Week 4 Internal Cotrols lecture part 1

Category: Education

Presentation Description

Part 1 of our discussion of internal controls in the audit process.


Presentation Transcript

Chapter 05:

Chapter 05 Risk Assessment: Internal Control Evaluation “Bernie doesn’t want you to use the words “internal controls” in any more of your audit reports…it aggravates him. ” -- Cynthia Cooper referring to advice given her by a colleague on how to best deal with Bernie Ebbers , the then CEO of WorldCom right before she uncovered an $11 Billion dollar fraud that Ebbers directed. 5- 1

Learning Objectives:

Learning Objectives Define and describe internal control and explain the limitations of all internal control systems. Distinguish between the responsibilities of management and auditors regarding an entity’s internal control . Define and describe the five basic components of internal control and specify some of their characteristics. Explain the process the audit team uses to assess control risk, understand its impact on the risk of material misstatement, and, ultimately, to know how it affects the nature, timing, and extent of substantive testing to be performed on the audit. 5- 2

Learning Objectives (cont.):

Learning Objectives (cont.) Describe additional responsibilities for management and auditors of public companies required by Sarbanes-Oxley and Auditing Standard No. 5. List the major components of the auditors’ report on internal control over financial reporting. Describe situations in which the auditors’ report on internal control over financial reporting would be modified. Explain the communication of internal control deficiencies to those charged with governance such as the audit committee and other key management personnel. 5- 3

Internal Control Defined:

Internal Control Defined Internal control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: Reliability of financial reporting Effectiveness and efficiency of operations Compliance with applicable laws and regulations 5- 4

Limitations of Internal Control:

Limitations of Internal Control Human error Collusion Management override Cost/benefit analysis There is often a trade-off between the cost and the effectiveness of internal controls. The concept of reasonable assurance recognizes that the cost of an entity’s internal control should not exceed the benefits that are expected to be derived. 5- 5

Responsibility for Internal Control:

Responsibility for Internal Control Management’s responsibility Responsibility for establishing and maintaining adequate internal control over financial reporting Assess and report on the effectiveness of internal control over financial reporting Auditors’ responsibility For public companies, must audit and issue an opinion about the effectiveness of the internal control over financial reporting For each fraud risk, must evaluate whether controls are in place to mitigate the fraud risk Must assess control risk to determine the nature, timing and extent of substantive procedures to be performed 5- 6

Why Assess Control Risk?:

Why Assess Control Risk? Determine nature, timing, and extent of audit procedures. There is a trade-off between testing of controls and substantive procedures. At least some substantive procedures are required. Control testing is required for public companies (in accordance with PCOAB AS 5 ), but remains an auditor judgment for other audits. 5- 7


Exhibit 5.2 - Relationship Between Internal Control Reliance and Audit Procedures 5- 8


Exhibit 5.3 Internal Control—Integrated Framework (COSO) 5- 9

New COSO Framework:

New COSO Framework Updated in 2013 New definition: see graphic The new framework contains 17 principles representing fundamental concepts Each principle contains ‘points of focus” with important characteristics – 77 in total Enhances consideration of anti-fraud expectations Increases focus on non-financial reporting

Control Environment:

Control Environment

Control Environment (cont.):

Control Environment (cont.)

authorStream Live Help