Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Unit 15 March 21 Nine Basic Information Concepts • • • • • • • • Accuracy Precision Timeliness Relevancy Validity Completeness Occurrence Integrity Management Assertions • • • • • Existence/Occurrence Completeness/Period Valuation/Allocation Rights/Obligations Presentation/Disclosure Defined by Auditing Standard Number 5, PCAOB 2007 Repeated by Auditing Standard Number 15, PCAOB 2010 Specified in International Standard on Auditing 315, IFAC 2009 Assertions about Transactions & Events • • • • • Accuracy (recorded without error) Classification of each event (correct accounts) Completeness (every event was recorded) Occurrence (every event shown actually occurred) Cut-Offs (only those events in the period are included) Assertions about Account Balances • Completeness (assets, liabilities, equity balances are complete) • Existence (assets, liabilities, equity actually exist) • Rights/Obligations (accruals, deferrals made) • Valuation (amounts shown are proper under GAAP) Assertions about Presentation and Disclosure • Accuracy and Valuation (all information is accurate) • Completeness (everything is reported/disclosed) • Occurrence, Rights and Obligations (if it is reported, it happened, and pertains to the reporting entity) • Classification and Understandability (presented appropriately, understandable, clear and unambiguous, and not misleading in any way) DEFINITION OF INTERNAL CONTROL Internal control is broadly defined as a process, effected by an entity's Board of Directors, Management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations. from the 2013 Update of the COSO 1992 Internal Control Integrated Framework Objectives of Internal Control 1. Promote efficiency and effectiveness of the organization’s operations including SAFEGUARDING ASSETS 2. Promote accuracy and reliability of accounting records, info, and statements 3. Measure compliance with laws, regulations, management policies and procedures from the 2013 Update of the COSO 1992 Internal Control Integrated Framework Internal Control Activities are intended to • Prevent problems • Detect problems • Correct problems • General Controls • Application Controls ENTITY-LEVEL Controls TRANSACTION-LEVEL Controls Components of the Internal Control System • • • • • Control Environment Risk Assessment Communication and Information Control Activities Monitoring Management Assertions Existence/Occurrence Completeness/Period Valuation/Allocation Rights/Obligations Presentation/ Disclosure 11 Management Assertions Threats + Vulnerabilities INCIDENT POTENTIAL LOSS OF Existence/Occurrence Completeness/Period Valuation/Allocation Rights/Obligations Presentation/ Disclosure 12 Risk Fundamental Terminology Vulnerability an inherent characteristic that can be exploited. Threat an entity or event that can exploit a vulnerability. Vulnerability + Threat = Incident Incident = Potential Loss Management Assertions Threats + Vulnerabilities Existence/Occurrence Completeness/Period Deliberate Accidental Valuation/Allocation Rights/Obligations Presentation/ Disclosure 14 Management Assertions Threats + Vulnerabilities Existence/Occurrence Completeness/Period Deliberate Valuation/Allocation Accidental Natural Rights/Obligations Presentation/ Disclosure 15 Management Assertions Threats + Vulnerabilities Existence/Occurrence Derivative Completeness/Period Deliberate Valuation/Allocation Accidental Natural Rights/Obligations Presentation/ Disclosure 16 Management Assertions Threats + Vulnerabilities Likelihood Probability Existence/Occurrence Completeness/Period Scope Valuation/Allocation Rights/Obligations Presentation/ Disclosure Effect Magnitude Duration 17 Management Assertions Threats + Vulnerabilities Control Activities LOWER Probability Existence/Occurrence Completeness/Period LIMIT Scope Rights/Obligations REDUCE Magnitude Presentation/ Disclosure SHORTEN Duration Valuation/Allocation 18 Management Assertions Threats + Vulnerabilities Control Activities Preventive Existence/Occurrence Completeness/Period Detective Valuation/Allocation Rights/Obligations Corrective Presentation/ Disclosure 19 Management Assertions Directive Threats + Vulnerabilities Deterrent Control Activities Preventive Existence/Occurrence Completeness/Period Detective Valuation/Allocation Compensating Rights/Obligations Presentation/ Disclosure Corrective Recovery 20 Management Assertions Directive Threats + Vulnerabilities Deterrent Control Activities Preventive Existence/Occurrence Notification Completeness/Period Detective Forensic Valuation/Allocation Compensating Rights/Obligations Presentation/ Disclosure Corrective Recovery 21 Management Assertions Directive Threats + Vulnerabilities Deterrent Control Activities Existence/Occurrence PHYSICAL Completeness/Period LOGICAL Valuation/Allocation Preventive Detective ADMINISTRATIVE Compensating Rights/Obligations Presentation/ Disclosure Corrective Recovery 22 Management Assertions Threats + Vulnerabilities Control Activities Existence/Occurrence RISK RESPONSE Risk Mitigation Completeness/Period Risk Transfer Valuation/Allocation Rights/Obligations Risk Avoidance Risk Acceptance Presentation/ Disclosure 23 Starting Point for Risk Analysis Identify list of Vulnerabilities Identify list of Threats Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss List Controls Controls Directive Preventive Alert Deterrent Detective Forensic Corrective Recovery Restorative Controls Preventive Detective Corrective Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss List Controls Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss List Controls Evaluate Cost of Control Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss COMPARE List Controls Evaluate Cost of Control Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss List Controls Evaluate Cost of Control Problems, Problems… Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss COMPARE List Controls Evaluate Cost of Control Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss List Controls Evaluate Cost of Control Risk Management V/T List Evaluate Probabilities Evaluate Potential Loss List Controls Evaluate Cost of Control Risk Management V/T List Evaluate Likelihood Evaluate Exposure List Controls Evaluate Cost of Control Risk Management V/T List Evaluate Likelihood Evaluate Exposure List Controls Evaluate Cost of Control Risk Management V/T List Evaluate Likelihood Evaluate Exposure List Controls Evaluate Cost of Control Preventive/Detective/Corrective perspective Reduce Probability / Mitigate Loss …or… Avoid the Risk … or … Transfer the Risk … or … Accept the Risk Risk Management V/T List Evaluate Likelihood Evaluate Exposure Risk Response Evaluate Cost of Control Preventive/Detective/Corrective perspective Reduce Probability / Mitigate Loss …or… Avoid the Risk … or … Transfer the Risk … or … Accept the Risk Four Responses to Risk Mitigate the Risk Transfer the Risk Avoid the Risk Accept the Risk Risk Management V/T List Evaluate Likelihood Evaluate Exposure Risk Response Evaluate Cost of Response Quantitative Risk Analysis Qualitative Risk Analysis Components of the Internal Control System • • • • • Control Environment Risk Assessment Communication and Information Control Activities Monitoring Documentation Serial Numbers Logs – Check-off Lists • Logs • Check-off Sheets • Reconciliations Logs – Check-off Lists Orders Shipped and Billed Not Shipped or Billed Shipped but not Billed Documentation – Safety Paper Signatures -- Approvals Independent Verification Use of Technology Use of Technology Employee Training Specialization Employment Practices Physical Security Physical Security must evaluate the System of Internal Controls Top Down Approach Financial Financial Statements Financial Statements Statements Management Assertions Significant Accounts General Entity Controls Application Transaction Controls Adjusting/Closing Entries Management Overrides? Top Down Approach Financial Financial Statements Financial Statements Statements Management Assertions Significant Accounts General Entity Controls Application Transaction Controls What makes an account “significant”? What makes an account “significant”? • • • • • • • • • • Size of the balance in the account Composition of the account The origin of the entries made to the account Susceptibility to misstatement due to error or fraud Transaction volume and complexity Nature of the account itself, or its disclosure Complexities associated with the account, its valuation or disclosure Exposure to losses in the account, or material contingent liability Existence of related-party transactions affecting the account. In particular, the PCAOB stresses the risk associated with management overrides of internal controls associated with the account Top Down Approach Financial Financial Statements Financial Statements Statements Management Assertions Significant Accounts General Entity Controls Application Transaction Controls Adjusting/Closing Entries Management Overrides? Sales Revenue Cost of Goods Sold Inventory Purchases Payroll Expense SGA Expenses Bad Debt Expense Extraordinary Losses Depreciation and Amortization Cash Account Accounts Receivable Allowance for Bad Debts Inventory Accounts Payable Accrued Payables Unearned Revenue Top Down Approach Financial Financial Statements Financial Statements Statements Management Assertions Significant Accounts General Entity Controls Application Transaction Controls Assertions • • • • • Existence/Occurrence Completeness/Period Valuation/Allocation Rights/Obligations Presentation/Disclosure OCCURRENCE Sales Revenue Cost of Goods Sold Inventory Purchases SGA Expenses Cash Account Accounts Receivable Accounts Payable Accrued Payables COMPLETENESS CUTOFF ACCURACY Top Down Approach Financial Financial Statements Financial Statements Statements Management Assertions Significant Accounts General Entity Controls Application Transaction Controls Adjusting/Closing Entries Management Overrides? DEFINITION OF INTERNAL CONTROL Internal control is broadly defined as a process, effected by an entity's Board of Directors, Management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to: Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations. from the 2013 Update of the COSO 1992 Internal Control Integrated Framework Objectives of Internal Control 1. Promote efficiency and effectiveness of the organization’s operations 2. Promote accuracy and reliability of accounting records, info, and statements 3. Measure compliance with laws, regulations, management policies and procedures Components of the Internal Control System • • • • • Control Environment Risk Assessment Communication and Information Control Activities Monitoring Homework