Скачать книгу

other characteristics of management personnel that may affect our risk? If so, list. Entity Organization Does the entity lack an audit committee?Does the entity fail to document its accounting system?Does the entity fail to use the internal audit function?Does the internal audit function, if any, not report to the audit committee or some other high organizational level of the entity?Is the organization owner- or manager-dominated?Does the entity fail to document job requirements?Does management lack an understanding of accounting and administrative controls?Does management fail to implement accounting and administrative controls?Has management failed to correct material weaknesses in internal accounting control that can be corrected?Are the entity’s records generated to a significant degree by an electronic data processing (EDP) system?Does the entity fail to maintain perpetual records of:Inventories?Long-lived assets?Investments?If the entity maintains perpetual records, does it fail to periodically compare them with physical counts?Does management fail to communicate to other personnel a commitment to control?Does the entity fail to maintain policy and procedures manuals?Is there a high turnover of accounting and finance personnel?Has the client recently changed auditors or attorneys?Does a hostile relationship exist between our staff and management?Has the client recently organized or acquired a subsidiary? Financial Condition of Entity Does the entity have insufficient working capital?Does the entity have insufficient lines of credit?Does the entity depend on relatively few customers?Does the entity depend on relatively few suppliers?Are there violations of debt covenants?Has the entity recently experienced a significant period of losses?Is the entity using short-term obligations to finance long-term projects?Does the entity have excess productive capacity?Does the entity have high fixed costs?Has the entity experienced rapid expansion?Does the entity have a significantly long operating cycle?Does the entity have significant contingent liabilities?Is the entity the defendant in any significant litigation?Do major valuation problems exist, such as:Allowance for doubtful accounts?Inventories?Investment?Long-term construction contracts?Has the client experienced severe losses from investments or joint ventures? Nature of Transactions Does the entity engage in a significant number of consignment purchases or sales?Does the entity engage in significant cash transactions?Does the entity engage in significant related-party transactions?Has the entity engaged in significant unusual transactions during the year or near the end of the year?Are there any questions on the timing of revenue recognition?

      Illustration 2. Example Control Objectives

Business Objective Example Control Objectives
Corporate Culture Establish a culture and a tone at the top that fosters integrity, shared values, and teamwork in pursuit of the entity’s objectives. Articulate and communicate codes of conduct and other policies regarding acceptable business practice, conflicts of interest, and expected standards of ethical and moral behavior.Reduce incentives and temptations that can motivate employees to act in a manner that is unethical, opposed to the entity’s objectives, or both.Reinforce written policies about ethical behavior through action and leadership by example.
Personnel Policies The entity’s personnel have been provided with the information, resources, and support necessary to effectively carry out their responsibilities. Identify, articulate, and communicate to entity personnel the information and skills needed to perform their jobs effectively.Provide entity personnel with the resources needed to perform their jobs effectively.Supervise and monitor individuals with internal control responsibilities.Delegate authority and responsibility to appropriate individuals within the organization.
Logical access control protects the following, which are used in the financial reporting process:SystemsDataApplication, utility, and other programsSpreadsheetsInstallation of suitable computer operating environment and controls over the physical access to hardware.Proper functioning of new, upgraded, and modified systems and applications, including plans for migration, conversion, testing, and acceptance.
Risk Identification Implement a process that effectively identifies and responds to conditions that can significantly affect the entity’s ability to achieve its financial reporting objectives. Identify what can go wrong in the preparation of the financial statements at a sufficient level of detail that allows management to design and implement controls to mitigate risk effectively.Continuously identify and assess risk to account for changes in external and internal conditions.
Antifraud Programs and Controls Reduce the incidence of fraud. Create a culture of honesty and high ethics.Evaluate antifraud processes and controls.Develop an effective antifraud oversight process.
Period-End Financial Reporting Processes Nonroutine, nonsystematic financial reporting adjustments are appropriately identified and approved. Management is aware of and understands the need for certain financial reporting adjustments.Information required for decision-making purposes is:Identified, gathered, and communicatedRelevant and reliableManagement analyzes the information and responds appropriately.Management’s response is reviewed and approved.
Management identifies events and transactions for which accounting policy choices should be made or existing policies reconsidered.The accounting policies chosen by management have general acceptance and result in a fair presentation of financial statement information.Information processing and internal control policies and procedures are designed to apply the accounting principles selected appropriately.
Monitoring Identify material weaknesses and changes in internal control that require disclosure. Monitoring controls operate at a level of precision that would allow management to identify a material mis­statement of the financial statements. This objective applies both to:Controls that monitor other controlsControls that monitor financial information
Activity-Level Control Objectives Adequately control the initiation, processing, and disclosure of transactions. Identify, analyze, and manage risks that may cause material misstatements of the financial statements.Design and implement an information system to record, process, summarize, and report transactions accurately.Design and implement control activities, including policies and procedures applied in the processing of transactions that flow through the accounting system, in order to prevent or promptly detect material misstatements.Monitor the design and operating effectiveness of activity-level internal controls to determine if they are operating as intended and, if not, to take corrective action.

      Note

      1 1 Refer to the October 2018 AICPA Peer Reviewer Alert at https://www.aicpa.org/content/dam/aicpa/interestareas/peerreview/newsandpublications/downloadabledocuments/reviewer-alert-201810.pdf.

Скачать книгу