[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 FINANCIAL SYSTEMS AND AUDITING Internal Control and Control Risk MANAGEMENT CONTROL AND CORPORATE GOVERNANCE Principles of Auditing: An Introduction to International Standards on Auditing - Ch. 7 Rick Stephan Hayes, Roger Dassen, Arnold Schilder, Philip Wallage [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.2 Internal Control is A process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations, reliability of financial reporting, compliance with applicable laws and regulations and safeguarding of assets against unauthorized acquisition, use or disposition. [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.3 Internal control is geared to the achievement of objectives in one or more separate overlapping categories: 1 effective operations — relating to effective and efficient use of the entity's resources 2 financial reporting — relating to preparation of reliable published financial statements 3 compliance — relating to the entity's compliance with applicable laws and regulations 4 safeguarding of assets [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.4 Management Control Objectives • Effective Operations goal safeguarding of assets (cash, accounts receivable, accounting records) • Financial Reporting Need for accurate information because management has a responsibility to see that statements are prepared fairly in accordance with accounting standards. Auditor is interested primarily in financial reporting controls (especially controls over transactions). • Compliance Companies must comply with many laws and regulations including company law, tax law and environmental protection regulations. [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.5 Auditor’s Primary Control Consideration and Emphasis • To understand an entity’s internal control, the auditor will evaluate the design and implementation of a control. • The auditor's primary consideration is whether, and how, a specific control prevents, or detects and corrects, material misstatements in classes of transactions, account balances or disclosures. • The heaviest emphasis by auditors is on controls over classes of transactions rather than account balances or disclosures. [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.6 Design and Implementation of Controls • To understand the entity’s internal control the auditor will evaluate the design of a control and judge whether it has been implemented. • He determines if the control is designed to prevent, detect, or correct transactions that misstate the account balances. • Implementation of a control means that the control exists and that the entity is using it. [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.7 Components of Internal Control are • Control Environment, • Risk Assessment , • Control Activities / Control Procedures, • Information and Communication and • Monitoring. [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.8 Components of Internal Control Illustration 7.1 [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.9 Control Environment The control environment means the overall attitude, awareness, and actions of directors and management regarding the internal control system and its importance in the entity. [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.10 Elements Contributing to a Successful Control Environment (1) Communication and enforcement of integrity and ethical values; (2) Commitment to competence; (3) Participation by those charged with governance - independence and integrity of the board of directors; (4) Management's philosophy and operating style - leadership via control by example; (5) Organizational structure; (6) Assignment of authority and responsibility; and (7) Human resource policies and practices. [...]... [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.13 Information and Communication Information must be relevant and delivered to people who need it in a form and time frame that allows them to carry out their control and other responsibilities [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction... understanding of the information system and the related business processes relevant to financial reporting in the following areas (continued):  How the information system captures events and conditions, other than transactions, that are significant to the financial statements  The financial reporting process used to prepare the entity's financial statements, including significant accounting estimates and. .. that are significant to the financial statements  The procedures by which those transactions are initiated, recorded, processed and reported from their occurrence to their inclusion in the financial statements  The related accounting records, supporting information, and specific accounts in the financial statements [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs,... Input for Information System  accounting transactions  correspondence  personnel information  customer and vendor information  entity objectives and standards  procedure manuals  information about external events, activities and conditions [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.16 Output of Information... reports D operating reports D correspondence D all the records and files generated by applications software [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.17 Obtain an understanding of the information system and the related business processes relevant to financial reporting in the following areas:  The classes... • Adequate pay level and working standard [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.33 REPORTING FRAUD : INTERNAL AUDITOR’S RESPONSIBILITY • Report to the management • If management fraud discovered – report to the audit committee [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction... Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.14 Sub- systems        The accounting system; Customer and vendor records Production system; Budget information, Personnel system; Computer systems software; Computer applications software [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide... documents and records, Application controls;  Physical control over assets and records;  adequate Segregation of duties [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.20 Control Comments • Transaction Records • Application Controls • General Controls • Computer Facility Controls [Hayes, Dassen, Schilder and Wallage,... design of controls and their operation on a timely basis and taking necessary corrective actions Ongoing monitoring information comes from several sources: exception reporting on control activities, reports by government regulators, feedback from employees, complaints from customers, and most importantly from internal auditor reports [Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction... Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.25 Methods for Obtaining Controls Audit Evidence Obtaining audit evidence about the design and implementation of relevant controls may involve (1) Inquiring of entity personnel (2) Observing and re-performing the application of a specific control (3) Inspecting documents and reports, . Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 FINANCIAL SYSTEMS AND AUDITING. Internal Control and Control Risk MANAGEMENT CONTROL AND CORPORATE GOVERNANCE Principles of Auditing: An Introduction to International Standards on Auditing -