Auditing Special Purpose Frameworks: Internal Control Basics

Read more from Larry Perry here and in the Today's World of Audits archive.

Professional standards require an auditor to obtain an understanding of a client's business and industry, including its internal control. Unable to default to high control risk and perform only analytical and tests of balances procedures, an auditor is required to obtain the understanding, identify and evaluate risks of material misstatement due to error and fraud and link the risks to appropriate substantive procedures to prevent financial statements from being materially misstated. Understanding and documenting internal control is integral to this process, which is the formulation of an audit strategy. For special purpose frameworks, an auditor's understanding of differences from US GAAP is essential to documenting and evaluating internal control.

AU-C 315 defines internal control this way:

Internal control is a process—effected by those charged with governance, management, and other personnel—designed to provide reasonable assurance about the achievement of the entity's objectives with regard to reliability of     financial reporting, effectiveness and efficiency of operations, and compliance with laws and regulations. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition may include control relating to financial reporting and operations objectives."

Internal Control and Audit Strategies
At the heart of each engagement's audit strategy is the entity's system of internal control. Assessing risks of material misstatement (RMM) for each financial statement classification requires an understanding of both entity-level controls and activity-level controls. The emphasis for assessing RMM is on the design and operation of key controls for both large and small audits, and for all reporting frameworks. For smaller audits, the most effective key controls are normally performed at the entity or management level.

If key controls are designed and operating, formally or informally, it is unlikely material errors or fraud can occur and go undetected. If key controls are not designed, or are designed and not operating, control deficiencies are likely. Depending on the likelihood and magnitude of the deficiencies, they may be significant deficiencies or material weaknesses, that is, risks of material misstatements for which audit responses must be designed.

A Historical Perspective of Internal Controls
The Committee of Sponsoring Organizations (COSO) of the National Commission on Fraudulent Financial Reporting (Treadway Commission) issued its first report stressing the importance of internal control, the control environment, codes of conduct, audit committees and internal audit functions. In 1992, a task force of COSO issued a report titled Internal Control—Integrated Framework, called the COSO Report. This report was updated in 2013 to include 17 principles underpinning the components of internal control.

Among other things, the COSO report defines internal control and its components and provides criteria for evaluating internal control. The report presents these interrelated components of internal control:

  • Control Environment: The core of any business is its people and the environment in which they operate.
  • Risk Assessment: The entity must be aware of and deal with the risks it faces.
  • Control Activities: Control policies and procedures must be established and applied to address risks to the achievement of the entity's objectives.
  • Information and Communication: These systems enable the entity's people to obtain and use information necessary to conduct, manage and control operations.
  • Monitoring: The internal control process must be monitored and changed as conditions necessitate.

In future articles, I'll discuss the benefits of understanding key controls, preparing flowcharts and performing systems walk-through procedures on smaller audits.

 

You may like these other stories...

Cybersecurity is no longer the domain of an organization's IT staff. It's moved to the boardroom, and in a big way. Accountants and financial managers may have been thinking it's just the province of the tech...
Boehner addresses GOP priorities ahead of midterm electionsHouse Speaker John Boehner (R-OH) on Thursday delivered what amounted to closing arguments ahead of the November elections, laying out a list of Republican...
Former DOJ Tax Division head Kathryn Keneally joining DLA Piper in New YorkGlobal law firm DLA Piper announced on Thursday that Kathryn Keneally, the former head of the US Justice Department Tax Division, is joining the firm...

Already a member? log in here.

Upcoming CPE Webinars

Sep 24
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.
Sep 30
This webcast will include discussions of important issues in SSARS No. 19 and the current status of proposed changes by the Accounting and Review Services Committee in these statements.
Oct 21
Kristen Rampe will share how to speak and write more effectively by understanding your own and your audience's communication style.
Oct 23
Amber Setter will show the value of leadership assessments as tools for individual and organizational leadership development initiatives.