1
chapter 10
Section 404 Audits
Sarbanes-Oxley Act section 404
2
Societe Generale
• junior trader gambled more than the entire net worth of the bank
3
JP Morgan Chase
4
National Commission on Fraudulent Financial Reporting
the “Treadway Commission” 1987
Committee of Sponsoring Organizations
“COSO”
5
COSO
Committee of Sponsoring Organizationsorganizations that sponsored the Treadway Commission
American Institute of Certified Public Accountants
American Accounting Association
Institute of Internal Auditors
Institute of Management Accountants
Financial Executives Institute
6
Mandeep
how does COSO define internal controls ?
7
COSO internal controls day 1 handout
Internal control is a process, effected by those charged with governance, management, and other personnel that is designed to provide reasonable assurance about the achievement of the entity’s objectives with regard to the
• reliability of financial reporting• effectiveness and efficiency of operations• compliance with applicable laws and regulations
8
Foreign Corrupt Practices Act
1977
any corporation that has a class of securities registered, or that is required to file reports under the Securities and Exchange Act of 1934
9
U.S. CodeTITLE 15--COMMERCE AND TRADE
CHAPTER 2BSECURITIES EXCHANGES
10
(2) Every issuer pursuant to section 78l or … shall–
(A)make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;
(B) devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that–
(i) transactions are executed in accordance with management's general or specific authorization;
(ii) transactions are recorded as necessary
(I) to prepare financial statements in conformity with GAAP,
(II) to maintain accountability for assets;
(iii) access to assets is permitted only in accordance with management's general or specific authorization; and
(iv) the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences; and
11
Sarbanes-Oxley Act 2002
§ 7262. Management assessment of internal controls
(a) Rules required The Commission shall prescribe rules requiring …. an internal control report, which shall—
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure ...
(b) Internal control evaluation and reporting …, each registered public accounting firm that …issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer.
12
PCAOB auditor’s report on internal control
We have audited internal control over financial reporting as of Dec. 31, 2013, based criteria established in Internal Control - Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). MMC’s management is responsible for maintaining effective internal control over financial reporting, and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the company's internal control over financial reporting based on our audits.
We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board. Those standards require that we plan and perform the audits to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audits of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances. We believe that our audits provide a reasonable basis for our opinion.
A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted
accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
In our opinion, MMC maintained, in all material respects, effective internal control over financial reporting as of December 31, 2013, based on COSO criteria.
13
Rachel
Which section of the auditing standards most directly discusses internal controls?
14
Johanna
Why are auditors required to understand the client’s internal controls?
15
.03 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.
AU-C 315 Understanding the Entity & Its Environment &
Assessing RoMM
16
Brianna
what is the definition of control risk?
17
Control Risk
The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will
not be prevented, or detected and corrected, on a timely basis by the entity's internal control.
18
Denise
Discuss reasonable assurance.
19
Reasonable Assurance
Reasonable assurance. In the context of an audit of financial statements, a high, but not absolute, level of assurance.
20
Clint
Under Sarbanes-Oxley management must report on the effectiveness of the company’s internal controls.
With Regard to Internal Controls,
what STATEMENTS must MANAGEMENT include in their annual report ?
21
Section 404 of Sarbanes-Oxley
management must make the following statements page 159
1 management is responsible for effective internal controls over financial reporting
2 management’s assessment of the effectiveness of the internal controls
3 the framework used to evaluate the effectiveness of the internal controls
22
Evaluate the Effectiveness
1 management must evaluate the design of internal controls
2 management must test the operating effectiveness of those controls
23
Erin
what framework will management use to evaluate the effectiveness of internal controls?
24
Joseba
In the standard unmodified audit report
What is management’s responsibility with regard to the financial statements?
25
Management’s Responsibilty
Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
26
Controls over Sig Classes of Transactions
27
AU-C 315
The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control,
28
Page 160 (Design of Internal Control)
Risks related to all relevant assertions
Evaluating Significant classes of transactions
Identify points in the transactions where material misstatements could occur
Identify how each significant class of transactions–Initiated–Authorized–Recorded–Processed through the accounting system–Reported in the financial statements and disclosures
29
AU-c 315.84 the accounting system
Procedures and records designed to Initiate, authorize, record, process, and report entity transactionsMaintain accountability for the assets, liabilities & equity
Transfer information to the general ledger
Capture information other than transactions that is relevant to the financial statements. e.g. depreciation and amortization of assets, changes in the recoverability of receivables.
Ensure information that is required to be disclosed is accumulated, recorded, processed, summarized, and appropriately reported in the financial statements.
transactions
disclosures
adjusting journal entries
30
Makinzie
In the standard unmodified audit reportWhat is the auditor’s responsibility?
31
Auditor’s Responsibilty
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit
in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial
statements. The procedures selected depend on the auditor's judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity's preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's internal control. Accordingly, we express no such
opinion. An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
32
Auditors must document their understanding
33
page 160/169
The classes of transactions that are significant
Procedures by which those transactions are: Initiated, authorized & recordedwhat accounting records exist, Processed through the accounting system into the GL, and
reported in the financial statements.
How the info system captures other events that are significant to the financial statements
Reporting process used to prepare the financial statements, including significant estimates and disclosures.
34
Naomi
COSO – 5 components of internal control
what are the five components of the internal control framework ?
35
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures
4.Information and communication
5.Monitoring
36
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures4. Info & Comm --- Accounting System is part of
5.Monitoring
37
1. Control environment
• management’s integrity and ethical values • commitment to competence• board of directors and audit committee• management’s philosophy & operating style • organizational structure• human resource policies and practices
page 163
38
1. Control environment – Audit Committee
Bd of Directors - Audit Committee – Outside Directors
• Appointment of auditors• Resolve differences between
management and auditors• Oversight of internal audit• Approval of non-audit services by auditor
page 163
39
COSO components of internal controls
1.Control environment
2.Risk Assessment (p 165) 3.Control procedures
4.Information and communication
5.Monitoring
40
2. Risk assessmentHow does the audit client manage risk?
Internal control is a process, effected by those charged with governance, management and other personnel that is designed to provide reasonable assurance about the achievement of the entity’s objectives in the following three categories:
Focus o
n risk
oversig
ht
page 89
41
Saul
what can you assume when the Expected Rate of Return for an investment or project exceeds the interest rate on gov’t insured savings accounts ?
42
business is about managing risk
otherwise companies should invest their money in gov’t insured savings accounts
companies invest in risky assets and the auditors must understand how the company manages risks to convert those assets into cash receipts
43
COSO Enterprise Risk Management
1. Internal environment
2. Objective Setting
3. Event identification
4. Risk assessment
5. Risk response
6. Control activities procedures
7. Information and communication
8. Monitoring
44
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures4.Information and communication
5.Monitoring
45
3. Control Procedures
Adequate segregation of dutiesProper authorization of transactions & activities
Adequate documents & records
Physical controls over assets & records
Independent checks on performance
46
page 160/169
The classes of transactions that are significant
Procedures by which those transactions are: Initiated, authorized & recorded what accounting records exist, Processed through the accounting system into the GL, and
reported in the financial statements.
How the info system captures other events that are significant to the financial statements
Reporting process used to prepare the financial statements, including significant estimates and disclosures.
47
3. Control Procedures
Must separate p. 166
Custody of Assets from Accounting (Record-Keeping)
Authorization of Trx from Custody of Related Assets
Operational Responsibility from Record-Keeping
IT Duties from User Departments
48
3. Control Procedures
Must separate
Custody of Assets
Authorization of Transactions involving those assets
Record-Keeping
49
3. Control Procedures
Adequate documents and records
Pre-numbered documents
1. Checks
2. Purchase orders
3. Shipping documents
50
check no. 2228
Dec. 31 2014
Pay to: Cuesta Hardware $1,500.00
check no. 2229
Dec. 31 2014
Pay to: Lubricant Supply $875.00
check no. 2230
Dec. 31 2014
Pay to: The Electric Warehouse $970.00
check no. 2231
Dec. 31 2014
Pay to: Parts Supply Co. $625.00
six hundred and twenty-five Dollars
Tad Miller
51
Cash Disbursements Journal
date check written to amount total no. disbursed
30-Dec 2,700.0031-Dec 2228 Cuesta Hardware 1,500.00 4,200.0031-Dec 2230 The Electric Warehouse 970.00 5,170.0031-Dec 2231 Parts Supply Co 625.00 5,795.00
where is check 2229 to Lubricant Supply
52
Stephanie
if you discover a check that was not recorded
to which financial statement assertion does an unrecorded check relate ?
53
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures
4.Information and communication
5.Monitoring
54
4. Information & Communication / Monitoring
• Account balances are used to prepare external financial statements
• Internal reports are part of management’s feedback for Monitoring operations
55
COSO components of internal controls
1.Control environment
2.Risk assessment
3.Control procedures
4.Information and communication
5.Monitoring
56
5. Monitoring
• Internal audit
• Compare reports with your knowledge of the business
• Customer complaints
• Vendor complaints
• Regulators’ reports
• Periodic reconciliations
57
Understanding Internal Controls
Obtain an understanding of internal controls
The design of internal controls
Document understanding
Assess Control Risk (preliminary)
Test Operating Effectiveness of controls
Assess Control Risk (after ToC’s)
58
page 160/169
The classes of transactions that are significant
Procedures by which those transactions are: Initiated, authorized & recorded what accounting records exist, Processed through the accounting system into the GL, and
reported in the financial statements.
How the info system captures other events that are significant to the financial statements
Reporting process used to prepare the financial statements, including significant estimates and disclosures.
59
How –gain an understanding Internal Controls
Internal Control Questionnaire p. 172
Prior year’s work papers p. 174
Inquiries of client
Examine documents
Observe activities – Perform Walkthroughs
60
Internal Controls Questionnaire p. 173
A. Recorded sales are for shipments actually made to existing customers
B. Existing sales transactions are recorded
C. Recorded sales are for the amount of goods shipped and are correctly billed and recorded
D. Sales transactions are properly included in master files and correctly summarized
E. Recorded sales transactions are properly classified
F. Sales are recorded on the correct dates
61
Internal Controls Questionnaire p. 173 (62-161)-176-207-252
A. Recorded sales are for shipments actually made to existing customers
B. Existing sales transactions are recorded
C. Recorded sales are for the amount of goods shipped and are correctly billed and recorded
D. Sales transactions are properly included in master files and correctly summarized
E. Recorded sales transactions are properly classified
F. Sales are recorded on the correct dates
Occurrence
Completeness
Accuracy
Classification
Cutoff
62
Page 59
63
Document- our understanding of Internal Controls
Internal Control Questionnaire p. 173
Narative
Flowchart
64
Must assess Control Risk
•for each fin statement assertion
•for each sig class of transaction
65
Control Risk Matrix p. 176
Look at the headings of the columns
Audit Objectives / Assertions
Must have a control(s) in place for each assertion / objective
66
67
p. 252see p. 176Control Risk Matrix
68
Tests of Controls
if a control is well designed
test if control is operating effectively
69
Internal Control Communications
70
Adrian
what is a Control Deficiency?
page 176 ---
look at the last 2 lines in Figure 5
71
72
Control deficiency (day one handout)
when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis
73
Control deficiency
if a control is not properly designed
Or well designed control may not operate as designed
or the person performing the control is not sufficiently qualified
74
Alyxandria
what is a Material Weakness in internal control?
75
Material weakness
A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of
the entity's financial statements will not be prevented, or detected and corrected, on a timely basis.
76
David
what is a Significant Deficiency in internal control ?
77
Significant deficiency
A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
78
Material weaknessFigure 6 materialpage 272
MaterialWeakness
Likelihood
ReasonablyPossible
immaterial
ProbableRemote
79
Communications regarding Internal Control
Reportable Conditions
significant deficiencies
material weaknesses
Those charged with governance of the company
audit committee
board of directors
senior management
80
Effectiveness of Internal Controls
andAudit Approaches
81
82
for private companiesnon-SEC companies
not covered by Sarbanes-Oxley
83
Emmanuel
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
How will you preliminarily assess CR ?
84
Kyle
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
You preliminarily assess CR = High
Which audit approach will you take?
85
Laura
You believe it would cost less to perform
Tests of Contols than $ubstantive Test$
which audit approach will you take ?
86
Lauren
Which types of audit tests will you perform
evaluate design of controls
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
87
Raquel
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
How will you preliminarily assess CR ?
88
Sumner
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
You preliminarily assess CR = Low
Which audit approach will you take?
89
Ariana
You believe it would cost less to perform
Tests of Contols than $ubstantive Test$
which audit approach will you take ?
90
Haley
Which types of audit tests will you perform
evaluate design of controls
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
91
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
92
Iris
You believe it would cost less to perform
$ubstantive Test$ than Tests of Contols
which audit approach will you take ?
93
Jake
Which types of audit tests will you perform
evaluate design of controls
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
94
for private companiesnon-SEC companies
not covered by Sarbanes-Oxley
95
preliminarily
assess
Subst Tests
Less costly than
ToC
ToC
Less costly than
Subst Tests
controls
effective
(CR =Low)
extensive
Subst Tests
ToClimit subst tests =>
analytical procedures
controls
ineffective
(CR = MAX)
Must do extensive Subst Tests
96
• Understand internal controls– Document understanding– Evaluate the design of the controls
• Preliminarily assess control risk– Document prelim CR assessment
• If CR < Low & $ToC < $Sub$t Tests – Design and perform ToC– Document results of ToC and CR assessment– Design and perform limited Subst Tests– Document results of Subst Tests
• If CR = Max or $Sub$t < $ToC– Design and perform extensive Subst Tests– Document results of Subst Tests
97
for public companiesSEC companies
covered by Sarbanes-Oxley
98
99
Joyce
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
How will you preliminarily assess CR
100
Maria
After evaluating the design of the controls you believe the client’s controls would prevent, or detect and correct misstatements if properly implemented
You believe they would be Effective if implemented
You preliminarily assess CR = Low
Which audit approach will you take?
101
Mitch
You believe it would cost less to perform
Tests of Contols than $ubstantive Test$
which audit approach will you take ?
102
Abhinav
Which types of procedures will you perform
evaluate design effectiveness
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures test of details of account balances none limited extensive
103
Albert
You believe it would cost less to perform
$ubstantive Test$ than Tests of Contols
which audit approach will you take ?
104
Emily
Which types of procedures will you perform
evaluate design effectiveness
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balances none limited extensive
105
Hailey
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
How will you preliminarily assess CR ?
106
Jesse
After evaluating the design of the controls you do not believe the client’s controls would prevent, or detect and correct misstatements even if properly implemented
You believe the controls are INeffective
You preliminarily assess CR = High
Which audit approach will you take?
107
Jordan
You believe it would cost less to perform
Does it matter which types of tests are least expensive?
which audit approach will you take ?
108
Phil
Which types of audit tests will you perform
evaluate design effectiveness
Tests of Controlstest operating effectiveness none some extensive
Substantive Testsanalytical procedures
test of details of account balance none limited extensive
109
preliminarily
assess
Subst Tests
Less costly than
ToC
ToC
Less costly than
Subst Tests
controls effective
(CR < Low)
ToCcan limit subst testsanalytical procedures
ToCcan limit subst testsanalytical procedures
controls
ineffective(CR = MAX)
must do some ToC
Extensive Subst TestsTests of Details
must do some ToC
Extensive Subst TestsTests of Details
110
• Understand internal control structure– Document understanding– Evaluate the Design Effectiveness of ICS
• Design and perform ToC to assess CR– Document results of ToC – and CR assessment
• If CR > Low – Design and perform extensive Subst Tests– Document results of Subst Tests
111
Audit DocumentationWorkpapers
Must document
Record of compliance with GAAS
112
113
114
115
116
AICPA
December 2006
109Statementon AuditingStandards
Understanding the Entity and its Environment andAssessing the Risks of MaterialMisstatement
117
118
Assessing CR < Max
119
120
Assessing control riskIdentify:• specific control objectives (assertions)• points in the flow of transactions where
specific types of misstatements could occur• specific controls procedures designed to
prevent or detect these misstatements• Evaluate the design of control procedures • perform tests of the operating effectiveness of
controls
121
For each significant class of transactions
For each Management Assertion
we will need to assess CR
If we assess CR < Max for an Assertion
must identify a Control Procedure (strength)
Then design & perform a Test of Controls to see if that Procedure is effective
122
preliminary assess of
control risk
final assessment of control risk
Occurrence low
Accuracy low
Completeness low
Cutoff max max
Classification max max
credit sales
123
124
Accounts receivableSales
occurrence
potential misstate
control activity
test of control results of ToC
evaluate
sales to unauthorized customers
customer on approved customer list
inspect list
approved sales
order examine approved sales order
goods may be released from warehouse for unauthorized orders
approved sales order for all goods released to shipping
observe warehouse person filling orders
goods shipped may not agree with goods ordered
shipping clerks agree goods received from warehouse with S.O.
signature of shipping clerk indicating he performed the check
125
potential misstate
control activity
test of control results of ToC
evaluate
unauthorized shipments made
prepare Shipping doc for each order
Inspect Ship Docs
billings may be made for ficititous transactions
matching S.D. and approved S.O. for each invoice
vouch invoices to S.D. and approved S.O.
duplicate billings may be made
matching S.D. and approved S.O. for each
vouch invoices to S.D. and approved S.O.
126
potentialmisstate
controlactivity
test of control resultsof ToC
evaluate
fictitous sales maybe recorded
sales invoice andmatchingdocumentsrequired for allentries
vouch recordedsales tosupportingdocuments
invoices may beposted to the wrongcustomers accounts
mail monthlystatements tocustomers withindependentfollowup oncustomercomplaints
observe mailingand followupprocedures
127
potential misstate
control activity
test of control results of ToC
evaluate
goods shipped may not agree with goods ordered
shipping clerk agrees goods received from warehouse to approved S.O.
signature of shipping clerk indicating he agreed goods to S.O.
some shipments may not be billed
matching sales invoice for each S.D.
trace S.D. to invoices
billings may be made for ficititous transactions
periodic accounting for all S.D.
observe procedure re-perform
Accounts receivableSales
completeness
128
potentialmisstate
controlactivity
test of control resultsof ToC
evaluate
invoices may not bejournalized orposted to customeraccounts
agree salesjournal entriesand amountsposted tocustomeraccounts withcontrol totals ofinvoices
review evidenceof independentcheck
trace incoices tosales journal andcustm\omeraccounts
periodicaccounting for allsales invoices
observe procedure
re-perform
invoices may beposted to the wrongcustomer accounts
mailing ofmonthlystatements andfollowup oncustomercomplaints
observe mainlingand followupprocedures
129
potential misstate
control activity
test of control results of ToC
evaluate
sales may be made without credit approval
check on customer’s credit prior to each sale
examine evidence of credit limit check on each sale
sales invoices may have incorrect prices
check pricing of invoices
reperform check on accuracy of pricing
fictitous sales may be recorded
sales invoice and matching documents required for all entries
vouch recorded sales to supporting documents
Accounts receivableSales
accuracy
130
potential misstate
control activity
test of control results of ToC
evaluate
invoices may not be journalized or posted to customer accounts
agree entries in sales journal and amounts posted to customer accounts with control totals of invoices
review evidence of independent check trace sales invoices to sales journal and customer accounts
invoices may be mailed to wrong customer account
mailing of montly statements with followup on customer complaints
observe mailing and followup procedures
131
Assess control riskIdentify:• significant classes of transactions• objectives assertions• points where errors or fraud could occur• specific controls that would prevent or detect
these errors • Link specific controls with the assertions to
which they relate• Evaluate the design of the control• Test the operating effectiveness of the control