Class Notes (808,107)
Canada (493,013)
BUS 426 (14)
Brad Bart (4)

Module 5 - Class Notes.doc

12 Pages
Unlock Document

Simon Fraser University
Business Administration
BUS 426
Brad Bart

INTERNAL CONTROL Key internal controls that may prevent or detect material misstatements are identified and evaluated. The strengths and weaknesses of the client’s control system are assessed to identify specific control risks in the client’s information systems and processes. Based on their assessment of control systems, auditors decide whether to test control procedures and to plan which other audit procedures to perform. Internal Control and the Audit Plan Every financial statement audit includes the evaluation of internal control and an assessment of control risk. This work is done as part of the audit planning process. CAS 315.12 to 14 The Entity's Internal Control 12. The auditor shall obtain an understanding of internal control relevant to the audit. Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit. It is a matter of the auditor's professional judgment whether a control, individually or in combination with others, is relevant to the audit. (Ref: Para. A42-A65) Nature and Extent of the Understanding of Relevant Controls 13. When obtaining an understanding of controls that are relevant to the audit, the auditor shall evaluate the design of those controls and determine whether they have been implemented, by performing procedures in addition to inquiry of the entity's personnel. (Ref: Para. A66-A68) Components of Internal Control 1 ACCT4750 WINTER 2013 ROBERTSON Control environment 14. The auditor shall obtain an understanding of the control environment. As part of obtaining this understanding, the auditor shall evaluate whether: (a) Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior; and (b) The strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control, and whether those other components are not undermined by deficiencies in the control environment. (Ref: Para. A69-A78) If substantive procedures alone do not provide enough audit evidence relating to significant risk of misstatements, some reliance may be necessarily placed on the system of internal controls. If reliance will be placed on the internal control system, it is clear that the auditor would need to test these controls to obtain the evidence to support the control assessment. Role of Systems in Control Evaluation The importance of the auditor gaining and documenting a thorough knowledge of the client’s business is essential. This knowledge of business combined with knowledge of risks, systems and controls permit the auditor to understand how the client produces financial information and may provide some understanding of its reliability. Reasons for Control Evaluation CAS 315.04 (c) defines internal control as: “The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The 2 ACCT4750 WINTER 2013 ROBERTSON term “controls” refers to any aspects of one or more of the components of internal control.” Control Risk: The risk that the system of internal control will fail to prevent or detect a material misstatement in the financial statements. The auditor assesses inherent risk and control risk to determine the potential for material misstatements in the financial statements and makes plans for performing audit procedures based on the results of the assessments. A business with expensive inventory suggests that if such a company did not have a good internal control system to protect the valuable inventory, the expected loss of inventory would likely cause the business to fail. If the auditor determined that good system of internal control did not exist, other audit procedures would be needed to ensure that the inventory values and perhaps revenue and cost of goods sold are not materially misstated. The strength (or weakness) of the internal control system may be classified as high risk, medium risk or low risk or as having a probability of material misstatements of 1.0, 0.50 or 0.30. Based on these assessments, the auditor determines whether other procedure will be required to ensure that likelihood of material misstatements is reduced. The terms clean audits and dirty audits where internal controls are good or bad respectively. Generally, it should be easier (and less costly) to perform a clean audit a business where good internal controls are present. If controls are weak or non- existent, the audit may be difficult, expensive and in some cases, unable to be completed. The auditor assesses control risk and uses this assessment as a basis for planning the nature, timing and extent of audit procedures that will be used to collect evidence that financial information is not materially misstated. As we know, auditors do not check 100% of transactions during the year but by doing a combination of assessment of internal controls, tests of internal controls and audit work on balances (substantive tests), they determine the likelihood of material misstatements in the financial information. 3 ACCT4750 WINTER 2013 ROBERTSON How Control Risk Assessment Affects the Audit Program An audit program is a list of specific audit procedures designed to produce evidence about the assertions in financial statements. Each audit procedure should be associated with one or more of the financial statement assertions (existence, completeness, ownership, valuation, and presentation.) Procedures related to the auditing of accounts receivable, the auditor assessed control risk to be low and has used more substantive procedures to determine existence and completeness of year-end balances. If control risk had been high, the auditor may have extended the number and extent of audit procedures as described to reduce the possibility that material misstatements were present in financial information. Communicating Internal Control Weaknesses Communication of Deficiencies in Internal Control Communication of Significant Deficiencies in Internal Control to Those Charged with Governance (Ref: Para. 9) A12. Communicating significant deficiencies in writing to those charged with governance reflects the importance of these matters, and assists those charged with governance in fulfilling their oversight responsibilities. CAS 260 establishes relevant considerations regarding communication with those charged with 6 governance when all of them are involved in managing the entity. A13. In determining when to issue the written communication, the auditor may consider whether receipt of such communication would be an important factor in enabling those charged with governance to discharge their oversight responsibilities. In addition, for listed entities in certain jurisdictions, those charged with governance may need to receive the auditor's written communication before the date of approval of the financial statements in order to discharge specific responsibilities in relation to internal control for regulatory or other 4 ACCT4750 WINTER 2013 ROBERTSON purposes. For other entities, the auditor may issue the written communication at a later date. Nevertheless, in the latter case, as the auditor's written communication of significant deficiencies forms part of the final audit file, the written communication is subject to 7 the overriding requirement for the auditor to complete the assembly of the final audit file on a timely basis. CAS 230 states that an appropriate time limit within which to complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor's report.8 A14. Regardless of the timing of the written communication of significant deficiencies, the auditor may communicate these orally in the first instance to management and, when appropriate, to those charged with governance to assist them in taking timely remedial action to minimize the risks of material misstatement. Doing so, however, does not relieve the auditor of the responsibility to communicate the significant deficiencies in writing, as this CAS requires. Prior to the requirement in the new Canadian Auditing Standards to communicate these matters in writing, most auditors included this information in a management letter that auditors write to the audit committee or senior officers in which these and other important matters were discussed. If the auditors had determined there were weaknesses in internal controls and that improvements were important for the protection of company assets, these were normally detailed in the management letter. Management Vs. Auditor Responsibility for Control Although auditors assess internal controls in order to determine what audit procedures to perform during the audit, responsibility for designing and implementing internal controls rests with management. Management is well advised to continually monitor their system of internal control and upgrade it where necessary to ensure that the 5 ACCT4750 WINTER 2013 ROBERTSON assets of the company are safeguarded and the company’s objectives are met. Similar to other process within an organization, a cost benefit analysis should be done on the development and implementation to ensure that the costs of particular controls do not exceed the amounts protected by the controls. Control Objectives and Procedures The ultimate goal of control procedures is to produce reliable assertions in the financial statements. This is reached by ensuring that transactions are processed correctly so that account balances are accurate. The link between the internal controls over the two revenue transactions
More Less

Related notes for BUS 426

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.