Upload File

risk assessment and internal control

30
Brahmayya & Co. 1 RISK ASSESSMENT AND INTERNAL CONTROL

Upload: dvbsca1722

Post on 11-Nov-2015

15 views

Category:

Documents


2 download

Report

Tags:

DESCRIPTION

Internal Control

TRANSCRIPT

  • RISK ASSESSMENT AND INTERNAL CONTROL

    Brahmayya & Co.

  • General Principles and Responsibilities of AuditorOVERVIEW OF AUDITING STANDARDS(REVISED PREFACE TO AAS & ISA FRAMEWORK)Risk Assessment and Response to Assessed RisksAAS 6, 8,20,13 and 24Audit EvidenceAudit Conclusions and Reporting

    Brahmayya & Co.

  • HOW TO DESIGN AUDIT STRATEGYObtain Knowledge of Clients BusinessPerform Analytical ProceduresRisk AssessmentEvaluate Internal ControlFormulate Audit Strategy

    Brahmayya & Co.

  • IMPORTANCE OF RISK ASSESSMENTTo reduce audit risk to acceptably low levelIdentifying MisstatementPlanning - determining the nature, timing and extent of audit procedures

    Brahmayya & Co.

  • MEANING OF RISKRISK REFERS TO AUDIT RISKAudit Risk is defined as the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstatedAudit Risk = function of (Risk of Misstatement and Detection Risk) Does not cover a case where auditor expresses an inappropriate opinion in errorRisk of Material Misstatement can be broken down into Inherent Risk and Control Risk Inherent Risk and Control Risk are Entitys risk

    Brahmayya & Co.

  • DEFINITION OF INHERENT RISKSusceptibility of an account balance or class of transactions to misstatementMisstatement could be materialCould be individual accounts or transactions or aggregate of accounts or transactions

    Brahmayya & Co.

  • INHERENT RISK ASSESSMENTPLANNINGFRAMING AUDIT PROGRAMMEAT FINANCIAL STATEMENT LEVELLEVEL OF ASSESSMENTASSERTIONS OFACCOUNT BALANCESAnd CLASS OF TRANSACTIONSIn Financial StatementsSTAGES

    Brahmayya & Co.

  • INHERENT RISK ASSESSMENT PLANNING STAGEIs there a inherent possibility of financial statements being misstated?Factors to be consideredEntitys ManagementNature of BusinessIndustry Factors

    Brahmayya & Co.

  • INHERENT RISK ASSESSMENT - DEVELOPING AUDIT PROGRAMME - MEANINGInherent Risk has to be assessed with reference to a) Assertions made by Account Balance andb) Assertions made by classes of transactionsInherent Risk at this level means that Assertion of an Account Balance or Assertion of Class Transactions being misstated

    Brahmayya & Co.

  • AUDIT ASSERTIONSAssertions are statements that are embodied in the financial statementsELEMENTS IN FINANCIAL STATEMENTS

    ASSET& LIABILITYINCOME & EXPENSEExistence> OccurrenceRights and Obligation> CompletenessCompleteness> MeasurementValuation> Cut offPresentation and Disclosure> Classification and P&D

    Brahmayya & Co.

  • INHERENT RISK ASSESSMENT - DEVELOPING AUDIT PROGRAMME - FACTORSQuality of Accounting SystemTransactions and events requiring the use of an expertComplex TransactionsItems requiring judgmentTransactions not subjected to ordinary processingItems selected based on past experienceSusceptibility of Asset to misappropriation and movable itemsEffectiveness of Operation of Internal Control

    Brahmayya & Co.

  • ACCOUNTING SYSTEMObjective To maintain financial recordsQuality - Decision Making, Timely Preparation of Financial StatementsRequirements of an Accounting System> Identify> Record> Process> Classify> Report

    Brahmayya & Co.

  • UNDERSTANDING ACCOUNTING SYSTEMIdentify the class of transactionsIdentify how transactions are initiatedIdentify the records maintained by the company for each transactionIdentify at what point time the information is captured by the information system for accounting purposeIdentify how the transactions get reflected in the financial statements

    Brahmayya & Co.

  • INTERNAL CONTROL SYSTEMIt means all policies and procedures Instituted by Management or those charged with governanceOBJECTIVESa) Timely & Reliable Financial Reportingb) Compliance with laws and regulationsc) Effectiveness and efficiency of operationsd) Prevention and Detection of Fraud & Errorse) Safeguarding of Assets

    Brahmayya & Co.

  • ACCOUNTING SYSTEM AND INTERNAL CONTROL SYSTEM - DIFFERENTIATEDOBJECTIVESACCOUNTING SYSTEMINTERNAL CONTROL SYSTEMFacilitate Preparation of > To ensure the Financials are prepared Financial Statements on a timely basis> To ensure the financials are prepared without any errorMaintain records of assets> To safeguard AssetsIdentify Transactions> Ensure that all transactions are identified> Orderly and efficient conduct of business> Compliance with laws and regulations

    Brahmayya & Co.

  • COMPONENTS OF INTERNAL CONTROL CONTROL PROCEDURESCONTROL ENVIRONMENT

    Brahmayya & Co.

  • CONTROL ENVIRONMENTControl Environment sets the tone of the OrganizationIt influences the control consciousness of the peopleIt affects the effectiveness of Control ProceduresAuditor needs to be obtain knowledge of the EnvironmentFactors that would be considered:> Organization Culture> Management Competence> Involvement of Management in day to day activities> Managements operating style and philosophy> Organizational Structure & Assignment of Authority and Responsibility

    Brahmayya & Co.

  • UNDERSTANDING OF CONTROL ENVIRONMENT AND ACCOUNTING SYSTEM - PROCEDURES TO BE APPLIED WALK THROUGH TESTTest performed to obtain an understanding of Internal Control and Accounting System

    INFORMATION IS SUPPLEMENTED BYInquiry with management and employeesGeneral Understanding of the CompanyCorroborated with Observation and Inspection of DocumentsAuditor must also check whether the control environment has been implemented

    Brahmayya & Co.

  • CONTROL PROCEDURESControl Procedures are Policies and ProceduresThey act in addition to control environmentThey are established to achieve specific objectives of the company

    Control ActivitiesSpecific Objectives> Authorization- To facilitate efficiency in operations/ prevent error/fraud

    > Performance Reviews- To facilitate efficiency in operations

    > Information Processing- To reduce fraud/error

    > Physical Controls- Safeguarding the Asset

    > Segregation of Duties- To reduce fraud/error

    Brahmayya & Co.

  • CONTROLS RELEVANT TO AUDITORAuditor is concerned only with controls that are relevant to Assertions made in the financial statementsHe is concerned with controls relating to evidence that he uses for audit

    Brahmayya & Co.

  • CONTROL RISKIt is the risk that the misstatement could occur in an account balance or class of transaction and it will not be corrected by a misstatementControl risk is a function of a) Effectiveness of Design of Internal Controlb) Effectiveness of Operation of Internal Control

    Brahmayya & Co.

  • CONTROL RISK ASSESSMENTPRELIMINARY ASSESSMENTFINAL ASSESSMENTAFTER UNDERSTANDING ACCOUNTING SYSTEM & INTERNAL CONTROL SYSTEMSTAGESTIMING OF ASSESSMENTAFTER PERFORMING SUBSTANTIVE PROCEDURESLEVEL OF ASSESSMENTCONTROL RISK AT ASSERTION LEVELCONFIRMING THE CONTROL RISK ASSESSMENT

    Brahmayya & Co.

  • CONTROL RISK PRELIMINARY ASSESSMENTAssessment of effectiveness of the Internal Control System in detecting a misstatementCircumstances where Control Risk is assessed as Higha) Where no control exist for an assertionb) Evaluation of Controls are inefficientTest of Control Test the Control Procedures and Tests the elements of Control EnvironmentAuditor arrives at Preliminary Assessment of Internal Control

    Brahmayya & Co.

  • CONTROL RISK - FINAL ASSESSMENT Performs substantive ProceduresAuditor arrives at Final Assessment of Control Risk

    Brahmayya & Co.

  • DETECTION RISKRisk that Auditor will not detect a misstatement in the financial statementsCauses for Risk in detection> Inappropriate audit procedure> Misinterpret the resultAuditor reduces the detection risk by performing more substantive proceduresCan the auditor dispense with Substantive Procedures?Can the auditor perform only substantive procedures?

    Brahmayya & Co.

  • DEVELOPMENTS IN INTERNATIONAL AUDITINGChanging from Audit Risk to Business RiskCOSO Environment of Internal ControlSOX Responsibilities of ManagementCorresponding International Standards

    Brahmayya & Co.

  • COSO Internal Control Components Committee of Sponsoring Organizations (COSO)

    COSO INGREDIENTSControl EnvironmentRisk AssessmentControl ActivitiesInformation System & CommunicationMonitoring

    Brahmayya & Co.

  • SARBANES OXLEY INTERNAL CONTROL SEC 404Management to report on Effectiveness of Internal Controls over Financial ReportingExternal Auditor to issue an attestation report on Managements assessment of Internal ControlRESPONSIBILITESMANAGEMENTAUDITOREffectiveness of Internal Control> To report whether Managements evaluation process is adequateDesign & Operating the Internal Control> Evaluate and to report on the adequacy of the internal controlsTo be supported by EvidenceWritten assessment of effectiveness of internal control

    Brahmayya & Co.

  • COMPARABLE INTERNATIONAL STANDARDSThe SAS and ISA on Risk Assessment and Internal Controls and Knowledge of Business and Audit in a Computerized Environment been withdrawnNew SAS 109 on Understanding the Entity and Its Environment and Assessing the Risks of Material MisstatementNew ISA 315 on Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

    Brahmayya & Co.

  • THANK YOU

    Brahmayya & Co.

    Before getting onto the topic, well look into our Auditing and Assurance StandardsOur institute has recently revised the preface to Auditing & Assurance StandardsBroadly we can classify the 34 AAS into four broad categoriesCategory 1 associated with General Principles and Responsibilities of Auditors. This covers Basic Principles Governing an Audit ,Objective and Scope of the Audit of Financial Statements, Terms of Audit Engagement , Quality Control for Audit Work, Documentation, The Auditors Responsibility to Consider Fraud and Error in an Audit of Financial Statements, Consideration of Laws and Regulations in an Audit of Financial Statements, Communications of Audit Matters with Those Charged with Governance and Responsibility of Joint AuditorsCategory 2 associated with Risk Assessment and Response to Assessed Risk This covers standards on Risk Assessment and Internal Control, Audit Planning, Knowledge of Clients business, Audit Materiality and Using Service OrganisationCategory 3 associated with Audit Evidence this covers standards related to Audit Evidence, Additional Considerations, External Confirmation, Initial Engagements, Analytical Procedures, Sampling, Related Parties, Subsequent Events, Going Concern, Management Representations, Category 4 Using work of Experts, Internal Auditor, Another Auditor, Comparitives and Auditors Report

    The Auditor can follow different Audit Strategies- Examples of some of the audit strategies are:Substantive Approach Each item in the financial statements was examined, compared with entries in the books and evidence collected- Suitable for small enterprise Systems Approach This is different from Substantive Approach as each item of account is not audited but systems and internal controls were investigated in detail requires use of analytical procedures this is often called as cycle approach concentrates on business cycle purchases and creditors cycle, sales and debtors cycle.Audit Risk ApproachAssess the risk of material misstatement of item of accounts.High Risk items are audited in detail using Substantive or System Approach and low risk items are given only cursory attention.Stage 1 Obtaining Knowledge of Clients businessKnowledge of Clients business will assist auditor in:planning and performing the auditEvaluating audit evidenceAssessing risk and identifying problems associated with the businessHelps the auditor in concluding whether the assertions in the financial statements are consistent with the knowledge

    Stage 2 Analytical ProceduresHelps in identifying risk factors

    Stage 3 and Stage 4 Risk Assessment and Internal Control

    Stage 5 Developing Audit StrategyRISK REFERS TO AUDIT RISKAudit Risk is defined as the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstatedInappropriate audit opinion would mean a situation where:a) unqualified opinion is given when qualified opinion is to be givenb) qualified opinion is given when adverse or disclaimer of opinion is to be givenWhat are misstatements? a) Misstatement could be qualitative and quantitative misstatementb) Misstatements can arise because of fraud or because errorsWhy should the auditor give an inappropriate audit opinion? It could be a case only when auditor is not able to detect the misstatement in the financial statementsAudit Risk = f (Risk of Misstatement and Detection Risk) Risk of Material Misstatement can be broken down into Inherent Risk and Control RiskInherent Risk and Control Risk are called as Entitys risk and they exist independent of audit of financial statements

    Account balance could mean all accounts we find in trial balanceClass of Transactions could mean set of common transactions- Eg: Purchase of Raw Material, Capital Assets Hedging, Sale of ServicesTherefore Inherent risk is the possibility that an account balance is misstated or class of transaction is misstatedRisk is inherent means risk is assessed without having regard to the control system of the entityInherent risk assessment takes place in two stagesOne is at the time of planning and another at the time of framing audit programmeThe level of assessment differs at different stagesAt the time of Planning Inherent Risk is to be assessed at the financial statement levelAt the time of framing an audit programme Inherent risk to be assessed in relation to assertion made by account balances and class transactionsInherent risk at planning stage aims to identify whether financial statement by itself could be materially misstatedWell look into factors that should be taken into account in determining the inherent riskManagement of the Company > Integrity of the management When there is doubt in integrity of the management, there could be a possibility the financials are misstated > Managements inexperience When there are Changes in key personnel, including departure of key executives, for example CFO - When the Company has a Lack of personnel with appropriate accounting and financial reporting skills. Industry Factors > Consolidation in the industry Where the company has significant transactions with a single customer, it may affect the valuation of receivables > When the Company is functioning in a highly competitive industry, there will be pressure on the management to report better results > Changes in Technology For example, technological changes may cause a product or even the machinery obsolete, issues of valuation of inventory and impairment may come up > Accounting pronouncement relating to an industry > Declining Industry and lack of capital availability may raise the issue of going concern > Rapid Growth in Industry and Company Accounting System cannot sustain the level of operations > Regulatory Changes Nature of Business > Significance of related parties - high level of related party transactions could influence the transaction price > Expanded Foreign Operations Risk of accounting of foreign transactions > Change in Information System Migration from one Accounting Software to new Accounting Software > Corporate Restructuring of the entity reduction of staff and issues of segregation of duties

    Inherent Risk has to be assessed with reference to a) Assertions by Account Balance andb) Assertions by classes of transactionsFor the purpose of simplicity of discussion we will refer account balance as any account in the Trial Balance, Examples of an account balance would be Fixed Asset, Debtors, Sales AccountSimilarly, the class of transactions as both routine and non-routine transactions of the enterprise, Examples of routine class of transactions would be Sale of Goods, Purchase of Raw Materials, Purchase of Fixed Assets, Hedging, Futures Trading Examples of Non-routine transactions would be corporate restructuring,

    Assertions are statements made in the financial statementsAssertions could be explicitly included in the financial statements or can be implicitDifferent kinds of assertions exist for different kinds of Elements in the financial statementsWe will classify the elements in Financial Statements into Asset, Liability, Income and ExpenseWe will take an example of Asset Stock

    Assertions in this regard would be:Stock exist as on Balance Sheet Attend Physical VerificationRight Stock belongs to the entity Representation, Confirmation, Invoice, GRNCompleteness There are no unrecorded stocks Cut offs, Unrecorded PurchasesValuation Stock is stated at Lower of NRV or Cost Check the closing stock valuationPresentation & Disclosure Any disclosure required as per Schedule VI or AS-2

    We will take the example of Income sale of goodsAssertions in this regard would be:Occurrence Sale reported by X Ltd is in fact sale of X Ltd invoice and customer acknowledgementCompleteness There are no unrecorded Sale TransactionsMeasurement/accuracy Sale has been recorded at the amount stated in invoiceCut off Sales reported for the year 06-07 pertains to Financial Year 06-07Presentation & Disclosure relating to Sales have been compliedItems requiring the work of an Experta) Example could be Provision of Employee Benefits by an Actuary The Inherent Risk is for Assertion in relation to Measurementb) Another possibility is in relation to pending litigation which requires use by an expert This affects assertion relation to Obligation, Valuation and Presentation and DisclosureItems requiring JudgmentExample could be Provision for Bad/Doubtful DebtsThe Inherent Risk is for Assertion in relation to MeasurementComplex TransactionsDebt refinancingFutures TradingSusceptibility of Asset to misappropriation and movableStock and Cash Assertion that gets affected Existence and RightTransactions not subjected to ordinary processingExample would be case where:a) Management directly is concerned with the transactionb) Situation where the accounting system is fully computerized but a part of system is manually operatedQuality of Accounting System

    Accounting SystemThe Objective of accounting system is to maintain financial recordsThe objective of accounting system is to prepare Financial Statements,give MIS reportsQuality of Accounting System affects Decision Making of the Management- Timely Preparation of Financial Statements

    Requirements a) Accounting System should be capable of identifying transactions and events including for example contingent liabilityb) Record the transactions correctlyc) Classification to appropriate General Ledgerd) Preparation of financial statements or even generate MIS Reports

    The first step in identifying the accounting system would be identify the major class of transactions entered into by the company, example: Sale of Goods, Purchase of Fixed Assets, HedgingIdentify how transactions are initiated in the company Capital Expenditure ProposalIdentify the records maintained by the company for each transaction Capex Approval, Supplier Comparison information, Identify at what point time the information is captured by the information system for accounting purpose Asset is received by the CompanyIdentify how the transactions get reflected in the financial statements It would get classified as Fixed Asset

    UNDERSTANDING ACCOUNTING SYSTEM INVOLVESIdentifying all classes of transactions entered into by the companyMapping the flow of all transaction from start to its end

    Internal Control System means all policies and procedures instituted by the managementInternal Control is not limited to Accounting functions, therefore extend beyond accounting systemOBJECTIVESa) Timely & Reliable Financial Reportingb) Compliance with laws and regulationsc) Effectiveness and efficiency of operationsd) Prevention and Detection of Fraud & Errorse) Safeguarding of AssetsAn example where the Control System extend beyond the audit requirement would be that a company would have implemented Computerized Production and Scheduling System OR even in case of an airline company where the company has an automated flight scheduling systemAn example where the Control Procedures would be relevant for audit consideration would be Periodical Stock Taking and comparison of variances.

    The Internal Control System has two Components Control Environment & Control ProceduresControl Environment sets the tone of the OrganizationIt influences the control consciousness of the peopleIt affects the effectiveness of Control ProceduresAuditor needs to be obtain knowledge of the EnvironmentFactors that would be considered:> Organization Culture how much does the management gives importance to honesty and ethical values, whether the management is imbibing qualities of Honesty, Ethical behavior to employees> Competence of the management - Competence required for a particular job and what qualification is required for the job> Extent of participation by the management for day to day activities Indication of a strong existence of strong management control system > Managements operating style and philosophy Approach to take business risk by the management, example would Aggressive, conservative and attitudes towards Employees> Organizational Structure & Assignment of Authority and Responsibility Determining the hierarchy > Existence of Audit Committee and Audit Committee comprise of persons who have adequate knowledge of the clients businessExistence of one factor may not mitigate the possibility of misstatementExample would be a case where the organization be hiring competent accounting, financial and IT personnel but will not mitigate the bias of the top management to misstate the earningsAnother example of strong control environment would be where the employees is given regular training on accounting issues so as to reduce the errors in accounting

    Walk Through TestsThe Auditor selects transaction that pass through the accounting systemHe tries to trace the transactions from start to end and identifies Control ProceduresIf the entity is operating in a Computerized Environment,

    The Nature, Timing and Extent of Walk through Tests depends on Judgmental FactorsAuditor must also check whether the control environment has been implementedExample would be case where the management establishes formal code of conduct and acts in a manner that violates a codeControl Environment by itself will not detect, prevent and correct a misstatement, therefore auditor has to be obtain understanding of the control procedures, example is that where the Company has a strong management control system where management participates in day-to-day activities.We can classify the control procedures into the these categories:Control ActivitiesSpecific Objectives> Performance Reviews- To facilitate efficiency in operations Control Policies and Procedures would include:- analyses of actual performance versus budgets, forecasts, and prior period performance; - relating different sets of data operating or financial to one another, - comparing internal data with external sources of information; and - review of functional or activity performance,> Information Processing Activities- To prevent fraud/error- General Controls and Application Controls in an IT environment- Arithmetical accuracy of records, maintaining Control Accounts, > Physical Controls- Safeguarding the Asset- Secured Access to Assets- Periodic Counting and Comparison with Actuals> Segregation of Duties Assigning different people the responsibility of authorizing the transactions, recording transactions, maintaining the custody of the asset>Authorization Controls In most of the cases would be in accordance with established guidelines- decentralized

    Auditor is concerned only with controls that are relevant to Assertions made in the financial statementsAn example where the Control System extend beyond the audit requirement would be that a company would have implemented Computerized Production and Scheduling System OR even in case of an airline company where the company has an automated flight scheduling systemAn example where the Control Procedures would be relevant for audit consideration would be Periodical Stock Taking and comparison of variances.An example that directly relates to assertion of Account Balance would be Physical Controls for Safeguarding of Asset it would affect the assertion of Existence of the AssetAn example that directly relates to assertion of Class of Transaction would be Application Controls for modifying a programme - it would affect the assertion of Measurement/Accuracy of a TransactionA situation where the Auditor uses the evidence for performing analytical procedures the auditor would be using Production and Sales Data, he will be concerned with the control relating accuracy of production data

    FIRSTWeve seen that auditor should be able to obtain an understanding of Control Activities that are directly related to assertions of class of transaction or assertion of account balanceControl Risk refers to the risk that the Control Activities do not prevent, detect or correct a misstatementSLIDEControl risk is a function of a) Effectiveness of Design of Internal Controlb) Effectiveness of Operation of Internal Control

    An example for a case where the Company does not perform Stock Taking it would directly relate to assertion made by account balance of existenceAn example for a case where the auditor concludes that assessing control risk is inefficient would be a case where the Company has limited number of transactions relating instead of verifying the control risk auditor can directly obtain evidence by way of confirmationHow does the auditor assess the effectiveness of Internal Controls?He uses Test of Control he conducts the test of Control Procedures and tests of elements of Control EnvironmentsExamples of Test of Control Procedures Inspection of Documents for authorization, Inquiries of Stock Taking Instructions and Observation of Stock Taking, Re-performance Re-performing Bank Reconciliation, Incase the company is using Information Technology for accounting

    Example for Tests of elements of Control Environment Assessing the factors in control environment and arriving at conclusion that environment is strong, weak.

    He performs the tests of controls and then arrives at the adequacy of the internal control systemBased on his assessment of Control Risk he determines the Nature, Timing and Extent of SubstantiveWhere the internal control do not exist for an assertion or where auditor concludes evaluating the internal controls will not effective as he can obtain evidence for audit assertions in any other efficient manner, example is borrowings as discussed earlier he performs substantive proceduresNature of Substantive Procedure Type of Procedures - Test of details or analytical proceduresDifferent kinds of procedures are suitable for different kinds of assertions-For example to test the assertion of occurrence of Sale Transaction, auditor may decide to Inspect the Sale TransactionTiming When audit procedures are to be performed Stock Taking period end or at the later or even beforeExtent relates to size of the sampleAssuming the Auditor Assesses the Inherent Risk as low, Control Risk is low can the auditor dispense with Substantive Procedures?> ANSWER IS NO SINCE STANDARD ITSELF RECOGNISES THAT THE RISK ASSESSMENT IS A JUDGEMENTAL FACTOR, AUDITOR NEEDS TO PERFORM SOME SUBSTANTIVE PROCEDURES AND> THERE ARE INHERENT LIMITATIONS TO INTERNAL CONTROLS

    INHERENT LIMITATIONS TO INTERNAL CONTROLCost effectiveness of Control ProceduresMost of the internal controls is not directed towards transactions of exceptional natureHuman ErrorPossibility of circumvention of controls by employees or even by managementManipulation by the management

    Business RiskThe Standards on Auditing issued by IAASB and AICPA requires an auditor to understand the business riskBusiness Risk may or may not affect the financial statements, and it includes audit riskExamples of Business Risk-The development of new products or services that may fail;- A market which, even if successfully developed, is inadequate to support a product or service; or- Flaws in a product or service that may result in liabilities and reputation risk-Auditor has to consider how the management identifies business risk and manages business riskThere is a limitation in this approach- Auditor cannot identify all business risk

    COSO Stands for Committee of Sponsoring OrganizationsIts members include AICPA Advisory Committee, American Accounting Institute, Institute of Internal Auditors, Institute of Management AccountsCOSO framework is the most recognized framework worldwide for evaluating controls over financial reportingThe framework has got same objectives as any Internal Control

    COSO Ingredientsa) The difference from existing standards in India is on Risk Assessment where the Auditor has to consider how the management identifies business risk and manages business riskb) Monitoring - Monitoring Controls include considering the Internal Controls are operating as intendedExamples include - management's review of whether bank reconciliations are being prepared on a timely basis, - internal auditors' evaluation of sales personnel's compliance with the entity's policies on terms of sales contracts, and - A legal department's oversight of compliance with the entity's ethical or business practice policies.


COSO-Focused Cyber Risk Assessment for Internal Auditors · COSO-Focused Cyber Risk Assessment for Internal Auditors September 2015 Siah Weng Yew, Deloitte Risk Consulting Thio Tse

Risk assessment in internal auditing: a neural network ...download.clib.psu.ac.th/.../WileyInterScienceCD/pdf/ISAF/ISAF_5.pdf · Risk Assessment in Internal Auditing: A Neural Network

Risk Assessment and Internal Controls

RISK ASSESSMENT REPORT Internal Audit Department

Risk Assessment - Permission Systemelibrary.gbrmpa.gov.au/.../1/...Permissions-System.pdfUnclassified Internal Procedure Risk Assessment – Permission System (effective from 04 October

RISK ASSESSMENT AND INTERNAL CONTROL - ca-final.in · RISK ASSESSMENT AND INTERNAL CONTROL 3.3 AUDIT RISK means the risk that the auditor gives an inappropriate audit opinion when

Security plan and risk assessment - WorkSafe Tasmaniaworksafe.tas.gov.au/.../355590/Security_plan_and_risk_assessment.pdf · SECURITY PLAN AND RISK ASSESSMENT. ... • Internal road

Risk Assessment For Internal Auditors

INTERNAL AUDIT AND OPERATIONAL RISK · Risk Inventory & Top-Down Assessment Key Indicator Management Bottom-Up Risk Assessment Project Risk Assessments Audit Entity and Risk Universe

PROPOSED RISK ASSESSMENT AND INTERNAL AUDIT PLAN … of Tarpon Springs... ·  · 2017-12-01PROPOSED RISK ASSESSMENT AND INTERNAL AUDIT PLAN ... • Volume of cards issued City-wide

Risk assessment and internal controls: continuing

Risk Assessment – – Internal Audit’s Role Assessment – – Internal Audit’s Role Steve Goepfert, ... • Audit Universe – Field Audits ... • Plan the audit schedule based

FY16 Risk Assessment and Annual Internal Audit PlanAudit & Management Advisory Services ( AMAS) has completed its FY17 annual risk assessment and internal audit planning exercise,

Risk Assessment and Internal Control - ICAI … Assessment and Internal Control 3.1 Introduction ... 3.2 Internal Control System - Nature, Scope, Objectives and Structure The Following

Internal Audit Risk Assessment

Auditing 81.3550 Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9

Audit Plan and Risk Assessment Internal Audit Department

Internal Information Security Risk Assessmentdoit.maryland.gov/.../G20B2400006SecurityRiskAssess.pdfCATS II TORFP Internal Information Security Risk Assessment 2 TABLE OF CONTENTS

Risk Assessment and Internal Audit Plan 2017-18

Risk Assessment - Permission Systemelibrary.gbrmpa.gov.au/.../2/v2-Risk-Assessment-Permi… · Web viewUnclassified Internal Procedure Risk Assessment – Permission System (effective

Risk Based Internal Audit in Banks - Bulentsenver.com 20150309_ad477.pdf · Page 4 1. Principles of Risk Based Internal Audit Risk Assessment Process! A “risk assessment” is an

Building Internal Compliance Systems - IFPMA...2016/04/08  · Risk Assessment - Current Risk Level - Objective (3 t 5 year timeframe) Inherent Risk Area Risk Assessment Very High

Oxford City Council Internal Audit Risk Assessment and …mycouncil.oxford.gov.uk/documents/s14108/PWC Audit Plan.pdf · Oxford City Council Internal Audit Risk Assessment and Plan

CORRUPTION RISK REVIEW AND RISK ASSESSMENT …€¦ · corruption risk assessments? Internal corruption risk assessment programs 12.44% 23.56% 7.62% 38.10% Against this backdrop,

Risk Assessment of an Internal Supply Chain

Internal Audit Risk Assessment and Planmodgov.southnorthants.gov.uk/documents/s8128/Internal Audit... · Audit universe, corporate objectives ... In developing our internal audit

Internal Audit, IS Audit, Risk Assessment & Internal ...onbconsulting.com/wp-content/uploads/2019/01/...Internal Audit, IS Audit, Risk Assessment & Internal Controls Review ... Designed

Internal Audit Risk Assessment and Audit Planning ... Risk Assessment... · Internal Audit Risk Assessment and Audit Planning Supplemental Handouts CCIA Spring 2011 May 6, 2011

Risk Assessment of PCORI’s Internal Controls · • Risk Assessment report of PCORI’s internal controls in Finance, Contracts Management and Administration, and Procurement. Proposals

Internal Audit Risk Assessment and Plan - The Moray ... 5 Internal Audit Plan... · Internal Audit Risk Assessment and Plan 2016/17 FINAL NHS Grampian March 2016. APPENDIX A. ITEM:

Risk assessment in internal auditing: a neural network ... · Risk Assessment in Internal Auditing: A Neural Network Approach Sridhar Ramamoorti1, Andrew D. Bailey, Jr2* and Richard

Chapter 5 Risk Assessment: Internal Control Evaluation

Internal Audit Risk Assessment and Audit Assessment and Audit

Risk assessment tools for effective internal · PDF fileA First Reference Compliance & Best Practices Guide Risk assessment tools for effective internal controls How to identify and

自成咨询 Section D. Internal Controls 15% 1. Risk assessment, controls, and risk management a. Internal control structure and management philosophy b. Internal