Internal Control Flashcards
An Examination of Internal Control Over Financial Reporting
Express an opinion based on effectiveness of internal control
Basic Steps:
- Planning
- Obtain understanding of internal control policies and procedures
- Evaluate the design of internal control P&Ps
- Test the effectiveness of IC P&Ps
- Form opinion about management’s assertion of the effectiveness of IC
An Examination of Internal Control Over Financial Reporting: Report
Heading - “Independent”
Introductory paragraph - We have examined
Scope Paragraph - lists what we did
Inherent Limitation Paragraph - Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate.
Opinion Paragraph: In our opinion, X Company maintained in all material aspects, effective internal control
table>
Assessed RMM (Risk of Material Misstatement)
Affects: nature, extent, and timing or further audit procedures (NET)
Effects:
NATURE
RMM low - allows more reliance on client’s records
RMM high - need more outside corroboration
As RMM increases, so does the need for more relevant and reliable evidence.
EXTENT
RMM low - need less evidence
RMM high - need more evidence
TIMING
RMM low - allows some interim testing
RMM high - more testing at year-end and some testing at less predictable times
Objectives of Internal Control
- Reliability of financial reporting. Provide reasonable assurance that material misstatements are being prevented, detected, corrected on a timely basis.
- Reasonable assurance of compliance with laws and regulations.
- Reasonable assurance of effectiveness and efficiency of operations
Internal Control: Management’s Responsibility
Responsible for establishing and maintaining the internal control structure
Internal Control: Auditor’s Responsibility
Determine if controls are preventing, detecting, and correcting material misstatements on a timely basis (in other words, determine effect that internal controls have on F/S assertions)
Document understanding of each component of internal control
Internal Control: Inherent Limitations
- human fallibility
- collusion
- management override
There are always inherent limitations
Internal Control Components
CRIME (5)
- Control Activities
- Risk Assessment
- Information and Communcation
- Monitoring
- Environment
Control Activities
Specific policies and procedures that assure that all transactions are properly:
- initiated
- authorized/approved
- executed
- recorded
Includes proper segregation of duties (ARC)
A - Authorization
R - Recordkeeping
C - Custody of assets
Includes physical controls: locks on doors, EE ID badges (examples)
Risk Assessment
How does management handle risks
Internal Risks:
- new employees
- high EE turnover
- rapid expansion
- new technology
- new products
External Risks:
- downtown in economy or industry
- industry downsizing
- increased competition
CHANGE = RISK
Information and Communication
- quality of accounting records
- manamgent communicating to those charged with governance
- management establishing individual duties and communicating such to individual Ees
Monitoring
- evaluation of internal control structure over a period of time
- client ability to adjust or improve
- internal audit function
Environment
Control environment
- overall attitude of management and board of directors
- internal audit function
- management philsophy and integrity
Any weakness is the control environment is very disturbing/pervasive.
Risk is Unavoidable
Auditors do not examine 100% of evidence supporting financial statements
Auditors could misinterpret evidence
Audit Risk
The ultimate risk you take in auditing
- risk that financial statements are materially misstated, but we issue a clean opinion
- culmination of all risks: Control Risk, Inherent Risk, Detection Risk
Control Risk
Risk that internal control structure is not preventing or detecting material misstatements on a timely basis
Every internal control structure has control risk
Auditor evaluates control risk
Inherent Risk
Risk that an item, by its very nature, is materially misstated (cash, liquid assets, etc.)
Susceptibility of a relevant assertion and related account balance, class of transactions or disclosure to a material misstatement, assuming there are no related controls
Risk of Material Misstatement (RMM)
RMM = control risk x inherent risk
Exists regardless of whether there is an audit
Auditor evaluates RMM
Detection Risk
The risk that the auditor will fail to detect material misstatements
Only exists when there is an audit
Risk Relationships
RMM DETECTION RISK FURTHER AUDIT PROCEDURES
High Low Extensive
Low High Limited
Direct Relationship: Control Risk and Further Audit Procedures (High/More, Low/Less)
Indirect Relationship: Detection Risk and Further Audit Procedures (High/Less, Low/More)
Internal Control: Control Activites (Types that should be in any strong control structure)
BAND AIDS
B - Bonding (EE who work with cash) - recovery and deterrent
A - Authorization and approval (proper initialized, authoirzed, and approved)
N - Numeric and cross checks (pre-numbered documents - checks, POs, receiving reports, receipts; bank recon; A/P match)
D - Documentation controls - everything is documented
A - Appropriate physical controls - locks on doors, ID badges, safe, alarm system
I - Internal audit function - monitoring
D - Detailed personnel policies - hiring, firing, pay raises, mandatory vacations
S - Separation of duties - ARC - authorization, recordkeeping, custody of assets
Internal Control: Deficiencies
Deficiency - design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis
Deficiency in Design - Control not there
Deficiency in operation - Control there, but ineffective
Auditor is required to submit written communication to those charged with governance for control deficiencies that are significant deficiencies or material weaknesses. If none found, no written communcation is required. If required by a governmental entity, generally, an auditor may not issue stating that no significant deficiencies exist.
Significant Deficiency
Deficiency, or a combination of deficiencies, in internal control that is less severe than a material wearkness, yet important enough to merit attention by those charged with governance.
Material Deficiency
Deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis.
Communication Highlights
State that purpose of audit was to express an opinion on financial statements, but not to express an opinion on the effectiveness of internal control
State that auditor is (accordingly) not expressin an opinion on efectiveness of internal control
State that indicates auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be significant deficiencies or material weaknesses
Define material weakness and where relevant, significant deficiency
Identify the specific material weaknesses found an, if applicable, the specific significant deficiencies found
Restrict report
Deadline - Nonissuer - no later than 60 days following the audit report release date, but same is recommended
Issuer - required prior to the issuance of the auditor’s report on the financial statement
Purchases and Accounts Payable Transaction Cycle (Part 1)
User Department -
-Prepares prenumbered Stores requisition
Copy 1: Filed
Copy 2: Sent to storeroom
Storeroom
-Receives copy 2 of SR and files it.
-Sends good to user department
-If storeroom runs out of raw material:
-prepares prenumbered purchase requisition (PR)
Copy 1: Filed
Copy 2: Sent to AP department
Copy 3: Sent to purchasing department
Purchases and Accounts Payable Transaction Cycle (pt 2)
Purchasing Department
-Receives copy 3 or PR and files it
-Prepares prenumbered Puchase Order (PO)
Copy 1: Filed
Copy 2: Sent to vendor
Copy 3: Blind copy to recieiving (quantity blacked out)
Copy 4: Sent to A/P department
Receiving Department
-Receives blind copy 3 of PO
-Puts number received on blind copy and files it
-Prepares prenumbered Receiving Report (RR)
Copy 1: Filed
Copy 2: Sent to A/P department
Copy 3: Number received filled in and sent to purchasing departmnet for verification
Purchases and Accounts Payable Transaction Cycle (pt 3)
Accounts Payable
-Cross checks all 4 documents received (PR, PO, RR, and vendor invoice)
-Records transaction in AP subsidiary ledger
-Prepaires prenumbered 3 copy voucher package (all 4 documents)
Copy 1: Filed
Copy 2: Sent to general accounting
Copy 3: Sent to treasury
Treasury Department
- Receives voucher package
- prepares and sends check to vendor
- cancels voucher package and files it
- approves write offs
General Accounting Department
- Receives copy 2 voucher package
- Updates general ledger
Purchases and Accounts Payable Transaction Cycle - Documents Flow Recap
Stores requisition
Purchase requisition
Purchase order
Receiving report
Vendor’s invoice
A/P subsidiary ledger
Voucher package
Check
General ledger
Sales and Accounts Receivable Transactions Cycle (pt 1)
Sales Department
-Receives purchase order (PO) from customer
-Prepares prenumbered 6 copy sales order (SO)
Copy 1: Billing with PO
Copy 2: shipping
Copy 3 & 4: credit
Copy 5: Customer
Copy 6: Filed
Credit Department
- Receives copies 3 and 4
- Approve customer credit
- SO Copy 3 (now approved SO) to shipping
- SO Copy 4 to billing
Sales and Accounts Receivable Transactions Cycle (pt 2)
Shipping Department
- Receives Copy 3 approved SO from credit
- Receives Copy 2 original from sales
- Prepares prenumbered 3-copy bill of lading
- Copy 1: customer
- Copy 2: billing
- Copy 3: filed with Copy 2 & 3 SO
Billing Department
-Receives:
Copy 2 BOL from shipping
Copy 1 (original) SO
Customer’s PO from sales
Copy 4 (approved) SO from credit
-Prepares prenumbered 4 copy sales invoice
Copy 1: customer
Copy 2: A/R
Copy 3: general accounting
Copy 4: filed with SO, PO, and BOL
-Posts to sales journal
Sales and Accounts Receivable Transactions Cycle (pt 3)
A/R department
- Receives Copy 2 sales invoice from billing
- Posts to customer’s account
- updates AR subsidiary ledger
General Accounting
- Receives Copy 3 sales invoice from billing
- Updates general ledger
Sales and Accounts Receivable Transactions Cycle - Documents Flow Recap
Customer’s Purchase Order
Sales Order
Approved Sales Order
Bill of Lading
Sales invoice
Sales journal
A/R subsidiary ledger
general ledger
Cash Receipts Transaction Cycle (pt 1)
Mail Clerk
-Opens mail
-Prepares pre-numbered daily remittance listing
Copy 1: Filed
Copy 2: Cashier or Treasury
Copy 3: A/R
Copy 4: G/A
Cashier or Treasury Department
-Receives Copy 2 of daily remittance listing
-Makes daily deposit
-Prepares prenumbered deposit summary
Copy 1: Filed
Copy 2: A/R
Copy 3: G/A
Cash Receipts Transaction Cycle (pt 2)
Alternative to Mail Clerk/Cashier: Bank Lockbox
- Customers send check directly to company’s bank
- Bank performs functions otherwise performed by Mail Clerk and Cashier
A/R Department
-Receives and cross checks:
Copy 2 of deposit summary from cashier
Copy 3 of remittance listing from mail clerk
-Updates A/R subsidiary ledger
-Prepares pre-numbered cash receipts summary
Copy 1: Filed
Copy 2: G/A
-Updates cash receipts journal
Cash Receipts Transaction Cycle (pt 3)
General Accounting
- Receives and cross checks:
- Copy 4 of daily remittance listing
- Copy 3 of deposit summary
- Copy 2 of cash receipts summary
- Updates general ledger
Cash Receipts Transaction Cycle -Documents Flow Recap
Daily remittance listing
Deposit summary
A/R receivable subsidiary ledger
Cash receipts journal
Cash receipts summary
General ledger
Property, Plant and Equipment (controls to look for)
Controls to look for:
Major purchases approved by BOD
Adequate insurance coverage
Physical safeguards and restricted access
Appropriate policy set up and maintained for expense vs. capitalization determinations
Human Resouces (controls to look for)
Detailed personnel policies and procedures (hiring, firing, pay raises, mandatory vacations)
Separaion of duties (HR department hires, fires, and approves salary changes; payroll department prepares payroll)
Imprest Account: Separate payroll bank account
Custody Checks
Signature machine and unused checks should be locked up
Unclaimed checks held by internal audit department
