Section 404 Audits of Internal Control and Control Risk

Similar documents
How To Audit A Financial Statement

STATEMENT OF AUDITING STANDARDS 300 AUDIT RISK ASSESSMENTS AND ACCOUNTING AND INTERNAL CONTROL SYSTEMS

Chapter 9 The Study of Internal Control and Assessment of Control Risk

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Chapter 15 Auditing the Expenditure Cycle

Overall Audit Plan and Audit Program. I. Introduction Chapter is primarily review and integration of the audit framework.

[300] Accounting and internal control systems and audit risk assessments

AUDIT EFFICIENCIES: IS YOUR RELIANCE STRATEGY WORKING FOR YOU? Kyleen Wissell, CRISC, PHR, RCC

New Audit Standards: How Will They Impact the Audit

Chapter 18 Auditing Investments and Cash Balances

Communicating Internal Control Related Matters Identified in an Audit

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

KANSAS CITY, MISSOURI RESPONSES TO THE FISCAL YEAR 2013 AUDIT MANAGEMENT LETTER

SCAD V: Parts 2 and 3 - Assessing Control Risk

Developing Effective Internal Controls Using the COSO Model

[RELEASE NOS ; ; FR-77; File No. S ]

Sarbanes-Oxley Section 404: Management s Assessment Process

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

Auditor's Objective in an Audit of Internal Control Over Financial Reporting

Internal Control Systems

10-1. Auditing Business Process. Objectives Understand the Auditing of the Enteties Business. Process

INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS CONTENTS

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Comparison of ISA 330 with AS-402 Objectives and Requirements Only

STAFF GUIDANCE FOR AUDITORS OF SEC-REGISTERED BROKERS AND DEALERS JUNE 26, 2014

Materiality and Risk. Chapter Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 9-1

Audit Evidence. AU Section 326. Introduction. Concept of Audit Evidence AU

Sarbanes-Oxley 404. Sarbanes-Oxley Background. SOX 404 Internal Controls. Goals of Sarbanes-Oxley

Audit of the Sales and Collection Cycle: Tests of Controls and Substantive Tests of Transactions

Audit Evidence and Documentation AN AUDIT: SUMMARY CHAPTER PCAOB ONE-UP S THE AICPA MANAGEMENT S ASSERTIONS

MICHIGAN OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL

Risk Management Advisory Services, LLC Capital markets audit and control

Guide to Internal Control Over Financial Reporting

COSO Internal Control Integrated Framework (2013)

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

AUD. Auditing & Attestation. Roger Philipp, CPA

INTERNATIONAL STANDARD ON ASSURANCE ENGAGEMENTS 3000 ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION CONTENTS

Management s Discussion and Analysis

The Importance of IT Controls to Sarbanes-Oxley Compliance

SOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014

Fraud and Role of Information Technology. September 2008

The auditors responsibility to consider fraud in an audit of financial statements

Master Document Audit Program

2012 AICPA Newly Released Questions Auditing

Chapter 14 Audit of the Sales and Collection Cycle:

2. Auditing Objective and Structure What Is Auditing?

Chapter 8--Materiality, Risk and Preliminary Audit Strategies

(Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS

Compliance Audits Effective for compliance audits for fiscal periods ending on or after June 15, Earlier application is permitted.

) ) ) ) ) ) ) ) ) ) ) ) OBSERVATIONS ON AUDITORS' IMPLEMENTATION OF PCAOB STANDARDS RELATING TO AUDITORS' RESPONSIBILITIES WITH RESPECT TO FRAUD

Chapter 5 SUPERVISORY COMMITTEE TABLE OF CONTENTS

Webinar: PCAOB Inspections of Small Firm Broker-Dealer Auditors. January 15, 2015

Dr. Thomas Nösberger. A short overview

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

Imperial County. Office of the Auditor-Controller. Internal Audit Standard Practice Manual

How To Find Out If A Company Misstatement Is True

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 200

NINTH EDITION A RISK-BASED APPROACH TO CONDUCTING A QUALITY AUDIT

Employee Benefit Plans Financial Statement Audits

CHAPTER 13 AUDITING DEBT OBLIGATIONS AND STOCKHOLDERS EQUITY TRANSACTIONS

Review of an SMSF audit engagement questionnaire

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

Consideration of Fraud in a Financial Statement Audit

Partner With Your Auditor on Controls

Master Document Audit Program. Version 7.4, dated November 2006 B-1 Planning Considerations. Purpose and Scope

STANDING ADVISORY GROUP MEETING

Special Purpose Reports on the Effectiveness of Control Procedures

Josephine Mathias. Kenneth J. Horowitz Phone: Ext

) ) ) ) ) ) ) ) ) ) ) )

Guide to Public Company Auditing

Activity Code Material Management and Accounting System (MMAS) Version 9.10, dated September 2015 B-1 Planning Considerations

Sixth Edition. Steven M. Glover Brigham Young University Marriott School of Management School of Accountancy

Report on Inspection of PricewaterhouseCoopers LLP. Public Company Accounting Oversight Board

1. Overview of audits and reviews of financial statements

In-Depth Guide to Public Company Auditing: The Financial Statement Audit

ATTESTATION REPORT OF DODGE COUNTY COURT JULY 1, 2013 THROUGH JUNE 30, 2015

INTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS

What are substantive tests?

Table of Contents: Chapter 2 Internal Control

G24 - SAS 70 Practices and Developments Todd Bishop

SARBANES-OXLEY SECTION 404: A Guide for Management by Internal Controls Practitioners

Substantive Tests of Transactions and Balances

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF INTERCONTINENTAL EXCHANGE, INC.

Thomas Ray, Deputy Chief Auditor (202/ ; Laura Phillips, Associate Chief Auditor (202/ ;

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

FOR FISCAL YEAR ENDED JUNE

Risikobaseret tilgang til revision

MACQUARIE INFRASTRUCTURE CORPORATION AUDIT COMMITTEE CHARTER

A Sarbanes-Oxley Roadmap to Business Continuity

Inspection Observations Related to PCAOB "Risk Assessment" Auditing Standards (No. 8 through No.15)

Plan for the audit of the 2011 financial statements

Internal Control Questionnaire and Assessment

Risks (Audit Risk Formula)

MEMORANDUM. Municipal Officials. From: Karen Horn, Director, Public Policy and Advocacy; and Abby Friedman, Director, Municipal Assistance Center

Internal Controls: Documentation and Testing What the Auditor Is Looking For

Internal Financial Controls

Sarbanes-Oxley Compliance Workbook. From Zero to SOX. Sarbanes-Oxley Compliance Workbook. sensiba san filippo

The Information Systems Audit

Japanese Guidelines for Internal Control Reporting Finalized Differences in Requirements Between the U.S. Sarbanes-Oxley Act and J-SOX

California ISO Audit of the Financial Statements for the Year Ending December 31, 2015 December 18, 2015

Transcription:

Section 404 Audits of Internal Control and Control Risk I. Introduction Preparation Questions: Which of the GAAS fieldwork standards requires and understanding of internal controls? What is the difference between getting an understanding of internal controls for public versus private companies? What is the definition of internal controls? Which of the COSO objectives (reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations) is/are of primary concern to auditors? Preparation Question: Complete the following table with one example for each objective assuming that transactions involving the payroll cycle are under examination. Recognize that there will be a wide variety of appropriate answers for this question. Transaction Related Audit Objectives Occurrence Potential Misstatement (Error or Fraud) Internal Control to Prevent Misstatement Completeness Accuracy Classification Timing Posting and Summarizing 1

II. Responsibilities A. Management Design, implementation, and maintenance 1. Provide reasonable assurance (remote likelihood that material misstatement will not be detected on a timely basis) 2. Inherent limitations (lack of competence and dependability, management override, or collusion) B. Management Section 404 Report 1. State management s responsibility 2. Assess effectiveness of: o Design of controls o Operation 3. Material weaknesses must be disclosed C. Auditor 1. GAAS Fieldwork Standard #2, quality of internal controls affects the nature, timing and extent of substantive tests. o Reliability of financial reporting (financial statements) o Classes of transactions (inputs and processing) 2. SOX Sec. 404 o Attest and issue report on management s assessment of the company s internal control. III. Components of Internal Control Systems A. Control Environment what is management s and owners level of commitment? * Integrity and ethical values * Commitment to competence * Board of Directors and audit committee participation (PCAOB Std. 5 auditor must evaluate effectiveness of audit committee; privately held those charged with governance strategic direction and accountability) * Philosophy and operating style * Organizational structure * Human resource policies and practices 2

B. Risk Assessment * Identify factors affecting risks * Assess significance of risks and likelihood of occurrence * Determine actions necessary to manage risks * Plan and design adequate controls in light of management assertions. C. Control Activities 1. Adequate separation of duties custody from accounting authorization of transactions from custody of asset operational responsibilities from record keeping separation of IT duties from users Assumption about the players: controller accounting treasurer cash receipts and disbursements Example: Problem 10-36 2. Proper authorization of transactions and activities general specific authorization (policy decision) vs. approval (implementation) 3. Adequate documents and records pre-numbered and accounted for timing multiple-use easy to use (hard to mess up) chart of accounts systems manuals 4. Physical control over assets and records physical safeguards computer equipment 3

accountability access controls backup and recovery procedures 5. Independent checks on performance almost anyone can do. anytime data entered or manipulated. SAS 109 requires understanding of reconciliation process D. Information and communication initiate, record, process and report transactions and maintaining accountability. E. Monitoring o Internal auditing independence different, but still important o AU 322 using information provided by the internal auditors. o PCAOB Standard 5 using internal auditors when do Section 404 work Preparation question: What is the greatest (or maybe scariest) limitation of any internal control system? IV. Understand Internal Controls (Design and implementation) SAS 109 and PCAOB Std. 5 require obtain and document understanding. Purpose of Understanding Internal Controls Identifying type of potential misstatements. Recognizing likelihood of misstatements occurring. Determining the nature, timing, and extent of tests to be performed. Considering audibility of financial statements. If records not auditable, must disclaim or withdraw. A. Evidence of Understanding 1. Update and evaluate previous experience with client 2. Make inquiries of client 3. Examine documents, records, reports, and prior year working papers. 4. Observe control related activities 5. Perform walkthroughs (reperformance) B. Documentation 1. Narrative written, detailed, step-by-step what documents (original and copies), who does what to document (original or copy), what control procedures proscribed. 2. Flowchart overview of the workings of the internal control structure, easier to follow, broader 4

3. Questionnaire checklist reminder of many different types of controls Advantages: Complete and quick Easy to do (yes/no) Disadvantages Narrow/single area Many items N/A Mechanized fashion / don t think Conclusion/summary How are the internal controls intended to operate? Have minimal knowledge of effectiveness. V. Assess Control Risk based on understanding and assumes controls followed. A. Identifying Internal Control Weaknesses (misstatement could occur) 1. Complete a control risk matrix: a. Identify TRAO that applies to type of transaction. b. Identify specific controls (key controls) that client has for TRAO under consideration. c. Identify weaknesses. d. What key controls are missing which assure the TRAOs being fulfilled? e. What s the potential misstatement? f. Consider compensating controls. 2. Evaluating absence of internal controls a. control (design or operational) deficiency design or operation does not permit company personnel to prevent or detect misstatements on a timely basis. b. significant deficiency (more than remote likelihood and more than inconsequential) c. material weakness (more than remote likelihood of material misstatement focus on degree of likelihood and significance of amount) d. Must communicate b or c in writing immediately to those charged with governance (audit committee and management). Due no later than 60 days after audit report release. e. Letter to management not required by the auditor, but very typically done 3. Decide on an initial estimate of control risk (CR). B. Initial choices for CR level for privately held company (CR set by segment) 1. Never zero inherently human, collusion always possible 2. 100% go straight to substantive testing a. Policies and procedures do not apply b. Internal controls not effective, implemented, enforced c. Evaluating internal controls inefficient 5

3. Reduce CR based on current evidence of understanding, which reduces substantive testing (typically CR = M). 4. Foresee further reduction of CR (move CR to L) through additional testing. a. must have additional evidence available b. additional testing must be cost effective 5. If choose 3 or 4 above do Tests of Controls. Three potential results of additional control testing: reduce CR further (set at L), therefore further reduce substantive testing. CR choice supported (less than 100%, probably M) see 3. raise CR (= H), if controls not effective, circumvented, ignored, etc. In other words, increase substantive testing. C. Publicly-traded assume low CR, with intent to support through tests of controls. VI. Test of Controls examines effectiveness of internal control system A. Types of procedures (timing and sample sizes) 1. Make inquiries 2. Examine documents, records, reports 3. Observe control related activities 4. Reperform client procedures B. Extent of procedures 1. Prior year audit evidence SAS 110 rotation testing (3 years), test controls that have changed 2. Test (a lot) controls related to significant risks 3. Less than entire audit period okay, unless change in controls. Use results of tests of controls to determine final level for Control Risk this decision has a major influence on the timing, extent, and type of substantive tests. VII. Reporting on Internal Controls Public auditor and SEC 404 A. What 1. Opinion on management s assessment 2. Opinion on effectiveness of Internal Controls B. Types 1. Unqualified a. No Identified material weaknesses b. No restriction on scope 2. Adverse material weakness exists 3. Qualified or disclaimer scope limited Non-public no audit of internal controls required (SAS 112 requires written report to those charged with governance) 6

Preparation Questions: 1. What is the difference between the execution of the A and B audit? 2. In which audit was the auditor wrong about her/his initial belief about the quality of the client s internal control system? 3. In which audit was the understanding done simultaneously with the tests of controls? 4. Which audit was not executed in a cost effective manner? 5. In which audit did the auditor likely not complete tests of controls? 6. Which audit plan(s) is/are relying primarily on tests of details of balances for achieving a high level of assurance? 7. Which audit plan(s) is/are relying primarily on tests of controls for achieving a high level of assurance? Control Risk after obtaining an understanding of internal controls Control risk after completing test of controls Audit A B C D E 70% 90% 100% 50% 70% 40% 40% 100% 50% 100% If time permits: Do Case 10-42 as an example. 7

Timeline View of the Audit Process Potential Client: Medium Sized Private Company Fiscal year end 12/31/03???? September October/ November Fiscal year end 12/31/04 January - March Communication initiated. Making a bid or offer: Interview key personnel Financial Statements Prior audit reports Journals/ledgers Minutes Contracts Organizational chart, etc. Previous auditor? Understanding: Flow charts Narrative Questionnaire Tests of controls Substantive tests of transactions Preliminary Analytical Procedures Potentially: Tests of Controls Substantive Tests of Transactions Analytical Procedures Definitely: Tests of Details of Balances Other final stuff (AP) Understand Industry Know Client Identify Risks Other research/issues Confirmations Physical Examination Cutoff information Firm Policy Issue Report Engagement Letter 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information