Академический Документы
Профессиональный Документы
Культура Документы
Waqar Ali
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.2
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.3
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.4
Internal Control
A process, effected by an entitys board of
directors, management and other personnel,
designed to provide reasonable assurance
regarding the achievement of objectives in the
following categories: effectiveness and efficiency
of operations, reliability of financial reporting,
compliance with applicable laws and regulations
and safeguarding of assets against
unauthorized acquisition, use or disposition.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.5
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.6
Financial Reporting
Managements FS / true-fair
responsibility
The auditor is interested primarily in
financial reporting controls (especially
controls over transactions why?).
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.7
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.9
Because
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.10
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.11
Examples?
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.12
IT Risks
Systems / Programs - inaccurately processing data,
processing inaccurate data
Unauthorized data access / privileges
Destruction of data or improper changes to and input of,
data
IT personnel gaining access privileges (segregation of
duties?)
Unauthorized changes to systems or programs
Failure to make necessary changes to systems or
programs.
Potential loss of data or inability to access data as
required
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.13
Components
of Internal
Control:
Top-Down
Or
Bottom-Up?
Illustration 7.1
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.14
Control Environment
Governance and management functions
Attitudes / awareness
Actions of those charged with
governance and management
Concerning the entitys _____________.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.15
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.16
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.17
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.18
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.19
Risk Assessment
Management assesses risks to design
____________.
Auditors assess risks to decide
____________.
Managements effective risk assessment /
response; control risk? Auditor response?
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.20
Identify Risks
A technique to identify risks involves identifying
and prioritizing high risk activities (students to
pick a business):
1. identify the essential resources of the business
and determine which are most at risk;
2. identify possible liabilities which may arise;
3. review the risks that have arisen in the past;
4. consider any additional risks imposed by new
objectives or new external factors; and
5. seek to anticipate change by considering
problems and opportunities on a continuing
basis.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.21
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.23
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.24
Authorization
Proper Authorization
Appropriate delegation of authority
sets limits on what levels of risk are
acceptable e.g.?
General Controls
access to the computer system is
limited to people who have a right to
the information
back-up and recovery procedures
User ID and general system access
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.25
Performance
Reviews Independent checks on
performance
By a third party not directly
involved in the activity.
Variance Analysis / Budgetary
Control;
Operating or Financial to one
another;
Comparing internal data with
external sources of information;
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.26
Information Processing
Well-designed documents in a manual
system and preformatted input screens in a
CIS
Assets are properly controlled and all
transactions correctly recorded why?
Document prepared at the time a
transaction takes place why?
Document simple enough to be clearly
understood
Document designed for multiple use to
minimize the number of different forms
Document constructed in a manner that
encourages correct preparation
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.27
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.28
Physical Controls
Segregation of Duties
Explain using a business example, any
audit cycle
Authorization
Recording
Custody
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.30
Monitoring of Controls
Design / Effectiveness
Ongoing monitoring information:
exception reporting on control
activities,
reports by government
regulators,
feedback from employees,
complaints from customers,
internal auditor reports.
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.31
Evaluation of Monitoring
Periodic comparisons - accounting
system with physical assets. Assertion?
Response to internal and external
auditor recommendations.
Extent to which training seminars,
planning sessions and other meetings
provide information on effective
operation of controls.
Effectiveness of internal audit activities
Extent to which personnel obtain
evidence on internal control function
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.32
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007
Slide 7.33
[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] Pearson Education Limited 2007