A3 (6) - Internal Control Flashcards Preview

AUD > A3 (6) - Internal Control > Flashcards

Flashcards in A3 (6) - Internal Control Deck (11):

Entity Objectives

1. Reliability of financial reporting.
2. Effectiveness and efficiency of operations.
3. Compliance with applicable laws and regulations


Components of Internal Control - Five

1. Control Environment
2. Risk Assessment
3. Information and Communication Systems:
4. Monitoring
5. Existing Control Activities


Summary of the Five Component of Internal Control

See Table


Auditor Consideration of Internal Control - COSO framework

The auditor does not need to understand each component with the same degree of detail in every case


Auditor Consideration of Internal Control - Identifying Controls Relevant to reliable Financial Reporting

1. Preventive Controls
2. Detective controls

Note:- The Auditor should focus the assessment of control risk on the entity's relevant controls.


Auditor Consideration of Internal Control - Evaluate the design and Implementation of internal control

Further to understand the five components, The auditor should be able to :-
1). Evaluate the design and implementation of relevant controls .

2). Determine whether internal controls have been implemented .

3). Perform procedures to obtain evidence about the design and implementation of internal controls.

4). Design the nature, extent, and timing of further audit procedures


Auditor Consideration of Internal Control - Walkthrough

a) Confirm the auditor's understanding of key elements of the entity's information processing system and internal controls

b). Evaluate the design of the relevant internal controls

c). Determine whether certain controls have been implemented


Walkthrough procedures

(1). Observe individuals performing their information processing and control procedures
(2) Re-perform the information processing or control procedures
(3) Inspect the relevant documents and accounting records
(4). Corroborate inquiry responses with others knowledgeable about the information processing and control procedures


Document the Understanding of Internal Control

1. Flowcharts
2. Internal Control Questionnaires
3. Narratives
4. An entity's procedures manuals


Information Technology on Internal Control

Automated controls are internal controls performed using IT and are more suitable for: High volume or recurring transactions.

General controls are policies and procedures that relate to many applications and include passwords. change management procedures, back/recovery systems, and administrative rights to the network.

Application controls are controls over input,processing, and output such as Administrative access rights, Automated edit checks of input data and Manual follow-ups of exception reports


IT Benefits and Risks

Benefits :-
a. The ability to process large volumes of transactions and data accurately and consistently.
b. Improved timeliness and availability of information.
c. Facilitation of data analysis.
d. Reduction in the risk that controls will be circumvented

a. Potential reliance on inaccurate systems.
b. Unauthorized access to data, which may result in loss of data and/or data inaccuracies.
c. Unauthorized changes to data, systems, or programs.
d. Failure to make required changes or updates to systems or programs.
e. Inappropriate manual intervention.
f. Potential loss of data