Chapter 6 Handout
Chapter 6 Handout
Chapter 6 Handout
safeguard assets.
b. Operations
- To have effectiveness and efficiency in operations.
c. Compliance
- To comply with the law and regulations that affects the entity.
B. Components of Internal Control
1. Control Environment
responsibilities.
It is an intangible factor that is essential to effective internal control.
It is determined by the attitudes of the persons in charge of the internal control
system.
2. Risk Assessment
I. Determine Goals and Objectives
The central theme of internal control is (1) to identify risks to the achievement of an organization's
objectives and (2) to do what is necessary to manage those risks. Goals and objectives are classified in the
following categories:
1. Operations objectives. These objectives pertain to the achievement of the basic mission(s) of a
department and the effectiveness and efficiency of its operations, including performance standards
and safeguarding resources against loss.
2. Financial reporting objectives. These objectives pertain to the preparation of reliable financial
reports, including the prevention of fraudulent public financial reporting.
3. Compliance objectives. These objectives pertain to adherence to applicable laws and regulations.
II. Identify Risks after Determining Goals
Risk assessment is the identification and analysis of risks associated with the achievement of operations,
financial reporting, and compliance goals and objectives.
For financial reporting purposes, the entitys risk assessment process includes how management identifies
risks relevant to the preparation of financial statements that are presented fairly, in all material respects in
accordance with the entitys applicable financial reporting framework, estimates their significance, assesses
the likelihood of their occurrence, and decides upon actions to manage them.
III. Risk Analysis
After risks have been identified, a risk analysis should be performed to prioritize those risks:
Are the policies and procedures that help ensure that management directives are carried out.
Control procedure relevant to FS audit includes:
1. Performance Review
-
These activity includes reviews and analyses of actual performance vs budget, forecasts
and prior period performance; analyses of the relationship of every data, investigative and
corrective actions.
2. Information processing
-
A variety of controls are performed to check the accuracy, completeness and authorization
of transactions.
3. Physical controls
These activities encompass the physical security of assets, including safeguards such as
secured facilities over access to assets and records and others shown in control records.
4. Segregation of duties
-
5. Monitoring
-
It is the process of assessing the quality of internal performance over time. This is done to ensure
that controls continue to operate effectively.
In a small business, with few employees, it is difficult to have a proper segregation of duties which
tends the business to have a weak internal control. This weakness can be compensated if the
owner/manager actively participates in the operations of the business.
2.
3.
4.
5.
the design of controls relevant to an audit of financial statements and determining whether they have been
placed in operation.
In planning the audit, such knowledge should be used to:
An Initial Understanding of the design of the entitys internal control systems is ordinarily obtained by
Walk-through test involves tracing one or two transaction through the entire accounting systems, from
their initial recording at source to their final destination as a component of an account balance in the
financial statements.
DOCUMENT THE UNDERSTANDING OF ACCOUNTING AND INTERNAL CONTROL SYSTEMS
After obtaining sufficient knowledge about the design of internal control system and verifying that
the policies and procedures are implemented, the next step would be for the auditor to document his
understanding of accounting and internal control systems. This documentation need not be in any particular
form. The extent of documentation may vary depending on the size and complexity of the entity and nature
of their internal control system
Some commonly used forms of documentations include
Narrative description
Flowchart
Questionnaire
Assessing control risk is the process of evaluating the effectiveness of an entity's internal control in
preventing or detecting material misstatements in the financial statements. Control risk should be assessed
in terms of financial statement assertions.
In determining whether assessing control risk at the maximum level or at a lower level would be an effective
approach for specific assertions, the auditor should consider:
`
The nature and complexity of the systems, including the use of IT, by which the entity
processes and controls information supporting the assertion.
The nature of the available evidential matter, including audit evidence that is available only
in electronic form
Controls can be either directly or indirectly related to an assertion. The more indirect the relationship, the
less effective that control may be in reducing control risk for that assertion.
For example, a sales manager's review of a summary of sales activity for specific stores by region ordinarily
is indirectly related to the completeness assertion for sales revenue. Accordingly, it may be less effective in
reducing control risk for that assertion than controls more directly related to that assertion, such as
matching shipping documents with billing documents.
PERFORM TESTS OF CONTROLS
Test of control must be performed to obtain evidence about whether controls that are candidates to be
relied upon actually operate as prescribed.
Test of Control are performed to obtain evidence about the effectiveness of the
According to PSA, the auditor should obtain audit evidence through the test of control to support any
assessment of control risk at less than high level.
Nature of Test of Control
The four methods of testing control are:
1.
Inquiry - consist of searching for the appropriate information about the effectiveness of internal
3.
Inspection involves the examination of documents and records to provide evidence of reliability
depending on their nature and effectiveness of internal control over their processing.
4.
Reperformance involves repeating the activity performed by the client to determine whether the
the auditor should document his or her conclusion that control risk is at the maximum level but need not
document the basis for that conclusion. For those assertions where the assessed level of control risk is
below the maximum level, the auditor should document the basis for his or her conclusion that the
effectiveness of the design and operation of controls supports that assessed level. The nature and extent of
the auditor's documentation are influenced by the assessed level of control risk, the nature of the entity's
internal control, and the nature of the entity's documentation of internal control.
E. Communication of Internal Control weaknesses
The Auditor is required to report to the appropriate level of management material weaknesses in the design
or operation of the accounting and internal control systems, which have come to the auditors attention.
It is ordinarily be in writing and should be done at the earliest opportunity so the appropriate corrective
actions may be taken as soon as possible.