Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
10INTERNAL CONTROLAND CONTROL RISK
GOOD INTERNAL CONTROL
PREVENTS MORE DEFALCATIONS
THAN GOOD AUDITORS FIND
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Importance of Control Risk
Lower
Control Risk
Less
Evidence
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Management’s Responsibility
Reasonable Assurance
Inherent Limitations
Reliability of Financial Reporting
Efficiency and Effectiveness of Operations
Compliance with Applicable Laws and Regulations
Controls Related to Reliability of Financial Reporting
Controls over Classes of Transactions
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
1,Control Environment
2,Management’s Risk Assessment
3,Accounting System
4,Control Activities
5,Monitoring
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Components of Internal Control
Organizational Structure
Commitment to Competence
Board of Directors of Audit Committee Participation
Management’s Philosophy and Operating Style
Integrity and Ethical Values
Assignment of Authority and Responsibility
Human Resources Policies and Practices
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Risk
Assessment
Control Environment
MonitoringControlActivities Information andCommunication
FIGURE 10 - 1
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Specific Control Activities
1,Separation of Duties
2,Proper Authorization
3,Adequate Documents and Records
4,Physical Control over Documents and Records
5,Independent Checks on Performance
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Operational Responsibility for
Record-Keeping Responsibility
Information Technology Duties from Duties
of Key Users Outside Information Technology
Separation of Duties
Authorization from Transactions
from the Custody of Related Assets
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Assess Control Risk Decide PDR and
Substantive Test
Design and Perform
Tests of Control
Obtain Understanding
of Internal Control
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Assess Auditability
Identify Potential Errors
Assess Detection Risk
Design Effective Test
Minimum
Requirements
Documenting understanding is required
for all audits under SAS #55
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Procedures to Gain
an Understanding
Flowchart
Narrative
Checklist System
Walk-Through
(cradle-to-grave)
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Control Risk Assessment
1,Obtain sufficient understanding for planning
2,Assess whether entity is auditable
3,Assess whether controls exist
a,Not cost-effective CR = Max
b,No controls CR = Max
Yes?
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Control Risk Assessment
Yes,controls exist
4,Perform TOC
5,Revise CR based on TOC
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Performing Tests of Controls
Emphasis is on key controls for each
transaction objective
Types of procedures
- Inquiries
- Examine documents (approvals,verifications)
- Observation
- Reperformance (dual-purpose test)
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Reportable Condition - Significant deficiencies in the
design or operation of the internal control structure.
Material Weakness in Internal Control - More serious
conditions,such that risk of errors is not reduced to
sufficiently low level.
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Process of Understanding
Internal Control
and
Assessing Control Risk
Obtain
Understanding of
Internal Control:
Design and Operation
Assess Control
Risk
Decide Planned
Detection Risk
and Substantive
Tests
Test
Controls
FIGURE 10 - 2
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Table 10 - 3
Relationship of
Assessed Control Risk
and
Extent of Procedures
Inquiry Yes - extensive Yes - some
Documentation Yes - with transaction walk-through Yes - using sampling
Observation Yes - with transaction walk-through Yes - at multiple times
Reperformance No Yes - using sampling
Assessed Control Risk
Type of Procedure High Level,Obtaining an Understanding Only Lower Level,Tests of Controls
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Table 10 - 1
Sales Transaction-Related Audit Objectives
Sales Transaction-Related Audit Objectives
Recorded transactions exist (existence).
Existing transactions are recorded
(completeness).
Recorded transactions are stated at
the correct amounts (accuracy).
Transactions are properly classified
(classification),
Transactions are recorded on the
correct dates (timing).
Recorded transactions are properly
included in the master files and correctly
summarized (posting and summarization),
Transaction-Related Audit Objectives-General Form
Recorded sales are for shipments made to
existing customers.
Existing sales transactions are recorded.
Recorded sales are for the amount of goods
shipped and are correctly billed and recorded.
Sales transactions are properly classified.
Sales are recorded on the correct dates.
Sales transactions are properly included in the
master files and are correctly summarized.
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Assessment of control risk
Chart of accounts
Collusion
Control activities
Control environment
Control risk matrix
Flowchart
General authorization
Independent checks
Information and
communication
Information technology (IT)
Internal control
Internal control questionnaire
Internal control weakness
Management letter
Monitoring
Narrative
Procedures to obtain
an understanding
Reportable conditions
Risk assessment
Separation of duties
Specific authorization
Tests of controls
Transaction walk-through
2000 Prentice Hall,Inc.
10INTERNAL CONTROLAND CONTROL RISK
GOOD INTERNAL CONTROL
PREVENTS MORE DEFALCATIONS
THAN GOOD AUDITORS FIND
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Importance of Control Risk
Lower
Control Risk
Less
Evidence
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Management’s Responsibility
Reasonable Assurance
Inherent Limitations
Reliability of Financial Reporting
Efficiency and Effectiveness of Operations
Compliance with Applicable Laws and Regulations
Controls Related to Reliability of Financial Reporting
Controls over Classes of Transactions
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
1,Control Environment
2,Management’s Risk Assessment
3,Accounting System
4,Control Activities
5,Monitoring
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Components of Internal Control
Organizational Structure
Commitment to Competence
Board of Directors of Audit Committee Participation
Management’s Philosophy and Operating Style
Integrity and Ethical Values
Assignment of Authority and Responsibility
Human Resources Policies and Practices
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Risk
Assessment
Control Environment
MonitoringControlActivities Information andCommunication
FIGURE 10 - 1
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Specific Control Activities
1,Separation of Duties
2,Proper Authorization
3,Adequate Documents and Records
4,Physical Control over Documents and Records
5,Independent Checks on Performance
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Operational Responsibility for
Record-Keeping Responsibility
Information Technology Duties from Duties
of Key Users Outside Information Technology
Separation of Duties
Authorization from Transactions
from the Custody of Related Assets
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Assess Control Risk Decide PDR and
Substantive Test
Design and Perform
Tests of Control
Obtain Understanding
of Internal Control
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Assess Auditability
Identify Potential Errors
Assess Detection Risk
Design Effective Test
Minimum
Requirements
Documenting understanding is required
for all audits under SAS #55
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Procedures to Gain
an Understanding
Flowchart
Narrative
Checklist System
Walk-Through
(cradle-to-grave)
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Control Risk Assessment
1,Obtain sufficient understanding for planning
2,Assess whether entity is auditable
3,Assess whether controls exist
a,Not cost-effective CR = Max
b,No controls CR = Max
Yes?
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Control Risk Assessment
Yes,controls exist
4,Perform TOC
5,Revise CR based on TOC
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Performing Tests of Controls
Emphasis is on key controls for each
transaction objective
Types of procedures
- Inquiries
- Examine documents (approvals,verifications)
- Observation
- Reperformance (dual-purpose test)
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Reportable Condition - Significant deficiencies in the
design or operation of the internal control structure.
Material Weakness in Internal Control - More serious
conditions,such that risk of errors is not reduced to
sufficiently low level.
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Process of Understanding
Internal Control
and
Assessing Control Risk
Obtain
Understanding of
Internal Control:
Design and Operation
Assess Control
Risk
Decide Planned
Detection Risk
and Substantive
Tests
Test
Controls
FIGURE 10 - 2
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Table 10 - 3
Relationship of
Assessed Control Risk
and
Extent of Procedures
Inquiry Yes - extensive Yes - some
Documentation Yes - with transaction walk-through Yes - using sampling
Observation Yes - with transaction walk-through Yes - at multiple times
Reperformance No Yes - using sampling
Assessed Control Risk
Type of Procedure High Level,Obtaining an Understanding Only Lower Level,Tests of Controls
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Table 10 - 1
Sales Transaction-Related Audit Objectives
Sales Transaction-Related Audit Objectives
Recorded transactions exist (existence).
Existing transactions are recorded
(completeness).
Recorded transactions are stated at
the correct amounts (accuracy).
Transactions are properly classified
(classification),
Transactions are recorded on the
correct dates (timing).
Recorded transactions are properly
included in the master files and correctly
summarized (posting and summarization),
Transaction-Related Audit Objectives-General Form
Recorded sales are for shipments made to
existing customers.
Existing sales transactions are recorded.
Recorded sales are for the amount of goods
shipped and are correctly billed and recorded.
Sales transactions are properly classified.
Sales are recorded on the correct dates.
Sales transactions are properly included in the
master files and are correctly summarized.
Arens,Loebbecke; Auditing,8/E
2000 Prentice Hall,Inc.
Assessment of control risk
Chart of accounts
Collusion
Control activities
Control environment
Control risk matrix
Flowchart
General authorization
Independent checks
Information and
communication
Information technology (IT)
Internal control
Internal control questionnaire
Internal control weakness
Management letter
Monitoring
Narrative
Procedures to obtain
an understanding
Reportable conditions
Risk assessment
Separation of duties
Specific authorization
Tests of controls
Transaction walk-through
