Lesson 16: Assessing Control Risk

Executive Finance

7 May 201203:45

Summary

TLDRThis lesson focuses on the importance of auditing internal controls, detailing why auditors assess them and the methods used. It covers understanding control environments, documenting processes through descriptions, flowcharts, and questionnaires, and the significance of walk-throughs. The script also discusses assessing control risk, identifying key controls, and the efficiency of computer controls versus manual controls, setting the stage for the next lesson on control testing.

Takeaways

🎓 In auditing, understanding internal controls is mandatory, even if the auditor does not plan to rely on them.
🔍 Auditing standards and the audit risk model guide the process of assessing internal controls.
💼 The auditor's objective is to evaluate the control environment, computer controls, and specific control activities.
🗂️ Documentation of controls can be done through narrative descriptions, flowcharts, or questionnaires.
📈 Flowcharts and questionnaires are often the preferred methods for documenting controls.
🔄 Information about controls is often carried forward from year to year, with updates as necessary.
🚶‍♂️ Walk-throughs are performed to confirm that systems function as documented.
📉 The assessment of control risk directly impacts the planned detection risk and the amount of audit work required.
🔑 Key controls are identified to address audit objectives within each transaction cycle.
🤖 Computer controls are generally more effective to test than manual controls due to reduced human error.
🛠️ Once computer controls are proven to operate as intended, they generally do not require retesting unless there are changes to the system.

Q & A

What was the main focus of the previous lesson?
-The previous lesson focused on explaining what internal controls are, their characteristics, and their objectives.
Why do auditors audit internal controls?
-Auditors audit internal controls to gain an understanding of them, which is necessary to assess audit risk and identify potential errors or fraud.
What does the audit risk model have to do with understanding internal controls?
-Understanding internal controls is necessary to assess audit risk, as it helps to identify the types of potential errors or fraud.
How do auditors gather information about internal controls?
-Auditors gather information about internal controls by discussing them with the client and examining internal documents such as policy manuals.
What are the three methods of documenting understanding of internal controls mentioned in the script?
-The three methods are: 1) A narrative description of the process and controls in place, 2) A flowchart representation of the process flow, and 3) Using an internal control questionnaire.
What is a 'walk-through' in the context of auditing?
-A 'walk-through' is the process of tracing one or a few transactions through the accounting system to confirm the auditor's understanding of how the systems function.
How does the assessment of control risk impact the audit process?
-The assessment of control risk directly impacts the planned detection risk and the extent of audit work required.
What are audit objectives in relation to transaction cycles?
-Audit objectives are essentially management assertions that are specified for each transaction cycle.
Why might auditors choose one control over another to test, even if both address the same objective?
-Auditors might choose one control over another because they believe it is either most effective or more efficient to test.
What is the difference between testing computer controls and manual controls?
-Computer controls can be more effective to test due to less risk of human error, assuming strong general computer controls are in place. Manual controls need to consider operating effectiveness throughout the entire period, which is subject to human frailty.
What happens when a manual control is dependent on an employee who leaves, gets sick, or goes on vacation?
-When an employee performing a manual control leaves, gets sick, or goes on vacation, it can lessen the effectiveness of the manual control due to the dependency on human action.
What is the next step after documenting controls and assessing control risk?
-The next step is to test the controls, which will be the topic of the next lesson.

Outlines

00:00

🔍 Understanding Internal Controls

The script begins by reminding viewers of the previous lesson on internal controls, which focused on their definition, appearance, and objectives. This lesson shifts to the auditor's perspective, emphasizing the necessity of auditing internal controls as per auditing standards. It highlights the importance of understanding these controls to assess audit risk and identify potential errors or fraud. The process of gathering information about the control environment, computer controls, and specific control activities is outlined, including discussions with clients and examining policy manuals. Three methods for documenting understanding are presented: narrative description, flowchart representation, and internal control questionnaires. The preference for flowcharts and questionnaires is noted, along with the practice of updating this information annually. The script also introduces the concept of a 'walk-through' to confirm the functionality of systems as documented.

Mindmap

Keywords

💡Internal Controls

Internal controls are the policies and procedures implemented by a company to ensure the accuracy of financial reporting, enhance operational efficiency, and comply with applicable laws and regulations. In the context of the video, internal controls are a central theme as they are what auditors assess to determine the reliability of a company's financial data. The script mentions that auditors must understand these controls regardless of whether they plan to rely on them, indicating their fundamental role in the auditing process.

💡Auditor

An auditor is a professional who examines a company's financial statements to ensure they accurately represent the company's financial condition. In the script, the term 'auditor' is used to describe the role that the speaker is instructing the audience to adopt. The video discusses how auditors must gain an understanding of internal controls, which is a key part of their job in assessing the risk of financial misstatements.

💡Audit Risk Model

The audit risk model is a framework that helps auditors assess the risk of material misstatement in financial statements. It typically considers inherent risk, control risk, and detection risk. The script ties the understanding of internal controls back to the audit risk model, emphasizing that this understanding is necessary to assess audit risk and identify potential errors or fraud.

💡Control Environment

The control environment refers to the collective set of values, attitudes, and actions of an organization's board of directors and management that provide the foundation for the internal control system. In the script, the control environment is one of the areas auditors gather information about, which includes discussing with the client and examining internal documents such as policy manuals.

💡General Computer Controls

General computer controls are the IT controls that apply across an entire IT system and are designed to ensure the integrity and reliability of the system and its data. The script mentions these controls as part of the information auditors gather, highlighting their importance in ensuring the accuracy and security of financial data processed through computer systems.

💡Specific Control Activities

Specific control activities are the actions taken by an organization to ensure that its directives are carried out. These activities are a subset of internal controls and are designed to prevent or detect and correct errors and fraud. The script indicates that auditors gather information about these activities to understand how the company operates and to assess the effectiveness of its controls.

💡Narrative Description

A narrative description in the context of auditing is a written account that details the processes and controls within a system. The script mentions that auditors document their understanding of internal controls using a narrative description, which provides a comprehensive overview of the controls in place.

💡Flowchart

A flowchart is a type of diagram that represents a workflow or process through the use of symbols and arrows. In auditing, flowcharts are used to visually represent the sequential process flow in a transaction cycle. The script suggests that flowcharts are a preferred method for documenting the understanding of internal controls, as they provide a clear and concise visual representation of the process.

💡Internal Control Questionnaire

An internal control questionnaire is a tool used by auditors to gather information about a company's internal controls by asking a series of questions. The script mentions that this questionnaire is one of the methods used to document the understanding of controls, allowing auditors to assess the effectiveness of the controls in place.

💡Walk-through

A walk-through in auditing is a procedure where auditors trace transactions from origin to financial statement presentation to confirm their understanding of the system. The script describes the walk-through as a way to ensure that systems function as documented, providing practical verification of the controls in operation.

💡Control Risk

Control risk is the risk that a material misstatement will not be prevented or detected on a timely basis by the company's internal controls. The script explains that the assessment of control risk directly impacts the planned detection risk and the extent of audit work required, indicating its importance in the audit planning process.

💡Transaction Cycles

Transaction cycles are the series of steps a company takes to manage a particular type of transaction, such as sales or purchases. The script mentions that audit objectives are specified for each transaction cycle, and key controls are identified to address audit objectives within those cycles, showing how the audit process is tailored to the specific activities of the company.

Highlights

Lesson focuses on the importance of understanding internal controls for auditing purposes.

Auditors must understand internal controls even if they don't plan to rely on them.

Understanding internal controls is essential for assessing audit risk.

Potential errors or fraud are identified by understanding internal controls.

Information about control environment and activities is gathered through discussions and documents.

Three methods for documenting understanding of internal controls are presented.

Narrative description, flowchart, and questionnaire are methods for documenting controls.

Flowcharts and questionnaires are preferred methods for documentation.

Information about controls is often carried forward year to year with updates as needed.

Walk-through is a process to confirm understanding of the accounting system.

Assessment of control risk impacts planned detection risk and audit work required.

Control risk is assessed separately for each major transaction cycle.

Audit objectives are specified for each transaction cycle.

Key controls are identified to address audit objectives within transaction cycles.

Not every control needs to be identified as key; selection is based on effectiveness or efficiency.

Controls can be manual, automated, or computer-assisted, affecting testing methods.

Computer controls are generally more effective to test due to less human error risk.

Once computer controls are tested, retesting is rare unless there are system changes.

Manual controls require ongoing consideration of effectiveness due to human factors.

Changes in personnel can affect the effectiveness of manual controls.

The lesson concludes with readiness to test controls, which will be covered in the next lesson.

Motivational closing to continue striving for success.