audit ch 10[1] maryoom

8/13/2019 Audit Ch 10[1] Maryoom

http://slidepdf.com/reader/full/audit-ch-101-maryoom 1/29

ControlEnvironmen

t

RiskAssessment

ControlActivities

Information

andCommunication

Monitoring

Objective 3

By:



ontrolEnvironme

nt• The control environment consists of the actions, policies,

and procedures that reflect the overall att i tudes of top

management, directors, and owners of an entity about

internal control and its importance to the entity.

• To understand and assess the control environment, auditors

shou ld consider the most important control subcomponents.



C o n t r o l E n v

i r o n m

e n t

Integrity and ethicalvalues

Commitment tocompetence

Board of directorsor audit committee

participation

• are the product of the

entity’s ethical and behavioral

standards, as well as how they

are communicated and

reinforced in practice.

• Competence is the knowledge

and skills necessary to

accomplish tasks that define an

individual’s job.

• The board of directors is

essential for effective corporategovernance because it has

ultimate responsibility to make

sure management implements

proper internal control and financial

reporting processes.



Management’sphilosophy

and operating style

Human resource

policies andpractices

Organizational

structure



ControlEnvironmen

t

ControlActivities

Information

andCommunication

Monitoring



This is management’s assessment of the

risk factors related to the preparation of

the financial statements inconformity withappropriate accounting standards.



Risk Assessment

Identifyfactors that

mayincrease

risk

Estimatethe

significance

of the risk

Assess thelikelihoodof the risk

occurring

Determineactions

necessaryto manage

the risk



ControlEnvironmen

t

RiskAssessment

Information

andCommunication

Monitoring

3



Control activities are the policies and procedures

that help ensure that necessary actions are

taken to address risks to the achievement of theentity’s objectives.

Adequate

separation ofduties

Properauthorization of

transactions andactivities

Adequate

documents andrecords

Physical controlover assets and

records

Independentchecks on

performance



10-11

Custody of assets

Authorizationof transactions

Operational

responsibility

IT duties

from

from

from

from

Accounting

The custody ofrelated assets

Record-keeping

responsibility

User departments



Transaction Approval

Policies

General AuthorizationManagement establishes policies andsubordinates are instructed to implement

these general authorizations by approvingall transactions within the limits set by thepolicy.

Specific authorization applies to

individual transactions.



Documents and records are the records upon

which transactions are entered and

summarized.



Documents and records should be:

Prenumbered consecutively

Prepared at the time of transaction

Designed for multiple use

Constructed to encourage correct preparation



To maintain adequate internal control, assets

and records must be protected.

The most important type of protective measure for

safeguarding assets and records is the use of physical

precautions



The need for independent checks arises

because internal control tends to change overtime, unless there is frequent

review.

C



ControlEnvironmen

t

RiskAssessment

ControlActivities

Information

andCommunication

Monitoring

4

C t l



ControlEnvironmen

t

RiskAssessment

ControlActivities

Information

andCommunication

5



10-21

Identify factors that may increase risk

Estimate the significance of the risk

Assess the likelihood of the risk occurring

Determine actions necessary to manage the risk



10-

22

1. Adequate separation of duties

2. Proper authorization of transactions and activities

3. Adequate documents and records

4. Physical control over assets and records

5. Independent checks on performance



10-

23

Custody of assets

Authorization

of transactions

Operationalresponsibility

IT duties

from

from

from

from

Accounting

The custody of

related assets

Record-keepingresponsibility

User departments



10-

24

Transaction Approval Policies

General

Authorization

Specific

Authorization



10-

25

Prenumbered consecutively

Prepared at the time of transaction

Designed for multiple use

Constructed to encourage correct preparation



10-

26

The most important type of protective

measure for safeguarding assets and

records is the use of physical precautions.



10-

27

The need for independent checks arises

because internal control tends to change

over time, unless there is frequent

review.



10-

28

The purpose of an accounting information

and communication system

Initiate

Record

Process

Reporttransactions

Maintain

Accountabilityfor Related Assets



10-

29

Monitoring activities deal with management’s

ongoing and periodic assessment of the

quality of internal control performance…

to determine whether controls are operating

as intended and modified when needed.