Professional Documents
Culture Documents
Part Three
6-2
CHAPTER 6
INTERNAL CONTROL IN A
FINANCIAL STATEMENT
AUDIT
Chapter 6
6-3
6-4
INTERNAL CONTROL
6-5
INTERNAL CONTROL
Managements perspective
The auditors perspective
6-6
COMPONENTS OF INTERNAL
CONTROL
6-7
6-8
6-9
RISK ASSESSMENT
Control risk assessment for financial reporting is the
identification, analysis and management of risks relevant
to the preparation of financial statements that are fairly
presented in conformity with GAAP.
6-10
SPECIFIC RISKS
6-11
CONTROL ACTIVITIES
Control activities are the policies and
procedures that help ensure that necessary
actions are taken to address the risks involved
in achieving the entitys objectives.
6-12
CONTROL ACTIVITIES
6-13
INFORMATION SYSTEM
The information system relevant to the financial reporting
objectives, which includes the accounting system, consists
of the methods and records established to record, process,
summarize, and report on an entitys transactions and to
maintain accountability for the related assets and
liabilities.
6-14
INFORMATION SYSTEM
6-15
INFORMATION SYSTEM
(cont.)
Determine the time period in which transactions
occurred to permit recording of transactions in the
proper accounting period.
Properly present the transactions and related
disclosures in the financial statements.
6-16
COMMUNICATION
Communication involves providing an understanding of
individual roles and responsibilities pertaining to internal
control over financial reporting.
6-17
MONITORING
Monitoring is a process that assesses the quality of the
internal control over time. It involves appropriate
personnel assessing the design and operation of controls
on a timely basis and taking necessary actions.
6-18
6-19
LIMITATIONS OF
INTERNAL CONTROL
6-20
CONSIDERATION OF INTERNAL
CONTROL IN PLANNING AND
PERFORMING AN AUDIT
Figure 6-2 presents a flowchart of the auditor's decision
process when considering internal control in planning
an audit.
The auditor can choose from two audit strategies:
no-reliance or substantive strategy
reliance strategy
6-21
A SUBSTANTIVE STRATEGY
6-22
A RELIANCE STRATEGY
6-23
UNDERSTANDING
INTERNAL CONTROL
6-24
UNDERSTANDING
INTERNAL CONTROL
6-25
6-26
AUDIT PROCEDURES
6-27
6-28
TESTS OF CONTROLS
6-29
6-30
SUBSTANTIVE TESTS
6-31
6-32
6-33
6-34
COMMUNICATION OF INTERNAL
CONTROL-RELATED MATTERS
CICA 5200, Internal control in the context of an auditWeakness in internal control, and 5750, Communication of
matters identified during the financial statement audit, as well
as AuG-11, Communication with audit committees, all discuss
the auditors responsibility to communicate identified
weaknesses in internal control to the clients management,
the audit committee (or equivalent) of the clients board of
directors or both
6-35
WEAKNESSES IN INTERNAL
CONTROL
During the course of the audit, the auditor may identify
significant weaknesses in internal control, defined in 5220.04
as weaknesses where the deficiency is such that a
material misstatement is not likely to be prevented or
detected in the financial statements being audited.
6-36
COMMUNICATION
In the form of a management letter
For examples of weaknesses see Exhibit 6-7.