Chapter 3 Flashcards
What is definition of internal control?
the process designed, implemented and maintained by directors and management to ensure the RELIABILITY of financial reporting, effectiveness and efficienct of operations, and compliance with applicable laws and regulations
Who regulates internal control?
UK Corporate Governance Code
They states the BOARD responsibility to maintain sound risk management and internal control systems
Part of the role of the AUDIT COMMITTEEof the board (3 NED, one with recent, relevant financial experience)
What are the responsibilities of the audit committee
- Oversight of financial and narrative reporting
- Internal controls and risk management
- Whistleblowing and fraud
- Internal and External auit
- Repoprting to the board and shareholders
Part of a company’s internal control systems should include the assessment of its key business risks? What are these?
Financial Risks, Compliance Risks, Operational Risks
Financial Risk
Risks that would affect company’s cash flow (e.g. chang in intR or exR)
Compliance Risk
risks relating to laws and regulations
Operational Risk
Risks relating to the day- to day operations of the business (loss of key staff, inventory management)
What is the internal control system? What are the 5 elements of internal control?
The company needs policies and procedures which acknowledge and manage business risks, this is called the internal control system
CCMRI
Control environment
Control activities’
Monitoring of controls
Risk assessment process
Information system
Internal control system: Control environment
The attitudes, awareness, and actions of management concerning the company’s internal control and its importance in the company.
The control environment sets the tone of an organisation, influencing the control consciousness of its people
Internal control: risk assessment process
The process for identifying and controlling the risks in the business
Internal control system: Information system
Information system relevant to financial reporting
Internal control system: control activites
policies and procedures that help ensure management directives are carried out
Internal control systems: monitoring of controls
Managements monitoring of controls includes considering whether they are operating as intended and that they are modified as appropriate for changes in conditions
Limitations of internal control
1) Human error is always possible
2) Staff could collude to get around the system
3) Management override of controls is possible
4) Many controls could cover routine transactions
5) The cost of the controls may outweigh the benefits
Define ‘audit’
An evaluation of an organisation, system or process
What is an assurance services
An external audit performed by an external person who is independent.
Define an ‘external audit’
An independent examination and expression of opinion on the financial statements of a company
examination - obtain sufficient evidence on which to base the audit opinion
opinion prepared for benefit of shareholders
independence - crucial if audit opinion to have credibility
What is a true and fair view
An external auditors opinion states that the financial statements give a true and fair view of the position, performance and cash flows of a company
True - factual and applies w accounting standards
Fiar - clear, impartial and unbiased
International version of ‘True and fair view’
‘Faithful representation’
Means financial statements are complete, neutral and free from error
What is the expectation gap?
An audit does not provide absolute assurance or guarantee of correctness. The misconception by users that they are is called the ‘expectation gap’/
The accountancy profession addresses common misconceptions through the audit engagement letter
What is an audit engagement letter
Details the contract between the client and the audit firm before audit. Review every year to ensure up to date. Only needs to be reissured if changes to terms, or evidence directors misunderstand the nature of the audit
What is a stewardship
External audit addresses the ‘Agency Issue’. Directors are considered stewards of the company, they are accountable to the shareholders for the performance. External audit gives accountability.
auditor gives opinion to shareholders
from independent examination of financial statements that are prepared by directors
Company owned by shareholders but run by directors
DIAGRAM
What are the limitations of external audits
Integrity of client management, nature of financial reporting, limited amount of time, samples
Integrity of client management: Auditor rely on client management to provide infor and access, client management could hid if wanted to
* Nature of financial reporting: it inherently involves management judehement and subjective decisions, which may be influenced by bias
* Limited amount of time: spent on clients premises, testing only a sample of items (due to cost benefit ratio.
* Samples: Auditors select samples for testing based on where greatest risk lies. They plan work to detect material error and fraud, minor error and fraud may not be detected
What are the rights of external auditors?
- Right to receive info and explanations from company personnel
- Right to receive notice of general meetings
- Right to speak at general meetings on matters that are related to the audit
What are the two different types of audit tests
Controls testing
Detailed testing
What is Controls Testing
on Systems to ensure that:
the internal control systems that directors have in place are:
-capable of preventing errors in financial information
-or detecting and correcting them
What is detailed testing
on higher risk areas to ensure that reported transactions and balances do not contain material missstatements
What is audit risk
The risk that an audditor gives an inappropriate opinion
What are the three elements of audit risk
Inherent risk
Detection Risk
Control Risk
Audit risk: Inherent risk
always INHERENT risk due to OTHER things
the risk posed by an error or omission in a financial statement due to a factor other than a failure of internal control
The risk of a material misstatement before consideration of internal controls present
Can be considered at:
The financial statement level (factors that could impact the whole entity and therefore its financial statements)
assertion level (specific claims being made in the financial statements)
Audit risk: Control risk
MM not picked up by CONTROLS or accounting systems
The risk that material misstatements are not picked up by the accounting and internal control systems
Audit risk: Detection risk
AP doesnt DETECT MM
The risk that the auditors procedures will not detect a misstatement
What is the documentation of audits?
-required to document their work
-produces an ‘audit trail’
-documentation should be sufficient enought that an experience auditor can read the working paper and understand what has been done and what conclusions have been drawn
what must audit evidence be?
sufficient
appropriate
where evidence is less reliable (approp), more will be needed (sufficient)
Audit evidence: Sufficient
-having enough evidence
-one very conclusive piece
-several pieces that corroborate with each other
Audit evidence: appropriate
-evidence must be reliable and relevant
Reliable
-independant external source
-if internal, subject to effective control
-obtained by auditors themselves
-documented not verbal
-original form
What is the Audit report
-outlines the audit opinion in writing to the shareholders
-filed as a matter of public record
Audit report: If conclusion is that financial statements are prepared within financial reporting framework and materially present a true and fair view
- the report will contain an unmodified opinion
Audit report: If conclusion finds that financial statements include material misstatements
Report would be qualified
QUALIFIED OPINION-If isolated misstatement - it is true and fair with exception to this issue - auditors would explain this -
ADVERSE OPINION - multiple or particularly significant misstatements - financial statements do not give a true and fair view
Audit report: Auditors couldn’t obtain enough evidence
1) cant determine a true and fair view
2) DISCLAIMER - they disclaim any opinion
or only one area - they say ‘except for this area true and fair
Audit report: Accounts give true and fair view but a matter properly disclosed is so important that auditors want to highlight it
Give unmodified opinion, but modify standard report to highlight important matter
What is the report on control deficiences
If auditors have discovered any significant deficiencies in internal controls at the company. They may also discuss minor deficiencies with management for improvement. Report is private to the board and will not be issued to shareholders or 3rd parties
What is the future of audit?
-Audit profession has come under heavy criticism due to some high profile company failures
-The UK gov commission reviews on the audit process and issued a white paper, relating to proposed changes in the structure and purpose of external auditing. Kingman review and Brydon review.
What is internal audit?
Internal auditing: independent, objective assurance and consulting activity designed to add value and improve an organisations operations.
- Typically focusses on accounting/internal control systems of a company
- present reports directly to the audit committee
- Can be outsourced to an external company,
Internal vs External: Objectives
EA – To add credibility and reliability to financial reports from the company to its stakeholders
IA - To evaluate and improve the effectiveness of governance, risk management and control processes.
Internal vs External: Standards
EA – Must follow International Standards on Auditing (ISAs)
IA – Can choose to use the guidelines of the Institute ofInternal Auditors (IIA).
Internal vs External: who do they report to
EA – Shareholders – audit report
IA – Board of Directors/Audit Committee
Internal vs External: Status
EA – Independent
IA – Objective, but as generally an employee of company (although function can be outsourced) independence may be an issue.
Internal vs External: Qualifications
EA – Qualified Accountant and a member of a Recognised Supervisory Body
IA – No formal qualifications required (but many are qualified accountants or members of the IIA)
Is Internal audit a statutory requirement
IA is not a statutory requirement
but is part of a sound risk management and internal control system
If a company does not have an internal audit department, UK CGC requires the audit committee to consider annually whether one is needed and disclose reasons for not having an internal audit department in its annual report.
The limitations of internal audit
- “independent” despite fact they’re employees
- Insufficient resources to form an effective IA function
- If error/fraud detected, may be unwilling to disclose for fear of repercussions
Mitigation include reporting findings directly to audit committee or outsourcing IA department
What tasks do internal auditors do?
Tasks can include:
The internal controls
The accounting systems
key risk areas
preparing schedules for external auditors
Internal: What is a VFM audit
VFM Audit – Value for money
– obtaining the best possible combination of services for the least resources.
Pursuit of 3 E’s
Economy (lease cost), Efficiency (best use of resources) and effectiveness (org obj achieved)
Internal: What is an IT audit
ensure the organisation is CONTROLLING KEY RISKS surrounding hardware software internet and overall IT
Internal: what is a Financial audit
Financial - Review management accounts and systems that produce the accounts to ensure business is MEETING ITS FINANCIAL TARGETS
Internal: what is a Regulatory compliance audit?
CHECKING that org MEETS LEGAL REQUIREMENTS that it needs to, or specific legal requirements relating to the industry.
Internal: what is a Fraud Investigation audit
Fraud Investigations - REVIEW IC of a company to ensure fraud is not taking place.
Lower materiality levels to detect smaller frauds
Internal: what is a customer experience audit
CUSTOMER POV
Customer experience – helps company see itself from a customers point of view. Makes sure meeting customer needs.
Internal: what is a operational audit?
REVIEWS OPERATIONAL EFFECTIVENESS
Operational – reviews operations of a business, gives management assurance on their effeictiveness
Internal: other types
-Project audit
-management audit
-environmental audit
What is a materiality?
Materiality: A transaction or balance is considered material if
its omission or misstatement COULD INFLUENCE the economic decision of users
Materiality allows an external auditor to focus on significant areas of financial statements
What areas should be considered when assessing the level of materiality
-Quantity
-Quality
-Repetition
Materiality Assessment: Quantity
Quantity (of the misstatements) – the relative size of it.
* Guidelines used to estimate materiality levels:
o Above 1% of revenue
o Above 1% of total assets
o Above 5% profit before tax
Materiality Assessment: Quality
refers to an amount that might be low in value but due to PROMINENCE COULD INFLUENCE the user’s decision
Materiality Assessment: Repetition
small amounts that cumulatively could have a material effect on financial statements
What is performance materiality
USED FOR REPETITION MISTATEMENTS
a lower materiality level set by the auditor. It is used to record all misstatements that could accumulate into a material misstatement
They are often recorded on a ‘schedule of unadjusted misstatements’.
At the end of an audit, misstatements that have a similar effect are added up, to assess whether an overall misstatement exists
What is the definition of Misstatement:
a difference between the BLAH of a FS statement item and the figure that is required to be recorded according to the applicable financial reporting framework.
a difference between the amount, classification, presentation or disclosure of a financial statement item and the figure that is required to be recorded according to the applicable financial reporting framework.
misstatements can arise from error or fraud
What are the three categories of misstatements?
- Factual – about which there is no doubt
- Judgemental – usually regarding estimates
- Projected – auditors best estimate of misstatements in population, involving projections of misstatements spotted in a sample
What should be done with misstatements
All misstatements should be communicated with management
On a timely basis and request that they make the necessary adjustments
The external auditor should determine whether uncorrected mistatements are material in total or individually
Both internal and external audit generally focus on discovering material errors in the accounting system.
What are the two different types of errors?
- Errors causing imbalance on trial balance
—rel easy to spot
–totals for the debit and credit columns on the trial balance are not the same - Errors not revealed by the trial balance
What are examples of Errors in the ledger accounts that cause the trial balance not to balance
1) Unequal amounts entry error
2) Two debits/two credits entry error
3) Entry omission
4) Balanace omission
5) Balance calculation error
6) Balance transfer error
What are examples of Errors not revealed by the trial balance
1) Error of Omission
2) Error of original entry
3) Error of Commission
4) Error of Principle
5) Reversal of Entries
Errors TB: Unequal amounts entry error
One side of the double entry is erroneous
Errors TB: Two debits/two credits entry error
Both accounts entered as two debit/credit – instead of debit/credit
Errors TB: Entry omission
One side of double entry is made in the ledger accounts
Errors TB: balance calculation error
Balance on an account calculated incorrectly when transference to trial balance – and hence wont balance
Errors TB: balance transfer error
The balance on an account is transferred incorrectly into the trial balance
Errors TB: balance omission
A balance is omitted from the trial balance completely
Errors NTB: Error of omission
a. Transaction not recorded at all in double entry system
Errors NTB: Error of original entry
a. debit and credit entries are the same but they are both wrong because there was an error when originally recording the transaction (e.g. the amount of a sale) in the book of prime entry
Errors NTB: Error of commission
a. debit and credit entries are the same but they are both wrong because there was an error when originally recording the transaction (e.g. the amount of a sale) in the book of prime entry
Errors NTB: Error of principle
a. equal debit and credit entries are made but at least one is in the wrong type of account (e.g. non-current asset, not rent payable)
Errors NTB: Reversal of entries
a. Right amount but debit and credit switched
Define Fraud
deprivation by deceit – the intentional misstatement or misappropriation of assets by an individual or group of individuals
Who does the responsibility for prevention and detection of fraud lie with?
Management and those charged with governance (the board)
What are the two forms that fraud takes
1) removal of funds of assets
2) intentional misrepresentation of the financial position of the company
Examples of fraud: removal of funds or assets
- Theft of cash or inventory
- Payroll fraud
- Teeming and lading
–misallocation of recipts to a customer account to hide theft of earlier receipts - Fictitious customers
- Collusion with customers/suppliers
Examples of fraud: interntional misrepresentation of the financial position of a company
- Overvaluation of the inventory
- Not writing of irrecoverable debts
- Fictitious sales
- Manipulation of year end effects
- Understating expenses
- Manipulating depreciation
What are circumstances under which fraud is likely to arise in a company
- Disreputable employees, lack of ethical leadership, poor cultural influences
- Lack of supervision or controls or security
- Poor rewards,
- Opportunities for collusion
Implication of fraud for the organisation
- Loss of assets, reputation, privacy, morale
- Paranoia
- Increase security costs and restriction of privileges
Why are external auditors concerned with fraud?
Fraud can cause misstatements in financial statements if it exists.
auditing standards require that they should be wary of fraud and maintain an attitude of professional scepticism throughout the audit
How should the external auditor approach fraud
the EA should consider areas in which the financial statements might be susceptible to material misstatement due to fraud, including how frauds might occur and be alert for evidence that it may be taking place
What would an external auditor do if they detect a fraud
-extend their testing on that area and then determine the need to modify the audit report
The auditor must also make appropriate reports to:
1) Audit Commitee
2) Shareholders
What would an external auditor do if they detect a fraud and the matter is in the public interest
Auditor could consider breaching their duty of client confidentiality by reporting the matter to the relevant authority.
Take legal advice first - v serious matter
What would an external auditor do if they detect a fraud that results in money laundering
-to avoid prosecution for ‘failing to report’
- accountant must report to the firm’s MLRO who will make a report to the National crime agency if needed
What is the main method for ensuring neither fraud nor errors occurs?
by having sound internal control system
List of control activities that help the company prevent fraud
1) Authorisation
2) Physical controls
3) Segregation of duties
4) Information processing
5) Documenting
Control activities: Authorisation
approval of transactions by a suitably responsible official
Control activities: Physical controls
restricting access to physical assets such as cash or inventory and accounting records
Control activities: Segregation of duties
assignment of roles/responsibilities within a process to diff people
Control activities: Information processing
arithmetic and accounting controls such as checking the arithmetical accuracy of accounting records or performing account reconciliation
Control activities: Documenting
what procedures should be followed and whether they have been followed
How to detect whether fraud in the accounting system has occured
Test controls
Carry out substantiative procedures
What are test controls
conduct spot checks to identift the effective implementation of control activities
How do you carry out substantiative procedures
- conduct Performance reviews and compare budget vs actual results
- Compare info produced by accounting system with external evidence, such as bank statements and supplier statements
- Prepare control accounts where transations are recorded in individual accounts and in total
- Reconcile information in the accounting system with external evidence and other internal information
What is a fraud response plan
Sets out a plan of action in case of suspected cases of fraud, theft or corruption
Having a plan may in itself act as a deterraent
What are the roles and duties of individual managers in the fraud detection and prevention process
- Vigilance
- Collective responsibility
- Communications to staff
- Risk assessment
- Cost-benefit analysis
- Culture
- Implement system of strong controls
- Arrange regular audit of controls
- Adopt zero tolerance approach to fraud
Who is the approach to fraud overseen by
the audit comittee as part of their wider duty of risk and internal controls managment
What does an assurance service contain
An assurance service always contains:
1 ) Three party relationship (users of info, preparers of info and scrutiniser of info)
2 ) Underlying subject matter (financial statements)
3) Criteria (financial reporting standards)
4) Evidence to support the opinion (audit evidence)
5) A written report (audit report)
Why are audits performed
Audits are performed to:
1) Ascertain the validity and reliability of information
2) Assess a company’s system of risk management and internal control
If IA outsource to company that also does EA?
Independence limited
If
