AUD 3 - Internal Control Flashcards
The Steps in an Audit (7)
- Prepare for an audit
- Obtain understanding of client, its environment, & its internal controls (must always be documented)
- Asses risk of marterial misstatement & determine nature, timing, & extent of further procedures
- Perform test of controls
- Perform substantive procedures
- Formulate an opinion
- Issue audit report
What is Internal Control & what are the objectives?
(ACE)
An entity’s systems & policies designed to enable management to meet its objecteds related to ACE. We want reasonable assurance that I/C are achieving certain objectives:
- Accurate & reliable financial reporting
- Compliance with laws & regulations
- Effectiveness & efficiency of operations
What are the 5 elements of Internal Control?
(CRIME)
- Control Environment
- Risk Assesment
- Control Activities
- Information & Communication
- Monitoring
Control Environment
(CHOPPER)
Control Environment - sets the tone of an organization, influencing the control consciousness of its people. It is the foundation of all other components of internal control, providing discipline & structure.
Includes the following (CHOPPER):
- Commitment to competence - effective ctrl requires sincere interest on part of the employees in performing good work
- Human resource policies & practices - sound hiring & training policies for employees
- Organizational structure - a company that operates all over the world has different I/C problems that one operating entirely within a single building
- Participation of those charged w/ Governance
- Philosophy of mgmt & operating style
- Ethical values & integrity
- Responsibility assignment - the manner in which authority, responsibility & accountability is assigned to different employees determines the controls that will be needed.
Risk Assesment
(AIIO)
Risk Assesment - Identification, analysis, & mgmt of risks relevant to the preparation of FS that are fairly presented in conformity w/ GAAP. Risk Assessment includes risks that may affect an entity’s ability to properly record, process, summarize, & report financial data.
Risk Assessment procedures includes:
- Analytical Procedures
- Inquiries
- Inspection
- Observation
Control Activities
(PIPS)
(ARCC-S)
Control Activities - Policies & procedures that help insure that management directives are carried out.
- Performance Reviews (Indicators) - Actual vs. budget FS, P/Y, financial to non-financial
- Information Processing Ctrls - General vs Application Ctrls
- Physical Controls - Access to assets
-
Segregation of Duties (ARCC-S)
- Authorization of transactions
- Recoding (posting) of transactions
- Custody of assets (who has access)
- Comparisons (reported vs. recorded)
Information & Communication
The component of I/C that makes certain that mgmt’s instructions are communicated & that there is a flow of information in all directions within the entity to enhance the efficiency & effectiveness of operations & ensure the transperency & fairness of financial reporting.
Refers to the I.D, retention, & transfer of info in a timely manner allowing personnel to perform their responsibilities.
- Info System - consists of the methods & records used to record, process, summarize & report a company’s transactions & to maintain accountability for the related accounts.
- Communication - involves establishing idividual duties & responsibilities relating to internal control & making them known to personnel.
Monitoring
The ongoing evaluation of internal controls to make certain that they are effective, functioning as intended, & that they remain relevant.
Understanding the Internal Control
(UPDATED)
6 Steps
- Obtain an Understanding of the Design of Internal Control by performing Risk Assessment Procedures (CRIME)
- AIIO
-
Ducument the understanding of Internal Control
- FIND
-
Asses RMM
- Rely, CR, DR, Sub Testing
- Perform Test of Controls (4 Cycles)
- RIIO
- REassess RMM & evaluate Results
- Document conclusions & determine the effect on the planned substantive procedures
Understanding the Internal Control Structure
Step 1 - Obtain an Understanding the DESIGN of Internal Ctrl
(AIIO)
An auditor obtains an understanding of the Entity & its Environment, and Internal Control through by performing Risk Assessment Procedures which includes: (AIIO)
-
Analytical Procedures
- Reviewing audit documentations that document the internal control structure of the client in prior years
-
Inquiries (info on design)
- Asking mgmt to describe the internal controls currently in place
-
Inspection (info on design)
- Examining documents that are used in internal control, such as authorization forms & procedures manual
-
Observation (info on implementation)
- Watching employees perform their jobs
NOTE: The auditor is only trying to determine what controls have been Implemented, and is NOT determining whether the controls have been operating effectively. The latter is only necessary in a FS audit IF the auditor plans to rely on the controls.
Understanding the Internal Control Structure
Step 2 - Document the understanding of I/C
(FIND)
The auditor is REQUIRED to document its understanding of the entity, environment, & internal control.
The 4 common techniques of documenting the understanding of I/C: (FIND)
- Flow Charts - Visual depiction of the process
- Internal Control Questionaire (ICQ) - Yes/No Qs
- Narrative or Memorandum - Written description of the I/C structure
- Decision Tables/Trees
*Not really tested, just for understanding material***
Understanding the Internal Control Structure
Step 3 - Assess RMM (Control Risk)
Intend to Rely?
No = RMM (High) > Substantive Approach Audit
Yes = RMM (Low) > *Combined Approach Audit
*Combined Approach - Test of Controls & Substantive
Understanding the Internal Control Structure
Step 4 - Perform Test of Controls (RIIO)
Test of Controls - to test the effectiveness of the I/C design & operation of a control. The auditor should test the operating effectiveness of such controls at least once in every 3 years.
- Testing the Cycles for ARCCs by doing RIIO
4 Procedures for Testing Controls (RIIO)
- Reperformance - Applies ctrl of client
- Inspection - Examines ctrl
- Inquiry - Asks about ctrl
- Observation - Watches client do ctrl (most effective)
Understanding the Internal Control Structure
Step 6 - Document Conclusions
What 4 things must the Auditor document?
The auditor is REQUIRED to communicate significant deficiencies & material weaknesses to mgmt & those charged w/ governance. The basis for risk assessment must ALWAYS be documented.
Auditor needs to document:
- The assessement of the risk of material misstatement at the FS & relevant assertion levels
- The basis for that assessment
- Significant risks identified & related controls evaluated
- Risk identified & related controls evaluated that requires test of controls to obtain SAAE
Inherent Limitations in an Internal Control Environment
(COCO)
- Collusion (fraud)
- Override by Management (fraud)
- Competence - Human error (error)
- Obsolescence - Cost/Benefit (error)
U-PERCV
U-PERCV is management’s assertions which are representations made by management in the FS being audited.
- Understandability & Classification
- Presentation & Disclosure
- Existence or Occurance (Vouching)
- Records to Source
- Rights & Obligations
- Completeness & Cutoff (Tracing)
- Source to Records
- Valuation, Allocation & Accuracy
**U-PERCV is basically what management is saying that they have in their FS regarding the numbers.
OPERATING CYCLES
Revenue Cycle
Spending Cycle
Personnel & Payroll Cycle
Investing & Financing Cycle
Production & Conversion Cycle
The main point regarding these cycles is the segregation of duties regarding (ARCC) of the business functions & employees.
Revenue Cycle (Sales Revenue/ A.R. / Cash Receipts) - A set of procedures that are followed by a business entity in generating sales, earning revenues, billing customers, and collecting & depositing cash receipts.
Spending Cycle (Purchases / A.P. / Cash Disbursement) - Deals with ordering, receiving, & paying for goods & services including purchases of inventory on account & cash disbursements.
Personnel & Payroll Cycle - Deals with the hiring/termination of employees, paying, & administering change in pay rates.
Investing & Financial Cycle - Deals with transactions involving aquisition & disposal of assets other than inventory & transactions with creditors & shareholders.
Production & Conversion Cycle - Deals with manufacturing operations & converting raw materials into finished goods.
Revenue Cycle - Specific Employees
Sales Clerk
Credit Manager
Warehouse Clerk
Shipping Clerk
Billing Clerk
Receivables Clerk
General Ledger Bookkeeper
Mail Room Clerk / Receptionist
Cashier
Cash Receipts Clerk
Receiving Clerk
Treasurer
Controller / Internal Auditor
Sales Clerk - accepts orders/PO from customers & prepapares a written sales order (Recording)
Credit Manager - approves customer credit on orders (Authorization)
Warehouse Clerk - holds goods in inventory awaiting requests for shipment (Custody)
Shipping Clerk - Removes items from inventory to ship to customers (Custody)
Billing Clerk - prepares sales invoices to send to customer (Recording)
Receivables Clerk - posts sales & collections to individual customer accounts based on sales invoices & remittances [posts A/R balance] (Recording)
General Ledger Bookkeeper - posts journal entries for sales & collections (Recording)
Mail Room Clerk / Receptionist - opens mail, prepapres remittance listing of checks, directs to appropriate places (Custody)
Cashier - receives checks, prepares deposit slip, & deposits funds at the bank (Custody)
Cash Receipts Clerk - receives remittance listing & posts to cash receipts journal [posts credit to A/R balance] (Recording)
Receiving Clerk - receives all goods that are being returned and returns them to inventory (Custody)
Treasurer - approves credit memos for returns & write-offs of uncollectible accounts (Authorization)
Controller / Internal Auditor - prepares bank reconciliations & analyses of past-due accounts (Comparison)
Revenue Cycle - Key Documents
Sales Order
Bill of Lading
Sales Invoice
Sales Register (Journal)
Subsidiary Receivables Ledger
Remittance Advice
Remittance Listing
Cash Receipts Journal
Deposit Slip
Bank Reconciliation
Sales Order - the list of the goods ordered by the customer (created by the sales clerk from a customer’s PO) along with the prices to be charged. Usually pre-numbered.
Bill of Lading - the shipping document that is signed by the carrier (usually a trucker) accepting goods from the shipping clerk (prepared by the shipping dept).
Sales Invoice - bill prepared that is sent to the customer after shipment. Before doing so, billing clerk should compare sales order & bill of lading.
Sales Register (Journal) - a book in which sales invoice information is posted.
Subsidiary Receivables Ledger - lists of outstanding A/R with a separate record for each customer.
Remittance Advice - the document included in an envelope with the check to indicate the purpose of the check.
Remittance Listing - a summary of the money received that day. Prepared by the employee first receiving the cash, usually the mail room clerk.
Cash Receipts Journal - a book in which remittance listings are posted.
Deposit Slip - the document signed or stamped by the bank to acknowledge receipt/deposit of checks.
Bank Reconciliation - comparison of book to physical.
Revenue Cycle
U-PERCV
- Understandability & Classification - transactions & events have been recorded in the proper accounts & information is presented & described clearly.
- Presentation & Disclosure - mgmt asserts that all sales to employees have been properly identified in the statements & notes as related party transactions. The auditor may review sales invoices for specific sales to employees & then trace these invoices to GL to see if they are posted to the “due from employees” account.
- Existence or Occurance (Vouching) - mgmt asserts that all sales have been recorded. Auditor may select a sales invoice & vouch from the sales invoice to the bill of lading in order to ensure that items billed to customers were based on actual shipments.
- Rights & Obligations - mgmt asserts that the right to collect receivables. An auditor can vouch from posings in the subsidiary receivables ledger for a specific client back to the sales order, bill of lading, & sales invoice, in order to establish that the goods were ordered, shipped & billed, giving the company the right to collect.
- Completeness (Tracing) & Cutoff - mgmt asserts that it has recorded all sales that have taken place. The auditor may select a bill of lading & then trace from the bill of lading to the sales invoice to ensure that all shipped goods have been billed go customers.
- Valuation, Allocation & Accuracy - mgmt asserts that receivables are likely to be collected. The auditor can test the process of credit approval before shipment in order to determine that the company is only shipping to customers likely to pay.
Spending Cycle - Specific Employees
Purchasing Manager
Purchasing Clerk
Receiving Clerk
Payables Clerk
Payables Manager
Treasurer
Shipping Department
Purchasing Manager - approves purchase requests before they are processed & negotiates terms with vendors (A)
Purchasing Clerk - places orders with vendors [sends PO to vendors] (R)
Receiving Clerk - receives delivery of goods from vendors (C)
Payables Clerk - prepares payment voucher & gives to treasurer for approval which is the basis for authorizing the issuance of a check to the vendor after verifying the accuracy of the vendor invoice & supporing documents (A)
Payables Manager - oversees the Posting of vouchers to appropriate purchase records [posts to A/P accts] (R)
Treasurer - Signs check for payment & mails it (C)
Shipping Department - sends goods back to vendors when goods are nonconforming (C)
Spending Cycle - Key Documents
Purchase Requisition
Purchase Order
Receiving Report
Purchase (vendor) Invoice
Invoice Register
Payment Voucher
Purchase Journal
Debit Memo
Purchase Requisition - the internal request by the department in need for goods to be ordered by the purchasing department
Purchase Order - the external form mailed to the vendor to request goods to be delivered to the company
Receiving Report - the document prepared in the receiving department signed by the carrier to acknowledge the goods that have been delivered to the company
Purchase (vendor) Invoice - basically its the sales invoice
Invoice Register - a book listing invoices received from vendors
Payment Voucher - document prepared by payables clerk to request that a check be issued for payment to a vendor. Passed on to the treasurer for signature.
Purchase Journal/Voucher Register - a book listing all of the payment vouchers generated by the company
Debit Memo - a document sent to the accounting department to indicate that nonfoncoming goods have been returned
Personnel/Payroll Cycle - Specific Employees (4)
Personnel cycle of a business is normally segregated between these different departments:
- Personnel (Authorize) - H/R, hire, fire, salary rate adj
- Payroll (Recording) - Calculates pay of employees, preps the check for signature of treasurer.
- Treasurer (Custody) - Signs & distribute the checks, custody of check.
- Controller (Comparison) - Bank reconciliation
Investing & Financial Cycle
U-PERCV
Investing & Financial Cycle - deals w/ transactions involving aquisition & disposal of assets other than inventory & transactions w/ creditors/shareholders.
- Presentation & Disclosure - controller determines that securities are classified in the records correctly as trading, afs securities, htm securities, etc.
- Existence or Occurance (Vouching) - treasurer vouces the agreement of broker advices on purchases w/ cancelled checks.
- Rights & Obligations - securities on hand are examined by senior mgmt to ensure that they are registered in the name of the company.
- Completeness (Tracing) & Cutoff - internal auditor makes a list of securities in the bank safe deposit boxes & compares them w/ securities listed in the records.
- Valuation, Allocation & Accuracy - controller compares current market prices w/ the listed values of securities
