Publicado em 2 de mai de 2013
Lecture 8 (lecture 10?): Audits of Internal Control & Control Risk
by Professor Helen Brown
This lecture begins with a discussion of control. Internal control is a process that requires judgment (in other words, it is subjective - there is rarely a single correct answer). Internal control involves people in the organization (the responsibility of management and board of directors). Internal controls are designed to provide reasonable assurance as well as safeguarding assets, ensuring financial statement reliability, promoting operational efficiency, and encouraging compliance with management's directives.
Management has the responsibility for establishing internal controls. These internal controls should be reasonable, but not absolute, assurance that financial statements are fairly and accurately stated. Management is required to issue reports, such as an assessment of the effectiveness of internal control and the acknowledgement of their responsibilities (Section 404). They must also submit a report on the evaluation of the design of internal control and the operating effectiveness of controls.
The auditor has the responsibility of understanding the internal controls and to assess the risk of material misstatement. The SAS 109 and PCAOB Standard 2 both require auditors to obtain an understanding of internal control for every audit. Auditors are responsible for confirming the reliability of financial reporting and keeping an eye out for fraudulent financial reporting and misappropriation of assets and illegal acts.
Management must confirm whether or not the processes and records are correct. To do this, they must ask several questions. Regarding existence, occurrence, and validity, management must make sure that the recorded transactions are real, and whether or not they are properly dated. Regarding rights and obligations, management must confirm that the transactions and assets in question actually belong to the organization. With accuracy and valuation, management must make sure that te events and transactions that occurred are recorded at the right value. Finally, with completeness, management must make sure that all the events that occurred are recorded in the AIS and that all the information fields are filled in (in other words, no blank spots).
If the records are all "correct," then management can move on to evaluating whether or not other criteria are implemented. For example, confirming authorization would require management to make sure that all events and transactions are recorded (and authorized - i.e. they have not exceeded their credit limit, for example). Another criteria would be asset and record safeguarding. Management has to make sure that nobody can steal or destroy assets and that all records are kept and cannot be changed, tampered with, or destroyed.
The control environment involves integrity and ethical values. Commitment to competence involves making sure employees are committed and loyal to the company, which management can accomplishment by participating and maintaining communication with its employees (management must also have a good philosophy and operating style to make this possible).
When management designs controls for a company, they must consider the risk factors (i.e. the process of risk assessment). Risk assessment recognizes that every organization faces risks to success and that risks can come from internal and external sources. Risks that appear to affect the accomplishment of a company's goals should be identified, analyzed, and acted upon. To properly perform a risk assessment, the factors that may increase risk must be identified and the significance of the aforementioned risk should be estimated (i.e. the impact of the risk if it is realized) as well as the probability of the risk actually occurring. Lastly, the actions necessary to manage the risk must be determined.
The Professor then moves on to control activities, which there are five of.
------QUICK NAVIGATION------
Definition & Importance of Internal Control Risk: 0:08
Management and Auditor Responsibilities
Related to Internal Control: 5:48
Audit Risk Model for Planning
(How much & what type of evidence?) : 10:15
Management Assertions with Respect
to Internal Controls on Processes: 10:53
Components of Internal Control: 15:20
The Control Environment: 16:40
Risk Assessment: 18:34
Control Activities: 21:43
Adequate Separation of Duties: 28:33
Information and Communication: 30:14
Monitoring: 32:28
Process for Understanding Internal
Control and Assessing Control Risk: 33:16
Evaluating Internal Control Operation: 34:47
Assess Control Risk: 35:32
Identify and Evaluate Deficiencies and Weaknesses: 36:30
Identify Deficiencies and Weaknesses: 38:47
Communications: 41:09
Steps in Internal Control Analysis: 41:52
Control Procedures Analyzed: 43:15
Types of Opinions: 44:41
by Professor Helen Brown
This lecture begins with a discussion of control. Internal control is a process that requires judgment (in other words, it is subjective - there is rarely a single correct answer). Internal control involves people in the organization (the responsibility of management and board of directors). Internal controls are designed to provide reasonable assurance as well as safeguarding assets, ensuring financial statement reliability, promoting operational efficiency, and encouraging compliance with management's directives.
Management has the responsibility for establishing internal controls. These internal controls should be reasonable, but not absolute, assurance that financial statements are fairly and accurately stated. Management is required to issue reports, such as an assessment of the effectiveness of internal control and the acknowledgement of their responsibilities (Section 404). They must also submit a report on the evaluation of the design of internal control and the operating effectiveness of controls.
The auditor has the responsibility of understanding the internal controls and to assess the risk of material misstatement. The SAS 109 and PCAOB Standard 2 both require auditors to obtain an understanding of internal control for every audit. Auditors are responsible for confirming the reliability of financial reporting and keeping an eye out for fraudulent financial reporting and misappropriation of assets and illegal acts.
Management must confirm whether or not the processes and records are correct. To do this, they must ask several questions. Regarding existence, occurrence, and validity, management must make sure that the recorded transactions are real, and whether or not they are properly dated. Regarding rights and obligations, management must confirm that the transactions and assets in question actually belong to the organization. With accuracy and valuation, management must make sure that te events and transactions that occurred are recorded at the right value. Finally, with completeness, management must make sure that all the events that occurred are recorded in the AIS and that all the information fields are filled in (in other words, no blank spots).
If the records are all "correct," then management can move on to evaluating whether or not other criteria are implemented. For example, confirming authorization would require management to make sure that all events and transactions are recorded (and authorized - i.e. they have not exceeded their credit limit, for example). Another criteria would be asset and record safeguarding. Management has to make sure that nobody can steal or destroy assets and that all records are kept and cannot be changed, tampered with, or destroyed.
The control environment involves integrity and ethical values. Commitment to competence involves making sure employees are committed and loyal to the company, which management can accomplishment by participating and maintaining communication with its employees (management must also have a good philosophy and operating style to make this possible).
When management designs controls for a company, they must consider the risk factors (i.e. the process of risk assessment). Risk assessment recognizes that every organization faces risks to success and that risks can come from internal and external sources. Risks that appear to affect the accomplishment of a company's goals should be identified, analyzed, and acted upon. To properly perform a risk assessment, the factors that may increase risk must be identified and the significance of the aforementioned risk should be estimated (i.e. the impact of the risk if it is realized) as well as the probability of the risk actually occurring. Lastly, the actions necessary to manage the risk must be determined.
The Professor then moves on to control activities, which there are five of.
------QUICK NAVIGATION------
Definition & Importance of Internal Control Risk: 0:08
Management and Auditor Responsibilities
Related to Internal Control: 5:48
Audit Risk Model for Planning
(How much & what type of evidence?) : 10:15
Management Assertions with Respect
to Internal Controls on Processes: 10:53
Components of Internal Control: 15:20
The Control Environment: 16:40
Risk Assessment: 18:34
Control Activities: 21:43
Adequate Separation of Duties: 28:33
Information and Communication: 30:14
Monitoring: 32:28
Process for Understanding Internal
Control and Assessing Control Risk: 33:16
Evaluating Internal Control Operation: 34:47
Assess Control Risk: 35:32
Identify and Evaluate Deficiencies and Weaknesses: 36:30
Identify Deficiencies and Weaknesses: 38:47
Communications: 41:09
Steps in Internal Control Analysis: 41:52
Control Procedures Analyzed: 43:15
Types of Opinions: 44:41
Nenhum comentário:
Postar um comentário