Académique Documents
Professionnel Documents
Culture Documents
AUDITING &
INTERNAL CONTROL
T I U | T U YO R
AUDITING
Internal Control
Independence Inconsistency
Consideration
Opinion
AUDITING STANDARDS
Management assertions and audit objectives:
(1) EXISTENCE or OCCURRENCE; (II) COMPLETENESS; (III) RIGHTS and
OBLIGATIONS; (IV) VALUATION or ALLOCATION; (V) PRESENTATION and
DISCLOSURE.
Auditors develop audit objectives and design audit procedures based on these assertions.
Auditors seek evidential matter that corroborates assertions.
Auditor must determine whether internal control weaknesses and
misstatements are material.
Auditors must communicate the results of their tests, including an audit
opinion.
AUDIT OBJECTIVES AND AUDIT ROCEDURES
BASED ON MANAGEMENT ASSERTIONS
Management Objectives Audit Objectives Audit Procedure
Existence or Inventories listed on the balance sheet Observe the counting of physical inventory.
exist.
Occurrence
Completeness Accounts payable include all obligations Compare receiving reports, supplier invoices,
to vendors for the period. purchase orders and journal entries for the
period and the beginning of the next period.
Rights and Plant and equipment listed in the balance Review purchase agreements, insurance
sheet are owned by the entity. policies and related documents.
Obligations
Valuation or Accounts receivable are stated at net of Review entitys aging of accounts and evaluate
realizable value. the adequacy of the allowance for
Allocation
uncollectible accounts.
Presentation and Contingencies not reported in financial Obtain information from entity lawyers about
accounts are properly disclosed in the status of litigation and estimates of
Disclosure
footnotes. potential losses.
AUDIT RISK
Probability that the auditor may render and inappropriate opinion on the financial
statement.
INHERENT RISK (IR) is the risk that the auditor may deliberately conclude that the
financial statements are misstated.
CONTROL RISK (CR) is the likelihood the control structure is flawed because
controls are either absent or inadequate to prevent or detect errors.
DETECTION RISK (DR) is the risk auditors are willing to take that errors not
detected or prevented by the control structure will not be detected by the auditors.
AUDIT RISK
Audit risk components in a model used to determine the scope, nature and
timing of substantive tests:
AUDIT RISK MODEL: AR = IR x CR x DR
Detection Risk = Audit Risk / (Inherent Risk x Control Risk)
The stronger the internal control structure, the lower the control risk and the
less substantive testing the auditor must do.
Substantive tests are labor intensive and time consuming, which drives up audit costs and
cause disruption.
Managements best interests are served by a strong internal control structure.
THE IT AUDIT
AUDIT PLANNING TESTS OF SUBSTANTIVE
PHASE CONTROL PHASE TESTING PHASE
Levels of
Control
Undesirable Events
Preventive
Detective
Corrective
COSO INTERNAL CONTROL
FRAMEWORK
The control environment is the foundation for the other four control
components and includes:
Management integrity and ethical values, organizational structure, board of director
participation and managements philosophy and operation style.
A risk assessment must be performed to identify, analyze and manage financial
reporting risks.
An effective accounting information system will:
Identify and record all valid financial transactions, provide timely information and
adequately measure and record transactions.
COSO INTERNAL CONTROL
FRAMEWORK
Monitoring is the process by which the quality of internal control design and
operation can be assessed.
Control activities are policies and procedures to ensure actions to deal with
identified risk.
Physical controls relate primarily to human activities employed in accounting systems.
Information technology controls.
COSO INTERNAL CONTROL
FRAMEWORK GENERAL
CONTROLS
Categories of IT
Control Activities APPLICATION
CONTROLS
CONTROL
ACTIVITIES
Independent Verification
Transaction Authorization
PHYSICAL
Segregation of Duties
Supervision
Accounting Records
Access Control