Академический Документы
Профессиональный Документы
Культура Документы
Understanding and
assessing internal
control
8-1
Learning objective 1:
Audit strategy and internal control
Internal control is the process designed and
8-2
8-3
Auditors requirements
ASA/ISA 315.12 requires auditor to obtain an
8-4
Audit strategy
In order to issue an opinion on the financial report,
8-5
Control Risk
Control risk is the risk that a material misstatement
8-6
Learning objective 2:
Responsibility for internal control
Achieving satisfactory internal control is
8-7
8-8
Learning objective 3:
Internal control objectives
Risks are identified and minimised
Management decision making is effective
8-9
Management controls
Definition: The activities undertaken by senior
8-10
Transaction controls
Performed by staff and lower level management.
8-11
Characteristics of satisfactory
internal control
Controls to monitor and minimise business risks.
Segregation of incompatible duties and
responsibilities.
System of authorisation, recording and procedures
and functions.
Capabilities commensurate with responsibilities.
Copyright 2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
8-12
Learning objective 4:
Elements of internal control (IC)
Five elements of IC outlined in ASA/ISA 315.1423:
1. Control environment
2. Entitys risk assessment process
3. Information system
4. Control activities
5. Monitoring of controls.
8-13
1. Control environment
Includes governance and managements overall
8-14
business risks.
Once risks are identified, management needs
8-15
3. Information system
An effective information system establishes the
8-16
Audit trail
An important feature of the information system
is the audit trail.
Audit trail:
Main elements:
8-17
4. Control activities
Policies and procedures established by
8-18
2.
3.
4.
8-19
report assertions:
8-20
5. Monitoring of controls
Monitoring of controls:
8-21
Learning objective 5:
Considering internal control in a
financial report audit
For every audit, irrespective of intended reliance on
8-22
8-23
8-24
8-25
Understanding
the control environment
An auditor gains an understanding of the control
environment by:
8-26
Understanding
the risk assessment process
Auditor needs to determine how management
8-27
Understanding
the information system
Auditor is required to obtain sufficient knowledge of
8-28
Understanding
the control activities
Procedures include:
Inspection of documentation
8-29
Understanding monitoring of
controls
Auditor is required to obtain an understanding of
8-30
8-31
8-32
8-33
8-34
Tests of controls
Evidence is needed to support the conclusion that
8-35
8-36
Learning objective 6:
Computerised systems
ASA/ISA 315.18 requires the auditor to have an
8-37
8-38
8-39
8-40
2. IT controls
8-41
8-42
General controls
General controls are manual and computer
Segregation of duties
Control over programs
Control over data.
8-43
8-44
or changes to programs.
Controls of interest to auditor include controls over:
Development or acquisition of new programs
Changes to existing programs
Access to programs; and
The use of specialised systems software.
Modifications or access should be appropriately
authorised, approved and tested.
8-45
processing stage.
Restriction of access to data files (e.g. password).
Use of librarian function or software.
8-46
8-47
Application controls
Application controls (defined in ASA/ISA 315.A97)
8-48
User controls
Control totals: detect errors in input or processing.
Financial totals
Record totals
Hash totals.
procedures.
Authorisation controls help ensure that only valid
transactions and batches of transactions are
processed.
Copyright 2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
8-49
IT application controls
Usually classified into the following categories:
Input controls
File controls
Processing controls
Output controls.
8-50
Input controls
Control totals
Key verification
Key entry validation
Programmed controls:
Check digits
Limit or reasonableness tests
Field tests
Valid code tests.
8-51
File controls
Include:
8-52
Processing controls
Programmed control procedures include:
8-53
Output controls
These include:
Restricted distribution
Page numbering
End-of-report messages.
8-54
8-55
8-56
8-57
Learning objective 7:
Considering the work of an internal
auditor
An effective internal audit function can significantly
8-58
8-59
8-60
General evaluation
The external auditor is required to undertake a
8-61