This chapter explained the meaning and significance of internal control, the major components of the client's internal control, and the manner in which auditors consider internal control. To summarize:
Internal control is a process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of (a) effectiveness and efficiency of operations, (b) reliability of financial reporting, and (c) compliance with applicable laws and regulations.
The five components of internal control include the control environment, risk assessment, the accounting information and communication system, control activities, and monitoring. The portion of internal control relevant to auditors is that which pertains to the entity's ability to prepare reliable financial statements.
The auditors' consideration of internal control is performed to obtain information necessary to plan the audit and assess control risk. An adequate understanding of the five components of internal control must be documented on all audits. This documentation may be accomplished by use of internal control questionnaires, written narratives, and flowcharts.
The auditors assess control risk for each major financial statement assertion to determine the nature, timing, and extent of the substantive tests of that assertion. If the auditors assess control risk at less than the maximum, they must perform tests of controls to determine that the related controls are operating effectively. Tests of controls consist of inquiries of appropriate client personnel, inspection of documents and reports, observation of the application of controls, and reperformance of controls.
Auditors are required to communicate all significant deficiencies and material weaknesses to the audit committee.
Public companies are required to have an integrated audit in accordance with the Sarbanes-Oxley Act of 2002 and Public Company Accounting Oversight Board Standard No. 2. Integrated audits consist of both an audit of internal control and an audit of the financial statements. The audit report on internal control includes both an opinion on management's assessment of internal control and the auditors' own assessment of internal control.
Define what is meant by internal control. |
|
|
|
Distinguish among the major components of a client's internal control: the control environment, risk assessment, the accounting information system, control activities, and monitoring of controls. |
|
|
|
Describe the auditors' consideration of internal control. |
|
|
|
Discuss the techniques used by auditors to obtain an understanding of internal control. |
|
|
|
Explain how the auditors assess control risk. |
|
|
|
Describe the major types of tests of controls. |
|
|
|
Describe the auditors' responsibility for communicating internal control-related matters. |
|
|
|
Describe the nature of the audits performed under Section 404(b) of the Sarbanes-Oxley Act of 2002. |