Flashcards in A3 (6) - Internal Control Deck (11):
1. Reliability of financial reporting.
2. Effectiveness and efficiency of operations.
3. Compliance with applicable laws and regulations
Components of Internal Control - Five
1. Control Environment
2. Risk Assessment
3. Information and Communication Systems:
5. Existing Control Activities
Summary of the Five Component of Internal Control
Auditor Consideration of Internal Control - COSO framework
The auditor does not need to understand each component with the same degree of detail in every case
Auditor Consideration of Internal Control - Identifying Controls Relevant to reliable Financial Reporting
1. Preventive Controls
2. Detective controls
Note:- The Auditor should focus the assessment of control risk on the entity's relevant controls.
Auditor Consideration of Internal Control - Evaluate the design and Implementation of internal control
Further to understand the five components, The auditor should be able to :-
1). Evaluate the design and implementation of relevant controls .
2). Determine whether internal controls have been implemented .
3). Perform procedures to obtain evidence about the design and implementation of internal controls.
4). Design the nature, extent, and timing of further audit procedures
Auditor Consideration of Internal Control - Walkthrough
a) Confirm the auditor's understanding of key elements of the entity's information processing system and internal controls
b). Evaluate the design of the relevant internal controls
c). Determine whether certain controls have been implemented
(1). Observe individuals performing their information processing and control procedures
(2) Re-perform the information processing or control procedures
(3) Inspect the relevant documents and accounting records
(4). Corroborate inquiry responses with others knowledgeable about the information processing and control procedures
Document the Understanding of Internal Control
2. Internal Control Questionnaires
4. An entity's procedures manuals
Information Technology on Internal Control
Automated controls are internal controls performed using IT and are more suitable for: High volume or recurring transactions.
General controls are policies and procedures that relate to many applications and include passwords. change management procedures, back/recovery systems, and administrative rights to the network.
Application controls are controls over input,processing, and output such as Administrative access rights, Automated edit checks of input data and Manual follow-ups of exception reports