Internal Control Flashcards
An Examination of Internal Control Over Financial Reporting
Express an opinion based on effectiveness of internal control
Basic Steps:
- Planning
- Obtain understanding of internal control policies and procedures
- Evaluate the design of internal control P&Ps
- Test the effectiveness of IC P&Ps
- Form opinion about management’s assertion of the effectiveness of IC
An Examination of Internal Control Over Financial Reporting: Report
Heading - “Independent”
Introductory paragraph - We have examined
Scope Paragraph - lists what we did
Inherent Limitation Paragraph - Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate.
Opinion Paragraph: In our opinion, X Company maintained in all material aspects, effective internal control
table>
Assessed RMM (Risk of Material Misstatement)
Affects: nature, extent, and timing or further audit procedures (NET)
Effects:
NATURE
RMM low - allows more reliance on client’s records
RMM high - need more outside corroboration
As RMM increases, so does the need for more relevant and reliable evidence.
EXTENT
RMM low - need less evidence
RMM high - need more evidence
TIMING
RMM low - allows some interim testing
RMM high - more testing at year-end and some testing at less predictable times
Objectives of Internal Control
- Reliability of financial reporting. Provide reasonable assurance that material misstatements are being prevented, detected, corrected on a timely basis.
- Reasonable assurance of compliance with laws and regulations.
- Reasonable assurance of effectiveness and efficiency of operations
Internal Control: Management’s Responsibility
Responsible for establishing and maintaining the internal control structure
Internal Control: Auditor’s Responsibility
Determine if controls are preventing, detecting, and correcting material misstatements on a timely basis (in other words, determine effect that internal controls have on F/S assertions)
Document understanding of each component of internal control
Internal Control: Inherent Limitations
- human fallibility
- collusion
- management override
There are always inherent limitations
Internal Control Components
CRIME (5)
- Control Activities
- Risk Assessment
- Information and Communcation
- Monitoring
- Environment
Control Activities
Specific policies and procedures that assure that all transactions are properly:
- initiated
- authorized/approved
- executed
- recorded
Includes proper segregation of duties (ARC)
A - Authorization
R - Recordkeeping
C - Custody of assets
Includes physical controls: locks on doors, EE ID badges (examples)
Risk Assessment
How does management handle risks
Internal Risks:
- new employees
- high EE turnover
- rapid expansion
- new technology
- new products
External Risks:
- downtown in economy or industry
- industry downsizing
- increased competition
CHANGE = RISK
Information and Communication
- quality of accounting records
- manamgent communicating to those charged with governance
- management establishing individual duties and communicating such to individual Ees
Monitoring
- evaluation of internal control structure over a period of time
- client ability to adjust or improve
- internal audit function
Environment
Control environment
- overall attitude of management and board of directors
- internal audit function
- management philsophy and integrity
Any weakness is the control environment is very disturbing/pervasive.
Risk is Unavoidable
Auditors do not examine 100% of evidence supporting financial statements
Auditors could misinterpret evidence
Audit Risk
The ultimate risk you take in auditing
- risk that financial statements are materially misstated, but we issue a clean opinion
- culmination of all risks: Control Risk, Inherent Risk, Detection Risk
Control Risk
Risk that internal control structure is not preventing or detecting material misstatements on a timely basis
Every internal control structure has control risk
Auditor evaluates control risk