tip p I e aced
the second standard of field work in GAAS- understand Internal control
Internal controls (objectives)
- Reliability of financial reporting
- Effectiveness and efficiency of operations
- Compliance with laws and regulations
Components of Internal Controls
Control environment (tone at the top) Entity's Risk assessment Information & Communication (internal and external) Control Activities Monitoring
COSO Framework: Internal Control Umbrella (Palmetto)
Control environment (overall environment) then under the umbrella affected by this environment is risk assessment, control activities, information & communication and monitoring
Components of Internal Controls
Control environment (tone at the top) Entity's Risk assessment Information & Communication (internal and external) Control Activities Monitoring
COSO Framework: Internal Control Umbrella (Palmetto)
Control environment (overall environment) then under the umbrella affected by this environment is risk assessment, control activities, information & communication and monitoring
Entity Risk assessment process
considered internal and eternal events that may arise and adversely affect the entities ability to report financial data consistent with managements assertions
Who has the responsibility to maintain internal controls that provide reasonable assurance that adequate controls exists over the entity’s assets and records.
Management
The Internal Control System should
- ensure that assets and records are safeguarded
- generate reliable information for decision making
The auditor needs assurance about the reliability of the data generated by the information system.
Why is Risk Assessment important for the Company, not just the auditors?
- Provides direction for needed internal controls
- Now required by PCAOB
Control Activities
- Performance Reviews
- Information Processing
- Proper authorization of transactions and activities
- Adequate documents and records - Physical Controls
- Segregation of Duties
Documenting the Understanding of Internal Control
Procedure Manuals and Organizational Charts
Narrative Description
Internal Control Questionnaires
Flowcharts
Reliance vs. Substantive
Public companies have to use Reliance but Private companies can use either. In reliance strategy the Auditor tests internal controls and rely on them during the audit, which reduces the amount for substantive testing
Substantive
not using Internal Controls because controls do not pertain to the assertion or controls are ineffective or testing the effectiveness of internal controls in inefficient
Substantive Strategy
not using Internal Controls because controls do not pertain to the assertion or controls are ineffective or testing the effectiveness of internal controls in inefficient
instead using substantive procedures as the main source of evidence about assertions
Reliance Strategy
auditor intends to rely on entity’s controls, needs a detailed understanding of their internal controls if the Control Risk (CR) is high increase substantive testing
Auditor should obtain understanding of the 5 internal control components to plan the audit. this knowledge is used to
- Identify types of potential misstatements
- Pinpoint the factors that affect the risk of material misstatement
- Design tests of controls and substantive procedures
Monitoring of Controls
A process that assesses the quality of internal control performance over time
Effective Monitoring:
- Establishing a foundation for control effectiveness
- Designing and executing monitoring procedures based on business risks
- Assessing and reporting results
Monitoring of Controls
A process that assesses the quality of internal control performance over time
Effective Monitoring:
- Establishing a foundation for control effectiveness
- Designing and executing monitoring procedures based on business risks
- Assessing and reporting results
Performing tests of Controls
Inquiry (personnel) Inspection of documents, Observation of control, re performance of control
Performing tests of Controls
Inquiry (personnel) Inspection of documents, Observation of control, re performance of control
