What is internal controls?
The process designed and effected by the directors and others to enable the achievement of the entity objectives with regard to reliability of financial reporting.
What are the five components for internal control?
- Control environment
- Entities risk assessment process
- Information system relevant to financial reporting
- Control activities
- Monitoring of controls
What is the control environment?
Includes the attitude and philosophy of management with regard to control (commitment to integrity and ethical values, a formal organisation structure and proper training of staff)
What is the entities risk assessment process?
A more robust risk assessment process will reduce the risk of misstatement
What is information system relating to financial reporting?
The auditor should obtain an understanding of the information system including the relate business processes relevant to financial reporting
What are the 5 types of control activity?
- Performance reviews
- Information processing
- Physical controls
- Segregation of duties
What does the auditor need to do for internal controls?
Ascertain the system, document the system and evaluate the system.
What does the auditor do to ascertain the system?
Examine previous work Clients own documentation Interview client staff Walkthrough test Observe procedures
What does the auditor do to document the system?
Complete an internal control questionnaire
What does the auditor do to evaluate the system?
Use an internal control evaluation questionnaire
What does ICQ do?
List all possible controls for each area of the accounts; the clients system is examined to see which control exists
What does an internal control evaluation do?
Does not attempt to recored all controls, for each control objective, it asks for the controls which achieve that objective.
What is the auditors duty for external controls?
Assess the effectiveness of internal controls and reporting deficiencies in internal controls to those charge with governance
What does a management letter contain?
Covering letter, appendix
What is included in the covering letter?
Only cover deficiencies identified during the audit work, sole use of the company, no disclosure to third parties and no responsibility assumed to any other parties
What is included in the appendix?
Lists: Deficiencies, consequences, recommendations and space for managements response.