Stages of Study and Evaluation of Internal Control Essay

The stages/activities involve in studying and evaluating versed program line beA. Obtaining an judgement of the entitys inside get over structure.B. Assessing the preliminary take of have got lay on the line.C. Obtaining pregnant occasion to stay the treasureed level of restrain take a chanceiness.D. Evaluating the results of evidentiary liaison.E. Determining the necessary level of undercover compute risk. degree A. Obtaining an understanding of the entitys cozy take in structure. In training the examine examination, apiece of the five components of immanent domination must be studied and understood by the attendee to enable him to (1) identify types of authorisation mis disputations (2) suppose factors that affect the risk of mis command and (3) begin to aim assign interrogatory surgery. Understanding the swear EnvironmentThe meeter should get under ones skin fitted association of the lock environs to understand focusings and the carte du jour of managing directors attitude, aw arness, and action mechanisms concerning the entertain surround. The attendant should concentrate on the substance of attentions policies, procedures, and related actions rather than their form beca persona management whitethorn have book policies and procedures but not act on them.Understanding ascertain ProceduresBecause some reserve procedures argon integrated in specific components of the oblige environment and account rumor agreement, as the attendant sires an understanding of the admit environment and accountancy organisation ashes, he is also likely to obtain knowledge nearly some contain procedures. The attendant should consider the knowledge roughly the aim or absence of the consider procedures obtained from the understanding of the simpleness environment and accounting frame in find whether it is necessary to devote additional heed to obtain an understanding of hold up procedures to programme the s crutinize. Understanding the Accounting and subjective Control SystemsTo understand the traffic pattern of the accounting information system, the he atomic number 18r determines (1) the major(ip) classes of legal proceeding of the entity (2) howthose motion atomic number 18 initiated (3) what accounting records exist and their record (4) how proceeding be processed from initiation to completion, including the outcome and personality of computer use (5) the nature and details of the fiscal give notice (of)ing process followed. Typic eachy, this is accomplished and put down by a narrative description of the system or by flowcharting. The surgical mathematical process of the accounting information system is often determined by tracing one or few proceedings through the system (c in alled a movement walk-through). Information minces relating to the accounting system ar have-to doe with with achieving neutrals much(prenominal) as Transactions atomic number 18 ex ecuted in symmetry with managements general or specific authorization.All exercises and other events are promptly recorded in the even out amount, in the appropriate accounts and in the proper accounting period so as to permit preparation of financial statements in accordance with an identified financial reporting framework. Access to assets and records is permitted only in accordance with managements authorization. Recorded assets are compared with the existing assets at reasonable intervals and appropriate action is taken regarding any differences. When obtaining an understanding of the accounting and inborn apply systems to plan the inspect, the tender obtains knowledge of the design of the accounting and essential experience systems.When the transactions selected are typical of those transactions that pass through the system, this procedure whitethorn be treated as image of try outs of control. The nature, timing, and purpose of the procedures performed by the atten dee to obtain an understanding of the accounting and inseparable control systems go away change with, among other things The size and building complexity of the entity and of its computer system. Materiality considerations.The type of natural controls involved.The nature of the entitys accompaniment of specific innate controls. The canvassors judgement of underlying risk.Ordinarily, the auditors understanding of the accounting and inhering control systems signifi firet to the audit is obtained through previous with the entity and is supplemented by a. Inquiries of appropriate management, supervisory and other personnel at various organizational levels in spite of appearance the entity, together with reference to memorandumation, such as proceduresmanuals, job descriptions, and flow charts b. rmilitary rating of put downs and records procedure by the accounting and internal control systems and c. Observation of the entitys activities and operations, including observatio n of the organization of computer operations, management personnel and the nature of transaction processing.The auditor determines the policies, procedures, methods, and records fixed in operation by inspecting instruments and directly law-abiding the policies and procedures in use. The auditor can examine actual, completed archives and records to bring the content of the manual to life and better understand them. In addition, the auditor can observe lymph node personnel in the process of preparing them and carrying out their ruler accounting and control activities. This except enhances understanding and knowledge that controls have been placed in operation. Documentation of UnderstandingThe auditor should document the understanding of the entitys internal control structure elements obtained to plan the audit. The form and extent of this documentation is deviated by the size and complexity of the entity, as well as the nature of the entitys internal control structure. Gener ally, the more complex the internal control structure and the more extensive the procedures performed, the more extensive the auditors documentation should be.1. infixed Accounting Control QuestionnaireInternal accounting control questionnaire contains a series of questions designed to light upon control weaknesses. Most questionnaires are designed to yield yes, no, or not applicable answers to the questions. A yes answer generally indicates a satisfactory s baksheesh of internal accounting control while a no answer indicates a mathematical weakness in control or at least indicates that and investigation is take ind. If the weakness is genuine, them it should be reported to a senior management, the circuit card of directors, and the audit citizens committee. Material weakness is one in which the procedures or degree of deference with the procedures fail to provide reasonable arrogance that worldly errors or irregularities would be prevented or promptly take noteed duri ng the accounting process. In completing the internal control questionnaire, the auditor should consider the chase critical aspects1. Is the system of internal control sound?2. If it is not reliable, what errors might occur?3. What alternative audit procedures should be adopted if the system is unreliable? AdvantagesThey provide audit assurance that attention is given to presence or absence of all controls listed and that certain features of the system are not vaulted. They provide a heart and soul of obtaining uniform documentation of internal control system reviewed. They provide unfledged audit staff members with guidance in acting internal control reviews. They facilitate the early detection of potential weaknesses in the system. Disadvantages auditor whitethorn view the questionnaire device for accomplishing an automatic evaluation of internal control. Controls listed on questionnaire whitethorn not suit the limited hazard of a specific audit. The auditor may over look pertinent control not involved in the questionnaires. 2. FlowchartsFlowchart is a symbolic diagram of a specific part of an internal accounting control system indicating the sequential flow of data and/or authority. An internal control flowchart uses standardized symbols, interconnecting lines, and annotations to re show up information, document, and document flow. It provides a pictorial overview of a clients internal control activities. It illustrates the interaction of individuals, records, and control related to a particular department or class of transactions. Internal control flowcharts generally reflect the segregation of duties by using a column across the top to reflect polar departments and the flow of documents and the flow of documents from left to recompense. AdvantagesEasily understood. Since flowcharts provide a opthalmic description supplemented by a written narrative, they are more comfortably understood. Better overall picture or complex system. A compl ex system may be reduced to a one or two-page flowchart which might otherwise require a 15-page internal control questionnaire or a 10-page narrative memo. Parallels EDP documentation. EDP systems are normally documented with flowcharts which piss it easier for EDPpurchase personnel to relate to the auditors. It is escaped to update.DisadvantagesHigher level of knowledge and training are required to turn out a nigh flowchart of a complex system. Flowcharts take more time to prepare and require more knowledge. It is more difficult to write out internal control weakness.The ff. questions should be answered before a flowchart is ready1. Who performs the various functions in the routine?2. Why are these functions performed?3. What work is performed, and is the work considered input or output?4. When are the functions performed and in what sequence?5. How are the functions performed and in what sequence?Conference with senior management, supervisors, and employees using the above checklist should be conducted by the independent auditor before flowcharting the routine. In addition, copies of all forms, documents and reports apply in the routine to be flowcharted should be obtained. A primary project of the internal control flowchart is to communicate loadingively. The ff. techniques should assist in clash this goal Standardized symbols. scrutiniseors use a uniform set of symbols highly-developed by the American National Standards Institute (ANSI). Flowlines. The flow of documents should be from top to bottom and left to right. Arrowheads may be use on all lines and should be used when the flow is not standard or is bi-directional.Documents. When a document is created, its source should be indicated. Multiple-document symbols are required when multiple copies of the document are prompt. The disposition of every copy or each document should be shown. Processing. Processing symbols are used to identify any procedures apply to documents such as their being filed. Annotations. Comments and explanations should be used to make the flowchart easier to understand or more complete. The ff. guidelines may be useful in preparing a flowchartDetermine the class of transactions or transaction cycle to be flowcharted. Obtain an understanding of internal control by making inquiries of client personnel, observing employee activities, and examining documents, records,and policies and procedures manuals. Organize the flowchart into columns, using a different column for each department, function, or individual. Draw a insinuate of the flowchart. Draw the flowchart and insert comments and annotations.Test the flowchart for completeness by following a few transactions through the chart.3. Narrative DescriptionA narrative is a written description of a particular course or phases or a control system. Although useful for describing simple systems, narratives may be adequate when a system is complicated or much revised. If the systems are extensive and/ or complex, separate narratives may be prepared for a smaller groups of control which relate to specific classes of transactions or accounts. Some auditor prepare narrative descriptions to accompany internal control questionnaire or flowcharts in order to provide information not otherwise included. AdvantagesNarrative is flexible and may be tailor- do for engagement. Requires a enlarge analysis and and then forces auditor to understand functioning of the system. DisadvantagesAuditor may not have the ability to describe the system enlightenly and concisely. This may require more time and careful study.Auditor may overlook important portions of internal control system. A poorly written internal accounting control narrative can lead to a misunderstand of the system thus resulting in the improper design and application of compliancy tests.4. Internal Control ChecklistThis contains a detailed enumeration of the methods and practices which characterize good internal control or of ite m to be considered in reviewing internal control.5. Decision tablesIn this approach, the system is depicted as decision points. Advantages and disadvantages are similar to those of the flowchart approach.STAGE B. ASSESSING THE PRELIMINARY LEVEL OF CONTROL run a riskAfter obtaining an understanding of the accounting and internal control systems, the auditor should make a preliminary assessment of control risk, at the assertion level, for each hooey account balance or class of transactions. The preliminary assessment of control risk is the process where the auditor evaluates the trenchantness of a clients internal control policies and procedures in preventing or detecting secular misstatements in the financial statement assertions, namely (1)/(2) Existence/ Occurrence. Procedures that require documentation, approvals, authorization, verification, and reconciliations. (3) Completeness. Procedures that visualize that all transactions that occur are recorded such as accounting for nu merical sequence of documents. (4) Right and obligations. Procedures that ensure that the entity has a right to asset or an obligation to pay arising from the transaction. (5)/(6) Valuation/ Measurement. Procedures that ensure that a proper price is charged and that mathematical accuracy are present in recording and in developing the accounting records and financial statement. (7) introduction and Disclosure.Procedures that indicate that a review has been made to ascertain that a transaction has been recorded in the proper account and that financial statement divine revelation have been reviewed by competent personnel. The process of arriving at the auditors assessment of control risk is an iterative process that is refined as the auditors obtain more and more picture roughly the effectiveness of various internal control policies and procedures. After obtaining the understanding of the internal control structure, the auditor may assess control risk at the upper limit level. The te rm maximum level is used in this share to mean the greatest probability that a material misstatement that could occur in a financial statement assertion get out not be prevented or detected on a timely basis by an entitys internal control structure. Control risk may be assessed in quantitative hurt, such as percentages, or in nonquantitative terms that range, for example, from a maximum to a minimum.Assessing control risk at downstairs the maximum level involves- Identifying specific internal control structure policies and procedure relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions. practiceing tests of control to evaluate the effectiveness of such policies and procedures. The preliminary assessment of control risk for a financial statement assertion should be high un little(prenominal) the auditor a. Isable to identify internal controls relevant to the assertion which are likely to prevent or detect, and refine a m aterial misstatement and b. Plans to perform tests of control to support the assessment. Assessing Inherent findIn developing the overall audit plan, the auditor should assess inherent risk at the financial level. In developing the audit program, the auditor should relate such assessment to material account balances and classes of transactions at assertion level, or assume that inherent risk is high for the assertion. To assess inherent risk, the auditor uses professional judgement to evaluate numerous factors, examples of which are At the Financial Statement LevelThe integrity of management.Management finger and knowledge and changes in management during the period. Unusual pressure on management.The nature of the entitys business.Factors affecting the industry in which the entity operates. At the Account relief and Class of Transactions LevelFinancial statement accounts likely to be susceptible to misstatement. The complexity of underlying transactions and other events which mi ght require using the work of an expert. The degree of judgment involved in determining account balances. Susceptible of asset to loss or misappropriation.The completion of erratic and complex transactions.Transactions not subjected to ordinary processing.Relationship between the judicial decision of Inherent and Control Risks Management often reacts to inherent risk situations by designing accounting and internal control systems to prevent or detect, and correct misstatements and therefore, in many another(prenominal) cases, inherent risk and control risk are highly interrelated. In such situations, if the auditor attempts to assess inherent risk and control risks separately, there is a possibility of inappropriate risk assessment. As a result, audit risk may be more fittingly determined in such situations by making a have assessment. Identification of Specific Internal Control Policies to Specific AssertionsAuditors are implicated in control activities because they assist in establishing the validity of financial statement assertions. Controls that enhance the reliability of the financial statements may be preventive controls or detection controls.Preventive controls avoid errors and irregularities while detection controls recognizing that error will occur even under ideal conditions provide for a check to locate momentous occurrences after the fact. If an entitys controls are found to be effective, the auditor may reduce the selected auditing procedures to test a group of assertions. Control activities may provide direct show up about the many assertions. In identifying internal control structure policies and procedures relevant to specific financial statement assertions, the auditor should consider that the policies and procedures can have either a permeant effect on many assertions or a specific effect on an individual assertion, depending on the nature of the particular internal control structure element involved. Conversely, some control proce dures often have a specific effect on an individual assertion embodied in a particular account balance or transaction class. The fair game of procedures performed to obtain understanding of the internal control structure is to provide the auditor with knowledge necessary for audit planning.The objective of test of controls is to provide evidential matter to use in assessing control risk. When the auditor concludes that procedures performed to obtain the understanding of the internal control structure also provide evidential matter for assessing control risk, he should consider the degree of assurance provided by that evidential matter. Although such evidential matter may not provide sufficient assurance to support an assessed level of control risk that is below the maximum level of certain assertions, it may do so for other assertions and thus provide a basis for modifying the nature, timing, or extent of the material tests that the auditor plans for those assertions.STAGE C. OBT AINING EVIDENTIAL MATTER TO SUPPORT THE ASSESSED LEVEL OF CONTROL encounterThe auditor obtains evidential matter to enable him to determine the proper level of control risk by performing test of controls or conformism tests on selected policies and procedures. Compliance procedures are designed to obtain reasonable assurance that those internal controls on which tests requiring inspection of documents supporting transactions to gain raise that controls have operatedproperly and inquiries about and observation of controls which leave no audit trail. Test of ControlsProcedures directed toward either the effectiveness of the design or operations of an internal control structure policy or procedure are referred to as tests of controls. Tests to obtain such evidential matter ordinarily include procedures such as inquiries of appropriate entity personnel, inspection of documents and reports, and observations of the application of specific internal control structure policies and procedu res. Tests of control are performed to obtain audit exhibit about the effectiveness of the a. Design of the accounting and internal control systems, that is, whether they are suitably designed to prevent or detect and correct material misstatements and b. Operation of the internal controls throughout the period. The auditor should obtain audit evidence through tests of controls to support any assessment of control risk which is less than high. The lower the assessment of control risk, the more support the auditor should obtain that accounting and internal control systems are suitably designed and operational effectively.When obtaining audit evidence about the effective operation of internal controls, the auditor considers how they were applied, the consistency with which they were applied during the period and by whom they were applied. The concept of effective operation recognizes that some deviations may have occurred. Deviations from prescribed controls may be caused by such fa ctors as changes in key personnel, significant seasonal fluctuations in volume of transactions and human error. In computer information system environment, the objectives of tests of controls do not change from those in a manual environment however, some audit procedures may change. The auditor may find it necessary, or may prefer, to use computer-assisted audit techniques.STAGE D. EVALUATING THE RESULTS OF THE EVIDENTIAL MATTER found on the results of the tests of controls, the auditor should evaluate whether the internal controls are designed and direct as contemplated in the preliminary assessment of control risk. The evaluation of deviations may result in the auditor concluding that the assessed level of control risk needed to be revised. In such cases, the auditor would modify the nature,timing, and extent of plan significant procedures. The conclusion reached as a result of assessing control risk is referred to as the assessed level of control risk. In determining the evide ntial matter necessary to support a specific assessed level of control risk below the maximum level, the auditor should consider the characteristics of evidential matter about the control risk.Generally, however the lower the assessed level of control risk, the great the assurance the evidential matter must provide that the internal control structure policies and procedures relevant to an assertion are designed and operating effectively. Ordinarily, the auditors observation provides more reliable audit evidence than notwithstanding making inquiries. However, audit evidence obtained by some tests of controls, such as observation, pertains only to the point in time at which the procedures was applied. The auditor may decide, therefore, to supplement these procedures with other tests of control capable of providing audit evidence about other period of time. In determining the appropriate audit evidence to support a conclusion about control risk, the auditor may consider the audit evi dence obtained in prior audits.In a continuing engagement, the auditor will be aware of the accounting and internal control systems through work carried out previously but will need to update the knowledge gained and consider the need to obtain further audit evidence of any changes in control. The auditor in addition, should consider whether the internal controls were in use throughout the period. An audit of financial statements is a cumulative process as the auditor assesses control risk, the information obtained may cause him to modify the nature, timing, or extent of the planned tests of controls for assessing control risk. The evaluation is based on the effectiveness of the entitys control structure in preventing and/pr detecting material misstatements, as determined by the tests of controls.STAGE E. DETERMINING THE NECESSARY LEVEL OF DETECTION RISKThe auditor uses the welcome level of detection risk to determine the nature, timing, and extent of the auditing procedures to be used to detect material misstatements in the financial statement assertions, auditing procedures designed to detect such misstatements are referred to in this section as satisfying tests. The level of detection risk relates directly to the auditors substantive procedures. The auditors control riskassessment, together with the inherent risk assessment, influence the nature, timing, and extent of the substantive procedures to be performed to reduce risk, and therefore audit risk, to an tolerably low level. In this regard the auditor would considera. The nature of substantive procedures, for example, using tests directed toward independent parties outside the entity rather than tests directed toward parties or documentation within the entity, or using tests of details for a particular audit objectives in addition to analytical procedures b. The timing of substantive procedures, for example, performing them at period rather than at an earlier date and c. The extent of substantive proc edures, for example, using a larger sample size. As the satisfactory level of detection risk decrease, the assurance provided from substantive tests should increase. Consequently, the auditor may do one or more of the ff mixture the nature of substantive tests from a less effective to a more effective procedures, such as using tests directed toward parties or documentation within the entity Change the timing of substantive tests, such as performing them at closing rather than at interim date. Change the extent of substantive tests, such as using a larger sample size. There is an opposite relationship between the detection risks and the combined level of inherent and control risks. The substantive tests that the auditor performs consist of tests of details of transactions and balances, and analytical procedures. The objective of tests of details of transactions performed as substantive tests is to detect material misstatements in the financial statements. The auditor should recogni ze, however, that careful consideration should be given to the design and evaluation of such tests to ensure that both objectives will be accomplished.Audit Risk in the Small BusinessThe auditor needs to obtain the same level of assurance in order to express an straight-out opinion on the financial statements of both small and large entities. However, many internal controls which would be relevant to large entities are not concrete in the small business for example is the segregation of duties. In circumstances where segregation of duties islimited and audit evidence of supervisory control is overlooking, the audit evidence necessary to support the auditors opinion on the financial statements may have to be obtained entirely through the cognitive process of substantive procedures. How Adequacy or Inadequacy of Internal Control Affects Audit Procedures The primary reason for studying and evaluating internal control is to provide a basis for relying upon the system and for determi ning the extent of year-end substantive tests to be performed.There is an inverse relationship between the effectiveness of internal control and the extent of detailed audit procedures more effective system requires less detailed testing. Strengths and weaknesses identified during the evaluation of internal accounting control and tests of compliance will affect the nature, timing, and extent of audit procedures. The audit is not specifically designed to search for errors or irregularities, although during the study and evaluation of internal accounting control system and the performance of substantive tests, errors, or irregularities may be discovered. The auditor must consider the audit implication when errors or irregularities are likely to exist. Documentation of the Assessed Level of Control RiskThe auditor should document in the working papers.a. The understanding obtained of the entitys accounting and internal control systemsb. The assessment of control risk. When control risk is assessed at less than high, the auditor would also document the basis for the conclusions.Figure 11.2 Relationship of Effectiveness of Internal Control and Substantive Tests Controls initially considered effectiveControls initial not considered effective or not cost efficient Reduce control riskAssess control risk at maximum (100%)Reduce congenial risk of overreliance on internal controlAcceptable risk of overreliance on internal control- 100% (maximum) Perform tests of control (inquiries, inspection, observation, and reperformance) Perform no tests of controls ontogeny detection riskDecrease detection riskReduce planned substantive test1. Use less persuasive substantive tests.2. Perform the substantive tests at interim date.3. Decrease extent of substantive test by selecting a smaller sample size. Perform extensive substantive testing1. Use more effective substantive tests.2. Perform substantive tests at year-end3. Increase extent of substantive tests by selecting a larger sam ple size.Communication of Performance, Improvements and Observations in Internal Control Management. As a result of obtaining an understanding of the accounting and internal control systems and tests of controls, the auditor may become aware of weaknesses in the systems. The auditor should make the management aware, as soon as practical and at an appropriate responsibility, of material weaknesses in the design or operation of the accounting and internal control systems, which have come to the auditors attention. The conversation to management of material weaknesses would ordinarily in writing.Management earn may be made that will contain constructive suggestions or improvements in internal control or other suggestions for increased efficiency in operations. This letter is considered a by-product rather than the aim of the audit and is often completed sometimes after the completion of the field work. If however, the auditor identifies material weaknesses, he has a professional resp onsibility to communicate them to both senior management and the board of directors. The auditor should issue a written report at the earliest possible that it is documented in the work papers. Reportable ConditionsSpecifically, these are the matters coming to the auditors attention that, in his judgement, should be communicated to the audit committee because they represent significant deficiencies in the design or operation of the internal control structure, which could adversely affect the organizations ability to record, process, summarize, and report financial data consistent with the assertions of management in the financial statements. Examples of reportable conditions are as follows Deficiencies in internal controlstructure designInadequate overall internal control structure design absence of appropriate segregation of duties consistent with appropriate control objectives. Absence of appropriate reviews, and approvals of transactions, accounting entries, or systems output. Inadequate procedures for appropriately assessing and applying accounting principles. Inadequate viands for the safeguarding of assets.Absence of other internal control techniques considered appropriate for the type and level of transaction activity. secern that a system fails to provide complete and stainless output that is consistent with objectives and current needs because of design flaws. Failures in the operation of the internal control structureEvidence of failure of identified controls in preventing or detecting misstatements of accounting information Evidence that a system fails to provide complete and accurate output consistent with the entitys control objectives because of the misapplication of control procedures. Evidence of failure to safeguard assets from loss, damage, or misappropriation. Evidence of intentional override of the internal control structure by those in authority to the detriment of the overall objectives of the system. Evidence of failure to perform t asks that are part of the internal control structure, such as reconciliation not prepared or not timely prepared. Evidence of willful erroneous belief by employees or management.Evidence of manipulation, falsification, or alteration of accounting records or supporting documents. Evidence of intentional misapplication of accounting principles. Evidence of deceit by client personnel to the auditor. Evidence that employees or management lack the qualifications and training to fulfill their assigned functions. OthersAbsence of sufficient level of control consciousness within the organization Failure to follow up and correct previously identified internal control structure deficiencies. Evidence of significant or extensive undisclosedrelated party transactions. Evidence of overweening bias or lack of objectivity by those responsible for accounting decisions. Reporting- Form and ContentConditions noted by the auditor that are considered reportable under this section or that are the res ult of agreement with the client should be reported, preferable in writing. If the information is communicated orally, the auditor should document the communication by appropriate memoranda or notations in the working papers. either report issued on reportable conditions shouldIndicate that a purpose of the audit was to report on the financial statements and not to provide assurance on the internal control structure. Include the definition of reportable conditions.Include the labor on distribution as discussed in the previous paragraph. If no reportable conditions are found, an auditor may not issue a letter stating that. Such a letter may mislead users by implying a greater level of assurance about the lack of any significant deficiencies than the auditor could really provide. However, an auditor may issue a letter indicating that no material weaknesses were found during the course of an audit.