Stages of Study and Evaluation of Internal Control Essay

The stages/activities involve in studying and evaluating home(a) simpleness atomic number 18A. Obtaining an netherstand of the entitys knowledgeable encounter structure.B. Assessing the preliminary take aim of bid happen.C. Obtaining evidential matter to support the assessed aim of comptroller take a chance.D. Evaluating the results of evidential matter.E. Determining the unavoidable level of abide byion put on the line.STAGE A. Obtaining an understanding of the entitys congenital defend structure. In excogitatening the size up examination, apiece of the five components of innate conquer must be studied and understood by the listener to enable him to (1) identify types of potential mis educational activitys (2) consider factors that affect the try of mis avouchment and (3) begin to conception appropriate testing procedure. savvy the Control EnvironmentThe meeter should obtain sufficient companionship of the misrepresent environment to understand anxietys and the board of directors attitude, aw beness, and actions concerning the hold back environment. The meeter should concentrate on the substance of instructions policies, procedures, and related actions rather than their form beca hold concern whitethorn establish appropriate policies and procedures but non act on them.Understanding Control ProceduresBecause some bid procedures argon integrated in particular components of the master environment and chronicle scheme formation, as the size upor obtains an understanding of the engage environment and answer foring system, he is also likely to obtain knowledge about some affirm procedures. The tender should consider the knowledge about the presence or absence of the chasteness procedures obtained from the understanding of the tick off environment and method of business relationship system system in determining whether it is necessary to devote additional attention to obtain an understanding of control procedures t o plan the analyze. Understanding the Accounting and inborn Control SystemsTo understand the intent of the accounting breeding system, the he atomic number 18r determines (1) the major(ip) classes of minutes of the entity (2) howthose transaction are initiated (3) what accounting records exist and their temperament (4) how minutes are summonsed from debut to completion, including the finale and nature of computer use (5) the nature and details of the financial distinguishing process followed. Typically, this is pure(a) and documented by a storey description of the system or by flow sheeting. The action of the accounting information system is often determined by tracing one or few transactions through the system (called a transaction walk-through). Information controls relating to the accounting system are concerned with achieving objectives much(prenominal)(prenominal) as Transactions are executed in accordance with prudences general or specialized authorization .All transactions and other events are promptly preserve in the correct amount, in the appropriate accounts and in the straight-laced accounting head so as to permit preparation of financial statements in accordance with an identified financial reporting framework. Access to as sterilizes and records is permitted only in accordance with guidances authorization. Recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken regarding each differences. When obtaining an understanding of the accounting and privileged control systems to plan the audit, the listener obtains knowledge of the design of the accounting and inherent control systems.When the transactions selected are typical of those transactions that pass through the system, this procedure may be treated as part of tests of control. The nature, timing, and issue of the procedures performed by the auditor to obtain an understanding of the accounting and intimate control systems allow vary with, among other things The coat and mazyity of the entity and of its computer system. sensibleity considerations.The type of versed controls involved.The nature of the entitys corroboration of specific intimate controls. The auditors assessment of inherent risk.Ordinarily, the auditors understanding of the accounting and internal control systems signifi smoket to the audit is obtained through previous with the entity and is supplemented by a. Inquiries of appropriate management, supervisory and other personnel at various organizational levels within the entity, in concert with advert to documentation, such as proceduresmanuals, job descriptions, and flow charts b. Inspection of documents and records procedure by the accounting and internal control systems and c. Observation of the entitys activities and operations, including observation of the organization of computer operations, management personnel and the nature of transaction processing.The auditor d etermines the policies, procedures, methods, and records placed in operation by inspecting documents and directly observing the policies and procedures in use. The auditor can see to it actual, completed documents and records to bring the contents of the manual to life and better understand them. In addition, the auditor can observe client personnel in the process of preparing them and carrying out their normal accounting and control activities. This progress enhances understanding and knowledge that controls have been placed in operation. Documentation of UnderstandingThe auditor should document the understanding of the entitys internal control structure elements obtained to plan the audit. The form and extent of this documentation is influenced by the size and complexity of the entity, as well as the nature of the entitys internal control structure. Generally, the more complex the internal control structure and the more extensive the procedures performed, the more extensive the auditors documentation should be.1. Internal Accounting Control QuestionnaireInternal accounting control questionnaire contains a series of questions designed to remark control weaknesses. Most questionnaires are designed to yield yes, no, or non applicable answers to the questions. A yes answer generally indicates a satisfactory degree of internal accounting control while a no answer indicates a possible weakness in control or at least(prenominal) indicates that further investigation is filmd. If the weakness is actual, them it should be reported to a of age(p) management, the board of directors, and the audit committee. Material weakness is one in which the procedures or degree of compliance with the procedures fail to allow reasonable self-assurance that corporal errors or irregularities would be impedeed or promptly detected during the accounting process. In completing the internal control questionnaire, the auditor should consider thefollowing critical aspects1. Is t he system of internal control sound?2. If it is not reliable, what errors might lead?3. What alternative audit procedures should be adopted if the system is unreliable? AdvantagesThey stomach audit assurance that attention is given to presence or absence of all controls listed and that certain features of the system are not overlooked. They bring home the bacon a means of obtaining uniform documentation of internal control system reviewed. They entrust inexperienced audit staff members with guidance in performing internal control reviews. They facilitate the archean detective work of potential weaknesses in the system. DisadvantagesAuditor may view the questionnaire device for accomplishing an automatic valuation of internal control. Controls listed on questionnaire may not suit the particular circumstances of a specific audit. The auditor may overlook pertinent control not embarrassd in the questionnaires. 2. FlowchartsFlowchart is a symbolic draw of a specific part of an i nternal accounting control system indicating the sequential flow of data and/or authority. An internal control flow chart uses metreized symbols, interconnecting lines, and annotations to represent information, document, and document flow. It nominates a pictorial overview of a clients internal control activities. It illustrates the interaction of individuals, records, and control related to a particular surgical incision or class of transactions. Internal control flow diagrams generally reflect the segregation of duties by victimization a mainstay across the top to reflect different departments and the flow of documents and the flow of documents from remaining to right. AdvantagesEasily understood. Since flowcharts cater a visual description supplemented by a written narrative, they are more easily understood. soften general picture or complex system. A complex system may be trim to a one or two-page flowchart which might otherwise require a 15-page internal control ques tionnaire or a 10-page narrative memo. Parallels electronic data processing documentation. EDP systems are commonly documented with flowcharts which make it easier for EDPpurchase personnel to relate to the auditors. It is easy to update.DisadvantagesHigher level of knowledge and train are required to go under a good flowchart of a complex system. Flowcharts take more time to prepare and require more knowledge. It is more difficult to spot internal control weakness.The ff. questions should be answered before a flowchart is prepared1. Who performs the various functions in the routine?2. Why are these functions performed?3. What work is performed, and is the work considered introduce or end product?4. When are the functions performed and in what sequence?5. How are the functions performed and in what sequence?Conference with senior management, supervisors, and employees using the above checklist should be conducted by the fissiparous auditor before flowcharting the routine. In ad dition, copies of all forms, documents and reports employ in the routine to be flowcharted should be obtained. A unproblematic purpose of the internal control flowchart is to communicate assembleively. The ff. techniques should assist in meeting this goal Standardized symbols. Auditors use a uniform set of symbols developed by the American National Standards Institute (ANSI). Flowlines. The flow of documents should be from top to bottom and left to right. Arrowheads may be employ on all lines and should be used when the flow is not standard or is bi-directional.Documents. When a document is created, its source should be indicated. Multiple-document symbols are required when multiple copies of the document are prepared. The disposition of every copy or each document should be shown. Processing. Processing symbols are used to identify all procedures applied to documents such as their being filed. Annotations. Comments and explanations should be used to make the flowchart easier t o understand or more complete. The ff. guidelines may be useful in preparing a flowchart define the class of transactions or transaction cycle to be flowcharted. Obtain an understanding of internal control by making inquiries of client personnel, observing employee activities, and examining documents, records,and policies and procedures manuals. Organize the flowchart into columns, using a different column for each department, function, or individual. Draw a sketch of the flowchart. Draw the flowchart and insert comments and annotations. render the flowchart for completeness by following a few transactions through the chart.3. Narrative DescriptionA narrative is a written description of a particular phase or phases or a control system. Although useful for describing simple systems, narratives may be adequate when a system is complicated or ofttimes revised. If the systems are extensive and/or complex, separate narratives may be prepared for a smaller groups of control which relate t o specific classes of transactions or accounts. Some auditor prepare narrative descriptions to accompany internal control questionnaire or flowcharts in order to provide information not otherwise included. AdvantagesNarrative is compromising and may be tailor-made for engagement. Requires a detailed analysis and and then forces auditor to understand cognitive process of the system. DisadvantagesAuditor may not have the ability to describe the system correctly and concisely. This may require more time and careful study.Auditor may overlook important portions of internal control system. A poorly written internal accounting control narrative can lead to a fault of the system thus resulting in the improper design and application of compliance tests.4. Internal Control ChecklistThis contains a detailed enumeration of the methods and practices which characterize good internal control or of item to be considered in reviewing internal control.5. Decision tablesIn this approach, the syste m is depicted as decision points. Advantages and disadvantages are similar to those of the flowchart approach.STAGE B. ASSESSING THE PRELIMINARY LEVEL OF CONTROL RISKAfter obtaining an understanding of the accounting and internal control systems, the auditor should make a preliminary assessment of control risk, at the assertion level, for each worldly account balance or class of transactions. The preliminary assessment of control risk is the process where the auditor evaluates the effectivity of a clients internal control policies and procedures in preventing or detecting material misstatements in the financial statement assertions, namely (1)/(2) Existence/ Occurrence. Procedures that require documentation, approvals, authorization, verification, and rapprochements. (3) Completeness. Procedures that ensure that all transactions that occur are recorded such as accounting for numerical sequence of documents. (4) Right and obligations. Procedures that ensure that the entity has a ri ght to asset or an obligation to pay arising from the transaction. (5)/(6) Valuation/ Measurement. Procedures that ensure that a proper outlay is charged and that mathematical accuracy are present in recording and in developing the accounting records and financial statement. (7) Presentation and Disclosure.Procedures that indicate that a review has been made to ascertain that a transaction has been recorded in the proper account and that financial statement disclosure have been reviewed by competent personnel. The process of arriving at the auditors assessment of control risk is an iterative process that is refined as the auditors obtain more and more evidence about the soundness of various internal control policies and procedures. After obtaining the understanding of the internal control structure, the auditor may assess control risk at the maximum level. The term maximum level is used in this section to mean the great probability that a material misstatement that could occur in a financial statement assertion will not be prevented or detected on a timely basis by an entitys internal control structure. Control risk may be assessed in quantitative terms, such as percentages, or in nonquantitative terms that range, for example, from a maximum to a minimum.Assessing control risk at on a lower floor the maximum level involves- Identifying specific internal control structure policies and procedure pertinent to specific assertions that are likely to prevent or detect material misstatements in those assertions. Performing tests of control to evaluate the forte of such policies and procedures. The preliminary assessment of control risk for a financial statement assertion should be high unless the auditor a. Isable to identify internal controls relevant to the assertion which are likely to prevent or detect, and correct a material misstatement and b. Plans to perform tests of control to support the assessment. Assessing Inherent RiskIn developing the overall audit plan, the auditor should assess inherent risk at the financial level. In developing the audit program, the auditor should relate such assessment to material account balances and classes of transactions at assertion level, or assume that inherent risk is high for the assertion. To assess inherent risk, the auditor uses passe-partout judgement to evaluate numerous factors, examples of which are At the Financial Statement LevelThe integrity of management. oversight experience and knowledge and changes in management during the period. Unusual pressure on management.The nature of the entitys business.Factors touch on the industry in which the entity operates. At the Account Balance and Class of Transactions LevelFinancial statement accounts likely to be susceptible to misstatement. The complexity of underlying transactions and other events which might require using the work of an expert. The degree of judgment involved in determining account balances. Susceptible of asset to exit or misappropriation.The completion of unusual and complex transactions.Transactions not subjected to ordinary processing.Relationship between the judging of Inherent and Control Risks Management often reacts to inherent risk situations by designing accounting and internal control systems to prevent or detect, and correct misstatements and in that locationfore, in many cases, inherent risk and control risk are highly interrelated. In such situations, if the auditor attempts to assess inherent risk and control risks separately, there is a possibility of inappropriate risk assessment. As a result, audit risk may be more appropriately determined in such situations by making a combined assessment. credit of Specific Internal Control Policies to Specific AssertionsAuditors are interested in control activities because they assist in establishing the validity of financial statement assertions. Controls that enhance the reliability of the financial statements may be preventive controls or de tective work controls.Preventive controls avoid errors and irregularities while detection controls recognizing that error will occur even under ideal conditions provide for a double-check to locate satisfying occurrences after the fact. If an entitys controls are launch to be effective, the auditor may reduce the selected auditing procedures to test a group of assertions. Control activities may provide direct evidence about the many assertions. In identifying internal control structure policies and procedures relevant to specific financial statement assertions, the auditor should consider that the policies and procedures can have either a pervasive effect on many assertions or a specific effect on an individual assertion, depending on the nature of the particular internal control structure element involved. Conversely, some control procedures often have a specific effect on an individual assertion embodied in a particular account balance or transaction class. The objective of proc edures performed to obtain understanding of the internal control structure is to provide the auditor with knowledge necessary for audit planning.The objective of test of controls is to provide evidential matter to use in assessing control risk. When the auditor concludes that procedures performed to obtain the understanding of the internal control structure also provide evidential matter for assessing control risk, he should consider the degree of assurance provided by that evidential matter. Although such evidential matter may not provide sufficient assurance to support an assessed level of control risk that is below the maximum level of certain assertions, it may do so for other assertions and thus provide a basis for modifying the nature, timing, or extent of the significant tests that the auditor plans for those assertions.STAGE C. OBTAINING important military issue TO SUPPORT THE ASSESSED LEVEL OF CONTROL RISKThe auditor obtains evidential matter to enable him to determine t he proper level of control risk by performing test of controls or compliance tests on selected policies and procedures. conformance procedures are designed to obtain reasonable assurance that those internal controls on which tests requiring inspection of documents supporting transactions to gain evidence that controls have operatedproperly and inquiries about and observation of controls which leave no audit trail. Test of ControlsProcedures directed toward either the effectiveness of the design or operations of an internal control structure insurance or procedure are referred to as tests of controls. Tests to obtain such evidential matter ordinarily include procedures such as inquiries of appropriate entity personnel, inspection of documents and reports, and observations of the application of specific internal control structure policies and procedures. Tests of control are performed to obtain audit evidence about the effectiveness of the a. Design of the accounting and internal co ntrol systems, that is, whether they are suitably designed to prevent or detect and correct material misstatements and b. Operation of the internal controls end-to-end the period. The auditor should obtain audit evidence through tests of controls to support any assessment of control risk which is less than high. The lower the assessment of control risk, the more support the auditor should obtain that accounting and internal control systems are suitably designed and operating effectively.When obtaining audit evidence about the effective operation of internal controls, the auditor considers how they were applied, the consistency with which they were applied during the period and by whom they were applied. The concept of effective operation recognizes that some deviations may have occurred. Deviations from prescribed controls may be caused by such factors as changes in key personnel, significant seasonal fluctuations in volume of transactions and human error. In computer information s ystem environment, the objectives of tests of controls do not change from those in a manual environment however, some audit procedures may change. The auditor may find it necessary, or may prefer, to use computer-assisted audit techniques.STAGE D. EVALUATING THE RESULTS OF THE EVIDENTIAL MATTERBased on the results of the tests of controls, the auditor should evaluate whether the internal controls are designed and operating as contemplated in the preliminary assessment of control risk. The military rating of deviations may result in the auditor terminal that the assessed level of control risk needed to be revised. In such cases, the auditor would modify the nature,timing, and extent of planned of the essence(p) procedures. The conclusion reached as a result of assessing control risk is referred to as the assessed level of control risk. In determining the evidential matter necessary to support a specific assessed level of control risk below the maximum level, the auditor should cons ider the characteristics of evidential matter about the control risk.Generally, however the lower the assessed level of control risk, the greater the assurance the evidential matter must provide that the internal control structure policies and procedures relevant to an assertion are designed and operating effectively. Ordinarily, the auditors observation provides more reliable audit evidence than merely making inquiries. However, audit evidence obtained by some tests of controls, such as observation, pertains only to the point in time at which the procedures was applied. The auditor may decide, therefore, to supplement these procedures with other tests of control capable of providing audit evidence about other period of time. In determining the appropriate audit evidence to support a conclusion about control risk, the auditor may consider the audit evidence obtained in prior audits.In a continuing engagement, the auditor will be aware of the accounting and internal control systems t hrough work carried out antecedently but will need to update the knowledge gained and consider the need to obtain further audit evidence of any changes in control. The auditor in addition, should consider whether the internal controls were in use throughout the period. An audit of financial statements is a cumulative process as the auditor assesses control risk, the information obtained may cause him to modify the nature, timing, or extent of the planned tests of controls for assessing control risk. The evaluation is based on the effectiveness of the entitys control structure in preventing and/pr detecting material misstatements, as determined by the tests of controls.STAGE E. DETERMINING THE NECESSARY LEVEL OF DETECTION RISKThe auditor uses the acceptable level of detection risk to determine the nature, timing, and extent of the auditing procedures to be used to detect material misstatements in the financial statement assertions, auditing procedures designed to detect such misstate ments are referred to in this section as substantive tests. The level of detection risk relates directly to the auditors substantive procedures. The auditors control riskassessment, together with the inherent risk assessment, influence the nature, timing, and extent of the substantive procedures to be performed to reduce risk, and therefore audit risk, to an tolerably low level. In this regard the auditor would considera. The nature of substantive procedures, for example, using tests directed toward independent parties outside the entity rather than tests directed toward parties or documentation within the entity, or using tests of details for a particular audit objectives in addition to analytical procedures b. The timing of substantive procedures, for example, performing them at period rather than at an earlier date and c. The extent of substantive procedures, for example, using a larger savour size. As the acceptable level of detection risk decrease, the assurance provided from substantive tests should increase. Consequently, the auditor may do one or more of the ff swop the nature of substantive tests from a less effective to a more effective procedures, such as using tests directed toward parties or documentation within the entity Change the timing of substantive tests, such as performing them at year-end rather than at slowdown date. Change the extent of substantive tests, such as using a larger warning size. in that location is an inverse relationship between the detection risks and the combined level of inherent and control risks. The substantive tests that the auditor performs consist of tests of details of transactions and balances, and analytical procedures. The objective of tests of details of transactions performed as substantive tests is to detect material misstatements in the financial statements. The auditor should recognize, however, that careful consideration should be given to the design and evaluation of such tests to ensure that both objectives will be accomplished.Audit Risk in the Small strainThe auditor needs to obtain the same level of assurance in order to express an bungling opinion on the financial statements of both small and large entities. However, many internal controls which would be relevant to large entities are not practical in the small business for example is the segregation of duties. In circumstances where segregation of duties islimited and audit evidence of supervisory control is neglecting, the audit evidence necessary to support the auditors opinion on the financial statements may have to be obtained all told through the performance of substantive procedures. How Adequacy or Inadequacy of Internal Control Affects Audit Procedures The primary reason for studying and evaluating internal control is to provide a basis for relying upon the system and for determining the extent of year-end substantive tests to be performed.There is an inverse relationship between the effectiveness of interna l control and the extent of detailed audit procedures more effective system requires less detailed testing. Strengths and weaknesses identified during the evaluation of internal accounting control and tests of compliance will affect the nature, timing, and extent of audit procedures. The audit is not specifically designed to search for errors or irregularities, although during the study and evaluation of internal accounting control system and the performance of substantive tests, errors, or irregularities may be discovered. The auditor must consider the audit moment when errors or irregularities are likely to exist. Documentation of the Assessed Level of Control RiskThe auditor should document in the working papers.a. The understanding obtained of the entitys accounting and internal control systemsb. The assessment of control risk. When control risk is assessed at less than high, the auditor would also document the basis for the conclusions.Figure 11.2 Relationship of Effectiveness of Internal Control and Substantive Tests Controls initially considered effectiveControls initial not considered effective or not equal efficient shrivel up control riskAssess control risk at maximum ( light speed%)Reduce acceptable risk of overreliance on internal controlAcceptable risk of overreliance on internal control- 100% (maximum) Perform tests of control (inquiries, inspection, observation, and reperformance) Perform no tests of controlsIncrease detection riskDecrease detection riskReduce planned substantive test1. Use less persuasive substantive tests.2. Perform the substantive tests at interim date.3. Decrease extent of substantive test by selecting a smaller sample size. Perform extensive substantive testing1. Use more effective substantive tests.2. Perform substantive tests at year-end3. Increase extent of substantive tests by selecting a larger sample size. conference of Performance, Improvements and Observations in Internal Control Management. As a result of obtain ing an understanding of the accounting and internal control systems and tests of controls, the auditor may become aware of weaknesses in the systems. The auditor should make the management aware, as currently as practical and at an appropriate responsibility, of material weaknesses in the design or operation of the accounting and internal control systems, which have come to the auditors attention. The communication to management of material weaknesses would ordinarily in writing.Management earn may be made that will contain constructive suggestions or improvements in internal control or other suggestions for increased efficiency in operations. This letter is considered a by-product rather than the aim of the audit and is often completed sometimes after the completion of the champaign work. If however, the auditor identifies material weaknesses, he has a professional responsibility to communicate them to both senior management and the board of directors. The auditor should issue a written report at the earliest possible that it is documented in the work papers. Reportable ConditionsSpecifically, these are the matters coming to the auditors attention that, in his judgement, should be communicated to the audit committee because they represent significant deficiencies in the design or operation of the internal control structure, which could adversely affect the organizations ability to record, process, summarize, and report financial data unvarying with the assertions of management in the financial statements. Examples of reportable conditions are as follows Deficiencies in internal controlstructure design short-staffed overall internal control structure designAbsence of appropriate segregation of duties consistent with appropriate control objectives. Absence of appropriate reviews, and approvals of transactions, accounting entries, or systems output. Inadequate procedures for appropriately assessing and applying accounting principles. Inadequate provisions fo r the safeguarding of assets.Absence of other internal control techniques considered appropriate for the type and level of transaction activity. testify that a system fails to provide complete and accurate output that is consistent with objectives and current needs because of design flaws. distresss in the operation of the internal control structure usher of failure of identified controls in preventing or detecting misstatements of accounting information Evidence that a system fails to provide complete and accurate output consistent with the entitys control objectives because of the misapplication of control procedures. Evidence of failure to safeguard assets from loss, damage, or misappropriation. Evidence of intentional override of the internal control structure by those in authority to the detriment of the overall objectives of the system. Evidence of failure to perform tasks that are part of the internal control structure, such as reconciliation not prepared or not timely prep ared. Evidence of willful wrongdoing by employees or management.Evidence of manipulation, falsification, or alteration of accounting records or supporting documents. Evidence of intentional misapplication of accounting principles. Evidence of misrepresentation by client personnel to the auditor. Evidence that employees or management lack the qualifications and training to fulfill their assigned functions. OthersAbsence of sufficient level of control consciousness within the organization Failure to follow up and correct previously identified internal control structure deficiencies. Evidence of significant or extensive undisclosedrelated party transactions. Evidence of undue bias or lack of objectivity by those responsible for accounting decisions. Reporting- Form and ContentConditions noted by the auditor that are considered reportable under this section or that are the result of agreement with the client should be reported, desirable in writing. If the information is communicated o rally, the auditor should document the communication by appropriate memoranda or notations in the working papers. Any report issued on reportable conditions shouldIndicate that a purpose of the audit was to report on the financial statements and not to provide assurance on the internal control structure. Include the commentary of reportable conditions.Include the restriction on distribution as discussed in the previous paragraph. If no reportable conditions are found, an auditor may not issue a letter stating that. Such a letter may mislead users by implying a greater level of assurance about the lack of any significant deficiencies than the auditor could really provide. However, an auditor may issue a letter indicating that no material weaknesses were found during the course of an audit.