Lecture Notes Ch. 10 (ACCT-422)

Lecture Notes Ch. 10 (ACCT-422) - Chapter 10 Section 404...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 10 Section 404 Audits of Internal Control and Control Risk Chapter 10 deals with internal control and control risk and the auditor’s assessment of both. Internal control is defined as the policies and procedures designed by company management to provide reasonable assurance that the company’s financial reporting is reliable, operations are effective and efficient, and laws and regulations have been complied with. Management Responsibilities Management is responsible for establishing and maintaining a company’s internal controls, not the external auditor. Under Section 404 of the Sarbanes Oxley , which is applicable to public companies only, management is required to issue an internal control report that includes: a. a statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. b. an assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the company’s fiscal year end. Management’s assessment of internal control over financial reporting includes: a. Evaluating the design of internal control over financial reporting; and b. Testing the operating effectiveness of internal controls. Auditor Responsibilities The second field work standard of GAAS requires the auditor to obtain a sufficient understanding of a client’s internal control to assess control risk and to determine the nature, timing, and extent of tests to be performed. Such understanding should be documented by the auditor in the work papers. The most widely accepted internal control framework in the United States is the Internal Control – Integrated Framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”). Companies’ internal control systems are measured against the internal control standards established by COSO.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
There are 5 components of internal control under COSO’s Internal Control – Integrated Framework: 1. Control environment 2. Risk assessment 3. Control activities 4. Information and communication, and 5. Monitoring The 5 components are discussed in detail on pages 294 – 302 but are nicely summarized in Table 10-2 on page 302 of the text. I will focus on what I believe to be two of the most important of the components: control environment and control activities. As always, you should be familiar with each component. Control environment represents management’s attitude toward internal control and its importance to the organization, and is reflected in management’s actions, policies and procedures relating to internal control. A company’s control environment sets the tone for the company. If management believes that internal control is important, employees will follow suit. If employees perceive that internal control is not important to management, it is likely that the company’s internal control system will not be effective. In gaining an understanding of a client’s control environment, an auditor should consider
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 6

Lecture Notes Ch. 10 (ACCT-422) - Chapter 10 Section 404...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online