1 chapter 10 section 404 audits sarbanes-oxley act section 404
TRANSCRIPT
![Page 1: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/1.jpg)
1
chapter 10
Section 404 Audits
Sarbanes-Oxley Act section 404
![Page 2: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/2.jpg)
2
Societe Generale
• junior trader gambled more than the entire net worth of the bank
![Page 3: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/3.jpg)
3
JP Morgan Chase
![Page 4: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/4.jpg)
4
National Commission on Fraudulent Financial Reporting
the “Treadway Commission” 1987
Committee of Sponsoring Organizations
“COSO”
![Page 5: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/5.jpg)
5
COSO
Committee of Sponsoring Organizationsorganizations that sponsored the Treadway Commission
American Institute of Certified Public Accountants
American Accounting Association
Institute of Internal Auditors
Institute of Management Accountants
Financial Executives Institute
![Page 6: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/6.jpg)
6
Mandeep
how does COSO define internal controls ?
![Page 7: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/7.jpg)
7
COSO internal controls day 1 handout
Internal control is a process, effected by those charged with governance, management, and other personnel that is designed to provide reasonable assurance about the achievement of the entity’s objectives with regard to the
• reliability of financial reporting• effectiveness and efficiency of operations• compliance with applicable laws and regulations
![Page 8: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/8.jpg)
8
Foreign Corrupt Practices Act
1977
any corporation that has a class of securities registered, or that is required to file reports under the Securities and Exchange Act of 1934
![Page 9: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/9.jpg)
9
U.S. CodeTITLE 15--COMMERCE AND TRADE
CHAPTER 2BSECURITIES EXCHANGES
![Page 10: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/10.jpg)
10
(2) Every issuer pursuant to section 78l or … shall–
(A)make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;
(B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that–
(i) transactions are executed in accordance with management's general or specific authorization;
(ii) transactions are recorded as necessary
(I) to prepare financial statements in conformity with GAAP,
(II) to maintain accountability for assets;
(iii) access to assets is permitted only in accordance with management's general or specific authorization; and
(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences; and
![Page 11: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/11.jpg)
11
Sarbanes-Oxley Act 2002
§ 7262. Management assessment of internal controls
(a) Rules required The Commission shall prescribe rules requiring …. an internal control report, which shall—
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure ...
(b) Internal control evaluation and reporting …, each registered public accounting firm that …issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer.
![Page 12: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/12.jpg)
12
PCAOB auditor’s report on internal control
We have audited internal control over financial reporting as of Dec. 31, 2013, based criteria established in Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). MMC’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the company's internal control over financial reporting based on our audits.
We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audits of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinion.
A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted
accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
In our opinion, MMC maintained, in all material respects, effective internal control over financial reporting as of December 31, 2013, based on COSO criteria.
![Page 13: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/13.jpg)
13
Rachel
Which section of the auditing standards most directly discusses internal controls?
![Page 14: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/14.jpg)
14
Johanna
Why are auditors required to understand the client’s internal controls?
![Page 15: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/15.jpg)
15
.03 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.
AU-C 315 Understanding the Entity & Its Environment &
Assessing RoMM
![Page 16: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/16.jpg)
16
Brianna
what is the definition of control risk?
![Page 17: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/17.jpg)
17
Control Risk
The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will
not be prevented, or detected and corrected, on a timely basis by the entity's internal control.
![Page 18: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/18.jpg)
18
Denise
Discuss reasonable assurance.
![Page 19: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/19.jpg)
19
Reasonable Assurance
Reasonable assurance. In the context of an audit of financial statements, a high, but not absolute, level of assurance.
![Page 20: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/20.jpg)
20
Clint
Under Sarbanes-Oxley management must report on the effectiveness of the company’s internal controls.
With Regard to Internal Controls,
what STATEMENTS must MANAGEMENT include in their annual report ?
![Page 21: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/21.jpg)
21
Section 404 of Sarbanes-Oxley
management must make the following statements page 159
1 management is responsible for effective internal controls over financial reporting
2 management’s assessment of the effectiveness of the internal controls
3 the framework used to evaluate the effectiveness of the internal controls
![Page 22: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/22.jpg)
22
Evaluate the Effectiveness
1 management must evaluate the design of internal controls
2 management must test the operating effectiveness of those controls
![Page 23: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/23.jpg)
23
Erin
what framework will management use to evaluate the effectiveness of internal controls?
![Page 24: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/24.jpg)
24
Joseba
In the standard unmodified audit report
What is management’s responsibility with regard to the financial statements?
![Page 25: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/25.jpg)
25
Management’s Responsibilty
Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
![Page 26: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/26.jpg)
26
Controls over Sig Classes of Transactions
![Page 27: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/27.jpg)
27
AU-C 315
The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control,
![Page 28: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/28.jpg)
28
Page 160 (Design of Internal Control)
Risks related to all relevant assertions
Evaluating Significant classes of transactions
Identify points in the transactions where material misstatements could occur
Identify how each significant class of transactions–Initiated–Authorized–Recorded–Processed through the accounting system–Reported in the financial statements and disclosures
![Page 29: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/29.jpg)
29
AU-c 315.84 the accounting system
Procedures and records designed to Initiate, authorize, record, process, and report entity transactionsMaintain accountability for the assets, liabilities & equity
Transfer information to the general ledger
Capture information other than transactions that is relevant to the financial statements. e.g. depreciation and amortization of assets, changes in the recoverability of receivables.
Ensure information that is required to be disclosed is accumulated, recorded, processed, summarized, and appropriately reported in the financial statements.
transactions
disclosures
adjusting journal entries
![Page 30: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/30.jpg)
30
Makinzie
In the standard unmodified audit reportWhat is the auditor’s responsibility?
![Page 31: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/31.jpg)
31
Auditor’s Responsibilty
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit
in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor's judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity's preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's internal control. Accordingly, we express no such
opinion. An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
![Page 32: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/32.jpg)
32
Auditors must document their understanding
![Page 33: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/33.jpg)
33
page 160/169
The classes of transactions that are significant
Procedures by which those transactions are: Initiated, authorized & recordedwhat accounting records exist, Processed through the accounting system into the GL, and
reported in the financial statements.
How the info system captures other events that are significant to the financial statements
Reporting process used to prepare the financial statements, including significant estimates and disclosures.
![Page 34: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/34.jpg)
34
Naomi
COSO – 5 components of internal control
what are the five components of the internal control framework ?
![Page 35: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/35.jpg)
35
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures
4.Information and communication
5.Monitoring
![Page 36: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/36.jpg)
36
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures4. Info & Comm --- Accounting System is part of
5.Monitoring
![Page 37: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/37.jpg)
37
1. Control environment
• management’s integrity and ethical values • commitment to competence• board of directors and audit committee• management’s philosophy & operating style • organizational structure• human resource policies and practices
page 163
![Page 38: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/38.jpg)
38
1. Control environment – Audit Committee
Bd of Directors - Audit Committee – Outside Directors
• Appointment of auditors• Resolve differences between
management and auditors• Oversight of internal audit• Approval of non-audit services by auditor
page 163
![Page 39: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/39.jpg)
39
COSO components of internal controls
1.Control environment
2.Risk Assessment (p 165) 3.Control procedures
4.Information and communication
5.Monitoring
![Page 40: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/40.jpg)
40
2. Risk assessmentHow does the audit client manage risk?
Internal control is a process, effected by those charged with governance, management and other personnel that is designed to provide reasonable assurance about the achievement of the entity’s objectives in the following three categories:
Focus o
n risk
oversig
ht
page 89
![Page 41: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/41.jpg)
41
Saul
what can you assume when the Expected Rate of Return for an investment or project exceeds the interest rate on gov’t insured savings accounts ?
![Page 42: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/42.jpg)
42
business is about managing risk
otherwise companies should invest their money in gov’t insured savings accounts
companies invest in risky assets and the auditors must understand how the company manages risks to convert those assets into cash receipts
![Page 43: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/43.jpg)
43
COSO Enterprise Risk Management
1. Internal environment
2. Objective Setting
3. Event identification
4. Risk assessment
5. Risk response
6. Control activities procedures
7. Information and communication
8. Monitoring
![Page 44: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/44.jpg)
44
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures4.Information and communication
5.Monitoring
![Page 45: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/45.jpg)
45
3. Control Procedures
Adequate segregation of dutiesProper authorization of transactions & activities
Adequate documents & records
Physical controls over assets & records
Independent checks on performance
![Page 46: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/46.jpg)
46
page 160/169
The classes of transactions that are significant
Procedures by which those transactions are: Initiated, authorized & recorded what accounting records exist, Processed through the accounting system into the GL, and
reported in the financial statements.
How the info system captures other events that are significant to the financial statements
Reporting process used to prepare the financial statements, including significant estimates and disclosures.
![Page 47: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/47.jpg)
47
3. Control Procedures
Must separate p. 166
Custody of Assets from Accounting (Record-Keeping)
Authorization of Trx from Custody of Related Assets
Operational Responsibility from Record-Keeping
IT Duties from User Departments
![Page 48: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/48.jpg)
48
3. Control Procedures
Must separate
Custody of Assets
Authorization of Transactions involving those assets
Record-Keeping
![Page 49: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/49.jpg)
49
3. Control Procedures
Adequate documents and records
Pre-numbered documents
1. Checks
2. Purchase orders
3. Shipping documents
![Page 50: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/50.jpg)
50
check no. 2228
Dec. 31 2014
Pay to: Cuesta Hardware $1,500.00
check no. 2229
Dec. 31 2014
Pay to: Lubricant Supply $875.00
check no. 2230
Dec. 31 2014
Pay to: The Electric Warehouse $970.00
check no. 2231
Dec. 31 2014
Pay to: Parts Supply Co. $625.00
six hundred and twenty-five Dollars
Tad Miller
![Page 51: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/51.jpg)
51
Cash Disbursements Journal
date check written to amount total no. disbursed
30-Dec 2,700.0031-Dec 2228 Cuesta Hardware 1,500.00 4,200.0031-Dec 2230 The Electric Warehouse 970.00 5,170.0031-Dec 2231 Parts Supply Co 625.00 5,795.00
where is check 2229 to Lubricant Supply
![Page 52: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/52.jpg)
52
Stephanie
if you discover a check that was not recorded
to which financial statement assertion does an unrecorded check relate ?
![Page 53: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/53.jpg)
53
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures
4.Information and communication
5.Monitoring
![Page 54: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/54.jpg)
54
4. Information & Communication / Monitoring
• Account balances are used to prepare external financial statements
• Internal reports are part of management’s feedback for Monitoring operations
![Page 55: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/55.jpg)
55
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures
4.Information and communication
5.Monitoring
![Page 56: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/56.jpg)
56
5. Monitoring
• Internal audit
• Compare reports with your knowledge of the business
• Customer complaints
• Vendor complaints
• Regulators’ reports
• Periodic reconciliations
![Page 57: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/57.jpg)
57
Understanding Internal Controls
Obtain an understanding of internal controls
The design of internal controls
Document understanding
Assess Control Risk (preliminary)
Test Operating Effectiveness of controls
Assess Control Risk (after ToC’s)
![Page 58: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/58.jpg)
58
page 160/169
The classes of transactions that are significant
Procedures by which those transactions are: Initiated, authorized & recorded what accounting records exist, Processed through the accounting system into the GL, and
reported in the financial statements.
How the info system captures other events that are significant to the financial statements
Reporting process used to prepare the financial statements, including significant estimates and disclosures.
![Page 59: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/59.jpg)
59
How –gain an understanding Internal Controls
Internal Control Questionnaire p. 172
Prior year’s work papers p. 174
Inquiries of client
Examine documents
Observe activities – Perform Walkthroughs
![Page 60: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/60.jpg)
60
Internal Controls Questionnaire p. 173
A. Recorded sales are for shipments actually made to existing customers
B. Existing sales transactions are recorded
C. Recorded sales are for the amount of goods shipped and are correctly billed and recorded
D. Sales transactions are properly included in master files and correctly summarized
E. Recorded sales transactions are properly classified
F. Sales are recorded on the correct dates
![Page 61: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/61.jpg)
61
Internal Controls Questionnaire p. 173 (62-161)-176-207-252
A. Recorded sales are for shipments actually made to existing customers
B. Existing sales transactions are recorded
C. Recorded sales are for the amount of goods shipped and are correctly billed and recorded
D. Sales transactions are properly included in master files and correctly summarized
E. Recorded sales transactions are properly classified
F. Sales are recorded on the correct dates
Occurrence
Completeness
Accuracy
Classification
Cutoff
![Page 62: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/62.jpg)
62
Page 59
![Page 63: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/63.jpg)
63
Document- our understanding of Internal Controls
Internal Control Questionnaire p. 173
Narative
Flowchart
![Page 64: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/64.jpg)
64
Must assess Control Risk
•for each fin statement assertion
•for each sig class of transaction
![Page 65: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/65.jpg)
65
Control Risk Matrix p. 176
Look at the headings of the columns
Audit Objectives / Assertions
Must have a control(s) in place for each assertion / objective
![Page 66: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/66.jpg)
66
![Page 67: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/67.jpg)
67
p. 252see p. 176Control Risk Matrix
![Page 68: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/68.jpg)
68
Tests of Controls
if a control is well designed
test if control is operating effectively
![Page 69: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/69.jpg)
69
Internal Control Communications
![Page 70: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/70.jpg)
70
Adrian
what is a Control Deficiency?
page 176 ---
look at the last 2 lines in Figure 5
![Page 71: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/71.jpg)
71
![Page 72: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/72.jpg)
72
Control deficiency (day one handout)
when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis
![Page 73: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/73.jpg)
73
Control deficiency
if a control is not properly designed
Or well designed control may not operate as designed
or the person performing the control is not sufficiently qualified
![Page 74: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/74.jpg)
74
Alyxandria
what is a Material Weakness in internal control?
![Page 75: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/75.jpg)
75
Material weakness
A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of
the entity's financial statements will not be prevented, or detected and corrected, on a timely basis.
![Page 76: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/76.jpg)
76
David
what is a Significant Deficiency in internal control ?
![Page 77: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/77.jpg)
77
Significant deficiency
A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
![Page 78: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/78.jpg)
78
Material weaknessFigure 6 materialpage 272
MaterialWeakness
Likelihood
ReasonablyPossible
immaterial
ProbableRemote
![Page 79: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/79.jpg)
79
Communications regarding Internal Control
Reportable Conditions
significant deficiencies
material weaknesses
Those charged with governance of the company
audit committee
board of directors
senior management
![Page 80: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/80.jpg)
80
Effectiveness of Internal Controls
andAudit Approaches
![Page 81: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/81.jpg)
81
![Page 82: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/82.jpg)
82
for private companiesnon-SEC companies
not covered by Sarbanes-Oxley
![Page 83: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/83.jpg)
83
Emmanuel
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
How will you preliminarily assess CR ?
![Page 84: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/84.jpg)
84
Kyle
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
You preliminarily assess CR = High
Which audit approach will you take?
![Page 85: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/85.jpg)
85
Laura
You believe it would cost less to perform
Tests of Contols than $ubstantive Test$
which audit approach will you take ?
![Page 86: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/86.jpg)
86
Lauren
Which types of audit tests will you perform
evaluate design of controls
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
![Page 87: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/87.jpg)
87
Raquel
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
How will you preliminarily assess CR ?
![Page 88: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/88.jpg)
88
Sumner
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
You preliminarily assess CR = Low
Which audit approach will you take?
![Page 89: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/89.jpg)
89
Ariana
You believe it would cost less to perform
Tests of Contols than $ubstantive Test$
which audit approach will you take ?
![Page 90: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/90.jpg)
90
Haley
Which types of audit tests will you perform
evaluate design of controls
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
![Page 91: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/91.jpg)
91
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
![Page 92: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/92.jpg)
92
Iris
You believe it would cost less to perform
$ubstantive Test$ than Tests of Contols
which audit approach will you take ?
![Page 93: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/93.jpg)
93
Jake
Which types of audit tests will you perform
evaluate design of controls
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
![Page 94: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/94.jpg)
94
for private companiesnon-SEC companies
not covered by Sarbanes-Oxley
![Page 95: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/95.jpg)
95
preliminarily
assess
Subst Tests
Less costly than
ToC
ToC
Less costly than
Subst Tests
controls
effective
(CR =Low)
extensive
Subst Tests
ToClimit subst tests =>
analytical procedures
controls
ineffective
(CR = MAX)
Must do extensive Subst Tests
![Page 96: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/96.jpg)
96
• Understand internal controls– Document understanding– Evaluate the design of the controls
• Preliminarily assess control risk– Document prelim CR assessment
• If CR < Low & $ToC < $Sub$t Tests – Design and perform ToC– Document results of ToC and CR assessment– Design and perform limited Subst Tests– Document results of Subst Tests
• If CR = Max or $Sub$t < $ToC– Design and perform extensive Subst Tests– Document results of Subst Tests
![Page 97: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/97.jpg)
97
for public companiesSEC companies
covered by Sarbanes-Oxley
![Page 98: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/98.jpg)
98
![Page 99: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/99.jpg)
99
Joyce
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
How will you preliminarily assess CR
![Page 100: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/100.jpg)
100
Maria
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
You preliminarily assess CR = Low
Which audit approach will you take?
![Page 101: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/101.jpg)
101
Mitch
You believe it would cost less to perform
Tests of Contols than $ubstantive Test$
which audit approach will you take ?
![Page 102: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/102.jpg)
102
Abhinav
Which types of procedures will you perform
evaluate design effectiveness
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures test of details of account balances none limited extensive
![Page 103: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/103.jpg)
103
Albert
You believe it would cost less to perform
$ubstantive Test$ than Tests of Contols
which audit approach will you take ?
![Page 104: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/104.jpg)
104
Emily
Which types of procedures will you perform
evaluate design effectiveness
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
![Page 105: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/105.jpg)
105
Hailey
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
How will you preliminarily assess CR ?
![Page 106: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/106.jpg)
106
Jesse
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
You preliminarily assess CR = High
Which audit approach will you take?
![Page 107: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/107.jpg)
107
Jordan
You believe it would cost less to perform
Does it matter which types of tests are least expensive?
which audit approach will you take ?
![Page 108: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/108.jpg)
108
Phil
Which types of audit tests will you perform
evaluate design effectiveness
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balance none limited extensive
![Page 109: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/109.jpg)
109
preliminarily
assess
Subst Tests
Less costly than
ToC
ToC
Less costly than
Subst Tests
controls effective
(CR < Low)
ToCcan limit subst testsanalytical procedures
ToCcan limit subst testsanalytical procedures
controls
ineffective(CR = MAX)
must do some ToC
Extensive Subst TestsTests of Details
must do some ToC
Extensive Subst TestsTests of Details
![Page 110: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/110.jpg)
110
• Understand internal control structure– Document understanding– Evaluate the Design Effectiveness of ICS
• Design and perform ToC to assess CR– Document results of ToC – and CR assessment
• If CR > Low – Design and perform extensive Subst Tests– Document results of Subst Tests
![Page 111: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/111.jpg)
111
Audit DocumentationWorkpapers
Must document
Record of compliance with GAAS
![Page 112: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/112.jpg)
112
![Page 113: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/113.jpg)
113
![Page 114: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/114.jpg)
114
![Page 115: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/115.jpg)
115
![Page 116: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/116.jpg)
116
AICPA
December 2006
109Statementon AuditingStandards
Understanding the Entity and its Environment andAssessing the Risks of MaterialMisstatement
![Page 117: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/117.jpg)
117
![Page 118: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/118.jpg)
118
Assessing CR < Max
![Page 119: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/119.jpg)
119
![Page 120: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/120.jpg)
120
Assessing control riskIdentify:• specific control objectives (assertions)• points in the flow of transactions where
specific types of misstatements could occur• specific controls procedures designed to
prevent or detect these misstatements• Evaluate the design of control procedures • perform tests of the operating effectiveness of
controls
![Page 121: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/121.jpg)
121
For each significant class of transactions
For each Management Assertion
we will need to assess CR
If we assess CR < Max for an Assertion
must identify a Control Procedure (strength)
Then design & perform a Test of Controls to see if that Procedure is effective
![Page 122: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/122.jpg)
122
preliminary assess of
control risk
final assessment of control risk
Occurrence low
Accuracy low
Completeness low
Cutoff max max
Classification max max
credit sales
![Page 123: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/123.jpg)
123
![Page 124: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/124.jpg)
124
Accounts receivableSales
occurrence
potential misstate
control activity
test of control results of ToC
evaluate
sales to unauthorized customers
customer on approved customer list
inspect list
approved sales
order examine approved sales order
goods may be released from warehouse for unauthorized orders
approved sales order for all goods released to shipping
observe warehouse person filling orders
goods shipped may not agree with goods ordered
shipping clerks agree goods received from warehouse with S.O.
signature of shipping clerk indicating he performed the check
![Page 125: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/125.jpg)
125
potential misstate
control activity
test of control results of ToC
evaluate
unauthorized shipments made
prepare Shipping doc for each order
Inspect Ship Docs
billings may be made for ficititous transactions
matching S.D. and approved S.O. for each invoice
vouch invoices to S.D. and approved S.O.
duplicate billings may be made
matching S.D. and approved S.O. for each
vouch invoices to S.D. and approved S.O.
![Page 126: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/126.jpg)
126
potentialmisstate
controlactivity
test of control resultsof ToC
evaluate
fictitous sales maybe recorded
sales invoice andmatchingdocumentsrequired for allentries
vouch recordedsales tosupportingdocuments
invoices may beposted to the wrongcustomers accounts
mail monthlystatements tocustomers withindependentfollowup oncustomercomplaints
observe mailingand followupprocedures
![Page 127: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/127.jpg)
127
potential misstate
control activity
test of control results of ToC
evaluate
goods shipped may not agree with goods ordered
shipping clerk agrees goods received from warehouse to approved S.O.
signature of shipping clerk indicating he agreed goods to S.O.
some shipments may not be billed
matching sales invoice for each S.D.
trace S.D. to invoices
billings may be made for ficititous transactions
periodic accounting for all S.D.
observe procedure re-perform
Accounts receivableSales
completeness
![Page 128: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/128.jpg)
128
potentialmisstate
controlactivity
test of control resultsof ToC
evaluate
invoices may not bejournalized orposted to customeraccounts
agree salesjournal entriesand amountsposted tocustomeraccounts withcontrol totals ofinvoices
review evidenceof independentcheck
trace incoices tosales journal andcustm\omeraccounts
periodicaccounting for allsales invoices
observe procedure
re-perform
invoices may beposted to the wrongcustomer accounts
mailing ofmonthlystatements andfollowup oncustomercomplaints
observe mainlingand followupprocedures
![Page 129: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/129.jpg)
129
potential misstate
control activity
test of control results of ToC
evaluate
sales may be made without credit approval
check on customer’s credit prior to each sale
examine evidence of credit limit check on each sale
sales invoices may have incorrect prices
check pricing of invoices
reperform check on accuracy of pricing
fictitous sales may be recorded
sales invoice and matching documents required for all entries
vouch recorded sales to supporting documents
Accounts receivableSales
accuracy
![Page 130: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/130.jpg)
130
potential misstate
control activity
test of control results of ToC
evaluate
invoices may not be journalized or posted to customer accounts
agree entries in sales journal and amounts posted to customer accounts with control totals of invoices
review evidence of independent check trace sales invoices to sales journal and customer accounts
invoices may be mailed to wrong customer account
mailing of montly statements with followup on customer complaints
observe mailing and followup procedures
![Page 131: 1 chapter 10 Section 404 Audits Sarbanes-Oxley Act section 404](https://reader030.vdocuments.us/reader030/viewer/2022032607/56649ec55503460f94bd026c/html5/thumbnails/131.jpg)
131
Assess control riskIdentify:• significant classes of transactions• objectives assertions• points where errors or fraud could occur• specific controls that would prevent or detect
these errors • Link specific controls with the assertions to
which they relate• Evaluate the design of the control• Test the operating effectiveness of the control