modul10 auditing1 bj 8e ch10 understanding internal control
Modern Auditing:
Assurance Services and the Integrity
of Financial Reporting, 8th Edition
William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University
Chapter 10 – Understanding Internal Control
Chapter 10 Overview
Fundamental Concepts of
Internal Controls
• Process integrated with an entity’s
infrastructure
• People implement internal control
• Can only provide reasonable assurance
• Achieve objectives in financial reporting,
compliance, and operations
Components of Internal Control
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring
Entity Objectives with Internal
Control
• Reliability of financial information
• Compliance with applicable laws
and regulations
• Effectiveness and efficiency of
operations
Limitations of Internal Control
• Mistakes in Judgment
• Breakdowns
• Collusion
• Management Override
• Cost versus Benefits
Roles and Responsibilities
• Management
• Board of Directors and Audit
Committee
• Internal Auditors
Roles and Responsibilities (cont.)
• Other Entity Personnel
• Independent Auditors
• Other External Parties
Study Break
1. _____ is a process that assesses the
quality of internal control
performance over time.
A. Control activities
B. Risk assessment
C. Information and communication
D. Monitoring
D. Monitoring
Study Break
2. This limitation of an entity’s internal
controls occurs when two or more
individuals act together to perpetrate
and conceal fraud.
A. Breakdowns
B. Collusion
C. Management override
D. Mistakes in judgment
B. Collusion
Components of Internal Control
Control Environment
• Integrity and Ethical Values
• Commitment to Competence
• Board of Directors and Audit
Committee
• Management’s Philosophy and
Operating Style
Control Environment (cont.)
• Organizational Structure
• Assignment of Authority and
Responsibility
• Human Resource Policies and
Practices
Risk Assessment Process
Information and Communication
• Information
–
–
–
–
Transactions
Audit Trail or Transaction Trail
Documents
Records
• Communication
Control Activities
• Authorization Controls
• Segregation of Duties
– Transaction authorization
– Custody of assets
– Recorded accountability in accounting
records
Segregation of Duties
Control Activities (cont.)
• Information Processing Controls
– General Controls
– Computer Application Controls
– Controls over the Financial Reporting
Process
General Controls
• Organization and Operation Controls
• Systems Development and
Documentation Controls
• Hardware and Systems Software Controls
• Access Controls
• Data and Procedural Controls
Computer Application Controls
• Input Controls
• Processing Controls
• Output Controls
Controls over the Financial
Reporting Process
Control Activities (cont.)
• Physical Controls
• Performance Reviews
• Controls over Management
Discretion in Financial Reporting
Control Activities (cont.)
• Monitoring
– Ongoing monitoring programs
– Separate evaluations
– Element of reporting deficiencies to
the audit committee
Antifraud Programs and Controls
Study Break
3. Which of the following does not
influence the control environment?
A. Management’s Philosophy
B. Adequate Training
C. Hiring Processes
D. All of the above influence the control
environment
D. All of the above influence the control
environment
Study Break
4. This component of control activities
ensures that every transaction is
authorized by management acting
within the scope of their authority.
A. Authorization Controls
B. Segregation of Duties
C. Information Processing Controls
D. All of the above
A. Authorization Controls
Study Break
5. This computer application control is
designed to ensure that the processing
results are correct and only authorized
personnel receive the information.
A. Input Controls
B. Processing Controls
C. Output Controls
D. Data Controls
C. Output Controls
Understanding Internal Control
Must perform procedures to:
• Understand design of policies and
procedures
• Determine whether the policies and
procedures are operating
Understanding Internal Control
Auditor uses the understanding to:
• Identify types of potential
misstatements
• Understand factors affecting risk of
material misstatement
• Design further audit procedures
Effects of Preliminary Audit
Strategies
• Control Environment
• Risk Assessment
• Information and Communication
• Control Activities
• Monitoring
Procedures to Obtain an
Understanding
• Review previous experience with the
client
• Inquire management, supervisory, and
staff personnel
• Inspect documents and records
• Observe activities and operations
• Trace transactions through system
Documenting the Understanding
• Questionnaires
• Flowcharts
• Decision Tables
• Narrative Memoranda
Questionnaire
Decision Table
Narrative Memoranda
Study Break
6. All of the following are procedures used
to obtain an understanding of internal
controls except:
A. Inspecting documents
B. Inquiries of client’s customers
C. Inquiries of management
D. All of the above procedures are used
B. Inquiries of client’s customers
Study Break
7. This form of documentation is a
diagram that uses symbols to identify
the steps involved in processing
information through the accounting
system.
A. Questionnaire
B. Flowchart
C. Decision Table
D. Narrative Memoranda
B. Flowchart
Assurance Services and the Integrity
of Financial Reporting, 8th Edition
William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University
Chapter 10 – Understanding Internal Control
Chapter 10 Overview
Fundamental Concepts of
Internal Controls
• Process integrated with an entity’s
infrastructure
• People implement internal control
• Can only provide reasonable assurance
• Achieve objectives in financial reporting,
compliance, and operations
Components of Internal Control
• Control Environment
• Risk Assessment
• Control Activities
• Information and Communication
• Monitoring
Entity Objectives with Internal
Control
• Reliability of financial information
• Compliance with applicable laws
and regulations
• Effectiveness and efficiency of
operations
Limitations of Internal Control
• Mistakes in Judgment
• Breakdowns
• Collusion
• Management Override
• Cost versus Benefits
Roles and Responsibilities
• Management
• Board of Directors and Audit
Committee
• Internal Auditors
Roles and Responsibilities (cont.)
• Other Entity Personnel
• Independent Auditors
• Other External Parties
Study Break
1. _____ is a process that assesses the
quality of internal control
performance over time.
A. Control activities
B. Risk assessment
C. Information and communication
D. Monitoring
D. Monitoring
Study Break
2. This limitation of an entity’s internal
controls occurs when two or more
individuals act together to perpetrate
and conceal fraud.
A. Breakdowns
B. Collusion
C. Management override
D. Mistakes in judgment
B. Collusion
Components of Internal Control
Control Environment
• Integrity and Ethical Values
• Commitment to Competence
• Board of Directors and Audit
Committee
• Management’s Philosophy and
Operating Style
Control Environment (cont.)
• Organizational Structure
• Assignment of Authority and
Responsibility
• Human Resource Policies and
Practices
Risk Assessment Process
Information and Communication
• Information
–
–
–
–
Transactions
Audit Trail or Transaction Trail
Documents
Records
• Communication
Control Activities
• Authorization Controls
• Segregation of Duties
– Transaction authorization
– Custody of assets
– Recorded accountability in accounting
records
Segregation of Duties
Control Activities (cont.)
• Information Processing Controls
– General Controls
– Computer Application Controls
– Controls over the Financial Reporting
Process
General Controls
• Organization and Operation Controls
• Systems Development and
Documentation Controls
• Hardware and Systems Software Controls
• Access Controls
• Data and Procedural Controls
Computer Application Controls
• Input Controls
• Processing Controls
• Output Controls
Controls over the Financial
Reporting Process
Control Activities (cont.)
• Physical Controls
• Performance Reviews
• Controls over Management
Discretion in Financial Reporting
Control Activities (cont.)
• Monitoring
– Ongoing monitoring programs
– Separate evaluations
– Element of reporting deficiencies to
the audit committee
Antifraud Programs and Controls
Study Break
3. Which of the following does not
influence the control environment?
A. Management’s Philosophy
B. Adequate Training
C. Hiring Processes
D. All of the above influence the control
environment
D. All of the above influence the control
environment
Study Break
4. This component of control activities
ensures that every transaction is
authorized by management acting
within the scope of their authority.
A. Authorization Controls
B. Segregation of Duties
C. Information Processing Controls
D. All of the above
A. Authorization Controls
Study Break
5. This computer application control is
designed to ensure that the processing
results are correct and only authorized
personnel receive the information.
A. Input Controls
B. Processing Controls
C. Output Controls
D. Data Controls
C. Output Controls
Understanding Internal Control
Must perform procedures to:
• Understand design of policies and
procedures
• Determine whether the policies and
procedures are operating
Understanding Internal Control
Auditor uses the understanding to:
• Identify types of potential
misstatements
• Understand factors affecting risk of
material misstatement
• Design further audit procedures
Effects of Preliminary Audit
Strategies
• Control Environment
• Risk Assessment
• Information and Communication
• Control Activities
• Monitoring
Procedures to Obtain an
Understanding
• Review previous experience with the
client
• Inquire management, supervisory, and
staff personnel
• Inspect documents and records
• Observe activities and operations
• Trace transactions through system
Documenting the Understanding
• Questionnaires
• Flowcharts
• Decision Tables
• Narrative Memoranda
Questionnaire
Decision Table
Narrative Memoranda
Study Break
6. All of the following are procedures used
to obtain an understanding of internal
controls except:
A. Inspecting documents
B. Inquiries of client’s customers
C. Inquiries of management
D. All of the above procedures are used
B. Inquiries of client’s customers
Study Break
7. This form of documentation is a
diagram that uses symbols to identify
the steps involved in processing
information through the accounting
system.
A. Questionnaire
B. Flowchart
C. Decision Table
D. Narrative Memoranda
B. Flowchart