prev
next
out of 28

Auditing and Internal Control

Embed Size (px)

DESCRIPTION

audit

Citation preview

AUDITING AND INTERNAL CONTROL

AUDITING AND INTERNAL CONTROLChapter 1An external audit is an independent attestation performed by an expertthe auditor who expresses an opinion regarding the presentation of financial statements attest service by CPA

External (financial) auditsThe attest service is defined as:... an engagement in which a practitioner is engaged to issue, or does issue, a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party. (SSAE No. 1, AT Sec. 100.01)Attest Service versus Advisory ServicesAdvisory services are professional services offered by public accounting firms to improve their client organizations operational efficiency and effectivenessIIA defines internal auditing as an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organizationActivities :conducting financial auditsexamining an operations compliance with organizational policiesreviewing the organizations compliance with legal obligations, evaluating operational efficiency, and detecting and pursuing fraud within the firm.Internal AuditsThe objective of a fraud audit is to investigate anomalies and gather evidence of fraud that may lead to criminal convictionfraud auditors have earned the Certified Fraud Examiner (CFE) certification, which is governed by the Association of Certified Fraud Examiners (ACFE)Fraud Auditsconsists of three people who should be outsiders (not associated with the families of executive management nor former officers, etc.)at least one member of the audit committee must be a financial expert. The audit committee serves as an independent check and balance for the internal audit function and liaison with external auditorsTHE ROLE OF THE AUDIT COMMITTEEGenerally Accepted Auditing Standards.docxA Systematic Process Management Assertions and Audit Objectives 5 assertionsObtaining EvidenceAscertaining MaterialityCommunicating ResultsAuditing StandardsAudit risk is the probability that the auditor will render an unqualified (clean) opinion on financial statements that are, in fact, materially misstatedAcceptable audit risk (AR) is estimated based on the ex ante value of the components of the audit risk modelAUDIT RISKInherent risk is associated with the unique characteristics of the business or industry of the clientControl risk is the likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts.Detection risk is the risk that auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor

Audit Risk ModelAR = IR CR DRThe Relationship Between Tests of Controls and Substantive Tests The stronger the internal control structure, as determined through tests of controls, the lower the control risk and the less substantive testing the auditor must do

An IT audit focuses on the computer-based aspects of an organizations information system; and modern systems employ significant levels of technology

THE IT AUDITThe Structure of an IT AuditAudit planningTest of controlsSubstantive test (fig 1.1)

SEC Acts of 1933 and 1934Copyright Law1976Foreign Corrupt Practices Act (FCPA) of 1977Committee of Sponsoring Organizations1992Sarbanes-Oxley Act of 2002INTERNAL CONTROLAn organizations internal control system comprises policies, practices, and procedures to achieve four broad objectives:1. To safeguard assets of the firm.2. To ensure the accuracy and reliability of accounting records and information.3. To promote efficiency in the firms operations.4. To measure compliance with managements prescribed policies and procedures.INTERNAL CONTROL OBJECTIVES, PRINCIPLES, AND MODELSManagement ResponsibilityMethods of Data ProcessingLimitations(1) the possibility of errorno system is perfect, (2) circumventionpersonnel may circumvent the system through collusion or other means, (3) management override management is in a position to override control procedures by personally distorting transactions or by directing a subordinate to do so, and (4) changing conditionsconditionsmay change over time so that existing effective controls may become ineffectualReasonable Assurance (see fig 1.2) the cost of achieving improved control should not outweigh its benefits.Modifying PrinciplesPreventive Controlspassive techniques designed to reduce the frequency of occurrence of undesirable eventsDetective Controlsdevices, techniques, and procedures designed to identify and expose undesirable events that elude preventive controlsCorrective Controlsactually fix the problemThe PDC Model (fig 1.3)The Control EnvironmentRisk AssessmentInformation and communicationMonitoringControl ActivitiesCOSO Internal Control Frameworkthe foundation for the other four control componentsElements :The integrity and ethical values of management.The structure of the organizationThe participation of the organizations board of directors and the audit committee, if one exists.Managements philosophy and operating style.The procedures for delegating responsibility and authority.Managements methods for assessing performance.External influences, such as examinations by regulatory agencies.The organizations policies and practices for managing its human resources.Control environmentto identify, analyze, and manage risks relevant to financial reporting. Risks can arise or change from circumstances such as:Changes in the operating environment that impose new or changed competitive pressures on the firm.New personnel who have a different or inadequate understanding of internal control.New or reengineered information systems that affect transaction processing.Significant and rapid growth that strains existing internal controls.Risk assessmentThe implementation of new technology into the production process or information system that impacts transaction processing.The introduction of new product lines or activities with which the organization has little experience.Organizational restructuring resulting in the reduction and/or reallocation of personnel such that business operations and transaction processing are affected.Entering into foreign markets that may impact operations (that is, the risks associated with foreign currency transactions).Adoption of a new accounting principle that impacts the preparation of financial statements

An effective accounting information system will:Identify and record all valid financial transactions.Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting.Accurately measure the financial value of transactions so their effects can be recorded in financial statements.Accurately record transactions in the time period in which they occurredInformation and communicationthe process by which the quality of internal control design and operation can be assessedOngoing monitoring may be achieved by integrating special computer modules into the information system that capture key data and/or permit tests of controls to be conducted as part of routine operationsMonitoringthe policies and procedures used to ensure that appropriate actions are taken to deal with the organizations identified risksControl is divided by two : physical and IT controls (see fig 1.4)

Control Activitiesrelates primarily to the human activities employed in accounting systems. These activities may be purely manual, such as the physical custody of assets, or they may involve the physical use of computers to record transactions or update accounts

Physical ControlsTransaction authorizationSegregation of dutiesSupervisionAccounting recordsAccess controlIndependent verificationsix categoriesapplication controls are to ensure the validity, completeness, and accuracy of financial transactionsGeneral controls include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development, and program change procedures.

IT controlsUnderstand the flow of transactions, including IT aspects, in sufficient detail to identify points at which a misstatement could arise.Using a risk-based approach, assess both the design and operating effectiveness of selected internal controls related to material accounts.Assess the potential for fraud in the system and evaluate the controls designed to prevent or detect fraud.Evaluate and conclude on the adequacy of controls over the financial statement reporting processEvaluate entity-wide (general) controls that correspond to the components of the COSO framework.Audit Implications of SOX


28 Internal Auditing

28 Internal Auditing

Documents
Chapter 1 Auditing and Internal Control TRUE/FALSE...IT Auditing 3rd Ed—Test Bank, Chapter 1 Chapter 1—Auditing and Internal Control TRUE/FALSE 1. Corporate management (including

Chapter 1 Auditing and Internal Control TRUE/FALSE...IT Auditing 3rd Ed—Test Bank, Chapter 1 Chapter 1—Auditing and Internal Control TRUE/FALSE 1. Corporate management (including

Documents
IT AUDIT - Auditing, Assurance and Internal Control

IT AUDIT - Auditing, Assurance and Internal Control

Documents
Internal Auditing Effectiveness

Internal Auditing Effectiveness

Documents
The Professional Practice of Internal Auditing · The Professional Practice of Internal Auditing Institute of Internal Auditors defines internal auditing as: “Internal auditing

The Professional Practice of Internal Auditing · The Professional Practice of Internal Auditing Institute of Internal Auditors defines internal auditing as: “Internal auditing

Documents
Basic internal auditing

Basic internal auditing

Education
1 Chapter 1: Auditing, Assurance, and Internal Control

1 Chapter 1: Auditing, Assurance, and Internal Control

Documents
Internal audItIng - TheIIA · 2012-03-09 · internal control processes. Internal audItIng’S Value aSSuranCe, InSIgHt, and OBJeCtIVItY – the value of internal auditing can be

Internal audItIng - TheIIA · 2012-03-09 · internal control processes. Internal audItIng’S Value aSSuranCe, InSIgHt, and OBJeCtIVItY – the value of internal auditing can be

Documents
AASHTO Internal Control Questionnaire - state.sd.us Internal...Internal Control Questionnaire for Consulting Engineers 5 AASHTO Uniform Auditing & Accounting Guide . 4. Which of the

AASHTO Internal Control Questionnaire - state.sd.us Internal...Internal Control Questionnaire for Consulting Engineers 5 AASHTO Uniform Auditing & Accounting Guide . 4. Which of the

Documents
What’s New in Government Internal Control and Auditing Standards? Houston Institute of Internal Auditors 2015 Government Auditing Conference Page 1

What’s New in Government Internal Control and Auditing Standards? Houston Institute of Internal Auditors 2015 Government Auditing Conference Page 1

Documents
MANUAL ON INTERNAL AUDITING INDEX · 1.1 What is internal auditing? 1.2 History and background 1.3 Purpose of internal auditing 1.4 Scope of internal auditing 1.5 Role of auditors

MANUAL ON INTERNAL AUDITING INDEX · 1.1 What is internal auditing? 1.2 History and background 1.3 Purpose of internal auditing 1.4 Scope of internal auditing 1.5 Role of auditors

Documents
TXDOT AUDIT FRAMEWORK STANDARDS/COSO 2013 … · Internal Control COSO - Internal Control Integrated Framework Focus on professional auditing standards and internal control framework

TXDOT AUDIT FRAMEWORK STANDARDS/COSO 2013 … · Internal Control COSO - Internal Control Integrated Framework Focus on professional auditing standards and internal control framework

Documents
Internal Control Questionnaire - in.gov · AASHTO Internal Control Questionnaire for Consulting Engineers Internal Control Questionnaire for Consulting Engineers AASHTO Uniform Auditing

Internal Control Questionnaire - in.gov · AASHTO Internal Control Questionnaire for Consulting Engineers Internal Control Questionnaire for Consulting Engineers AASHTO Uniform Auditing

Documents
Chapter 14 Cost Control Systems - OPPAGA · Cost Control Systems Internal Auditing 1. The district has not established an internal audit function. (Page 14-6) Financial Auditing 2

Chapter 14 Cost Control Systems - OPPAGA · Cost Control Systems Internal Auditing 1. The district has not established an internal audit function. (Page 14-6) Financial Auditing 2

Documents
Chapter 18 Internal Auditing and Outsourcing. Define Internal Auditing Internal auditing is an independent and objective assurance and consulting activity

Chapter 18 Internal Auditing and Outsourcing. Define Internal Auditing Internal auditing is an independent and objective assurance and consulting activity

Documents
Internal Control Questionnaire (ICQ) for Consulting …transportation.wv.gov/auditing/Documents/AASHTO_Questionnaire.pdf · Internal Control Questionnaire for Consulting Engineers

Internal Control Questionnaire (ICQ) for Consulting …transportation.wv.gov/auditing/Documents/AASHTO_Questionnaire.pdf · Internal Control Questionnaire for Consulting Engineers

Documents
Chapter 20 - Internal Control and Auditing (Superseded ... · Internal Control and Auditing State Administrative & Accounting Manual Issued by: Office of Financial Management 5 20.15.40

Chapter 20 - Internal Control and Auditing (Superseded ... · Internal Control and Auditing State Administrative & Accounting Manual Issued by: Office of Financial Management 5 20.15.40

Documents
Auditing Internal

Auditing Internal

Documents
Internal Control Reporting and Auditing

Internal Control Reporting and Auditing

Documents
9.401 Auditing Chapter 9 The Study of Internal Control and Assessment of Control Risk

9.401 Auditing Chapter 9 The Study of Internal Control and Assessment of Control Risk

Documents
Auditing Internal Control over Financial Reporting · PDF fileAuditing Internal Control over Financial ... under Section 404 ... Integrating the Audits of Internal Control and Financial

Auditing Internal Control over Financial Reporting · PDF fileAuditing Internal Control over Financial ... under Section 404 ... Integrating the Audits of Internal Control and Financial

Documents
Behavioral Dimensions of Internal Auditing: Behavioral ... · of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing, a guide for internal auditors

Behavioral Dimensions of Internal Auditing: Behavioral ... · of Internal Auditing: A Practical Guide to Professional Relationships in Internal Auditing, a guide for internal auditors

Documents
“Internal Controls, GASB Update and Some fun with Auditing · 2016-03-23 · internal control. · Effective internal control helps an organization achieve its operations, financial

“Internal Controls, GASB Update and Some fun with Auditing · 2016-03-23 · internal control. · Effective internal control helps an organization achieve its operations, financial

Documents
NPA, Accounting, Auditing and Internal Control & ERM of · PDF fileNPA, Accounting, Auditing and Internal Control & ERM of Urban Co-operative Banks CA Rajkumar S Adukia B. Com (Hons.),

NPA, Accounting, Auditing and Internal Control & ERM of · PDF fileNPA, Accounting, Auditing and Internal Control & ERM of Urban Co-operative Banks CA Rajkumar S Adukia B. Com (Hons.),

Documents
Auditing Culture and Internal Control Environment

Auditing Culture and Internal Control Environment

Documents
Accountability Modules Internal Auditing MANAGEMENT ... · Internal Auditing Accountability Modules Internal Auditing - 4 Texas State Auditor's Office, Methodology Manual, rev. 12/95

Accountability Modules Internal Auditing MANAGEMENT ... · Internal Auditing Accountability Modules Internal Auditing - 4 Texas State Auditor's Office, Methodology Manual, rev. 12/95

Documents
MODUL-1 INTERNAL AUDITING · Ch.1 THE NATURE OF INTERNAL AUDITING Evolusi Audit Internal (The evolution of Internal Auditing). External Auditor & Internal Auditor

MODUL-1 INTERNAL AUDITING · Ch.1 THE NATURE OF INTERNAL AUDITING Evolusi Audit Internal (The evolution of Internal Auditing). External Auditor & Internal Auditor

Documents
Internal Auditing Services

Internal Auditing Services

Documents
Internal Auditing

Internal Auditing

Documents
AUDITING CHAPTER 8 Internal Control

AUDITING CHAPTER 8 Internal Control

Documents