Auditing & Assurance Services, 6e Chapter 05 Learning Objectives Learning Objectives (cont.)

Auditing & Assurance Services, 6e Chapter 05 Learning Objectives Learning Objectives (cont.) www.phwiki.com

Auditing & Assurance Services, 6e Chapter 05 Learning Objectives Learning Objectives (cont.)

Watts, Keller, Meteorologist has reference to this Academic Journal, PHwiki organized this Journal Auditing & Assurance Services, 6e Chapter 05 Risk Assessment: Internal Control Evaluation “Bernie doesn’t want you to use the words “internal controls” in any more of your audit reports it aggravates him. ” – Cynthia Cooper referring to advice given her by a colleague on how to best deal with Bernie Ebbers, the then CEO of WorldCom right be as long as e she uncovered an $11 Billion dollar fraud that Ebbers directed. 5- Learning Objectives Define in addition to describe internal control in addition to explain the limitations of all internal control systems. Distinguish between the responsibilities of management in addition to auditors regarding an entity’s internal control. Define in addition to describe the five basic components of internal control in addition to specify some of their characteristics. Explain the process the audit team uses to assess control risk, underst in addition to its impact on the risk of material misstatement, in addition to , ultimately, to know how it affects the nature, timing, in addition to extent of substantive testing to be per as long as med on the audit. 5-

Institut Suprieure d'Electronique de Paris FR www.phwiki.com

This Particular University is Related to this Particular Journal

Learning Objectives (cont.) Describe additional responsibilities as long as management in addition to auditors of public companies required by Sarbanes-Oxley in addition to Auditing St in addition to ard No. 5. List the major components of the auditors’ report on internal control over financial reporting. Describe situations in which the auditors’ report on internal control over financial reporting would be modified. Explain the communication of internal control deficiencies to those charged with governance such as the audit committee in addition to other key management personnel. 5- Internal Control Defined Internal control is a process, effected by an entity’s board of directors, management in addition to other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: Reliability of financial reporting Effectiveness in addition to efficiency of operations Compliance with applicable laws in addition to regulations 5- Limitations of Internal Control Human error Collusion Management override Cost/benefit analysis There is often a trade-off between the cost in addition to the effectiveness of internal controls. The concept of reasonable assurance recognizes that the cost of an entity’s internal control should not exceed the benefits that are expected to be derived. 5-

Responsibility as long as Internal Control Management’s responsibility Responsibility as long as establishing in addition to maintaining adequate internal control over financial reporting Assess in addition to report on the effectiveness of internal control over financial reporting Auditors’ responsibility For public companies, must audit in addition to issue an opinion about the effectiveness of the internal control over financial reporting For each fraud risk, must evaluate whether controls are in place to mitigate the fraud risk Must assess control risk to determine the nature, timing in addition to extent of substantive procedures to be per as long as med 5- Exhibit 5.2 – Relationship Between Internal Control Reliance in addition to Audit Procedures 5- Exhibit 5.3 Internal Control—Integrated Framework (COSO) 5-

COSO Committee of Sponsoring Organizations of the National Commission of Fraudulent Financial Reporting (Treadway Commission) Includes the FEI, AAA, IIA, IMA, AICPA www.coso.org 5- Internal Control Components (COSO) Control Environment Risk Assessment Control Activities Monitoring In as long as mation in addition to Communication 5- Exhibit 5.4 Interrelated Components of Internal Control 5-

Control Environment Sets the “tone at the top” of an organization, influencing the control consciousness of its people. It is the foundation as long as all other components. As a result, an auditor must obtain a detailed underst in addition to ing of the control environment in addition to document that underst in addition to ing. 5- Control Environment—General Principles Integrity in addition to ethical values Board of directors Management’s philosophy in addition to operating style Organizational Structure Financial reporting competencies Authority in addition to responsibility Human resources 5- Audit Committee 3-6 “outside” members of Board. Provides a buffer between the audit team in addition to operating management. Members must be “financially literate.” One “financial expert” 5-

Audit Committee Duties Appointment, compensation, in addition to oversight of the public accounting firm conducting the entity’s audit. Resolution of disagreements between management in addition to the audit team. Oversight of the entity’s internal audit function. Approval of nonaudit services provided by the public accounting firm per as long as ming the audit engagement. 5- Risk Assessment Management’s identification in addition to analysis of relevant risks to achievement of its objectives. Quite possibly using COSO’s Enterprise risk management (ERM) framework 5- Enterprise Risk Management Management tool Provides framework as long as risk management Auditors focus on risk of material misstatement 5-

Auditor Focus – Risk Assessment Should examine management’s process as long as : Assessing risks relevant to financial reporting objectives, including fraud risk Assessing the likelihood in addition to significance of risk of misstatements due to fraud Deciding about actions to address these risks 5- Control Activities The policies in addition to procedures that help ensure management directives are carried out. Physical controls over the security of assets Separation of duties (SOD) In as long as mation Processing Approvals in addition to authorization Verifications in addition to reconciliations Per as long as mance reviews Preventive controls vs. detective controls 5- Principles of control activities In as long as mation technology Level of integration with their risk assessment process Selection in addition to development of control activities Policies in addition to procedures 5-

Exhibit 5.5 – Risks, Controls in addition to Testing of Controls 5- Why Separate Duties Combining duties allows a single person to create in addition to conceal errors in addition to frauds. Segregating duties as long as ces people to commit fraud through collusion—a much harder task! 5- Exhibit 5.6 Separation of Duties 5-

Watts, Keller WAAY-TV Meteorologist www.phwiki.com

Exhibit 5.7 In as long as mation Processing Controls in addition to Financial Statement Assertions 5- In as long as mation in addition to Communication The identification, capture, in addition to exchange of in as long as mation in the as long as m that enables people to carry out their responsibilities Must underst in addition to the in as long as mation systems that are relevant to financial reporting In as long as mation systems produces a trail of activities from data identification to financial reports. This is known as the “audit trail” 5- Exhibit 5.8 Occurrence in addition to Completeness of Economic Transactions 5-

Monitoring Management’s process that assesses the quality of the internal control’s per as long as mance over time. Periodic evaluation by internal auditing Supervisory review of controls Follow-up of reporting errors Follow up of customer complaints Audit committee inquiries 5- Monitoring principles Ongoing in addition to separate evaluations Reporting deficiencies 5- Internal Control Evaluation Phase 1: Underst in addition to in addition to document Underst in addition to the client’s internal control Document the underst in addition to ing of internal control Internal Control questionnaire Narrative Accounting in addition to control system flowcharts Phase 2: Assess control risk (Preliminary) Consider cost effectiveness of reliance/testing. Phase 3: Identify Controls to Test in addition to Per as long as m Test of Controls Per as long as m test of controls audit procedures Re-assess control risk 5-

Reporting to Audit Committee on Internal Control Related Matters Significant deficiencies in addition to material weaknesses Sarbanes-Oxley requires that the report be in writing. The auditor may communicate during or after audit. 5- Exhibit 5.20 – Internal Control Letter 5-

Watts, Keller Meteorologist

Watts, Keller is from United States and they belong to WAAY-TV and they are from  Huntsville, United States got related to this Particular Journal. and Watts, Keller deal with the subjects like Meteorology

Journal Ratings by Institut Suprieure d’Electronique de Paris

This Particular Journal got reviewed and rated by Institut Suprieure d’Electronique de Paris and short form of this particular Institution is FR and gave this Journal an Excellent Rating.