Escolar Documentos
Profissional Documentos
Cultura Documentos
CHAPTER 8
LEARNING OBJECTIVES
8.1 Define internal control and explain the audit logic of assessing control risk.
8.2 Understand the concepts of inherent limitations and reasonable assurance
with regard to internal control.
8.3 Describe the general objectives of internal control and how the auditor uses
them to develop specific control objectives.
8.4 Identify and define internal control and each of its components.
8.5 Identify the steps by which the auditor obtains an understanding of internal
control and assesses control risk, and the methods and procedures used by
the auditor in each step.
DEFINITION OF INTERNAL
CONTROL
is the process designed and implemented by those
OBJECTIVES OF IC
Risks are identified and minimised.
Management
COMPONENTS OF IC
Five elements of IC outlined in ASA/ISA 315.14-23:
1. control environment
2. entitys risk-assessment process
3. information system
4. control activities
5. monitoring of controls.
COMPONENTS OF IC :
Control Environment
Includes governance and managements overall
organisational structure
assignment of authority and responsibility
human resource policies and practices.
COMPONENTS OF IC :
Entitys risk assessment process
Entitys way of identifying and responding to
business risks.
Once risks are identified, management needs to
COMPONENTS OF IC :
Information system
An effective information system establishes the
COMPONENTS OF IC :
Information system
An important feature of the information system is the
audit trail.
Audit trail - Individual transactions can be traced
through each step of the accounts to their inclusion in
the financial report and, similarly, from the financial
report the amounts can be vouched or traced back to
original source documentation.
Main elements:
Source documentsthe initial records of
transactions in the system. Processing usually
creates a source document when a transaction is
executed
Journal
Ledger.
COMPONENTS OF IC :
Control activities
Policies
and
procedures
established
by
management to ensure its directives are carried
out.
Can pertain to:
performance reviews (e.g. comparing actual with budget)
information processing, in an information technology (IT)
COMPONENTS OF IC :
Control activities
Segregation of duties related to a transaction
A transaction may be considered to pass through four
phases:
1. Authorisationthe initial authorisation or approval for an
exchange transaction.
2. Executionthe act that commits the entity to the exchange,
such as placing an order.
3. Custodythe physical act of accepting, delivering or
maintaining the asset.
4. Recordingthe entry of the transaction data into the accounting
system.
COMPONENTS OF IC :
Control activities
Control activities can be related to financial report
assertions:
occurrence (e.g. authorisation and approval of
transactions)
completeness (e.g. accounting for sequence of
transactions)
accuracy (e.g. checking dollar amounts back to
supporting documentation)
cut-off (e.g. independent review of transaction recording
around balance date)
classification (e.g. independent checking of account
coding).
COMPONENTS OF IC :
Monitoring of controls
Monitoring of controls:
A process to assess the effectiveness of the performance of
internal control. It involves:
evaluating the design and operation of controls
taking corrective action where necessary.
LIMITATIONS OF IC
Internal control cannot assure a reliable financial report
IMPORTANCE OF IC TO
AUDITORS
ASA/ISA 315.12 requires auditor to obtain an
IMPORTANCE OF IC TO
AUDITORS
Managements responsibility for internal control:
Achieving satisfactory internal control is initially a
management responsibility, although ultimate
responsibility rests with those charged with governance.
To maintain control over operations and accounting data,
IMPORTANCE OF IC TO
AUDITORS
Auditors responsibilities
Concerned only on IC related to:
Financial
Statements
(GAAP)
Audit Procedures
Management
Assertions
Audit Evidence
Audit Objectives
Audit Report on
Financial
Statements
and the factors that contribute to the risk that they will occur.
Understand the accounting system sufficiently to identify the
client documents, etc., That may be available and ascertain
what data will be used in audit tests.
Determine an efficient and effective approach to the audit.
STRENGTHS OF IC
Controls to monitor and minimise business risks.
responsibilities.
System of authorisation, recording and procedures
DEFICIENCIES OF IC
Internal control components are deficient as a
MANAGEMENT LETTER
The management letter is a written communication between the