Professional Documents
Culture Documents
Control
Prepared by:
Ambrocio, Sheila Mae B.
risk management;
internal control;
financial statements;
compliance requirements;
internal audit and;
external audit
Auditing Standards
A Systematic Process
Management Assertions and Audit Objectives
Obtaining Evidence
Ascertaining Materiality
Communicating Results
Audit Risk
is the probability that the auditor will render an
unqualified (clean) opinion on financial statements
that are, in fact, materially misstated.
Error - are unintentional mistakes.
Irregularities - are intentional misrepresentations
associated with the commission of a fraud
The IT Audit
Copyright Law1976
- had multiple revisions, added software and other intellectual
properties into the existing copyright protection laws.
Foreign Corrupt Practices Act (FCPA) of 1977
The FCPA requires companies registered with the SEC to do the following:
Modifying Principles
Management Responsibility
- The establishment and maintenance of a system of
internal control is the responsibility of management.
Reasonable Assurance
- The cost of achieving the objectives of internal control
should not outweigh its benefits.
Limitations
- Possibility of honest errors
- Circumvention via collusion
- Management override
- Changing conditions especially in companies with high
growth
Exposures of Weak Internal Controls (Risk)
Destruction of an asset
Theft of an asset
Corruption of information
Disruption of the information system
Preventive Controls
-are passive techniques designed to reduce the frequency
of occurrence of undesirable events.
Detective Controls
- are devices, techniques, and procedures designed to
identify and expose undesirable events that elude
preventive controls & reveal specific types of errors by
comparing actual occurrences to pre-established
standards
Corrective Controls
- Detective controls identify undesirable events and draw
attention to the problem; corrective controls actually fix
the problem.
Control Environment
Risk Assessment
Information and Communication
Monitoring
Control Activities
Physical Controls
This class of controls relates primarily to the human
activities employed in accounting systems. There
are six types of physical control:
Transaction Authorization
Segregation of Duties
Supervision
Accounting Records
Access Control
Independent Verification
IT Controls
Application controls
- Are to ensure the validity, completeness, and accuracy of
financial transactions
Examples: controls over sales order processing, accounts payable,
and payroll applications
General controls
- pertain to the entity wide computer environment or all the
systems.
Examples: controls over the data center, organization
databases, systems development, and program maintenance