-Internal Controls are what drives the audit we look at the internal controls form both management and auditor perspective
As an auditor what needs to be done to understand control risk
Three Objectives
1. Reliability of Financial Reporting: fairly presented in accordance with IFRS or ASPE to provide reliable information to shareholders and creditors
2. Efficiency and Effectiveness of Operations: use of company’s resources to optimize company’s goals; accurate financial and non-financial information
3. Compliance with Laws and Regulations: in Canada management is required to report on the effectiveness of internal controls
Client Perspective on Internal Controls
Why does management have internal controls?
-The internal control systems consists of governance and specific policies and procedures to provide management with reasonable assurance that goals and objectives of the entity will be met
-Management objectives:
1. Reliable Control Systems: accurate information to conduct operations and produce financial statements; information must be reliable and timely to be useful to management for decision making
2. Safe Guarding Assets: both tangible and intangible assets must be safeguarded, especially due to the advent of computer systems and consumer privacy protection laws. Control access to assets and compare physical counts with records.
3. Optimal Use of Resources: prevent unnecessary duplication of effort and waste
4. Prevention and Detection of Errors and Fraud: balance the cost of a misstatement with the amount of misstatement that could occur
5. Compliance with Applicable laws and regulations
Auditor Perspectives
-The audit planning process entails evaluation of internal control and the associated control risk
Control risk is considered together with inherent risk; looks if there is risk of misstatement as whole or individual transactions
The quality of internal controls effects the extent of tests of details
-There are areas that are of interest to management but not to the auditor
-Relevant controls: usually pertain to cycles of events that lead to information recorded in the financial statements
Could also be things that do not directly impact the financial statement but could still be of relevance
-Do the internal controls present prevent, detect, or correct errors or other misstatements
Consider inherent risk with control risk or separate
Controls Related to Financial Reporting
-The auditor is interested in controls relating to maintaining reliable control systems; this is the area that directly impacts the reliability of the financial statements and their related assertions, impacting the objective of determining if he statements are fairly stated
Emphasis on Controls over Classes of Transactions
-Auditors focus on the classes of transactions, the inputs and processing, rather than the account balances or disclosures
-If controls are adequate the ending balances are likely to be correct
-Transaction related audit objectives must be met before the auditor can conclude that the total for a class of transactions is fairly stated: occurrence, accuracy, cutoff and classification
When Substantive procedures are insufficient
-The auditor must obtain an understanding of controls that address those risks; then these controls must be tested if reliance is intended
Consider the Whole Picture
-Look at a detailed assertion and then the statement as a whole
Studying Internal Control
-Underlying concepts of internal control and assessment of control risk: management responsibility, reasonable assurance and inherent limitation
Management Responsibility
-Management is responsible for establishing and maintaining the entity’s controls; as is the responsibility for management to prepare financial statements