Chapter_07Internal control and control risk

Chapter7:InternalcontrolandcontrolriskLearningObjectivesAppreciatetheimportanceofinternalcontrolDescribethecomponentsofinternalcontrolStatetheinherentlimitationsoftheinternalcontrolsystemIndicatetheproceduresusedtoobtainanddocumentanunderstandingofinternalcontrolExplainthepurposeofmakingapreliminaryassessmentofcontrolriskLearningObjectivesDescribetheapproachtoevaluatingthedesigneffectivenessofcontrolactivitiesStatethepurposeoftestsofcontrolandthenatureofsuchtestsDescribehowtheworkofinternalauditingmaybeusedintestsofcontrolExplaintheprocessofassessingcontrolriskRiskAssessmentNatureandextentofrisksfacingthecompanyExtentandcategoriesofriskdeemedokayLikelihoodofrisksmaterialisingCompany’sabilitytoreducetheincidenceandimpactoftheriskonthebusinessThecostsofoperatingparticularcontrolsRiskAssessmentHighimpactMediumimpactLowimpactHighlikelihoodSignific.controlsMediumlikelihoodAveragecontrolsLowlikelihoodFewcontrolsKeyTerms&ConceptsControlriskDual-purposetestFlowchartInformationsystemInherentlimitationsNarrativememorandumNecessarycontrolsPhysicalcontrolsSegregationofdutiesTestsofcontrolWalk-throughreviewDefinitionandConceptsofInternalControl(Turnbull)Aninternalcontrolsystemencompassesthepolicies,processes,tasks,behaviourandotheraspectsofacompanythat,takentogether:facilitateitseffectiveandefficientoperationbyenablingittorespondappropriatelytosignificantbusiness,operational,financial,complianceandotherriskstoachievingthecompany’sobjectives.Thisincludesthesafeguardingofassetsfrominappropriateuseorfromlossandfraud,andensuringthatliabilitiesareidentifiedandmanaged;DefinitionandConceptsofInternalControl(Turnbull)helpensurethequalityofinternalandindependentreporting.Thisrequiresthemaintenanceofproperrecordsandprocessesthatgenerateaflowoftimely,relevantandreliableinformationfromwithinandoutsidetheorganisation;helpensurecompliancewithapplicablelawsandregulations,andalsowithinternalpolicieswithrespecttotheconductofbusiness.ComponentsofInternalControlThecontrolenvironmentTheentity’sriskassessmentprocessTheinformationsystemControlactivitiesMonitoringofcontrolsControlEnvironmentRelevantfactorsIntegrityandethicalvaluesCommitmenttocompetenceManagement’sphilosophy&operatingstyleOrganisationalstructureAssignmentofauthorityandresponsibilityControlEnvironmentRelevantfactors(cont.)InternalauditUseofinformationtechnologyhumanresourcepoliciesandpracticeBoardofdirectorsandauditcommitteeHumanResourcePolicies(riskenvironment)RelevantfactorsDevelopingappropriaterecruitmentpoliciesScreeningprospectiveemployeesOrientingnewpersonnelDevelopingtrainingpoliciesExercisingdisciplinaryactionEvaluating,counsellingandpromotingImplementingcompensationprogrammesBoardofDirectors(riskassessment+environment)RelevantfactorsProportionofnon-executivedirectorsExperienceandstatureofdirectorsExtentofinvolvementinrunningthebusinessandmonitoringthemanagersStrategicawarenessBusinessacumenInteractionwithinternalandexternalauditorsConfidencetoraiseandpursuedifficultquestionsInformationsystemIdentifiesandrecordstransactionsandothereventssuchthatall,butonly,validtransactionsarerecordedrecordedassetsandliabilitiesarisefromtransactionsproducingrightsandobligationstransactionsareproperlymeasuredandrecordedinthecorrectperiodandinsufficientdetailMaintainsaccountabilityforassetsandliabilitiesControlActivitiesInformationprocessingcontrols-generalvapplicationproperauthorisationdocumentsandrecordsindependentchecksSegregationofdutiesbetweenexecuting,recordingandcustodyofassetsresultingfromtransactionbetweenstepsinexecutingatransactionbetweencertainaccountingoperationsPhysicalcontrolsPerformancereviewsMonitoringTypesofInternalControlOrganisationSegregationofDutiesPhysicalAuthorisationandApprovalArithmeticandAccountingTypesofInternalControlPersonnelSupervisionManagementAcknowledgementofPerformanceBudgetingTypesofInternalControlOAPSPASMOrganisation,authorisationPersonnel,supervisionPhysical,arithmeticSegregation,managementLimitationsOnlyprovidesreasonableassurancebecauseof:costsversusbenefitsmanagementoverridemistakesinjudgementcollusionbreakdownsLimitationsOnlyprovidesreasonableassurancebecauseof:Tendnottobeasstrongonone-offtransactions.Potentialforhumanerror.Abuseofresponsibility.Managementover-rideofcontrols.Changesintheenvironment.Humaningenuity.InternalControlSECONDSESSIONInternalControlApplicationtosmallerentitiesControlincomputerinformationsystemsPotentialtobothincreaseanddecreaseriskoferrorsControlinComputerSystemsConsistentlyapplypredefinedcontrolsFacilitateadditionalanalysisEnhancetheabilitytomonitorReduceriskcontrolswillbecircumventedGreaterchanceofsegregationofdutiesProceduretoObtainanUnderstandingObtaininganunderstandingReviewingpreviousexperienceInquiringInspectingdocumentsandrecordsObservationandwalkthroughWalkthroughTeststoensurethattheauditorhasacorrectunderstandingoftheinternalcontrolandaccountingsystemsinplacewithinthebusiness.Oncetheauditorhasdiscov