chapter 6 - Higher Ed

CHAPTER 6 Internal Control Evaluation: Assessing Control Risk LEARNING OBJECTIVES | | | | |
| |Review |Exercises and|Cases |
| |Checkpoints |Problems | |
| | | | |
|1. Write an essay or memo explaining |1, 2, 3 | |29, 39, 55 |
|primary and secondary reasons for | | | |
|conducting an evaluation of a | | | |
|client's internal control structure. | | | |
| | | | |
|2. Distinguish between management's |4, 5, 6 |48 |55 |
|and auditors' responsibility | | | |
|regarding a company's internal | | | |
|control structure. | | | |
| | | | |
|3. Define and describe the three |7, 8, 9, 10, |51 |57 |
|basic elements of an internal control|11, 12 | | |
|structure, and specify some of their | | | |
|component characteristics. | | | |
| | | | |
|4. Identify and give examples of |10 |52, 53 |56, 57 |
|seven internal control objectives, | | | |
|and associate them with the five | | | |
|management assertions in financial | | | |
|account balances. | | | |
| | | | |
|5. List and explain the control |10, 11, 12, |52 | |
|procedures companies use to achieve |13, 14, 15, | | |
|control objectives. |16, 17 | | |
| | | | |
|6. Explain the phases of an |18, 19, 20 |49 |28, 30, 31, |
|evaluation of control and risk | | |32, 33 |
|assessment and the documentation and | | | |
|extent of audit work required. | | | |
| | | | |
|7. Write procedures for an audit |21, 22 |50, 51, 54 |33 |
|program, following the general form | | | |
|of a detail test of control | | | |
|procedure. | | | |
| | | | |
|8. Define and explain reasonable |23, 24, 25 |48 | |
|assurance and cost-benefit in the | | | |
|context of control risk assessment. | | | |
| | | | |
|9. Adapt the concepts and processes |26, 27 | | |
|of control risk assessment to small | | | |
|businesses. | | | | POWERPOINT SLIDES PowerPoint slides are included on the website. Please take special note of: * Phases of Risk Assessment Diagram SOLUTIONS FOR REVIEW CHECKPOINTS 6.1 The primary reason for conducting an evaluation of a client's
existing internal control system is to give the auditors a basis for
finalizing the details of the account balance audit program--to
determine the nature, timing and extent of subsequent substantive
audit procedures. A secondary purpose for conducting an evaluation of internal control
is to be able to make constructive suggestions for improvements.
Officially, the profession considers these suggestions a part of the
audit function and does not define the work as a MAS consultation. Another purpose of the evaluation is to report to management and the
board of directors or its audit committee any discovery of "any
reportable conditions" of internal control deficiencies. 6.2 A "substantive audit procedure" is any action (resembling a specific
variation of one of the seven general audit procedures) undertaken for
the purpose of producing evidence about a dollar amount of a
disclosure that appears in the financial statements under audit. The nature of a procedure is its description--usually associated with
one of the seven general audit procedures. For example, the nature of
a procedure may be confirmation, document, vouching, etc. The timing of a procedure is the period during which it is performed--
usually distinguished as interim (before the balance sheet date), year-
end (on or close to the balance sheet date), and subsequent (after the
balance sheet date). The extent of a procedure is the number of details audited with it, or
another measure of intensity or frequency. Oftentimes, extent is
measured by the sample size. 6.3 A reportable condition is a control deficiency in the design or
operation of the internal controls that could adversely affect the
client's ability to account for transactions properly. A material weakness in internal control is an extreme type of
reportable condition defined in auditing standards as a condition in
which the specific control procedures or the degree of compliance with
them do not reduce to a relatively low level the risk that errors or
irregularities in amounts that would be material to the financial
statements being audited may occur and not be detected within a timely
period by employees in the normal course of performing their assigned
functions. Business managers can make estimates of benefits to be derived from
controls and weigh them against the cost. Managers are perfectly free
to make their own judgments about the necessary extent of controls.
Managers can decide the degree of business risk they are willing to
tolerate (refer to SAS 30, AU 642.05). 6.4 Management is responsible not only for the control structure that
supports the production of financial statements, but also responsible
for the internal control that achieves all the other objectives of the
business. Management is responsible for "managing" internal control to achieve
these control objectives over and above the objectives related to
external financial reporting: 1. Significant, managerial, and operating information reported
internally is accurate, reliable, and timely;
2. The activities of the organization are in compliance with
policies,
plans, standards, and procedures, and with applicable laws and
regulations;
3. Resources are adequately protected;
4. Resources are acquired economically and used efficiently (or
cost-effectively); and,
5. The organization's plans, goals, and objectives are achieved. 6.5 External auditors' communications of reportable conditions and
material weaknesses are intended to help management carry out its
responsibilities for internal control monitoring and change. Accountants in public practice may undertake engagements to design and
install control structures as MAS engagements. 6.6 Control risk is the probability that the client's internal control
procedures will fail to detect material errors and irregularities,
provided any enter the data processing system in the first place. The seven general types of errors and irregularities are: 1. Invalid transactions are recorded.
2. Valid transactions are omitted from the accounts.
3. Unauthorized transactions are executed and recorded.
4. Transaction amounts are inaccurate.
5. Transactions are classified in the wrong accounts.
6. Transaction accounting is incomplete.
7. Transactions are recorded in the wrong period. 6.7 Some of the important characteristics of "tone at the top" and
control environment: Management philosophy and operating style
Ethical values and moral guidance communicated
throughout the organization by word and deed.
Company organization structure
Functioning of board of directors and audit committee
Methods of assigning authority and responsibility
Management's monitoring methods
Functioning of internal audit department
Personnel (human resource) policies and practices
External influences (e.g. regulation) 6.8 An auditor can find client's documentation of the accounting system
in the:
Chart of accounts
Accounting manual--definitions and instructions about measuring and
classifying transactions
Computer systems documentation
Computer program documentation
Systems and procedures manuals
Flowcharts of transaction processing
Various paper forms 6.9 The audit trail is the set of accounting operations from transaction
analyses to reports. It starts with t