Internal Control and Responding to Assessed Risks A3

1) Reliability of financial reporting
2) Effectiveness and efficiency of operations
3) Compliance with applicable laws and regulations

1) Control Environment: overall tone of the org.
2) Risk Assessment: management's ID of risk
3) Info and Comm systems: a means of recording transactions and communicating responsibilities
4) Monitoring: assessment of IC performance over time
5) Existing Control Activities: control policies and procedures

Generally, those controls that pertain to the first objective, reliability of financial reporting, are most relevant to the audit; it is primarily those controls that the auditor must consider and understand.

1) Evaluate the design of relevant controls and determine whether they have been implemented
2) Assess the risk of MM.
3) Design the NET of further audit proceduers

IC provides only reasonable assurance regarding the achievement of objectives due to the following inherent limitations of IC:
1) Human error
2) Deliberate circumvention of controls by collusion
3) Management override
4) Segregation of duties may be difficult to achieve in a smaller entity

A. management who doesn't appropriately address IT risks could negatively impact the control environment
b. use of IT may enhance risk assessment by providing more timely information
c. much of the monitoring is provided by IT, thus the system is crucial

Manual make judgment calls easier
Automated make human error and control overrides less.

-the ability to process large volumes of transaction and data accurately and consistently
-improved timeliness and availability of information
-facilitation of data analysis and performance monitoring
-reduction in the risk that controls will be circumvented
-enhanced segregation of duties through effective implementation of security controls

-potential reliance on inaccurate systems
-unauthorized access and changes to data
-failure to make required changes or updates to systems

A. Control group: responsible for IC within the IC (keep track of errors, seek out the cause, and develop solutions)
b. Operators: convert data into machine readable for
c. Programmers: develop and write computer programs
d. analysts: determine what is needed and design the system
e. Librarians: keep track of program files and use, control access to the programs

1) Sets the tone of an ogranization and influences the control consciousness of its people
2) Provides discipline and structure as the foundation for all other components of IC
3) Originates with management

1) Communication and enforcement of integrity and ethical values of the people who create and monitor IC
2) Commitment to competence as reflected in management's consideration of the skills required for particular jobs
3) Participation of those charged with governance and their participation of auditors
4) Management's philosophy and operating style, particularly with respect to risk-taking
5) Organizational structure that monitors its activities
6) Assignment of authority
7) HR policies and procedures

1) Overseeing the financial reporting and disclosure process
2) Balancing the conflicting pressures that may be placed on management
3) Bearing responsibility for the prevention and detection of error/fraud
4) Overseeing "whistle-blower" procedures
5) Overseeing the process for reviewing the effectiveness of IC

When there are weak controls, an auditor will perform more substantive procedures as of the BS date rather than at interim; may also modify the nature of the tests to obtain more persuasive evidence or incrase the extent of testing

The auditor will perform tests at interim rather than at the BS date; may use tests that provide somewhat less persuasive evidence and reduce the extent of testing