INTERNAL CONTROL

1

• INTERNAL CONTROL
• AUDITING

2
THE DEMAND FOR AUDITING

• Why do organizations request an audit?
• It allows contracting to take place in an agency
  relationship
• Evidence supporting a demand for auditing without
  regulation
• Early Greece
• Extensive non-regulated audit

3
AUDITING, ATTESTATION, AND ASSURANCE SERVICES

• AUDITING (broadly defined) is a systematic
  process of objectively obtaining and evaluating
  evidence regarding assertions about economic
  actions and events to ascertain the degree of
  correspondence between those assertions and
  established criteria and communicating the
  results to interested parties.

4
AUDITING, ATTESTATION, AND ASSURANCE SERVICES

• ATTESTATION occurs when a practitioner is engaged
  to issue or does issue a written communication
  that expresses a conclusion about the reliability
  of a written assertion that is the responsibility
  of another party.

5
AUDITING, ATTESTATION, AND ASSURANCE SERVICES

• Examples
• The effectiveness of internal control
• Financial information other than the financial
  statements
• Future-oriented financial information
• Compliance with statutory, regulatory, or
  contractual obligations
• Managements discussion and analysis

6
THE RELATIONSHIP BETWEEN AUDITING, ATTESTATION,
AND ASSURANCE SERVICES
Auditing
Attestation
Assurance
7
TYPES OF AUDITS

• Financial statements audits
• Compliance audits
• Operational audits
• Comprehensive audits
• Forensic audits

8
Types of Audits

• Audit of financial statements
• Are statements fairly presented?
• Conducted by independent (external) auditors,
  e.g., a public accounting firm.
• Compliance Audit
• Is the organization complying with a set of
  rules?
• May be conducted by government auditors, e.g.,
  Canada Customs Revenue Agency, Auditor General of
  Canada.

9
Types of Audits

• Operational Audits
• Is the organization efficient and effective?
• Usually conducted by internal auditors
• Comprehensive Audits
• Covers all aspects of the organization
• Forensic Audit
• Usually due to fraud etc.

10
TYPES OF AUDITORS

• External auditors
• Internal auditors
• Government auditors
• Forensic auditors

11
Important Characteristics of a Financial Audit
1. Auditors are independent of client management
external auditors
client management
12
Important Characteristics of a Financial Audit
2. Auditors base their opinions on the results of
selective testing




















13
Important Characteristics of a Financial Audit
3. An audit is directed toward the discovery of
material misstatements regardless of their
cause
14
Important Characteristics of a Financial Audit
4. Auditors form opinions regarding the fairness
of financial statements - auditors are never
absolutely certain
opinion guarantee
15
Important Characteristics of a Financial Audit
5. Auditors report on financial statements
as a whole - not on individual items
16
Important Characteristics of a Financial Audit
6. Auditors are concerned with financial
presentation - NOT the clients financial
stability or the wisdom of client management
17
Types of Audit Reports
- Unqualified - statements present fairly
18
Types of Audit Reports
- Qualified - except for one or more
exceptions, statements present fairly
19
Qualified Audit Report(GAAP Departure)

• Same introductory paragraph
• Same scope paragraph
• Explanatory third paragraph including -effect

In our opinion, except for the effects of ..., as
discussed in the preceding paragraph, the
financial statements present fairly, in all
material respects, the financial position of
Ace Company as of December 31, 2006 and the
results of its operations and the changes in its
financial position for the year then ended in
accordance with generally accepted accounting
principles.
20
Qualified Audit Report(Scope Limitation)

• Same introductory paragraph
• Except as explained in the following paragraph, I
  conductedmy audit in accordance with generally
  accepted auditing
• standards...
• Explanatory third paragraph

In our opinion, except for the effects of
adjustments, if any,which I might have
determined to be necessary had I been able to
... as discussed in the preceding paragraph, the
financial statements present fairly, in all
material respects, the financial position of Ace
Company as of December 31, 2006 and the results
of its operations and the changes in its
financial position for the year then ended in
accordance with generally accepted accounting
principles.
21
Types of Audit Reports
- Adverse - statements do not present fairly
22
Adverse Audit Report

• Same introductory paragraph
• Same scope paragraph
• Explanatory third paragraph including -effect

In our opinion, because ... as explained in the
preceding paragraph, the financial statements do
not present fairly the financial position of Ace
Company as at December 31, 2006 and the results
of its operations and the changes in
its financial position for the year then ended in
accordance with generally accepted accounting
principles.
23
Types of Audit Reports
- Denial - no opinion
24
Denial(Scope Restriction)

• Same introductory paragraph
• Except as explained in the following paragraph,
  we
• conducted our audit in accordance with generally
  accepted
• auditing standards...
• Explanatory third paragraph including -effect

In view of the possible material effects on the
financial statements of the matters described in
the preceding paragraph, we are unable to
express an opinion whether these financial
statements are presented fairly in accordance
with generally accepted accounting principles.
25
Steps in audit planning
obtain information about clients
legal obligations
perform preliminary analytical procedures
obtain background information
26
The phrase reasonable assurance in the audit
report indicates that there is some audit risk.
Scope paragraph We conducted our audit in
accordance with generally accepted auditing
standards. Those standards require that we plan
and perform the audit to obtain reasonable
assurance about whether the financial statements
are free of material misstatement...
27
Scope paragraph We conducted our audit in
accordance with generally accepted auditing
standards. Those standards require that we plan
and perform the audit to obtain reasonable
assurance about whether the financial statements
are free of material misstatement...
28
(No Transcript)
29
98
30
98
31
INTERNAL CONTROL

• Internal control is a process effected by an
  entity's board of directors, management and other
  personnel, that is designed to provide reasonable
  assurance regarding the achievement of objectives
  in the following categories
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations.

32
THE EFFECT OF ENTITY SIZE ON INTERNAL CONTROL

• The size of the entity may affect how the various
  components of internal control are implemented.
• For example, in a small entity, the
  owner-managers involvement in day-to-day
  activities can provide a highly effective control
  that identifies risks that may affect the entity
  and monitors activities.

33
UNDERSTANDING THE COMPONENTS OF INTERNAL CONTROL

• The auditor must understand the five components
  of internal control
• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring

34
Key Internal Control Concepts

• Internal control is the clients responsibility
  and should be designed to help the client attain
  goals
• Internal control should provide reasonable but
  not absolute assurance cost/benefit must be
  considered
• Internal control has inherent limitations (e.g.,
  misunderstandings, mistakes, fatigue,
  carelessness, collusion, management override)

35
Employees are the critical component of effective
internal control.
With competent, trustworthy, motivated personnel,
even a poorly designed system of internal control
may function adequately.
36
With competent, trustworthy, motivated personnel,
even a poorly designed system of internal control
may function adequately.
Without such personnel, even a well- designed
system will probably fail.
37
Categories of Control Procedures
1. Adequate segregation of duties - separate
custody of assets from accounting
The Controller
38
Categories of Control Procedures
1. Adequate segregation of duties - separate
custody of assets from authorization of
transactions
As custodian of the corporate auto fleet, I
hereby authorize retire- ment of auto
43 because of obso- lescence.
43
Joe
39
Categories of Control Procedures
1. Adequate segregation of duties separate
operational responsibility from record keeping
responsibility
Example Ace company has two plants one in Great
Britain and one in Canada. Management is deciding
whether the plant controllers should report
directly to the plant managers or the corporate
vice president of finance.
40
V.P.- production
V.P.- finance
plant manager
plant manager
plant controller
plant controller
Which arrangement creates a potential conflict of
interest?
plant manager
plant controller
plant controller
plant controller
41
V.P.- production
V.P.- finance
plant manager
plant manager
plant controller
plant controller
If the plant controller reports directly to
the plant manager, a potential conflict of
interest exists. In an effort to make that
plants results appear favourable, the plant
manager may at- tempt to influence the plant
controller.
42
What kind of company typically has difficulty
accomplishing adequate segregation of duties?
43
What kind of company typically has difficulty
accomplishing adequate segregation of duties?
Small companies frequently have difficulty with
segregation of duties because of fewer employees
and cost constraints.
44
What is collusion?
45
What is collusion?
Collusion is the defeat of adequate separation
of duties wherein Employees cooperate to
perpetrate fraud.
...were agreed. Well be rich be- yond our
wildest dreams!
46
What is the most effective way to prevent
collusion?
47
What is the most effective way to prevent
collusion?
Hire competent, trustworthy, motivated personnel.
48
Why is collusion particularly troublesome for
auditors?
49
Why is collusion particularly troublesome for
auditors?
Competent, untrustworthy, motivated personnel
often know how to conceal their fraud.
50
Categories of Control Procedures
2. Proper authorization of transactions and
activities - general authorization
management establishes authorization
policies
51
Categories of Control Procedures
2. Proper authorization of transactions and
activities specific authorization management
makes authorizations on a case-by-case basis.
Im the president and I want to approve every
cash payment!
52
Categories of Control Procedures

• 3. Adequate documents and records should provide
  reasonable assurance that all assets are properly
  controlled and all transactions are
  correctly recorded.
• Document Guidelines
• Document should be prepared during or soon after
  the related transaction
• Documents should be understandable and correctly
  designed (including routing and authorization
• Documents should be prenumbered and accounted for
• Documents should be designed for multiple
  purposes

53
Categories of Control Procedures
4. Adequate safeguards over assets and records -
physical locking rooms,fenced areas, fireproof
safes, safety deposit boxes, security
guardsaccess backup files and recovery
54
Categories of Control Procedures
5. Independent checks on performance
Segregation of duties is the least expensive
method of performing independent checks. Those
reviewing performance should be independent of
those performing a task