Chapter 07

Internal Control

A process, effected by the entitys board of directors, management, and other personnel, designed to provide reasonable assurance regarding, achievement of (the entitys) objectives on:
Effectiveness and efficiency of operations Reliability of financial reporting !! Compliance with applicable laws and regulations
!! !!

McGraw-Hill/Irwin

Copyright 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

7-2

"!

In each area of internal control (financial reporting, operations and compliance)

!! !!

"! Passed

Control objectives and Sub objectives exist

Top level objective prepare and issue reliable financial information Detailed level applied to A/R sub objectives ! All goods shipped are accurately billed in the proper period ! Invoices are accurately recorded for all authorized shipments and only for such shipments ! Authorized and only authorized sales returns and allowances are accurately recorded ! The continued completeness and accuracy of A/R is ensured ! Accounts receivable records are safeguarded
7-3

"!

Example: Area of financial reporting

!! !!

in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business "! The Act
!! !!

Requires an effective system of internal control Makes illegal payment of bribes to foreign officials

7-4

"!

"!

"!

Preventive !! Aimed at avoiding the occurrence of misstatements in the financial statements !! Example: Segregation of duties Detective !! Designed to discover misstatements after they have occurred !! Example: Monthly bank reconciliations Corrective
!! !!

"!The

Control Environment

"!Risk Assessment "!The Accounting

Needed to remedy the situation uncovered by detective controls Example: Backups of master file Complementary function together Redundant address same assertion or control objective Compensating reduces risk existing weakness will result in misstatement

"!

Controls overlap
!! !! !!

Information and Communication System

"!Control Activities "!Monitoring

7-5 7-6

"! Integrity

and ethical values "! Commitment to competence "! Board of directors or audit committee "! Management philosophy and operating style "! Organizational structure "! Human resource policies and practices "! Assignment of authority and responsibility
7-7

Changes in the regulatory or operating environment "! Changes in personnel "! Implementation of a new or modified information system "! Rapid growth of the organization "! Changes in technology affecting production processes or information systems "! Introduction of new lines of business, products, or processes
"!

7-8

Segregation of Duties
"!Performance "!Information
!! !!

reviews

processing

General control activities Application control activities

"!Physical

controls of duties

"!Segregation
!!

Segregate authorization, recording and custody of assets

7-9 7-10

"!Ongoing
Identify and record valid transactions "! Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions "! Measure the value of transactions appropriately "! Determine the time period in which the transactions occurred to permit recording in the proper period "! Present properly the transactions and related disclosures in the financial statements
"!
!!

monitoring activities

Regularly performed supervisory and management activities !! Example: Continuous monitoring of customer complaints
"!Separate
!!

evaluations

Performed on nonroutine basis !! Example: Periodic audits by internal audit

7-11

7-12

"! COSO
"! Errors

may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. that depend on the segregation of duties may be circumvented by collusion may override the structure may deteriorate over time
7-13

"! Controls

"! Management "! Compliance

issued a new internal control framework in 2004 on enterprise risk management. It does not replace the original COSO internal control framework. "! It goes beyond internal control to focus on how organizations can effectively manage risks and opportunities. "! The auditing standards are still structured around the original COSO internal control framework.
7-14

"! Overall

approach of an audit

"!

1. Plan the audit 2. Obtain an understanding of the client and its environment, including internal control 3. Assess the risks of material misstatement and design further audit procedures 4. Perform further audit procedures 5. Complete the audit 6. Form an opinion and issue the audit report

The understanding of internal control is used to help the auditor to

!! !! !!

Identify types of potential misstatements Consider factors that affect the risks of material misstatement. Design tests of controls (when applicable) and substantive procedures.

"!

Auditors must consider all five internal control components

!! !! !! !! !!

"! Steps

2-4 relate most directly to the role of internal control in financial statement audits
"!
7-15

Control environment Accounting information system Risk assessment Control activities Monitoring
7-16

Also consider areas difficult to control like nonroutine transactions

"!Procedures
!!

include

"!Questionnaires
!!

Inquiring of entity personnel !! Observing the application of specific controls !! Inspecting documents and reports !! Tracing transactions through the information system relevant to financial reporting
"!May

Typically standardized by firm

"!Written
!!

Narratives

Memos that describe flow of transactions Systems flowcharts Trace one or two transaction through cycle
7-18

"!Flowcharts
!!

also obtain evidence on operating effectiveness of various controls

7-17

"!Walk-through
!!

General approach
!! !!

!!

!!

Identify risks while obtaining an understanding of the client and its environment, including its internal control Relate the identified risks to what can go wrong at the relevant assertion level Consider whether the risks are of a magnitude that could result in a material misstatement Consider the likelihood that the risks could result in a material misstatement

7-19

7-20

"!Consider
!!

the nature of the transactions

"!

Routine transactionse.g., revenue, purchases, and cash receipts and disbursements !! Nonroutine transactionse.g., taking of inventory, calculating depreciation expense !! Estimation transactionse.g., determining the allowance for doubtful accounts "! Generally routine transactions have the strongest controls
7-21

"!

Examples !! Preparing the period-end financial statements, including the development of significant accounting estimate and preparation of the notes !! The selection and application of significant accounting policies !! IT general controls !! The control environment Responses to high risks !! Assigning more experience staff or those with specialized skills !! Providing more supervision and emphasizing the need to maintain professional skepticism !! Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed !! Increasing the overall scope of audit procedures, including the nature, timing or extent
7-22

"!Examples

Failure to recognize an impairment loss on a long-lived asset affects only the valuation assertion !! Inaccurate counting of inventory at year-end affect the valuation of inventory and the accuracy of cost of goods sold
!!

"!Approach:
!!

!!

Identify controls likely to prevent or detect material misstatements Perform tests of controls to determine whether they are operating effectively

"!Tests
!! !! !!

of controls address:

"!Responses
!!

Decisions are made here as to the appropriate combination of tests of controls and substantive procedures
7-23

How controls were applied The consistency with which controls were applied By whom or by what means (e.g., electronically) the controls were applied
7-24

"!Tests
!!

of controls include:

Inquiries of appropriate client personnel !! Inspection of documents and reports !! Observation of the application of controls !! Reperformance of the controls
"!The

results of the tests of controls are used to determine the nature, timing and extent of substantive procedures
7-25 7-26

"!Audit
!!

decision aids

Checklist, standard form or computer program that helps auditors make a decision by ensuring that they have all relevant information or by assisting them in combining the information.

Deficiency in Internal Control

"!Use
!!

of the work of internal auditors Less than Significant Significant Deficiency Material Weakness
7-28

!!

Must assess internal audit competence and objectivity and test work Can rely on work of internal audit to reduce amount of testing done by independent auditors
7-27

"!Acknowledgment

of responsibility for internal control "!An assessment of internal control effectiveness as of the last day of the companys fiscal yearn using suitable criteria "!Support the evaluation with sufficient evidence
7-29

"! This

section applies to public companies with a market capitalization of $75 million or more. For those companies, the auditors audit internal control as a part of an integrated audit as follows:
!! !! !! !!

!!

Plan the engagement Use a top-down approach to identify the controls to test Test and evaluate design effectiveness of internal control Test and evaluate operating effectiveness of internal control Form an opinion on effectiveness of internal control over financial reporting

7-30

"! "!

Due to lack of employees, internal control is seldom strong in small businesses Specific practices for small businesses
!! !! !!

!! !! !!

!! !!

Record all cash receipts immediately Deposit all cash receipts intact daily Make all payments by serially numbered checks, with exception of petty cash disbursements Reconcile bank accounts monthly and retain copies Use serially numbered invoices, Pos, and receiving reports Issue checks to vendors only in payment of approved invoices that have been matched with purchase orders and receiving reports Balance subsidiary ledger with control accounts Prepare comparative financial statements monthly to disclose significant variations in any category of revenue or expense
7-31