Auditing & Assurance Principles: Pamantasan NG Lungsod NG Marikina College of Management and Technology

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 20

AUDITING & ASSURANCE

PRINCIPLES
PAMANTASAN NG LUNGSOD NG MARIKINA
COLLEGE OF MANAGEMENT AND TECHNOLOGY

By:
NILO N. IGLESIAS, CPA, MBA, REA
Consideration of Internal
Control
Introduction
 Once the auditor has set the desired level of audit
risk and assessed the appropriate level of inherent
risk, the next step is to assess the level of control
risk.
 Assessing control risk is the process of evaluating
the design and operating effectiveness of an entity’s
internal control as to how it prevents or detects
material misstatements in the financial statements.
 The conclusion reached as a result of assessing
control risk is referred to as assessed level of control
risk.
Summary Steps in Using the Audit Risk Model

•Audit Planning (Module 7)

Set Desired Level of Audit Risk

Assess Inherent Risk

•Consideration of Internal Control (Module 8)


Assess Control Risk

•Performing Substantive Tests (Module 9)


Determine Acceptable Level of Detection Risk
Nature of Internal Control
• When an entity is small, its owner or manager can personally
perform, or directly oversee, all is functions.

• However, as the entity grows larger, it becomes necessary to


delegate functional responsibilities to employees.

• Once this occurs, mechanism need to be introduced which


enable the performance of the employees to be checked, to
ensure that they are fulling their responsibilities as intended.

• According to PSA 315, internal control is the process designed


and effected by those charged with governance, management
and other personnel to provide reasonable assurance about the
achievement of the entity’s objectives about the reliability of
financial reporting, effectiveness and efficiency of operations
and compliance with the applicable laws and regulations.
Nature of Internal Control
• The definition embodies four (4) essential concepts:

Internal control is a process

Internal control is not an end in itself. Instead , it is a means of achieving the


entity’s objective.

Internal
control is performed by those charged with governance,
management and other personnel

Itis the responsibility of the management to establish a control environment and


maintain policies and procedures to assist in achieving the entity’s objectives.

Those charged with governance, on the r hand, ensure the integrity of


accounting and financial reporting system through oversight of the
management.

Staffpersonnel should also perform their respective functions in order to


accomplish the objectives of the entity.
Nature of Internal Control

• The definition embodies four (4) essential concepts:

 Internal
control can be expected to provide reasonable assurance of achieving the entity’s
objectives

Internal control can only provide reasonable assurance that the entity’s objective will be achieved
not absolute assurance.

This is because of the inherent limitation such as:

 Management usual requirement that the cost of internal control should not exceed the expected
benefits to be derived.

 Most internal controls tend to be directed at routine transactions rather than non-routine transactions.

 The potential for human error due to carelessness, distractions, mistakes of judgment and the
misunderstanding of instructions.

 The possibility of circumvention of internal controls through the collusion among employees.

 The possibility of management overriding the internal control.

 The possibility that procedures may become inadequate due to changes in conditions, and compliance
with procedures may deteriorate.
Nature of Internal Control
The definition embodies four (4) essential concepts:

Internal control is designed to help achieve the entity’s objectives

Internalcontrol is geared towards the achievement of the entity’s objectives in the following
categories:

 Effectiveness and efficiency of operations.


 Compliance with laws and regulations
 Reliability of financial reporting

Inthe audit of financial statements, the auditor is only concerned with those policies and procedures
within the accounting and internal control system that are relevant to the financial statement
assertions.

Therefore, the objective that is most important to the audit is the financial reporting objective.

Operational and compliance objectives may be relevant to the audit only if they relate to the data
auditor evaluates to determine the reliability of some financial statement assertions.

For example, control pertaining to non-financial data that the auditor uses in analytical procedures,
such as production statistics, or controls pertaining to detecting non-compliance with laws and
regulations that may have a direct and material effect on the financial statements, such as controls
over compliance with income tax and regulations used to determine the income tax provision, may be
relevant to the audit.
•Components of Internal Control
Although internal control policies and procedures vary significantly from one entity to another, there are essential
components of internal control that must established to provide a reasonable assurance that the entity’s objectives
will be achieved.

There are five (5) interrelated components of the entity’s internal control, namely:

Control Environment:

The control environment includes attitudes, awareness, and actions of management and those charged with
governance concerning the entity’s internal control and its importance in the entity.
The internal control environment also includes the governance and management functions and sets the tome of an
organization, influencing the control consciousness of its people.
It is the foundation for effective internal control, providing discipline and structure.

Factors reflected in the control environment include:

Integrity and ethical values – ethical standards that discourage dishonesty or illegal acts

Management philosophy and operating style – attitudes towards financial reporting

Active participation of those charged with governance – overseeing financial reporting policies and practice

Commitment to competence – competence required for each task, knowledge and skills

Personnel polices and procedures- policies in hiring, training, evaluating and promoting

Assignment of responsibility and authority/Organizational structure- methods in assigning responsibilities to


minimize possibility of errors.
•Components of Internal Control
Althoughinternal control policies and procedures vary significantly from one entity to another, there are essential
components of internal control that must established to provide a reasonable assurance that the entity’s objectives will be
achieved.

There are five (5) interrelated components of the entity’s internal control, namely:

Risk Assessment:

Entity’sbusiness objectives cannot be achieved without some risks.


Business risks is the risk business objectives will not be attained as a results of internal and external factors such as
technological development, changes in customers demand and other economic changes.
Business risk are crucial to every organization. Thus, management should adopt policies and procedures that are
designed to identify and analyze the risk affecting the business and take the appropriate action to manage these risks.
For audit purposes, the auditor is concerned only with those risks that are relevant to the preparation of reliable financial
statement.

Information and Communicating System:

Effective internal control system must provide timely information and communication.
The information system relevant to financial reporting objectives consists of the procedures and records established to
initiate, record, process and report entity transactions and to maintain accountability for the related assets, liabilities and
equity.
Information system encompasses methods and records that:
Identify and record all valid transactions
Describe on a timely basis the transaction in detail to permit proper classification for financial reporting
Measure value of transaction in a manner that permits recording their proper monetary value
Determine the time period in which the transaction occurred
Present properly the transactions and related disclosures in the financial statements.
•Components of Internal Control
Althoughinternal control policies and procedures vary significantly from one entity to another, there are essential
components of internal control that must established to provide a reasonable assurance that the entity’s objectives will be
achieved.

There are five (5) interrelated components of the entity’s internal control, namely:

Control Activities:

Control activities are policies and procedures that help ensure the management directives are carried out.
Specific control procedures that are relevant to financial statement audit would include:

Performance Reviews
These control activities include reviews and analyses of actual performance versus budgets, forecasts and prior period
performance; relating different sets of data to one another.

Information Processing
A variety of control are performed to check accuracy, completeness and authorization of transactions.
When computer processing is used in significant accounting application, internal control procedures can be classified
into two types; General and applications controls.

PhysicalControls
These activities encompasses the physical security of assets, including adequate safeguards such as secured facilities over
access to assets and records; authorizations for access to computer programs and data files and periodic counting and
comparison with amounts shown on control accounts.

Segregation of Duties
Assigning different people, the responsibilities of authorizing transactions, recording and maintaining custody of assets
intended to reduce opportunities to both perpetrate and conceal errors or fraud.
•Components of Internal Control
Although internal control policies and procedures vary significantly from one entity to another, there are
essential components of internal control that must established to provide a reasonable assurance that the
entity’s objectives will be achieved.

There are five (5) interrelated components of the entity’s internal control, namely:

Monitoring:

Monitoring is a process of assessing the quality of internal control performance over time.

Itinvolves assessing the design and operation controls on a timely basis and taking necessary corrective
actions.

Monitoring is done to ensure that controls continue to operate effectively.

Monitoringof controls is accomplished through ongoing monitoring activities, separate evaluations, or a


combination of two.

Ongoing monitoring activities are built into the normal recurring activities and include regular management
and supervisory activities such as monthly bank reconciliation.

Separate evaluations are monitoring activities that are performed on a non-routine basis, such as
functions performed by internal auditors.
Consideration of Internal Control
 The auditor are not responsible for establishing and maintaining entity’s
accounting and internal control systems.

 Nevertheless, the auditor should consider these control because the quality of
the entity’s internal control system can have a significant impact on the audit.

 Consideration of the entity’s internal control system involves the following


steps:

Obtain understanding of the internal control

Document the understanding of accounting and internal control systems.

Assess the level of control risk

Perform tests of controls

Document the assessed level of control risks


Consideration of Internal Control
Obtain understanding of the internal control
Obtaining an understanding of internal control involves evaluating the design of a
control and determining whether it has been implemented.
An initial understanding of the design is ordinarily obtained by making inquiries of
appropriate individuals, inspecting documents and records and observing of entity’s
activities and operations.
To determine whether these controls have been implemented, the auditor
accomplished by performing a “walk-through test. This task involves tracing one or
two transactions through the entire accounting systems, from initial recording at
source to their final destination as component of an account balance in the financial
statements.
Document the understanding of accounting and internal control systems
Documentation is done thru narrative description of the entity internal control,
flowchart that diagrams the flow of transactions and documents and by providing the
management an internal control questionnaires and securing responses from the
appropriate officers and employees.
Consideration of Internal Control
Assessment of Control Risk
The auditor’s preliminary assessment of the control risk may be at a high level
(100%) or less than high level. When the auditor’s knowledge indicates that
internal control related to a particular assertion are not effective, the auditor
may simply assess control risk at a high level. Hence, no test of controls need
to be performed and the auditor will rely primarily on the substantive tests.
On the other hand, if the auditor believes that controls appear to be reliable,
the auditor should determine whether it is efficient to obtain evidence to
justify an assessment of control risk at a lower level.
If the auditor concludes that it is more efficient to rely on entity’s internal
control systems, the auditor should plan to assess control risk at less than
high level by identifying specific internal control policies that are likely to
prevent or detect and correct material misstatement and perform tests of
control to determine the effectiveness of such policies and procedures.
Consideration of Internal Control
Performing Tests of Controls
Irrespective of how effective internal control procedures may appear, the auditor must
test these control to obtain evidence that they are working effectively as the preliminary
assessment suggests (Design and Operation).
It is important to note that the auditor will test the operating effectiveness of controls that
he plans to rely upon.
The greater the reliance the auditor plans to place on internal control, the more
extensive the test of those control that need to be performed.
Nature of Test of Control
Test of control generally consist of one or a combination of the following evidence
gathering techniques:
oInquiry – searching for the appropriate information on the effectiveness of internal
control from knowledgeable person inside. .
oInspection – examination of documents and records to provide evidence of reliability.
oReperformance – repeating the activity performed by client to determine proper
results.
Consideration of Internal Control
Performing Tests of Controls
Timing of test of controls
Auditors usually perform tests of controls during an interim visit in advance of period end. However,
there is a need to obtain further evidence relating to the remainder of the period. In determining
whether to test the remaining period, the following factors must be considered:
oThe results of the interim tests
oThe length of the remaining period
oWhether changes have occurred in the accounting and internal control system during the remaining
period.
Extent of Tests of Controls
In audit, the auditor should determine the size of sample sufficient to support the assessed level of
control risk.

Using the results of Tests of Control


oThe auditor evaluate whether the internal control are designed and operating as intended.
oIf the combined assessed of inherent and control risk is high, detection risk needs to be low to
reduce audit risk to an acceptable low level. In this regard the auditor may consider modifying:
•The nature of substantive test from less effective to more effective procedures
•The timing of substantive test by performing them at year-end rather than at interim.
•The extent of substantive test from smaller to larger sample size.
Consideration of Internal Control
Documenting the Assessed Level of Control Risk
After evaluating the results of test of control and assessing the control risk, the auditor should
document his assessment of control risk.
If the control risk is assessed at a high level the auditor should document his conclusion that the
control risk is at a high level.
If control risk is assessed at less than high level, the auditor should document his conclusion
that control risk is less than high and the basis for that assessment base on the actual results of
tests of control.
Hence, the auditor cannot assess control risk at less than high level without performing tests of
control.
Communication of Internal Control Weakness
• As a result of the auditor’s consideration of the accounting and internal control system, the
auditor may become aware of the weakness in the system.
• In this regard, the auditor is required to report to the appropriate level of management material
weakness in the design or operation of the accounting and internal control system.
• The communication shall be in writing and should be done at the earliest opportunity.
• These internal control weakness together with other matters of concern are documented in a
formal management letter.
Next …….
Questions/
Reactions… Performing
…… Substantive
Tests
THANK YOU…….
Auditing &
Assurance-
Principles KEEP SAFE
AND
BE HEALTHY!!!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy