Title | Internal Controls Chapter 2 Notes |
---|---|
Course | advanced auditing |
Institution | Humber College |
Pages | 3 |
File Size | 102 KB |
File Type | |
Total Downloads | 49 |
Total Views | 141 |
n/a...
ACCT 4501 – Internal Controls Chapter 2: Setting the Scope of Your Documentation Project - Identifying the Core -
The COSO (Committee of Sponsoring Organizations) internal controls framework was first released in 1992 and has become a standard internal controls assessment measure for public accountants, Sarbanes-Oxley internal control rules, internal auditors, and others worldwide.
Business Objectives } The essential starting point for determining the extent of documentation that should be included in the project is a clear statement of objectives. } You should initially cast a broad net across your entity and reduce the focus on the exclude accounts and transactions streams only as evidence concludes that risks are low. } COSO guidance emphasizes this as a precursor to risk assessment since the identified risks relate to the objectives. } To meet the minimum documentation standards expected for any project, you probably can cut out the very minor revenue streams and locations that individually are clearly insignificant in terms of assets, revenues and income. } Example, see Table 2.1 on page 22 TABLE 2.1: Using Revenue to Set Scope Revenue Sources
Income Tax
Fees
2007
$5,000,000
500,000
% of total
50%
5%
Fines 400,000 4%
Usage
Revenue Sharing
600,000
3,500,000
6%
35%
Total = $10,000,000 } At the end, you may wish to review your conclusions with your independent/external auditor to see if your reasoning is on target with the auditor’s expectation. } The initial year of documentation requires a significant commitment of time and effort. After the Initial Year } You should consider: ◦ Whether to expand the documentation process into a few other less significant areas. ◦ If your experience has offered a better way to document the core areas for more efficient update and assessment in the future.
Mapping the Entity to the Financial Statements TABLE 2.2: Using the Financial Statements to Set the Scope – Summary Categories Accounts
Consolidated
Connecticut
Revenue
1,000,000
800,000
80
200,000
20
Expenses
950,000
250,000
26
700,000
74
Income
50,000
300,000
Assets
4,000,000
Liabilities
3,500,000
Owners Capital
500,000
1,000,000
%
150
New York
%
(250,000)
25
3,000,000
0
0
3,500,000
1,000,000
200
(500,000)
75 100 -
Consider Risk, Not Just Quantitative Measures } Excluding accounts and processes because they are judged to be low risk. } BUT... there are a lot of low risk areas becoming major problems } The auditors generally pick fixed assets as a low inherent risk area for many businesses, however, it could be risky where major reclassifications of expenses are usually charged to fixed assets. } It is hard to think of an inherently safe area in the financial statements and process. } It is helpful to rotate the emphasis and the areas in which management monitor and auditors audit. Overstatement & Understatement } The risks of overstatement and understatement regarding internal controls over financial reporting are commonly misunderstood. Additional Scoping Considerations } As you right-size the scope of your project, you will need to make sure you considered factors that contribute to the overall breadth and depth of the project. } These matters may be affected by one or more of the following: ◦ Operations in Multiple Locations ◦ Service Organizations and Outsourcing ◦ Recent Internal Audit and Consulting Projects ◦ Worked Performed by Others ◦ Other technical Scoping Issues Operations in Multiple Locations } The evaluation of internal control should initially consider all the locations or business units of the company.
} This does not mean that management is required to replicate the evaluation process at each location } Risk-based judgment about which location should be scoped into the analysis and the nature, timing, and extent of procedures to be applied. } To help making this judgments, three types of risks need to be considered } Risk subject to centralized control } Specific risk at individual location or business units } Low-risk locations or business units Service Organizations and Outsourcing } Service organization may provide a wide variety of services, such as: ◦ Information Processing ◦ Trust Department ◦ Transfer Agent, Custodians, and record keeper for investment companies ◦ Others SOs Internal Audit Activities } Before turning to planning the project, management and independent auditor scoping considerations should consider the work that has already been performed and will be performed by internal audit to avoid costly re-performance and duplicated effort. } A fundamental objectives of the internal audit function is to help the entity maintain effective operational and financial control by evaluating their adequacy and effectiveness. } Standard established by the institute of internal auditors (IIA) state that this evaluation should include: } Reliability and integrity of financial and operational information } Effectiveness and efficiency of operations } Safeguarding of assets } Compliance with laws, regulations and contracts } In planning the scope of your project, you need to consider any finding of internal audit or any external regulator that reflect on the effectiveness of internal control over financial reporting. } When determining how the engagement and conclusion of others affect the scope of your engagement, you should consider the following: } The scope of other projects and whether it is sufficient to meet some or all of the objectives of your project } The timing of the work and whether it is within a time frame that would permit you to draw a conclusion as to the effectiveness of the entity’s internal control } The documentation of the procedure and whether it is sufficient for the independent auditor....