Академический Документы
Профессиональный Документы
Культура Документы
PAGE 1 OF 6!
Figure 10-2 from Arens, Elder, and Beasley, Auditing and Assurance Services: An Integrated Approach, 11th ed
Control Environment
Tone at the top Actions, policies, and procedures reecting overall attitudes about internal control Some important control environment factors include:
!" " !" " ! !
PAGE 2 OF 6!
Risk Assessment
Control Activities
Adopted to provide reasonable assurance that entitys objectives will be achieved Particularly di!cult for smaller companies due to limited number of personnel
PAGE 3 OF 6!
Segregation of Duties
Segregation of Duties
Asset Custody Accounting Transaction Authorization Operational Responsibility Related Asset Custody Recordkeeping Responsibility User Departments
IT Duties
PAGE 4 OF 6!
Authorizations
COSO INTERNAL CONTROL FRAMEWORK
Authorizations
Authorizations
General authorization: authorizations based on approval of all transactions within limits of a certain policy
General authorization: authorizations based on approval of all transactions within limits of a certain policy
Specic authorization: case-by-case authorizations resulting from unwillingness to implement general authorization
Specic authorization: case-by-case authorizations Adequate Documents and Records resulting from unwillingness to implement general
Pre-numbered consecutively; ________________ assertion Prepared in timely manner; ________________ assertion Su!ciently simple and designed for multiple uses when possible Constructed to facilitate correct preparation
authorization
PAGE 5 OF 6!
Mechanisms for getting all the information to the nancial statements To understand this system, auditor must understand:
!" major classes of transactions ! how transactions are initiated !" how transactions are recorded" ! the accounting records that exist !" how system captures other events signicant to the nancial statements !" nature and details of the nancial reporting process followed
Monitoring of Controls
Periodic review and modication (if necessary) of controls to ensure controls are operating as intended Internal auditing department in larger organizations is an example
Performed by sta" independent of operations and accounting Report directly to high-level of organization Auditor might be able to rely on internal audit work (SAS 65, AS5)
!
PAGE 6 OF 6!