Sunday, January 24, 2010

Limitations Of an Entity's System of Internal Control

One of the fundamental concepts identified earlier in the chapter is that internal control can provided only reasonable assurance to management and the board of directors regarding the achievement of an entity's objectives. AU 319.16-18, Considerations of Internal Control in a Financial Statement Audit, identifies the following inherent limitations that explain why internal control, no matter how well designed and operated, can provide only reasonable assurance regarding achievement of an entity's control objectives.
  • Mistake in judgment. Occasionally, management and other personnel may exercise poor judgment in making business decisions or in performing routine duties because inadequate information, time constrains, or other procedures.
  • Breakdowns. Breakdowns in established control may occur when personnel missunderstand instructions or make errors owning to carelessness, distractions, or fatigue. Temporary of permanent changes in personnel or in systems or procedures may also contribute to breakdowns.
  • Collusion. Individuals acting together, such as an employee who performs an important control acting with another employee, customer, or supplier, may be able to perpetrate and conceal fraud so as to prevent its detection by internal control (e.g, collusion among three employees from personnel, manufacturing, and payroll departments to initiate payments to fictitious employees, or kickback schemes between an employee in the purchasing department and a supplier or between an employee in the purchasing department and a customer).
  • Management Override. Management can overrule prescribed policies or procedures for illegitimate purposes such as personnel gain or enhanced presentations of an entitiy's financial condition or compliance status (e.g., inflating reported earnings to increase a bonus payout or the market value of the entity's stock, or to hide violations of debt covenant agreements or noncompliance with law and regulations). Override practices including making deliberated misrepresentations to auditors and others such as by issuing false documents to support the recording of fictitious sales transactions.
  • Cost versus benefits. The cost of an entity's internal control should not exceed the benefits that they are expected to ensure. Because precise measurement of both cost and benefits usually is not possible, management make both quantitative and qualitative estimates and judgments in evaluating the cost benefit relationship.
For example, an entity's could eliminate losses from bad checks by accepting certified or cashier's checks from customers. However, because of the possible adverse effects of such a policy on sales, most companies believe that requiring identification from the check writer offers reasonable assurance against the type of loss.

Wednesday, January 13, 2010

Nature of audit tests

Decision about the nature of audit test are related to the auditors choices about the type of evidence that they collect to support an opinion. There are three common type of audit procedures :

- Risks assesment procedures that are designed to help the auditor assess the risk of material maisstatement in an assertion, wether performed early in the audit engagement or in the response to new information. Recall that the auditor uses risk assessment procedures to obtain evidence about inherent risks and the risk of fraud.

- Test of Control that are designed to provide evidence about the operating effectiveness of various aspect of internal control. Tests of control provide evidence to support control risk assessment below the maximum.

- Substantive test that are designed to provide evidence about to fair presentation of management's assertions in the financial statements. Substantive test include :

1. Initial procedures that involve understanding the economic substance of the account balance or transaction being audited and agreeing on detailed information about an account to general ledger (such as comparing an accounts receivable subsdiary ledger to the general ledger)

2. Substantive analytic procedures that involve the use of comparisons to assess the fairness of an assertion. For example, the auditor might evaluate sales per square foot or retail space in testing the reasonableness of revenues.

3. Test of detail transactions that involve examining documentary support for transactions. For example, an auditor might inspect sales orders and a bill of landing behind a recorded sales invoice.

4. Test of details of balance that involved examining support for a general ledger balance. For example, the auditor might send confirmations to customers to obtain an evidence that they owe receivables.

5.  Test of detail accounting estimates that involve obtaining evidence in support of the client's estimations process and ensuring that the estimation process is applied consistently from period to period.

6. Test of details of disclosures that involve examining support for financial statement disclosures. For example, the auditor might read a loan contract to ascertain the maturity schedule and debt covenants for the loan

Substantive test provide the evidence that allows the auditor to achieve the desired detection risk and ensure that overall audit risk and ensure that overall audit risk is reduced to an appropriately low level.
Recall the risk assessment, for example. For assertion 1, the existence of inventory, the nature of auditor's evidence would include significant test of controls (testing of effectiveness of the client's perpetual inventory system) as well as some limited substantive test (direct observation of inventory). For assertion 2, the valuation of inventory, auditor would perform few test of controls because controls are not expected to be effective. However, the auditor would plan to obtain significant evidence by testing the pricing of inventory to underlying vendor's invoices (substantive test of balances). In addition, the auditor would obtain evidence about sales price after years-end to support a conclusion about the lower of cost of market objective (substantive test of an accounting estimate). 

Objectives, strategies, and related business risks that may result in material misstatements

Objectives, strategies, and business risks may be defined as follows :

An entitiy's objectives are the overall plans for the entity as defined by those charge with governance and management.
Strategies are the operational approaches by which management intends to achieve its objectives.
Business risks result from significant conditions, events, circumstances, or actions, that could adversely affect the entitiy's ability to achieve its objectives and execute its strategies.

Understanding for entitiy's objectives, strategies and strategies and business risks are important because the risks of material misstatement is often associated with an entitiy's business risks. Following are several examples of how an entity's business risks may be associated with the risk of material misstatement in the financial statements.

- If an entity is unable to accomplish a strategy associated with obtaining a significant percent of revenues from new products (such as obtaining FDA approval for new drugs developed by research and development), there may be an increased risk associated with revenue recognition (the exictence and occurance assertion) or with the impairement of development costs that may have been capitalized (valuation and allocation assertion)

- If an entity is planning to o private and to repurchase a significant portion of equity from existing owners, management may have an incentive to understate earnings. In this case the auditor might be concerned that all sales are recorded expenses are appropriate (the occurrence of expenses)