1、9 - 12003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyInternal Controland Control RiskChapter 99 - 22003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyLearning Objective 1Contrast managements need forinternal control with the

2、auditorsneed to consider internal controlwhen designing an audit.9 - 32003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyInherentLimitationsReasonableAssuranceManagementsResponsibilityKey Concepts9 - 42003 Prentice Hall Business Publishing, Essentials of Auditing

3、1/e, Arens/Elder/BeasleyClients ConcernsCompliance with applicable laws and regulationsReliability of financial reportingEfficiency and effectiveness of operations9 - 52003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyAuditor ConcernsControls over classes of tran

4、sactionsControls related to reliability of financial reporting9 - 62003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleySales Transaction-RelatedAudit ObjectivesObjective General Form Related Audit ObjectivesRecorded transactionsexist (existence).Sales are for shipm

5、entsto existing customers.Existing transactions arerecorded (completeness).Existing sales transactionsare recorded.Transactions are statedcorrectly (accuracy).Sales for goods shippedare correctly billed.9 - 72003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleySales

6、 Transaction-RelatedAudit ObjectivesObjective General Form Related Audit ObjectivesTransactions are properlyclassified (classification).Sales transactions areproperly classified.Transactions are recordedon correct dates (timing).Sales are recorded on thecorrect dates.Transactions are properlyfiled (

7、posting andsummarization).Sales transactions areproperly included in themaster files.9 - 82003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyHow Frauds HaveBeen DiscoveredNotification by employeeInternal controlsInternal auditorCustomer notificationAccidental disc

8、overyManagement investigation58%51%43%41%37%35%9 - 92003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyHow Frauds HaveBeen DiscoveredAnonymous reportingHot line notificationEmployee investigationGovernment notificationExternal auditorOther sources35%25%21%16%4%20%

9、9 - 102003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyLearning Objective 2Describe how informationtechnology affectsinternal control.9 - 112003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyEffect of InformationTechnology on

10、Internal ControlInformation TechnologyIT can improvethe effectivenessand efficiency ofinternal controls.IT also enhancesthe timelinessand accuracyof information.9 - 122003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyRisks Associated With the Useof Information Te

11、chnology Programmed errorsProcessing incorrect dataUnauthorized access9 - 132003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyLearning Objective 3Explain the five componentsof internal control.9 - 142003 Prentice Hall Business Publishing, Essentials of Auditing 1

12、/e, Arens/Elder/BeasleyControl EnvironmentFive Componentsof Internal ControlRiskAssessmentControlActivitiesInformation andCommunicationMonitoring9 - 152003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyThe Control EnvironmentIntegrity and ethical valuesCommitment

13、to competenceBoard of directors or auditcommittee participationManagements philosophyand operating style9 - 162003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyThe Control EnvironmentOrganizational structureAssignment of authorityand responsibilityHuman resources

14、policies and practices9 - 172003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyRisk AssessmentIdentify factors affecting risk.Assess significance of risksand likelihood of occurrence.Determine actions necessaryto manage risk.9 - 182003 Prentice Hall Business Publi

15、shing, Essentials of Auditing 1/e, Arens/Elder/BeasleyControl Activities1. Adequate separation of duties2. Proper authorization of transactions and activities3. Adequate documents and records4. Physical control over assets and records5. Independent checks on performance9 - 192003 Prentice Hall Busin

16、ess Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyAdequate Separationof DutiesCustody of assetsAccountingAuthorizationof transactionsThe custody ofrelated assetsOperationalresponsibilityRecord-keepingresponsibilityIT DutiesUser departments9 - 202003 Prentice Hall Business Publishing, Es

17、sentials of Auditing 1/e, Arens/Elder/BeasleyProper Authorization of Transactions and ActivitiesGeneral authorizationSpecific authorization9 - 212003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyAdequate Documentsand RecordsPrenumbered consecutivelyPrepared at th

18、e time of transactionDesigned for multiple usesConstructed to encourage correct preparationSimple enough to ensure understanding9 - 222003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyPhysical Control overAssets and RecordsPhysical precautionsControls related to

19、IT equipment,programs, and data filesPhysicalcontrolsAccesscontrolsBackup andrecoveryprocedures9 - 232003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyIndependent Checkson PerformanceThe need for independent checksarise because internal control tendsto change ove

20、r time unless there isa mechanism for frequent review.9 - 242003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyInformation and CommunicationThe purpose of an accounting informationand communication system is toinitiate, record, process, and report thetransactions

21、and to maintain accountabilityfor the related assets.9 - 252003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyMonitoringManagements ongoing and periodic assessmentof the quality of internal control performance to determine whether controls are operatingas intended

22、 and modified when needed.9 - 262003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyLearning Objective 4Explain methods used toobtain an understandingof internal control.9 - 272003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyUn

23、derstanding Internal Controland Assessing Control RiskObtain Understanding of Internal Control:Design and OperationAssess Control RiskTest ControlsDecide Planned Detection Riskand Substantive Tests9 - 282003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyReasons fo

24、r Sufficiently Understanding Internal ControlSAS 55 (as amended by SAS 78 and 594plus AU319) requires the auditor toobtain an understanding of internalcontrol for every audit.Minimum auditplanning matters Auditability Potential materialmisstatements Detection risk Design of test9 - 292003 Prentice H

25、all Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyProcedures to DetermineDesign and PlacementUpdate and evaluate auditors previousexperience with the entity.Make inquires of client personnel.Read clients policy and systems manuals.Examine documents and records.Observe entity ac

26、tivities and operations.9 - 302003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyDocumentation ofthe UnderstandingNarrativeFlowchartInternalcontrolquestionnaire9 - 312003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyLearning Ob

27、jective 5Assess control risk by linkingstrengths and weaknesses ofinternal control to transaction-related audit objectives.9 - 322003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyAssess Control RiskObtain sufficient understanding for planning.Assess whether the e

28、ntity is auditable.Determine assessed control risk.Assess if a lower control risk could be supported.Determine the appropriate assessed control risk.9 - 332003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyAssess Control RiskIdentify transaction-related audit obje

29、ctives.Identify specific controls.Identify and evaluate weaknesses.9 - 342003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyIdentify and Evaluate WeaknessesIdentify existing controls.Identify the absence of key controls.Determine misstatements that could result.Co

30、nsider compensating controls.9 - 352003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyThe Control Risk MatrixAuditors use the control risk matrix toidentify both controls and weaknessesand to asses control risk.9 - 362003 Prentice Hall Business Publishing, Essenti

31、als of Auditing 1/e, Arens/Elder/BeasleyCommunicationReportable conditions letterManagement lettersAudit committee communications9 - 372003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyLearning Objective 6Describe the process of designingand performing tests of c

32、ontrols.9 - 382003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyTests of ControlsThe procedures to test effectivenessof controls in support of a reducedassessed control risk are calledtests of controls.9 - 392003 Prentice Hall Business Publishing, Essentials of Auditing 1/e, Arens/Elder/BeasleyProcedures forTests of ControlsMake inquiries of client personnel.Examine documents, records, and reports.Observe control-related activities.Reperform client procedures.9 - 402003 Prentice Hall Business Publishing, Ess