Chapter 11 Consideration of Internal Control
Chapter 11 Consideration of Internal Control
NTERNAL CONTROL IN
A FINANCIAL STATEM
ENT AUDIT
PSA 315
"Identifying and Assessing the Risks of Material Mi
sstatement Through Understanding the Entity and Its
Environment" establishes standards and provides gui
dance in obtaining an understanding of the accounti
ng and internal control system and on audit risk an
d its components: inherent risk, control risk, and
detection risk.
Nature and Purpose of Internal
Control
PSA 315 (Clarified) paragraph 4 (c) defines inte
rnal control as the process designed and effecte
d by those charged with governance, management,
and other personnel to provide reasonable assura
nce about the achievement of the entity's object
ives with regard to reliability of financial rep
orting, effectiveness and efficiency of operatio
ns and compliance with applicable laws and regul
ations.
Those objectives fall into thre
e categories:
Reliability of the entity's financial rep
orting
Effectiveness and efficiency of operation
s
Compliance with applicable laws and regul
ations
Internal control system defined
Internal control system means all the policies
and procedures (internal controls) adopted by t
he management of an entity to assist in achievi
ng management's objective of ensuring the order
ly and efficient conduct of its business, inclu
ding adherence to management policies, the safe
guarding of assets, the prevention and detectio
n of fraud and error, the accuracy and complete
ness of the accounting records, and the timely
preparation of reliable financial information.
Elements of Internal Contr
ol
a. the control environment
b. the entity's risk assessment process
c. the information system, including the re
lated business processes, relevant to finan
cial reporting, and communication
d. control activities
e. monitoring of controls
A. Control Environment
Factors in control environment include:
•The function of the board of directors and it
s committees
•Management's philosophy and operating style
•The entity's organizational structure and met
hods of assigning authority and responsibility
•Management's control system including the int
ernal audit function, personnel policies and pr
ocedures and segregation of duties
1.Communication and Enforcement of Integrity and
Ethical Values
2.Commitment to Competence
3.Participation by those Charged with Governance
4.Management's Philosophy and Operating Style
5.Organizational Structure
6.Assignment of Authority and Responsibility
7.Human Resources Policies and Procedures
B. Entity's Risk Assessment Pro
cess
Risks can arise or change due to circumstances such as the
following:
•Changes in operating environment
•New personnel
•New or revamped information system
•Rapid growth
•New technology
•New business models, products, or activities
•Corporate restructuring
•Expanded foreign operations
•New accounting pronouncements
C. Information System, including the Busines
s Processes, Relevant to Financial Reporting
and Communication
Initiate,record, process and report entity transactions (as well as
events and conditions) and to maintain accountability for the relate
d assets, liabilities, and equity
Resolve incorrect processing of transactions
Process account for system overrides or bypasses to controls
Transferinformation from transaction processing systems to the gene
ral ledger
Capture information relevant to financial reporting for events and c
onditions other than transactions, such as the depreciation and amor
tization of assets and changes in the recoverability of accounts rec
eivables
Ensureinformation required to be disclosed by the applicable financ
ial reporting framework is accumulated, recorded, processed, summari
zed and appropriately reported in the financial statements
Journal entries
Related Business Process
Application to Small Entities
D. Control Activities
Major categories of control procedures:
A. Performance Review
B. Information Processing Controls
(1.) Proper authorization or transactions and ac
tivities
(2.) Segregation of duties
(3.) Adequate documents and records
(4.) Safeguards over access to assets; and
(5) Independent checks on performance
C. Physical controls
Control activities related to the
processing of transactions may be
grouped as follows:
Disadvantages
1. Higher level of knowledge and training are required to pre
pare a good flowchart of a complex system.
2. Flowcharts take more time to prepare and require more know
ledge.
3. It is more difficult to spot internal control weakness.
3. Narrative Description
Advantages
1. Narrative is flexible and may be tailor-made for engagement.
2. Requires a detailed analysis and thus forces auditor to unde
rstand functioning of the system.
Disadvantages
1. Auditor may not have the ability to describe the system corr
ectly and concisely.
2. This may require more time and careful study.
3. Auditor may overlook important portions of internal control
system.
4. A poorly written internal accounting control narrative can le
ad to a misunderstanding of the system thus resulting in the imp
roper design and application of compliance tests.
4. Internal Control Checkl
ist
Thechecklist basically provides only a g
uide to review the internal control of th
e auditee and does not represent a record
of the auditor's findings.
STAGE B. ASSESSING THE PRELIMINAR
Y LEVEL OF CONTROL RISK
The preliminary assessment of control risk for a fi
nancial statement assertion should be high unless t
he auditor:
(a) is able to identify internal controls relevant
to the assertion which are likely to prevent or det
ect, and correct a material misstatement
(b) plans to perform tests of control to support th
e assessment
Assessing Inherent Risk
At the Financial Statement Level
•The integrity of management.
•Management experience, knowledge and changes in management during the period
.
•Unusual pressures on management.
•The nature of the entity's business.
•Factors affecting the industry in which the entity operates.
At the Account Balance and Class of Transactions Level
•Financial statement accounts likely to be susceptible to misstatement.
•The complexity of underlying transactions and other events which might requi
re using the work of an expert.
•The degree of judgment involved in determining account balances.
•Susceptibility of assets to loss or misappropriation.
•The completion of unusual and complex transactions, particularly at near per
iod end.
•Transactions not subjected to ordinary processing.
STAGE C. OBTAINING EVIDENTIAL MATTER TO SUPPORT THE A
SSESSED LEVEL OF CONTROL RISK
Test of Controls
(a)design of the accounting and internal control sy
stems, whether they are suitably designed to preven
t or detect and correct material misstatements
(b)operation of the internal controls throughout th
e period
STAGE D. EVALUATING THE RESULTS OF THE EVIDENTIAL MAT
TER