Audit II Chapt 10 - Understanding Entiry Level Control

7/28/2019 Audit II Chapt 10 - Understanding Entiry Level Control

1/24

Auditing II: Management & Procedures 1

Chapter 10

Understanding Entity-Level Controls Objectives:

To learn how to understand the internal

control system at the company-levelTo learn how to assess the control risk


2/24


Chapter 10

Understanding Entity-Level Controls 10.1 Developing the Understanding

While internal control is relevant to both the entity as

a whole & its individual operating units or businessfunctions, it may not be necessary for the auditor toobtain an understanding of internal control related toeach of the entitys operating units or businessfunctions.

No need to understand deeply internal control ifcontrol risk is assessed high (max) or near max cozno test of control will be performed.

Refer to Figure 10.1 of P. 10-3.


3/24


Chapter 10

Understanding Entity-Level Controls 10.1 Developing the Understanding (cont.)In developing an understanding of internal

control, the auditor:- determine the design of relevant controls

If they have been placed in operation and

The entity is actually using them.

Understanding control is not to obtainevidence about whether they are operatingeffectively but the effective operation ofcontrols is obtained by testing the controls.


4/24


Chapter 10

Understanding Entity-Level Controls(a) Control Environment

Foundation for all other components of internal control &states that it may either mitigate the risk of fraud by

management or conversely reduce the effectiveness ofthe other components.

Its knowledge enables the auditor to determine If it appears to be conductive to maintaining effective control

If it minimizes the incentives & opportunities for management todeliberately distort the FS.

Factors effect on management assertions of FS Mgts integrity - Entitys commitment to competence

Composition & activities of BoD or Audit Committee

Mgts philosophy & operating style - Org. structure

Assignment of authority & responsibility - HR policies & practices


5/24


Chapter 10

Understanding Entity-Level Controlsi. Integrity & Ethical Values

If mgt sets up ethical standards, communicates

them within the entity, & reinforces them by itsown example, it will establish an environmentthat is conductive to ethical behavior.

In such environment, staff will be less likely toengage in dishonest or illegal acts, especially ifmgt removes or reduces incentives to do so.

Indicators:

Frequent turnover of operating management

Pressure to meet goals


6/24


Chapter 10

Understanding Entity-Level Controlsii. Commitment to Competence

- Employees must have knowledge & skills,trained all the times to carry their jobs . If not,

more mistakes that lead to out-of-controlsituation.

iii. Composition & Activities of BoD or Committee

- The more effective BoD or Committee

overseeing policies and procedures, the lesslikely mgt is to have opportunities tomisappropriate resources, involve in illegal acts,subject entity or its assets to inordinate risk, ormaterially misstate financial information.


7/24


Chapter 10

Understanding Entity-Level Controlsiv. Mgts Philosophy & Operating Style

Expressed through attitudes towards many

matters, including monitoring biz risk, financialreporting, choosing accounting policies fromalternatives, approach to accounting estimatesetc.

Philosophy and operating styles become moreparticularly important, if one or a few individualsare in the mgt team.

Honest discussion with auditor can be anotherindication.


8/24


Chapter 10

Understanding Entity-Level Controlsv. Organizational Structure

Appropriate line of reporting

Separation of responsibilities

vi. Assignment of Authority and Responsibility Staff understand entitys objectives, authority and

responsibility to meet those objectives.

Expectation well communicated to staff and theirperformance is properly monitored.

vii. HR Policies & Procedures Policies & procedures for hiring, training, supervising and

evaluating staff.

Sufficient number of employees and adequately equipped.

Performance-base promotion.


9/24


Chapter 10

Understanding Entity-Level Controls(b) Mgts Risk Assessment

For financial reporting, risk assessment

entails mgts identification, analysis, &handling of risks that affect the entitys abilityto record, process, summarize & reportfinancial data consistent with mgts assertions

in the FS.


10/24


Chapter 10

Understanding Entity-Level Controls(b) Mgts Risk Assessment (cont.)

Sources of Risks:

Changes in the Regulatory & Operating Environment

New Personnel

New or Changes Information System

Rapid Growth

New Technology

New Lines, Products or Activities Corporate Restructuring

Foreign Operations

Accounting Pronouncements


11/24


Chapter 10

Understanding Entity-Level Controls(c) Monitoring

The process by which mgt assesses the design &operation of the other control components todetermine that they continue to be appropriate for theentitys risks.

Ongoing such regular mgt & supervisory activitiesdesigned to oversee if financial reporting control

objectives are being achieved & reliable financialinformation is being produced.

Periodic such an evaluation made for specificpurpose of assessing the effectiveness of controls.


12/24


Chapter 10

Understanding Entity-Level Controls(d) Information and Communication

Mgt communicates information through policymanuals, accounting & financial reporting procedure

manuals & other written directives. Communication can also be oral & by example.

Accounting system is part of the information &communication component, so understanding it is

required for planning purposes for all auditsregardless of the assessment of control risk.

i. Accounting SystemGenerating information used for accounting & mgt decision-

making purpose.


13/24


Chapter 10

Understanding Entity-Level Controlsi. Accounting System (cont.)

An effective accounting system includesappropriate methods & records to

1. Identify & record all authorized transactions

2. Describe each transaction on a timely basis & in sufficientdetail to classify it properly for financial reporting

3. Measure the monetary value of the transactions so that it

can be recorded in the FS.4. Determine when the transaction occurred, to ensure that it

is recorded in the proper accounting period

5. Present the transaction & related disclosures properly inthe FS.


14/24


Chapter 10

Understanding Entity-Level Controlsi. Accounting System (cont.)

Most of accounting system is a computerized one.Some accounting transactions are generated by the

system such as rental etc. Standing data: data of a permanent or semi-

permanent nature used repeatedly during processe.g. rate of pay, selling price, customer credit limit.

Transaction data: data that relates to an individualtransaction, e.g. # of hours a particular employeeworks in a particular time for salarys calculation.

Computer matches sales to computer-generatedshipping documents to ensure completeness.


15/24


Chapter 10

Understanding Entity-Level Controlsii. Computer Environment

Auditor sometimes obtains hardcopy and re-

performs to get accuracy of computer-generated data.

Now, auditor uses computer software to testthe computerized accounting system.

Hardware Software

Database Mgt System

Organization of the IT Function

Decentralized & Distributed Data Processing


16/24


Chapter 10

Understanding Entity-Level Controlsii. Computer Environment (cont.)

Hardware Processing unit

Memory Input/output devices

Peripheral equipment

Software Operating system

Access control software

Database mgt system

Database Mgt System Data stored and shared with others.


17/24


Chapter 10


Organization of IT Function Info System Mgt System Analysis Programming Technical Support Database Admin Network Mgt or Admin Computer Operation Data Entry Operation Data Control Security Admin Tape Library


18/24


Chapter 10


Decentralized & Distributed Data Procession

Decentralized: Deptal computers work more independently

Distributed: Coordinating facility.

iii. Understanding Accounting System & Computer

Environment

The auditors should understand:

Mode of operation, What to be performed, Who operates,How data is processed, significant data file, report producinginfo, ability to detect error by staff.


19/24


Chapter 10

Understanding Entity-Level Controls10.2 Evaluating Design Effectiveness

Effective design related to whether one or more

controls in place are appropriate to prevent or detectmaterial misstatements with respect to specific auditobjective

How to evaluate

If operated effectively, can they achieve the controlobjectives set?

Are they appropriate for the type of business, industry or riskof the entity?


20/24


Chapter 10

Understanding Entity-Level Controls 10.3 Application to SME

Auditor should judge the effectiveness of the

entitys controls in light of its size &organizational structure.

E.g. SME may not have audit committeecomposed of outside directors, but the lack ofindependent directors may not affect thecontrol risk assessment in such entity.


21/24


Chapter 10

Understanding Entity-Level Controls 10.4 Documentation of the Understanding &

Evaluation of DesignThe principal features of accounting system in an

overview flowchart The nature & source of significant transactions

The key processes & flow of significant transactions

Principal files or ledgers supporting account balances &processes by which they are updated.

Reports produced that have accounting significance, theirfrequency & distribution, & the files from which they arederived.


22/24



23/24



24/24


Chapter 10

Understanding Entity-Level Controls Summary

Developing the Understanding Control Environment

Mgts Risk Assessment

Monitoring

Information & Communication

Evaluating Design Effectiveness

Application to SMEDocumenting the Understanding & Evaluation of

Design

Date post:	03-Apr-2018
Category:	Documents
Upload:	nak-van
View:	223 times
Download:	0 times

Audit II Chapt 10 - Understanding Entiry Level Control

Documents