© 2002 Mcgraw-Hill Ryerson Limited. All Rights Reserved

6-1
All rights reserved.
2002 McGraw-Hill Ryerson

Limited.
PLANNING THE AUDIT AND

UNDERSTANDING INTERNAL
CONTROL
Part Three
6-2

Limited.
CHAPTER 6
INTERNAL CONTROL IN A
FINANCIAL STATEMENT
AUDIT
Chapter 6
6-3

Limited.
6-4
INTERNAL CONTROL
Internal control is a process effected by an entity's board

of directors, management and other personnel, that is
designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations.

Limited.
6-5
INTERNAL CONTROL
Managements perspective
The auditors perspective

Limited.
6-6
COMPONENTS OF INTERNAL
CONTROL
The control environment

Risk assessment
Control activities
Information and communication
Monitoring

Limited.
6-7
THE CONTROL ENVIRONMENT

The control environment sets the tone of the organization,
influencing the control consciousness of its people. It is the
foundation for all other components of internal control,
providing discipline and structure.

Limited.
6-8
FACTORS AFFECTING THE

CONTROL ENVIRONMENT
Integrity and ethical values.

A commitment to competence.
Participation of the board of directors or audit
committee.
Managements philosophy and operating style.
Organizational structure.
Assignment of authority and responsibility.
Human resource policies and procedures.

Limited.
6-9
RISK ASSESSMENT
Control risk assessment for financial reporting is the
identification, analysis and management of risks relevant
to the preparation of financial statements that are fairly
presented in conformity with GAAP.

Limited.
6-10
SPECIFIC RISKS
Changes in the operating environment

New personnel
New or revamped information systems
Rapid growth
New technology
New lines, products, or activities
Corporate restructuring
Foreign operations
Accounting pronouncements
Limited.
6-11
CONTROL ACTIVITIES
Control activities are the policies and
procedures that help ensure that necessary
actions are taken to address the risks involved
in achieving the entitys objectives.

Limited.
6-12
CONTROL ACTIVITIES
Control activities that are relevant to the audit

include:
Performance reviews
Information processing
Physical control
Segregation of duties

Limited.
6-13
INFORMATION SYSTEM
The information system relevant to the financial reporting
objectives, which includes the accounting system, consists
of the methods and records established to record, process,
summarize, and report on an entitys transactions and to
maintain accountability for the related assets and
liabilities.

Limited.
6-14
INFORMATION SYSTEM
An effective accounting system gives appropriate

consideration to establish methods and records that will:
Identify and record all valid transactions.
Describe on a timely basis the transactions in sufficient
detail to permit proper classification of transactions for
financial reporting.
Measure the value of transactions in a manner that
permits recording their proper monetary value in the
financial statements.

Limited.
6-15
INFORMATION SYSTEM
(cont.)
Determine the time period in which transactions
occurred to permit recording of transactions in the
proper accounting period.
Properly present the transactions and related
disclosures in the financial statements.

Limited.
6-16
COMMUNICATION
Communication involves providing an understanding of
individual roles and responsibilities pertaining to internal
control over financial reporting.

Limited.
6-17
MONITORING
Monitoring is a process that assesses the quality of the
internal control over time. It involves appropriate
personnel assessing the design and operation of controls
on a timely basis and taking necessary actions.

Limited.
6-18
THE EFFECT OF ENTITY SIZE ON

INTERNAL CONTROL
The size of the entity may affect how the various

components of internal control are implemented.
For example, in a small entity, the owner-managers
involvement in day-to-day activities can provide a highly
effective control that identifies risks that may affect the
entity and monitors activities.

Limited.
6-19
LIMITATIONS OF
INTERNAL CONTROL
Management override of internal control.

Personnel errors or mistakes.
Collusion.

Limited.
6-20
CONSIDERATION OF INTERNAL
CONTROL IN PLANNING AND
PERFORMING AN AUDIT
Figure 6-2 presents a flowchart of the auditor's decision
process when considering internal control in planning
an audit.
The auditor can choose from two audit strategies:
no-reliance or substantive strategy
reliance strategy

Limited.
6-21
A SUBSTANTIVE STRATEGY
Based on a preliminary evaluation of internal

control, the auditor can choose from two strategies.
If the internal control system is judged to be
ineffective, or the auditor decides it would be
inefficient to test the controls, the auditor will
choose a substantive strategy.

Limited.
6-22
A RELIANCE STRATEGY
An auditors decision to follow a reliance strategy

involves:
Identifying specific internal controls relevant to
specific assertions that are likely to prevent or
detect material misstatements.
Testing of controls to evaluate their effectiveness.

Limited.
6-23
UNDERSTANDING
INTERNAL CONTROL
The auditors knowledge from understanding internal

control is used to:
Identify the types of potential misstatements.
Determine control risk, which in turn affects
detection risk.
Assist in the design of substantive tests.

Limited.
6-24
UNDERSTANDING
INTERNAL CONTROL
In deciding on the nature and extent of the understanding

of the internal control, the auditor should consider the
following items:
Knowledge from previous audits.
Understanding of the entity's industry.
Assessments of inherent risk.
Judgments about materiality.
The complexity and sophistication of the entity's
operations and systems.

Limited.
6-25
UNDERSTANDING THE COMPONENTS

OF INTERNAL CONTROL
The auditor must understand the five components of

internal control:
Control environment
Risk assessment
Control activities
Information and communication
Monitoring

Limited.
6-26
AUDIT PROCEDURES
An auditor may use the following audit procedures to

learn about internal control:
Inquiry of appropriate management, supervisory,
and staff personnel.
Inspection of entity documents and reports.
Observation of the entity's activities and
operations.

Limited.
6-27
DOCUMENTING THE UNDERSTANDING

OF INTERNAL CONTROL
A number of tools are available to the auditor for

documenting the understanding of the internal control
including:
Copies of the entity's procedures manuals and
organizational charts.
Narrative descriptions (see Exhibit 6-6).
Internal control questionnaires (see Exhibit 6-1).
Flowcharts (see Figure 6-3).

Limited.
6-28
TESTS OF CONTROLS
Tests of controls can be directed towards either the

effectiveness of the design of a control or the operating
effectiveness of a control policy or procedure. A number of
audit procedures are used as tests of controls, including :
Inquiry of appropriate client personnel.
Inspection of documents, reports, and electronic media
indicating the performance of the policy or procedure.
Observation of the application of the policy or
procedure.
Reperformance of the application of the policy or
procedure by the auditor.

Limited.
6-29
ASSESSING AND DOCUMENTING THE

LEVEL OF CONTROL RISK
Auditing standards state that the auditor should document
the basis for his or her conclusions about the assessed level
of control risk. The auditor should also document the
assessed level of control risk so that the audit risk model
can be used.

Limited.
6-30
SUBSTANTIVE TESTS
The last step in the decision process is performing the

substantive tests. The level of detection risk used for a
substantive tests is based on the planned level of audit risk
and the assessed levels of inherent and control risk.

Limited.
6-31
TIMING OF AUDIT PROCEDURES
Auditing procedures can be conducted at:

an interim date, or
at year end

Limited.
6-32
INTERIM TEST OF CONTROLS
The auditor should consider the following factors in

determining the nature and extent of audit work for the
remaining period for tests of controls:
the significance of the internal control objective
the evaluation of the design and operation of the
control
the results of tests of controls
the length of the remaining period
the planned substantive tests.

Limited.
6-33
INTERIM SUBSTANTIVE TESTS
The auditor should consider the following factors when

substantive tests are completed at an interim date:
The level of control risk.
Changing business conditions or circumstances that may
cause management to misstate financial statements in
the remaining period.
Control procedures are present for insuring that the
account is properly analyzed and adjusted, including
proper cutoff procedures.
The auditors ability to investigate the remaining period.

Limited.
6-34
COMMUNICATION OF INTERNAL
CONTROL-RELATED MATTERS
CICA 5200, Internal control in the context of an auditWeakness in internal control, and 5750, Communication of
matters identified during the financial statement audit, as well
as AuG-11, Communication with audit committees, all discuss
the auditors responsibility to communicate identified
weaknesses in internal control to the clients management,
the audit committee (or equivalent) of the clients board of
directors or both

Limited.
6-35
WEAKNESSES IN INTERNAL
CONTROL
During the course of the audit, the auditor may identify
significant weaknesses in internal control, defined in 5220.04
as weaknesses where the deficiency is such that a
material misstatement is not likely to be prevented or
detected in the financial statements being audited.

Limited.
6-36
COMMUNICATION
In the form of a management letter
For examples of weaknesses see Exhibit 6-7.

Limited.

© 2002 Mcgraw-Hill Ryerson Limited. All Rights Reserved

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

© 2002 Mcgraw-Hill Ryerson Limited. All Rights Reserved

Uploaded by

Copyright:

Available Formats

6-1

All rights reserved.