Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 9 - Coggle Diagram
CHAPTER 9
Components of IC
Information system relevant to FR
Consist of
Infrastructure
Software
People
Procedure
Data
Purpose
Process
Report transactions
Record
Control activities
Consists of
Policies
Procedure
Purpose
Ensure management directives are carried out
Entity's risk assessment process
Identifies risks
Decides upon actions
Monitoring of controls
Assess the design & operations of control
Ongoing monitoring
Separate monitoring
By internal audit function
Control environment
Creating a culture of honest & ethical behaviour
Attitudes
Awareness
Actions
Definition
What is it?
A process
By whom?
TCWG
Management
Other personnel
Why?
Provide reasonable assurance
To achieve objective
Reliability of FR
Internal
External
Effectiveness & efficiency of operation
Compliance with laws & regulations
How?
Implement
Maintain
Design
IC in smaller entities
Controls in large entities are useless in smaller entities
Key issues
Less segregation of duties
Limited no. of staff
Management override of controls
Close involvement of directors/ owners
Remedies
Additional physical authorization
Additional accounting
Additional supervisory procedures
Control environment is important
Use of IC by auditors
Assess the adequacy of accounting system
Identify types of potential misstatements
Consider factors that affect risk of misstatement
Design appropriate audit procedures
Documentation of understanding of IC
ICQ
Series of questions
Assess the strength of controls
Determine whether desirable controls are present for each major cycle
Cover each of major transaction cycles
YES / NO
No indicate deficiency
Advantages
All controls are considered
If drafted thoroughly
Quick to prepare
Easy to use & control
Can be given to junior staffs
Disadvantages
Misunderstood & important controls not identified
If drafted vaguely
May contain a large no. of irrelevant controls
May not include unusual controls
Client may be able to overstate control
Can give distorted views
One NO ans can cancelled out a string of YES ans
ICEQ
More robust
Questions in areas of significant errors & omissions that can occur if controls are weak
Advantages
Easier to apply to variety of systems than ICQ
Drafted in terms of objectives rather than specific controls
Auditors can identify key controls
Highlight deficiencies
Narrative notes
Simple IC systems
Typed, detail and explain each stage of system
Advantages
Simple
Facilitate understanding
Flexible
Can be used for any system
Editing would be easy
If computerised
Disadvantages
Time consuming
Awkward to update
If written anually
Difficulties in identifying missing IC
Only record the details, not exceptions
Flowcharts
Graphic illustration
Physical flow of info
Advantages
Prepared quickly
By experienced user
Easy to follow & review
Standard form
Systems recorded in its entirety
Flows from beginning to end
Can identify loose ends
Avoid details
Just highlight main points
Disadvantages
Non-standard transactions will have difficulties
Narrative notes
Major amendments is difficult without redrawing
Time wasted
Charting useless info
Testing IC to gather evidence
Only if IC are relevant to FS assertions
Only if controls appear to exist
Only if IC operated effectively throughout the period
IC strong
TOC
Results are satisfactory
Reduced substantive procedure
Some substantive procedures are always required
Inherent limitations
Results unsatisfactory
Report def. to TCWG
Perform full substantive procedure
Limitation of IC
Inherent limitations
Human error
Deliberate circumvention of processes by employees
Managemengt override of controls
Unforeseen circumstances where no control exist
Cost > benefits
Auditors cannot rely solely on evIdence from IC
Need to perform some substantive procedures
Confirming understanding
Auditors perform walk- through tests
Pick up transactions and follow it through the systems
To ensure controls being in operation
IC in a computerised environment
General controls
Policies & procedures
Relate to many applications
Support application controls
Apply to
Mini-frame
Mainframe
End-user frame
Ensure
Integrity of info
Security of data
Cover
Data center & network operation
System software acquisition, change & maintenance
Program change
Access security
Application system acquisition, development, maintenance
Application controls
Manuals / automated procedures
Operate at a business process level
Preventative or detective in nature
Ensure integrity of acc. records
Processing transaction by individual apps.
Help to ensure transactions
Occured
Authorised
Completely & accurately recorded & processed
Master files & standing data