Environment And Uniqueness Of The Cell
Internal Environment And Uniqueness Of The CellInternal Environment And Uniqueness Of The Cell
Internal Environment And Uniqueness Of The Cell
 
01 internal audit 101 principles and techniques
01 internal audit 101 principles and techniques01 internal audit 101 principles and techniques
01 internal audit 101 principles and techniques
 
Beginning auditor (1)
Beginning auditor (1)Beginning auditor (1)
Beginning auditor (1)
 
ACCA Certificate.PDF
ACCA Certificate.PDFACCA Certificate.PDF
ACCA Certificate.PDF
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 
ACCA FUNDAMENTAL LEVEL CERTIFICATES
ACCA FUNDAMENTAL LEVEL CERTIFICATESACCA FUNDAMENTAL LEVEL CERTIFICATES
ACCA FUNDAMENTAL LEVEL CERTIFICATES
 
Internal Controls
Internal ControlsInternal Controls
Internal Controls
 
Internal control system
Internal control systemInternal control system
Internal control system
 
New_Product_Development_Process, A_seminar_by_Mohan_Kumar_G
New_Product_Development_Process, A_seminar_by_Mohan_Kumar_GNew_Product_Development_Process, A_seminar_by_Mohan_Kumar_G
New_Product_Development_Process, A_seminar_by_Mohan_Kumar_G
 
Internal Control
Internal ControlInternal Control
Internal Control
 

Semelhante a Chapter 1: Auditing and Internal Control

Mf0013 – internal audit and control
Mf0013 – internal audit and controlMf0013 – internal audit and control
Mf0013 – internal audit and controlak007420
 
.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdf.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdfGauri More
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxSejalJain178980
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bankMohammad Halim Stanikzai
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...The Business Council of Mongolia
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8Akash Saxena
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliancesomeshwar mankar
 
The process of issuing audit report by ca firm
The process of issuing audit report by ca firmThe process of issuing audit report by ca firm
The process of issuing audit report by ca firmEnamul Islam
 
Auditing principles and practices, chapter 2
Auditing principles and practices, chapter 2Auditing principles and practices, chapter 2
Auditing principles and practices, chapter 2ZewduEskezia
 
Auditing Short Note.pdf for accounting and finance
Auditing Short Note.pdf for accounting and financeAuditing Short Note.pdf for accounting and finance
Auditing Short Note.pdf for accounting and financeetebarkhmichale
 
Auditing activities of microfinance institutions
Auditing activities of microfinance institutionsAuditing activities of microfinance institutions
Auditing activities of microfinance institutionsFrank Kabuye, CPA
 
Role of various agencies in ensuring ethics in corporations by pankaj
Role of various agencies in ensuring ethics in corporations by pankajRole of various agencies in ensuring ethics in corporations by pankaj
Role of various agencies in ensuring ethics in corporations by pankajPankaj Chandel
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007Danial Khan
 
What is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfWhat is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfRathnakarReddy17
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Issharing notes123
 

Semelhante a Chapter 1: Auditing and Internal Control (20)

Internal audit
Internal auditInternal audit
Internal audit
 
Mf0013 – internal audit and control
Mf0013 – internal audit and controlMf0013 – internal audit and control
Mf0013 – internal audit and control
 
.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdf.POINTS TO REMEMBER ADVANCED AUDITING.pdf
.POINTS TO REMEMBER ADVANCED AUDITING.pdf
 
IFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptxIFC Knowldge Sharing 23.02.20 (1).pptx
IFC Knowldge Sharing 23.02.20 (1).pptx
 
01 Auditing CH 1.ppt
01 Auditing CH 1.ppt01 Auditing CH 1.ppt
01 Auditing CH 1.ppt
 
Internal control and internal audit presentation for bank
Internal control and internal audit presentation for bankInternal control and internal audit presentation for bank
Internal control and internal audit presentation for bank
 
Isa 200&240 ppt
Isa 200&240 pptIsa 200&240 ppt
Isa 200&240 ppt
 
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...12.12.2011, Internal audit role and functions in corporate governance, Scott ...
12.12.2011, Internal audit role and functions in corporate governance, Scott ...
 
24201843 studdy-note-8
24201843 studdy-note-824201843 studdy-note-8
24201843 studdy-note-8
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Audits and Regulatory Compliance
Audits and Regulatory ComplianceAudits and Regulatory Compliance
Audits and Regulatory Compliance
 
The process of issuing audit report by ca firm
The process of issuing audit report by ca firmThe process of issuing audit report by ca firm
The process of issuing audit report by ca firm
 
Auditing principles and practices, chapter 2
Auditing principles and practices, chapter 2Auditing principles and practices, chapter 2
Auditing principles and practices, chapter 2
 
Auditing Short Note.pdf for accounting and finance
Auditing Short Note.pdf for accounting and financeAuditing Short Note.pdf for accounting and finance
Auditing Short Note.pdf for accounting and finance
 
Auditing activities of microfinance institutions
Auditing activities of microfinance institutionsAuditing activities of microfinance institutions
Auditing activities of microfinance institutions
 
Role of various agencies in ensuring ethics in corporations by pankaj
Role of various agencies in ensuring ethics in corporations by pankajRole of various agencies in ensuring ethics in corporations by pankaj
Role of various agencies in ensuring ethics in corporations by pankaj
 
El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007El-Paso SOX TestingTraining- June 2007
El-Paso SOX TestingTraining- June 2007
 
Advance audit
Advance auditAdvance audit
Advance audit
 
What is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfWhat is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdf
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 

Último

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 

Último (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 

Chapter 1: Auditing and Internal Control

  • 1. Chapter 1: Auditing and Internal Control IT Auditing, Hall, 4e
  • 2. Learning Objectives • Know the difference between attest services and advisory services and be able to explain the relationship between the two. • Understand the structure of an audit and have a firm grasp of the conceptual elements of the audit process. • Understand internal control categories presented in the COSO framework. • Be familiar with the key features of Section 302 an 404 of the Sarbanes-Oxley Act. • Understand the relationship between general controls, application control, and financial data integrity. 1
  • 3. Auditing • Information technology (IT) developments have had tremendous impact on auditing. • Business organizations undergo different types of audits for different purposes. • Most common are external (financial) audits, internal audits and fraud audits. 2
  • 4. External (Financial) Audits • Independent attestation performed by an expert (i.e., CPA) who expresses an opinion regarding the fair presentation of financial statements. • Required by SEC for all public companies. • Key concept is independence: • Similar to a trial by judge. • Auditor collects evidence and renders opinion. • Basis of public confidence in financial statements. • Strict rules must be followed. • Defined by SEC, FASB, AICPA and SOX. 3
  • 5. Attest Service vs. Advisory Services • Requirements of attestation services: • Written assertions and practitioner’s written report. • Formal establishment of measurement criteria. • Limited to examination, review, and application of agreed- upon procedures. • Advisory services are offered to improve client’s operational effectiveness and efficiency. • SOX greatly restricts the types of non-audit services auditors may render to audit clients. • Unlawful to provide many accounting, financial, internal audit, management, human resource or legal services unrelated to the audit. 4
  • 6. Internal Audits • Internal auditing is an independent appraisal function to examine and evaluate activities within, and as a service to, an organization. • Internal auditors perform a wide variety of activities including financial, operational, compliance and fraud audits. • Auditors may work for the organization or task may be outsourced. • Independence is self-imposed, but auditors represent the interests of the organization. 5
  • 7. External vs. Internal Auditors • External auditors represent outsiders while internal auditors represent organization’s interests. • Internal auditors often cooperate with and assist external auditors in some aspects of financial audits. • Extent of cooperation depends upon the independence and competence of the internal audit staff. • External auditors can rely in part on evidence gathered by internal audit departments that are organizationally independent and report to the board of directors’ audit committee. 6
  • 8. Fraud Audits • Recent increase in popularity as a corporate governance tool. • Objective to investigate anomalies and gather evidence of fraud that may lead to criminal convictions. • May be initiated by management who suspect employee fraud or the board of directors who suspect executive fraud. 7
  • 9. Role of Audit Committee • Subcommittee of the board of directors • Usually three members who are outsiders. • SOX requires at least one member must be a “financial expert”. • Serves as independent “check and balance” for the internal audit function. • SOX mandates that external auditors report to the audit committee: • Committee hires and fires auditors and resolve disputes. 8
  • 10. Auditing Standards • Three classes of auditing standards: general qualification, field work, and reporting. • Specific guidance provided by AICPA Statements on Auditing Standards (SASs) as authoritative interpretations of GAAS. • First one issued in 1972. • If recommendations are not followed, auditor must be able to show why a SAS does not apply to a given situation. • Conducing an audit is a systematic and logical process that applies to all forms of information systems. 9
  • 11. General Standards Standards of Field Work Reporting Standards 1. The auditor must have adequate technical training and proficiency. 1. Audit work must be adequately planned. 1. The auditor must state in the report whether financial statements were prepared in accordance with generally accepted accounting principles. 2. The auditor must have independence of mental attitude. 2. The auditor must gain a sufficient understanding of the internal control structure. 2. The report must identify those circumstances in which generally accepted accounting principles were not applied. 3. The auditor must exercise due professional care in the performance of the audit and the preparation of the report. 3. The auditor must obtain sufficient, competent evidence. 3. The report must identify any items that do not have adequate informative disclosures. 4. The report shall contain an expression of the auditor’s opinion on the financial statements as a whole. Generally Accepted Auditing Standards 10
  • 12. Auditing Standards • Management assertions and audit objectives: • Existence or Occurrence; Completeness; Rights and Obligations; Valuation or Allocation; Presentation and Disclosure. • Auditors develop audit objectives and design audit procedures based on these assertions. • Auditors seek evidential matter that corroborates assertions. • Auditor must determine whether internal control weaknesses and misstatements are material. • Auditors must communicate the results of their tests, including an audit opinion. 11
  • 13. Management Assertions Audit Objectives Audit Procedure Existence or occurrence Inventories listed on the balance sheet exist. Observe the counting of physical inventory. Completeness Accounts payable include all obligations to vendors for the period. Compare receiving reports, supplier invoices, purchase orders, and journal entries for the period and the beginning of the next period. Rights and obligations Plant and equipment listed in the balance sheet are owned by the entity. Review purchase agreements, insurance policies, and related documents. Valuation or allocation Accounts receivable are stated at net realizable value. Review entity’s aging of accounts and evaluate the adequacy of the allowance for uncorrectable accounts. Presentation and disclosure Contingencies not reported in financial accounts are properly disclosed in footnotes. Obtain information from entity lawyers about the status of litigation and estimates of potential loss. Audit Objectives and Audit Procedures Based on Management Assertions 12
  • 14. Audit Risk • Probability that auditor will render unqualified (clean) opinion on financial statements that are, in fact, materially misstated. • Inherent risk (IR) is associated with unique characteristics of client’s business or industry. • Control risk (CR) is the likelihood the control structure is flawed because controls are either absent or inadequate to prevent or detect errors. • Detection risk (DR) is the risk auditors are willing to take that errors not detected or prevented by the control structure will not be detected by the auditor. 13
  • 15. Audit Risk • Audit risk components in a model used to determine the scope, nature and timing of substantive tests: • Audit risk model: AR = IR x CR x DR • If acceptable audit risk is 5%, the planned detection risk will depend upon the control structure. • The stronger the internal control structure, the lower the control risk and the less substantive testing the auditor must do. • Substantive tests are labor intensive and time consuming, which drives up audit costs and cause disruption. • Management’s best interests are served by a strong internal control structure. 14
  • 17. The IT Audit • First step is audit planning which includes the analysis of audit risk. • Techniques for gathering evidence include questionnaires, management interviews, reviewing system documentation and observing activities. • Objective of tests of controls is to determine if adequate controls are in place and functioning. • Third phase focuses on financial data and a detailed investigation of specific account balances and transactions through substantive tests. • Files may be extracted using Computer-Assisted-Audit Tools and Techniques (CAATTs) software. 16
  • 18. Internal Control • Management required by law to establish and maintain adequate system of internal controls. • Brief history of internal control legislation: • SEC Acts of 1933 and 1934. • Copyright Law of 1976. • Foreign Corrupt Practices (FCPA) of 1977 requires companies registered with the SEC to: • Keep records that fairly and reasonably reflect firm’s transactions and financial position. • Maintain a system of internal control that provides reasonable assurance that organization objectives are met. • Committee of Sponsoring Organizations - 1992 17
  • 19. Internal Control • Sarbanes-Oxley Act of 2002 (SOX) requires management of public companies to implement adequate internal control system over their financial reporting process. Under Section 302: • Managers must certify organization’s internal controls quarterly and annually. • External auditors must perform certain procedures quarterly to identify any material control modifications that may impact financial reporting. • Section 404 requires management of public companies to access the effectiveness of their internal controls in an annual report. 18
  • 20. Internal Control System • Internal control system comprises policies, practices, and procedures to achieve four broad objectives: • Safeguard assets of the firm. • Ensure accuracy and reliability of accounting records and information. • Promote efficiency in the firm’s operations. • Measure compliance with management’s prescribed policies and procedures. 19
  • 21. Modifying Principles • Management responsibility made law by SOX. • Objectives should be achieved regardless of the data processing method used. • Every system has limitations on its effectiveness including: possibility of error, circumvention, management override and changing conditions. • System should provide reasonable assurance that broad objectives are met. • Cost to achieve improved control should not outweigh benefits. • Cost of correcting material weaknesses is offset by benefits. 20
  • 23. The PDC Model • Preventive controls are passive techniques designed to reduce frequency of undesirable events occurring. • More cost effective than detecting and correcting problems after they occur. • Detective controls are devices, techniques and procedures to identify and expose undesirable events that eluded the preventive controls. • Corrective controls fix the identified problem. 22
  • 24. COSO Internal Control Framework • The control environment is the foundation for the other four control components and includes: • Management integrity and ethical values, organizational structure, board of director participation and management’s philosophy and operating style. • A risk assessment must be performed to identify, analyze and manage financial reporting risks. • An effective accounting information system will: • Identify and record all valid financial transactions, provide timely information and adequately measure and record transactions. 23
  • 25. COSO Internal Control Framework • Monitoring is the process by which the quality of internal control design and operation can be assessed. • Control activities are policies and procedures to ensure actions to deal with identified risk. • Physical controls relate primarily to human activities employed in accounting systems. • Information technology controls. 24
  • 26. COSO Internal Control Framework 25
  • 27. Physical Controls • Transaction authorization is to ensure all processed transactions are valid. • May be general (sales only to authorized customer) or specific (extending the credit limit of a customer). • Segregation of duties is designed to: • Separate transaction authorization from processing. • Separate asset custody from recordkeeping. • Ensure a successful fraud requires collusion between individuals with incompatible responsibilities. • Supervision is a compensating control for small organizations that cannot achieve adequate segregation of duties. 26
  • 28. Physical Controls • Accounting records are source documents, journals and ledgers that provide an audit trail. • Information needed for day to day operations and essential in the financial audit process. • Access controls ensure only authorized personnel have assess to firm’s assets. • Verification procedures are independent checks to identify errors and misrepresentations in the accounting system. • Management can assess the performance of individuals, the integrity of the transaction processing system, and data correctness. 27
  • 29. IT Controls • Application controls ensure validity, completeness, and accuracy of financial transactions. • Includes check digits, batch balancing and payroll limits. • General controls apply to all systems and include: • IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development and program change procedures. • General controls needed to support functioning of application controls. Both needed to ensure accurate financial reporting. 28
  • 31. Audit Implications of SOX • Expanded role of auditors: • Must attest to quality of client organization’s internal controls with a separate audit opinion. • Possible to render a qualified opinion on controls and an unqualified opinion on financial statements. • PCAOB Standard No. 5 requires auditors to understand: • Transaction flows including controls pertaining to how transactions are initiated, authorized, recorded, and reported. • Auditors responsible for detecting fraudulent activity. 30