Arens14e ch10 ppt
-
Upload
independent -
Category
Documents
-
view
0 -
download
0
Transcript of Arens14e ch10 ppt
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 5 - 510 - 10 - 11
Section 404 Audits of Section 404 Audits of Internal Control and Internal Control and
Control RiskControl RiskChapter 10Chapter 10
10 - 10 - 22©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 1Learning Objective 1
Describe the three primary Describe the three primary objectives of effective objectives of effective internal control.internal control.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 33
Compliance with laws and regulations
Efficiency/ effectiveness of operations
Reliability of financial reporting
Internal Control Internal Control ObjectivesObjectives
Management has three broad objectives in designing an effective internal control system
10 - 10 - 44©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 2Learning Objective 2
Contrast management’s Contrast management’s responsibilities for responsibilities for maintaining and reporting on maintaining and reporting on internal controls with the internal controls with the auditor’s responsibilities auditor’s responsibilities for understanding, testing, and for understanding, testing, and reporting on internal controls.reporting on internal controls.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 55
Management’s Management’s Responsibilities for Responsibilities for Establishing Internal Establishing Internal
ControlControl Management must establish and maintain the entity’s internal controls
Management’s design and implementation of internal controls is based on two key underlying concepts:
Reasonable assurance
Inherent limitations
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 66
Management of all public companies to issue an internal control report that includes the following:
An acknowledgement of responsibility for internal controls
Results of annual internal control assessment
Management’s Section 404 Management’s Section 404
Reporting Reporting Responsibilities Responsibilities
2010 federal financial reform laws permanently exempted nonaccelerated filers from reporting on internal controls.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 77
Management must first test the design of internal controls over financial reporting.
Management must also test the operating effectiveness of those controls.
Management’s Assessment of Management’s Assessment of Internal Controls Internal Controls
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 88
Management’s Assessment of Management’s Assessment of Internal Controls Internal Controls
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 99
Auditor Responsibilities Auditor Responsibilities for Understanding Internal for Understanding Internal
ControlControlSecond GAAS fieldwork standard
Must assess control risk in every audit
Primarily concerned about controls over: •reliability of financial reporting •classes of transactions
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1010
Sales Transaction-Sales Transaction-related Audit Objectivesrelated Audit Objectives
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1111
Auditor Responsibilities Auditor Responsibilities for for
Testing Internal ControlTesting Internal ControlObtains understanding of controls
Performs tests of controls:significant account balances
classes of transactionsdisclosures and related financial statement assertions
10 - 10 - 1212©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 3Learning Objective 3
Explain the five components of Explain the five components of the COSO internal control the COSO internal control framework.framework.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1313
Five Components of Five Components of Internal ControlInternal Control
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1414
The Control EnvironmentThe Control Environment
Integrity and ethical values
Commitment to competence
Board of directors or audit committee participation
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1515
The Control EnvironmentThe Control Environment
Management’s philosophy and operating style
Organizational structure
Human resource policies and practices
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1616
Risk AssessmentRisk Assessment Identify factors that may increase risk
Assess the likelihood of the risk occurring
Determine actions necessary to manage the risk
Estimate the significance of the risk
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1717
Control ActivitiesControl Activities
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1818
Adequate Separation of Adequate Separation of DutiesDuties
Custody of assets Accounting
Authorizationof transactions
The custody ofrelated assets
Operationalresponsibility
Record-keepingresponsibility
IT duties User departments
from
from
from
from
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 1919
Proper Authorization of Proper Authorization of Transactions and Transactions and
ActivitiesActivities
General Authorization
Specific Authorization
Transaction Approval Policies
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2020
Adequate Documents and Adequate Documents and RecordsRecords
Prenumbered consecutively
Prepared at the time of transaction
Designed for multiple use
Constructed to encourage correct preparation
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2121
Physical Control Over Physical Control Over AssetsAssets
and Recordsand RecordsThe most important type of protectivemeasure for safeguarding assets andrecords is the use of physical precautions.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2222
Independent Checks on Independent Checks on PerformancePerformance
The need for independent checks arisesbecause internal control tends to changeover time unless there is a mechanismfor frequent review.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2323
Information and Information and CommunicationCommunication
The purpose of an accounting informationand communication system
Initiate
Process
Record Reporttransactions
Maintain Accountability
for Related Assets
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2424
MonitoringMonitoring
Monitoring activities deal with management’songoing and periodic assessment of thequality of internal control performance…
to determine whether controls are operatingas intended and modified when needed.
10 - 10 - 2525©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 4Learning Objective 4
Obtain and document an Obtain and document an understanding of internal understanding of internal control.control.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2626
Process for Understanding Process for Understanding Internal Control and Internal Control and
Assessing Control RiskAssessing Control Risk
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2727
Obtain and Document Obtain and Document Understanding of Internal Understanding of Internal
ControlControlAuditing standards require auditors to obtain an understanding of internal control for every audit.
Procedures to obtain an understanding: Design of internal controls Whether placed in operation Uses this information as a basis for theintegrated audit
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2828
Methods UsedMethods Used
Narrative
FlowchartInternalcontrol
questionnaire
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 2929
NarrativeNarrative
1. The origin of every document and record in the system2. All processing that takes place3. The disposition of every document and record in the system4. An indication of the controls relevant to the assessment of control risk
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3030
Evaluating Internal Evaluating Internal Control OperationControl Operation
Update and evaluate auditor’s previousexperience with the entity
Make inquiries of client personnel Examine documents and records Observe entity activities and operations Perform walk-throughs of the accounting system
10 - 10 - 3131©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 5Learning Objective 5
Assess control risk by linking Assess control risk by linking key controls, significant key controls, significant deficiencies, and material deficiencies, and material weaknesses to transaction-weaknesses to transaction-related audit objectives.related audit objectives.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3232
Assess Control RiskAssess Control Risk
Assess whether the financial statementsare auditable.
Determine assessed control risk supportedby the understanding obtained assumingthe controls are being followed.
Use a control risk matrix to assesscontrol risk.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3333
Control Risk MatrixControl Risk Matrix
Many auditors use the control risk matrixto assist in the control risk assessmentprocess.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3434
Control Risk MatrixControl Risk Matrix
Identify audit objectives
Identify existing controls
Associate controls with related audit objectives
Identify and evaluate control deficiencies,significant deficiencies, and material weaknesses
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3535
Evaluating Significant Evaluating Significant Control DeficienciesControl Deficiencies
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3636
Identify Deficiencies Identify Deficiencies and Material Weaknessesand Material Weaknesses
Identify existing controls
Identify the absence of key controls
Consider the possibility of compensating controls
Decide whether there is a significant deficiency or material weakness
Determine potential misstatements that could result
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3737
Communications to Those Communications to Those Charged with GovernanceCharged with Governance
Management letters from the auditor less significant control weaknesses ideas for operational improvements
Auditor must communicate in writing significant deficiencies and material weaknesses to the audit committee
10 - 10 - 3838©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 6Learning Objective 6
Describe the process of designing Describe the process of designing and performing tests of and performing tests of controls.controls.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 3939
Tests of ControlsTests of Controls
The procedures to test effectiveness of controlsin support of a reduced assessed controlrisk are called tests of controls.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4040
Procedures for Tests of Procedures for Tests of ControlsControls
Inquire of client personnel
Examine documents,
records, reports
Observe control-related
activities
Reperform client
procedures
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4141
Extent of ProceduresExtent of Procedures
Reliance on evidence from prior year’s audit
Testing of controls related to significant risks
Testing less than the entire audit period
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4242
Relationship of Assessed Relationship of Assessed ControlControl
Risk and Extent of Risk and Extent of ProceduresProcedures
InquiryDocumentation
Observation
Reperformance
Yes–extensiveYes–with transaction
walk-throughYes–with transaction
walk-throughNo
Yes–someYes–using sampling
Yes–at multiple times
Yes–using sampling
Type ofprocedure
High level:Procedures to obtainan understanding
Lower level:Tests of controls
Assessed Control Risk
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4343
Decide Planned Detection Decide Planned Detection Risk and Design Substantive Risk and Design Substantive
TestsTestsControl risk assessment
process results
Related substantive
tests
Planned detection
risk
Tests of controls
Control risk assessments
Balance related audit
objectives
10 - 10 - 4444©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 7Learning Objective 7
Understand Section 404 Understand Section 404 requirements for auditor requirements for auditor reporting on internal control.reporting on internal control.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4545
Section 404 Reporting on Section 404 Reporting on Internal ControlInternal Control
The scope of the auditor’s report on internal controlis limited to obtaining reasonable assurance that material weaknesses in internal control are identified.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4646
Types of OpinionsTypes of Opinions
Unqualified
Adverse
Qualified or disclaimer
No material weaknessesNo scope restrictions
One or more material weaknesses
Scope limitation
10 - 10 - 4747©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley
Learning Objective 8Learning Objective 8
Describe the differences in Describe the differences in evaluating, reporting, and evaluating, reporting, and testing internal control for testing internal control for nonpublic companies.nonpublic companies.
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4848
Evaluating, Reporting, and Evaluating, Reporting, and Testing Internal Control for Testing Internal Control for
Nonpublic CompaniesNonpublic Companies1. Reporting requirements
2. Extent of required internal controls
4. Assessing control risk
5. Extent of tests of controls needed
3. Extent of understanding needed
©2012 Prentice Hall Business Publishing, ©2012 Prentice Hall Business Publishing, Auditing 14/e,Auditing 14/e, Arens/Elder/Beasley Arens/Elder/Beasley 10 - 10 - 4949
Differences in Scope of Differences in Scope of Controls TestedControls Tested
Internal controls over financial reportingInternal controls over financial reporting
Internal controls used to assesscontrol risk below maximum
Controls that must be tested inan audit of financial statements
Controls that must be tested inan audit of internal controls