Please enable JavaScript.
Coggle requires JavaScript to display documents.
Internal Control (COSO's framework (Help management better control the…
Internal Control
COSO's framework
-
-
1) Control environment
- sets the company's tone, which might be aggressive or conservative
- company might be risk adverse or seeking
- if management fail to emphasis the importance of IC, employees may ignore the IC procedure
2) Risk assessment process
- identifying and analysing risk
- risk that affect its ability to initiate, process, record or report financial data consistent with management's assertions
3) Control activities
- actions established by policies and procedures to help reduce risks
- procedures included: segregation of duties, procedures to authorize transactions, requirement for documentation, physical controls over assets and independent checks on performance
4) Information and communication
- system to exchange data is needed to support achievement of objective
- communication occurs internally and externally and provides information needed
5) Monitoring of controls
- determine whether they are effective in prevention and detection
- ensure that they are operating as intended
Auditors' Role
-
uses risk assessment procedure to obtain understanding of IC
help the auditor to:
- identify key control
- recognise the types of potential misstatements that are likely to arise
- design test of controls and substantive procedures
Choose to rely on IC
- Believe that controls are effective
- prepare documentation identifying specific control to test
- in the form of memos, walk-throughs, flowcharts
- obtained a more detailed understanding of IC to developed planned assessment of CR
- perform test of control and assess achieved level of CR
- achieved CR > planned CR, increase planned substantive procedures and document the revised CR assessment
Choose not to rely on IC
- Controls do not pertain to an assertion, ineffective, inefficient
- document the understanding of IC
- increase the amount of substantive testing because no evidence related to IC testing will be gathered
High RMM, low DR, perform at the end of the year
Low RMM, high DR, perform at the interim basis
Management responsible
design and maintain a system of internal control that provide reasonable assurance that:
- asset and records are safeguarded
- the entity's information system generates reliable information
Objective of a system of internal control:
- Reliability of financial reporting
- Efficiency and effectiveness of operation
- Compliance of laws and regulations
Assessing CR
1) Identifying specific controls that will be relied upon
2) Perform test of controls
3) Conclude on the achieved level of CR
Internal Control test
- Making enquiries of employees
- Inspecting documents, records, and computer files
- Observing the application of control
- Re-performing the control