audit ii chapt 10 - understanding entiry level control
Post on 03-Apr-2018
226 Views
Preview:
TRANSCRIPT
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
1/24
Auditing II: Management & Procedures 1
Chapter 10
Understanding Entity-Level Controls Objectives:
To learn how to understand the internal
control system at the company-levelTo learn how to assess the control risk
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
2/24
Auditing II: Management & Procedures 2
Chapter 10
Understanding Entity-Level Controls 10.1 Developing the Understanding
While internal control is relevant to both the entity as
a whole & its individual operating units or businessfunctions, it may not be necessary for the auditor toobtain an understanding of internal control related toeach of the entitys operating units or businessfunctions.
No need to understand deeply internal control ifcontrol risk is assessed high (max) or near max cozno test of control will be performed.
Refer to Figure 10.1 of P. 10-3.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
3/24
Auditing II: Management & Procedures 3
Chapter 10
Understanding Entity-Level Controls 10.1 Developing the Understanding (cont.)In developing an understanding of internal
control, the auditor:- determine the design of relevant controls
If they have been placed in operation and
The entity is actually using them.
Understanding control is not to obtainevidence about whether they are operatingeffectively but the effective operation ofcontrols is obtained by testing the controls.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
4/24
Auditing II: Management & Procedures 4
Chapter 10
Understanding Entity-Level Controls(a) Control Environment
Foundation for all other components of internal control &states that it may either mitigate the risk of fraud by
management or conversely reduce the effectiveness ofthe other components.
Its knowledge enables the auditor to determine If it appears to be conductive to maintaining effective control
If it minimizes the incentives & opportunities for management todeliberately distort the FS.
Factors effect on management assertions of FS Mgts integrity - Entitys commitment to competence
Composition & activities of BoD or Audit Committee
Mgts philosophy & operating style - Org. structure
Assignment of authority & responsibility - HR policies & practices
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
5/24
Auditing II: Management & Procedures 5
Chapter 10
Understanding Entity-Level Controlsi. Integrity & Ethical Values
If mgt sets up ethical standards, communicates
them within the entity, & reinforces them by itsown example, it will establish an environmentthat is conductive to ethical behavior.
In such environment, staff will be less likely toengage in dishonest or illegal acts, especially ifmgt removes or reduces incentives to do so.
Indicators:
Frequent turnover of operating management
Pressure to meet goals
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
6/24
Auditing II: Management & Procedures 6
Chapter 10
Understanding Entity-Level Controlsii. Commitment to Competence
- Employees must have knowledge & skills,trained all the times to carry their jobs . If not,
more mistakes that lead to out-of-controlsituation.
iii. Composition & Activities of BoD or Committee
- The more effective BoD or Committee
overseeing policies and procedures, the lesslikely mgt is to have opportunities tomisappropriate resources, involve in illegal acts,subject entity or its assets to inordinate risk, ormaterially misstate financial information.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
7/24
Auditing II: Management & Procedures 7
Chapter 10
Understanding Entity-Level Controlsiv. Mgts Philosophy & Operating Style
Expressed through attitudes towards many
matters, including monitoring biz risk, financialreporting, choosing accounting policies fromalternatives, approach to accounting estimatesetc.
Philosophy and operating styles become moreparticularly important, if one or a few individualsare in the mgt team.
Honest discussion with auditor can be anotherindication.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
8/24
Auditing II: Management & Procedures 8
Chapter 10
Understanding Entity-Level Controlsv. Organizational Structure
Appropriate line of reporting
Separation of responsibilities
vi. Assignment of Authority and Responsibility Staff understand entitys objectives, authority and
responsibility to meet those objectives.
Expectation well communicated to staff and theirperformance is properly monitored.
vii. HR Policies & Procedures Policies & procedures for hiring, training, supervising and
evaluating staff.
Sufficient number of employees and adequately equipped.
Performance-base promotion.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
9/24
Auditing II: Management & Procedures 9
Chapter 10
Understanding Entity-Level Controls(b) Mgts Risk Assessment
For financial reporting, risk assessment
entails mgts identification, analysis, &handling of risks that affect the entitys abilityto record, process, summarize & reportfinancial data consistent with mgts assertions
in the FS.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
10/24
Auditing II: Management & Procedures 10
Chapter 10
Understanding Entity-Level Controls(b) Mgts Risk Assessment (cont.)
Sources of Risks:
Changes in the Regulatory & Operating Environment
New Personnel
New or Changes Information System
Rapid Growth
New Technology
New Lines, Products or Activities Corporate Restructuring
Foreign Operations
Accounting Pronouncements
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
11/24
Auditing II: Management & Procedures 11
Chapter 10
Understanding Entity-Level Controls(c) Monitoring
The process by which mgt assesses the design &operation of the other control components todetermine that they continue to be appropriate for theentitys risks.
Ongoing such regular mgt & supervisory activitiesdesigned to oversee if financial reporting control
objectives are being achieved & reliable financialinformation is being produced.
Periodic such an evaluation made for specificpurpose of assessing the effectiveness of controls.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
12/24
Auditing II: Management & Procedures 12
Chapter 10
Understanding Entity-Level Controls(d) Information and Communication
Mgt communicates information through policymanuals, accounting & financial reporting procedure
manuals & other written directives. Communication can also be oral & by example.
Accounting system is part of the information &communication component, so understanding it is
required for planning purposes for all auditsregardless of the assessment of control risk.
i. Accounting SystemGenerating information used for accounting & mgt decision-
making purpose.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
13/24
Auditing II: Management & Procedures 13
Chapter 10
Understanding Entity-Level Controlsi. Accounting System (cont.)
An effective accounting system includesappropriate methods & records to
1. Identify & record all authorized transactions
2. Describe each transaction on a timely basis & in sufficientdetail to classify it properly for financial reporting
3. Measure the monetary value of the transactions so that it
can be recorded in the FS.4. Determine when the transaction occurred, to ensure that it
is recorded in the proper accounting period
5. Present the transaction & related disclosures properly inthe FS.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
14/24
Auditing II: Management & Procedures 14
Chapter 10
Understanding Entity-Level Controlsi. Accounting System (cont.)
Most of accounting system is a computerized one.Some accounting transactions are generated by the
system such as rental etc. Standing data: data of a permanent or semi-
permanent nature used repeatedly during processe.g. rate of pay, selling price, customer credit limit.
Transaction data: data that relates to an individualtransaction, e.g. # of hours a particular employeeworks in a particular time for salarys calculation.
Computer matches sales to computer-generatedshipping documents to ensure completeness.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
15/24
Auditing II: Management & Procedures 15
Chapter 10
Understanding Entity-Level Controlsii. Computer Environment
Auditor sometimes obtains hardcopy and re-
performs to get accuracy of computer-generated data.
Now, auditor uses computer software to testthe computerized accounting system.
Hardware Software
Database Mgt System
Organization of the IT Function
Decentralized & Distributed Data Processing
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
16/24
Auditing II: Management & Procedures 16
Chapter 10
Understanding Entity-Level Controlsii. Computer Environment (cont.)
Hardware Processing unit
Memory Input/output devices
Peripheral equipment
Software Operating system
Access control software
Database mgt system
Database Mgt System Data stored and shared with others.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
17/24
Auditing II: Management & Procedures 17
Chapter 10
Understanding Entity-Level Controlsii. Computer Environment (cont.)
Organization of IT Function Info System Mgt System Analysis Programming Technical Support Database Admin Network Mgt or Admin Computer Operation Data Entry Operation Data Control Security Admin Tape Library
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
18/24
Auditing II: Management & Procedures 18
Chapter 10
Understanding Entity-Level Controlsii. Computer Environment (cont.)
Decentralized & Distributed Data Procession
Decentralized: Deptal computers work more independently
Distributed: Coordinating facility.
iii. Understanding Accounting System & Computer
Environment
The auditors should understand:
Mode of operation, What to be performed, Who operates,How data is processed, significant data file, report producinginfo, ability to detect error by staff.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
19/24
Auditing II: Management & Procedures 19
Chapter 10
Understanding Entity-Level Controls10.2 Evaluating Design Effectiveness
Effective design related to whether one or more
controls in place are appropriate to prevent or detectmaterial misstatements with respect to specific auditobjective
How to evaluate
If operated effectively, can they achieve the controlobjectives set?
Are they appropriate for the type of business, industry or riskof the entity?
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
20/24
Auditing II: Management & Procedures 20
Chapter 10
Understanding Entity-Level Controls 10.3 Application to SME
Auditor should judge the effectiveness of the
entitys controls in light of its size &organizational structure.
E.g. SME may not have audit committeecomposed of outside directors, but the lack ofindependent directors may not affect thecontrol risk assessment in such entity.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
21/24
Auditing II: Management & Procedures 21
Chapter 10
Understanding Entity-Level Controls 10.4 Documentation of the Understanding &
Evaluation of DesignThe principal features of accounting system in an
overview flowchart The nature & source of significant transactions
The key processes & flow of significant transactions
Principal files or ledgers supporting account balances &processes by which they are updated.
Reports produced that have accounting significance, theirfrequency & distribution, & the files from which they arederived.
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
22/24
Auditing II: Management & Procedures 22
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
23/24
Auditing II: Management & Procedures 23
-
7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control
24/24
Auditing II: Management & Procedures 24
Chapter 10
Understanding Entity-Level Controls Summary
Developing the Understanding Control Environment
Mgts Risk Assessment
Monitoring
Information & Communication
Evaluating Design Effectiveness
Application to SMEDocumenting the Understanding & Evaluation of
Design
top related