Auditing Special Purpose Frameworks: Internal Control Basics

Read more from Larry Perry here and in the Today's World of Audits archive.

Professional standards require an auditor to obtain an understanding of a client's business and industry, including its internal control. Unable to default to high control risk and perform only analytical and tests of balances procedures, an auditor is required to obtain the understanding, identify and evaluate risks of material misstatement due to error and fraud and link the risks to appropriate substantive procedures to prevent financial statements from being materially misstated. Understanding and documenting internal control is integral to this process, which is the formulation of an audit strategy. For special purpose frameworks, an auditor's understanding of differences from US GAAP is essential to documenting and evaluating internal control.

AU-C 315 defines internal control this way:

Internal control is a process—effected by those charged with governance, management, and other personnel—designed to provide reasonable assurance about the achievement of the entity's objectives with regard to reliability of     financial reporting, effectiveness and efficiency of operations, and compliance with laws and regulations. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition may include control relating to financial reporting and operations objectives."

Internal Control and Audit Strategies
At the heart of each engagement's audit strategy is the entity's system of internal control. Assessing risks of material misstatement (RMM) for each financial statement classification requires an understanding of both entity-level controls and activity-level controls. The emphasis for assessing RMM is on the design and operation of key controls for both large and small audits, and for all reporting frameworks. For smaller audits, the most effective key controls are normally performed at the entity or management level.

If key controls are designed and operating, formally or informally, it is unlikely material errors or fraud can occur and go undetected. If key controls are not designed, or are designed and not operating, control deficiencies are likely. Depending on the likelihood and magnitude of the deficiencies, they may be significant deficiencies or material weaknesses, that is, risks of material misstatements for which audit responses must be designed.

A Historical Perspective of Internal Controls
The Committee of Sponsoring Organizations (COSO) of the National Commission on Fraudulent Financial Reporting (Treadway Commission) issued its first report stressing the importance of internal control, the control environment, codes of conduct, audit committees and internal audit functions. In 1992, a task force of COSO issued a report titled Internal Control—Integrated Framework, called the COSO Report. This report was updated in 2013 to include 17 principles underpinning the components of internal control.

Among other things, the COSO report defines internal control and its components and provides criteria for evaluating internal control. The report presents these interrelated components of internal control:

  • Control Environment: The core of any business is its people and the environment in which they operate.
  • Risk Assessment: The entity must be aware of and deal with the risks it faces.
  • Control Activities: Control policies and procedures must be established and applied to address risks to the achievement of the entity's objectives.
  • Information and Communication: These systems enable the entity's people to obtain and use information necessary to conduct, manage and control operations.
  • Monitoring: The internal control process must be monitored and changed as conditions necessitate.

In future articles, I'll discuss the benefits of understanding key controls, preparing flowcharts and performing systems walk-through procedures on smaller audits.

 

You may like these other stories...

Accountants who specialize in forensic and valuation services point to electronic data analysis, or big data, as the most pressing issue they’ll face in the coming months, according to results of a new survey released...
Renaissance avoided more than $6 billion tax, report saysThe Senate Permanent Subcommittee on Investigations said on Monday that a Renaissance Technologies LLC hedge fund’s investors probably avoided more than $6...
Your 15-year-old may be tech-savvy enough to debug your computer, back-up data on your mobile devices, and help you stream episodes of Game of Thrones, but chances are you can’t expect them to display the same level of...

Upcoming CPE Webinars

Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.
Jul 31
In this session Excel expert David Ringstrom helps beginners get up to speed in Microsoft Excel. However, even experienced Excel users will learn some new tricks, particularly when David discusses under-utilized aspects of Excel.
Aug 5
This webcast will focus on accounting and disclosure policies for various types of consolidations and business combinations.