Internal Control | Auditing and Attestation

These lectures covers the five components of internal control, assessing internal control, testing internal control, documenting and reporting on internal control.

[vc_row][vc_column][vc_video link=”https://youtu.be/Kn8o9FZuQVA” title=”Introduction to Internal Control”][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/IDl6gZKbs7Y” title=”Internal Control:  Control Environment “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/noQXq1cTkzI” title=”Internal Control:  Risk Assessment, COSO Framework “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/dmGpcLPJd4s” title=”Internal Control: Control Activities “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/9YGs3HgDct4” title=”Internal Control: Information, Communication and Monitoring “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/Ht-gUM51qvE” title=”Example:  Internal Control, Control Activities “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/E3halOkCn9Q” title=”Obtain understanding and Document internal Control “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/cEAlgXgVYx4” title=”Assess Internal Control “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/9gGShfYE9MA” title=”Test of Internal Controls “][/vc_column][/vc_row]

[vc_row][vc_column][vc_video link=”https://youtu.be/yHv4O-fw1pU” title=”Auditor Reporting on Internal Control “][/vc_column][/vc_row]

This chapter focused on internal controls, including internal controls related to computer-based information systems, and the COSO Framework. We use this framework as a basis for discussing the auditor’s responsibilities related to internal controls in the next chapter. To rely on a client’s internal controls to report on internal control over financial reporting and to reduce planned audit evidence for audits of financial statements, the auditor must first obtain an understanding of each of the five components of internal control. Knowledge about the design of the client’s control environment, risk assessment, control activities, information and communication, and monitoring activities and information about whether internal control components have been implemented assist the auditor in assessing control risk for each transaction-related audit objective.

This chapter focused on the auditor’s responsibility for understanding, evaluating, and testing internal control, including integrated audits of financial statements and internal control over financial reporting under Section 404 of the Sarbanes–Oxley Act and PCAOB requirements. To rely on a client’s internal controls to report on internal control over financial reporting and to reduce planned audit evidence for audits of financial statements, the auditor must first obtain an understanding of each of the five components of internal control. Knowledge about the design of the client’s control environment, risk assessment, control activities, information and communication, and monitoring activities and information about whether internal control components have been implemented assist the auditor in assessing control risk for each audit objective.

The chapter also included a discussion of the differences in the audit of nonpublic and smaller public companies because they are not subject to Section 404(b) and PCAOB requirements to report on internal control over financial reporting. For nonpublic companies, auditors have the option of assessing a higher level of control risk, depending on the quality of the client’s internal controls and cost–benefit considerations.

The chapter ended with a discussion of the impact of a more complex information technology environment on control risk assessment and testing. Knowledge about general controls provides a basis for the auditor to rely on automated application controls and may reduce the extent of tests of key automated controls in audits of financial statements and internal controls. Some of the auditor’s tests of controls can be done by the computer, often as a way to achieve more effective and efficient audits.