Description
Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. This technique also helps to define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints when they develop to avert possible negative effects on the competitiveness of the company.
AUDITING: A RISK ANALYSIS APPROACH
5th edition
1
Chapter 6
2
OVERVIEW
Internal Control defined Internal Control System Components Control environment Risk Assessment Information & Communication Control Activities Monitoring
3
OVERVIEW
Internal Control and Management Assertions in financial statements Existence or occurrence Completeness Rights & obligations Valuation & allocation Presentation & disclosure
4
OVERVIEW
Inherent Limitations & minimum substantive tests Internal Control modifications for small businesses
5
LEARNING OBJECTIVES
•Define internal control •Describe internal control components •Relate components to assertions •Understand minimum testing needs •Identify effective internal controls •Relate internal controls & entity sizes
6
INTERNAL CONTROL DEFINED
? Internal Control: “The process effected by
an entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories:”
7
Categories...
? Operations controls (resource uses) ? Financial reporting controls (reliable published financial statements) ? Compliance controls (laws and regulations)
This clearly relates to all activities of an organization. Auditors focus on financial reporting controls.
8
FIVE COMPONENTS OF INTERNAL CONTROL
? Control Environment (Prevention controls & Detection controls) ? Risk assessment ? Information & communication ? Control activities ? Monitoring
9
1. Control Environment
? Attitudes (Top management sets the tone!) ? Management must support control, minimizing risks, personnel policies. ? Management must desire reliable reports, proper accounting, internal audits. ? Management must promote integrity, competence & ethical behavior (e.g., internal codes of conduct).
10
2. Risk Assessment
? Managers assess business risk! ? Operating objectives must be well defined, addressing resource control and uses (e.g., technology, related laws, compliance with controls). ? Financial reporting risks relate to data processing, potential for error & fraud.
11
Risk is reduced by proper approvals, surveillance, processing, procedures, budgeting, training, “responsibility accounting,” reviewing variances from goals, technology, etc.
12
3. Information & Communication
? Information requirements (who gets what data when?) ? Reports consistent with objectives, with sufficient details for action ? Feedback & revisions (often & proper) ? Commitment to appropriate resources for effective information systems
13
Information...
? Identification of information -- controls to ensure events trigger documents, records ? Capture of information -- computers, manual procedures ? Processing of information -- journals (tabulations), ledgers (sorts), systems & standardizations ? Reporting of information (external, internal)
14
Communication...
? Employee responsibility ? Employee training ? Employee cooperation
15
4. Control Activities
? Policies & procedures to ensure management directives are followed, objectives attained, reporting complete & correct. ? Procedures to prevent errors, fraud. ? Procedures to detect errors, fraud. ? Documentation, approval, verification
16
Activities...
? Computer Information Systems (CIS) require input editing, data center controls, system & program controls, “controlled reprocessing.” ? Reporting using manuals (guidance for valuations, classifications, estimates, adjustments, updates, records retention ? Physical safeguards over access, assets, records, documents, confidential data)
17
The Fundamental Principle of Internal Control
SEGREGATE:
1. Operations Personnel & Functions 2. Custodianships [over assets] 3. Accounting Personnel & Functions
18
Examples…
? Computer programmers from computer operators. ? Payroll clerks from general ledger staff ? Bank reconciliations by disinterested parties
19
5. MONITORING Financial Reporting Controls
? Transaction cycles emphasis (feedbacks, corrective actions) ? “Real-time” basis ? Variances from budgets; causes ? Cross corroborations by employees ? Investigating exceptions
20
Monitoring…
? Selected internal audit procedures (confirmations, physical counts, etc.) ? “Effectiveness reviews” (ethics, compliance, competence, fraud)
21
6. INHERENT LIMITATIONS of Internal Control Systems
? No “absolute” assurances (systems, computers & people temporarily break down) ? Sampling is not perfect; 100% surveys are not perfect. ? Collusion can circumvent controls! and…
22
Limitations…
? Management may override controls!
There are implications of fraud in such cases; often, there is nobody at the top to “supervise” those at the top.
23
INTERNAL CONTOL FOR SMALL BUSINESS
? Effective organization ? Constant management surveillance ? Proper paper controls in place (supporting documents before checks signed, bank reconciliations by disinterested parties, purchase orders) ? Controls over mailing, especially signed checks
24
Controls at small firms…
? Analytical procedures; investigation of any unusual ratios, etc.; management must read the financial statements. ? Stringent controls over cash in, cash out; daily intact deposits; imprest funds, cash register tapes, receipted deposit slips direct to owners. ? Executive approvals of write-offs … of any kind.
25
Controls at small firms…
? Samplings & physical counts (inventory); comparisons with records ? Payrolls signed, and occasionally distributed, by top management ? Quarterly or annual reviews by external CPAs (if audits unaffordable)
“It’s not what you own, but what you can control!”
26
Critical Terms Review
? ? ? ? ? ? ? ? Access controls Accounting manual Alterations (accounts) Alteration (substance) Chart of accounts Collusion Control environment Detection controls ? Financial reporting controls ? Inherent limitations ? Internal control ? Management override ? Monitoring ? Reasonable assurance ? Temporary breakdowns
27
End of Chapter 6
28
doc_491380521.ppt
Risk analysis is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal. This technique also helps to define preventive measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints when they develop to avert possible negative effects on the competitiveness of the company.
AUDITING: A RISK ANALYSIS APPROACH
5th edition
1
Chapter 6
2
OVERVIEW
Internal Control defined Internal Control System Components Control environment Risk Assessment Information & Communication Control Activities Monitoring
3
OVERVIEW
Internal Control and Management Assertions in financial statements Existence or occurrence Completeness Rights & obligations Valuation & allocation Presentation & disclosure
4
OVERVIEW
Inherent Limitations & minimum substantive tests Internal Control modifications for small businesses
5
LEARNING OBJECTIVES
•Define internal control •Describe internal control components •Relate components to assertions •Understand minimum testing needs •Identify effective internal controls •Relate internal controls & entity sizes
6
INTERNAL CONTROL DEFINED
? Internal Control: “The process effected by
an entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories:”
7
Categories...
? Operations controls (resource uses) ? Financial reporting controls (reliable published financial statements) ? Compliance controls (laws and regulations)
This clearly relates to all activities of an organization. Auditors focus on financial reporting controls.
8
FIVE COMPONENTS OF INTERNAL CONTROL
? Control Environment (Prevention controls & Detection controls) ? Risk assessment ? Information & communication ? Control activities ? Monitoring
9
1. Control Environment
? Attitudes (Top management sets the tone!) ? Management must support control, minimizing risks, personnel policies. ? Management must desire reliable reports, proper accounting, internal audits. ? Management must promote integrity, competence & ethical behavior (e.g., internal codes of conduct).
10
2. Risk Assessment
? Managers assess business risk! ? Operating objectives must be well defined, addressing resource control and uses (e.g., technology, related laws, compliance with controls). ? Financial reporting risks relate to data processing, potential for error & fraud.
11
Risk is reduced by proper approvals, surveillance, processing, procedures, budgeting, training, “responsibility accounting,” reviewing variances from goals, technology, etc.
12
3. Information & Communication
? Information requirements (who gets what data when?) ? Reports consistent with objectives, with sufficient details for action ? Feedback & revisions (often & proper) ? Commitment to appropriate resources for effective information systems
13
Information...
? Identification of information -- controls to ensure events trigger documents, records ? Capture of information -- computers, manual procedures ? Processing of information -- journals (tabulations), ledgers (sorts), systems & standardizations ? Reporting of information (external, internal)
14
Communication...
? Employee responsibility ? Employee training ? Employee cooperation
15
4. Control Activities
? Policies & procedures to ensure management directives are followed, objectives attained, reporting complete & correct. ? Procedures to prevent errors, fraud. ? Procedures to detect errors, fraud. ? Documentation, approval, verification
16
Activities...
? Computer Information Systems (CIS) require input editing, data center controls, system & program controls, “controlled reprocessing.” ? Reporting using manuals (guidance for valuations, classifications, estimates, adjustments, updates, records retention ? Physical safeguards over access, assets, records, documents, confidential data)
17
The Fundamental Principle of Internal Control
SEGREGATE:
1. Operations Personnel & Functions 2. Custodianships [over assets] 3. Accounting Personnel & Functions
18
Examples…
? Computer programmers from computer operators. ? Payroll clerks from general ledger staff ? Bank reconciliations by disinterested parties
19
5. MONITORING Financial Reporting Controls
? Transaction cycles emphasis (feedbacks, corrective actions) ? “Real-time” basis ? Variances from budgets; causes ? Cross corroborations by employees ? Investigating exceptions
20
Monitoring…
? Selected internal audit procedures (confirmations, physical counts, etc.) ? “Effectiveness reviews” (ethics, compliance, competence, fraud)
21
6. INHERENT LIMITATIONS of Internal Control Systems
? No “absolute” assurances (systems, computers & people temporarily break down) ? Sampling is not perfect; 100% surveys are not perfect. ? Collusion can circumvent controls! and…
22
Limitations…
? Management may override controls!
There are implications of fraud in such cases; often, there is nobody at the top to “supervise” those at the top.
23
INTERNAL CONTOL FOR SMALL BUSINESS
? Effective organization ? Constant management surveillance ? Proper paper controls in place (supporting documents before checks signed, bank reconciliations by disinterested parties, purchase orders) ? Controls over mailing, especially signed checks
24
Controls at small firms…
? Analytical procedures; investigation of any unusual ratios, etc.; management must read the financial statements. ? Stringent controls over cash in, cash out; daily intact deposits; imprest funds, cash register tapes, receipted deposit slips direct to owners. ? Executive approvals of write-offs … of any kind.
25
Controls at small firms…
? Samplings & physical counts (inventory); comparisons with records ? Payrolls signed, and occasionally distributed, by top management ? Quarterly or annual reviews by external CPAs (if audits unaffordable)
“It’s not what you own, but what you can control!”
26
Critical Terms Review
? ? ? ? ? ? ? ? Access controls Accounting manual Alterations (accounts) Alteration (substance) Chart of accounts Collusion Control environment Detection controls ? Financial reporting controls ? Inherent limitations ? Internal control ? Management override ? Monitoring ? Reasonable assurance ? Temporary breakdowns
27
End of Chapter 6
28
doc_491380521.ppt