MODULE 1 – PT 2: INTERNAL CONTROL  Organizational Structure: Should be designed to meet goals,

ensure timely and accurate transaction processing, and assign

Internal control as the process designed and effected by governance, clear responsibilities.
management, and personnel to provide reasonable assurance regarding:  Assignment of Authority and Responsibility: Personnel
should have a clear understanding of their duties and rules
governing their actions.
1. Reliability of financial reporting
2. Effectiveness and efficiency of operations  Human Resource Policies: Policies ensuring that only capable
3. Compliance with applicable laws and regulations and honest personnel are hired, enhancing adherence to control
procedures.

Reasonable assurance implies a high, but not absolute, level of

assurance.

Internal Control System: Risk Assessment Process:

The internal control system includes policies and procedures that assist
management in ensuring the efficient and orderly conduct of business.
These controls aim to:
 Adhere to management policies
 Safeguard assets
 Prevent and detect fraud and errors
 Ensure the accuracy and completeness of accounting records
 Timely preparation of reliable financial information
Risk assessment involves identifying, analyzing, and managing risks that
could affect the financial reporting process. Major causes of risk include:
 Changes in the operating environment
 Introduction of new personnel or information systems
 Rapid organizational growth
 New technologies, business models, or products
 Corporate restructuring or expansion into foreign markets
 New accounting pronouncements

Internal control systems vary by company, depending on factors such as:

 Size of the business Information System and Communication:

 Nature of operations
 Geographical dispersion The information system is vital for capturing, processing, and reporting
data, especially for financial reporting. Effective communication within the
 Objectives of the organization
entity ensures roles and responsibilities related to internal controls are
understood. This communication can take various forms, such as policy
Components of Internal Control: manuals and financial reporting guidelines.

1. Control Environment: The overall attitude of management and

directors toward the internal control system. A strong control
environment leads to effective internal controls. Factors
Control Activities:
influencing the control environment include:
o Function of the board of directors and committees
o Management’s philosophy and operating style Control activities are mechanisms to ensure risk responses are effectively
o Organizational structure carried out. They include:
o Segregation of duties and internal audit functions
o Human resource policies  Policies and Procedures: These help ensure management
2. Risk Assessment: Identifying, analyzing, and managing risks,
directives are implemented.
especially those related to the preparation of financial statements.
Common risk sources:  Performance Reviews: Using accounting and operational data
o Changes in operating environments to assess and improve performance.
o New personnel or revamped information systems  Information Processing Controls: Ensure transactions are
o Rapid growth or new technology authorized and processed accurately, including both general and
o Corporate restructuring or expanded foreign operations application controls.
3. Information Systems: Includes infrastructure, software, and  Physical Controls: Used to secure assets and prevent theft,
processes that capture and exchange data internally and particularly when assets are susceptible to misappropriation.
externally. Business processes relevant to financial reporting
should focus on:
o Proper initiation, recording, and reporting of
transactions
o Ensuring compliance with laws and regulations Monitoring of Controls:
o Providing timely and accurate information
4. Control Activities: These include policies and procedures that Effective monitoring assesses the design and operation of controls. It helps
ensure management directives are carried out. Major categories: identify and correct control weaknesses before they can affect the entity’s
o Performance Reviews: Using data to assess and objectives. Monitoring includes timely assessments of controls, ensuring
improve operations they operate as intended.
o Information Processing: Ensuring transaction
accuracy through controls like authorizations,
verifications, and reconciliations
o Physical Controls: Security measures to prevent
asset misappropriation Objectives of Internal Control Study for Auditors:
5. Monitoring of Controls: Ongoing assessment to ensure
controls are working effectively. Monitoring can identify
Auditors need to understand the entity’s internal control system to plan an
weaknesses early and allow for corrective actions.
effective audit. Key objectives include:

 Understanding how major transactions are initiated, recorded,

processed, and reported
Control Environment Factors:
 Evaluating control risks
 Using techniques like flowcharts, walkthroughs, and
 Integrity and Ethical Values: The entity’s ethical standards questionnaires to document the internal control system
shape integrity and behavior.
 Commitment to Competence: Management should hire
competent employees for specific tasks to meet objectives.
 Governance Participation: Involvement by those overseeing
Documentation of Understanding:
the entity's strategic direction and financial reporting processes.
 Management Philosophy and Operating Style: How
management approaches business risks, financial reporting, and Auditors must document their understanding of internal controls in order to
goal-setting influences the control system. plan audits. Tools used include:
  Questionnaires: To detect control weaknesses, typically with o Auditors aim to ensure the financial statements are
"yes/no" responses. reasonably free from significant misstatements.
 Flowcharts: Diagrammatic representations of internal control 5. Risk Assessment Procedures:
processes, showing the sequential flow of data and authority. o Inquiries, analytical procedures, and
observation/inspection help assess risks.
 Narrative Descriptions: Written explanations of control phases
o Discussion among the engagement team can
or systems, especially useful for complex controls.
provide insights into potential risks.
 Internal Control Checklists: Detailed lists of methods and o Significant risks often involve non-routine or
practices used to review internal controls, serving as a guide for judgmental matters, like unique transactions or complex
audits. estimates.
6. Revising Risk Assessment:
MODULE 1 – PT 3: ASSESSMENT OF CONTROL RISK o The auditor may adjust risk assessments during the audit
based on new evidence or findings.
1. Audit Risk:
o Refers to the possibility that auditors fail to modify their MODULE 3: RISK AND LEVERAGE
opinion on materially misstated financial statements
correctly. It involves: 1. Risk Overview:
 Inherent risk: The likelihood of a material
error in an account without internal controls.
 Control risk: The chance that the internal o Business risk: The threat to a company’s ability to
achieve financial goals, leading to lower profits or
control system will not detect or correct
failure.
errors.
 Detection risk: The risk that auditors’ o Operational risk: Losses from flawed processes,
systems, policies, or events disrupting operations.
procedures will not find the misstatement.
Categories include people, processes, systems, external
2. Inherent Risk:
events, and legal risks.
o The likelihood of errors in an account balance. Factors o Financial risk: The possibility of losing money,
affecting inherent risk include:
impacting cash flow and obligations. It involves
 The nature of the business, management market risk (economic uncertainties), credit risk
integrity, nonroutine transactions, (borrowers defaulting), and liquidity risk (inability to
susceptibility to theft, and previous audit meet commitments).
results. 2. Risk Measurement:
3. Control Risk:
o Coefficient of Variation (CV): A ratio of the
o The risk that internal controls fail to prevent or detect standard deviation to the mean, indicating volatility.
material misstatements. Auditors assess control risk for Lower CV suggests a better risk-return tradeoff.
each material account or transaction class.
o Standard Deviation (SD): Measures past volatility,
4. Preliminary Assessment of Control Risk:
indicating how much returns deviate from the average.
o Evaluates the internal control system's effectiveness in 3. Leverage:
preventing or detecting errors.
o Definition: Using debt to finance a company’s
o Involves using professional skepticism and assessing activities. More debt increases financial risk.
risk at the assertion level (e.g., existence,
o Operating Leverage (DOL): Measures profit
completeness).
sensitivity to sales changes.
o If risk is assessed below maximum, auditors perform o Financial Leverage (DFL): Indicates how net income
tests of controls.
changes with operating profit variations.
5. Management Assertions:
o Total Leverage (DTL): Combines DOL and DFL,
o Claims made by management about financial statement showing net income sensitivity to sales changes.
elements, including existence, valuation, rights,
obligations, and disclosure.
6. Test of Controls:
o Procedures to evaluate the design and operation of
internal controls. Methods include inquiries, inspections,
and observations.
7. Detection Risk:
o The risk that audit procedures do not detect errors.
Managed by adjusting the nature, timing, and extent of
substantive testing.
8. Audit Risk Model:
o Guides auditors in managing audit risk using the
formula:
 AR = IR x CR x DR
o Where AR is audit risk, IR is inherent risk, CR is control
risk, and DR is detection risk.

The model helps determine the appropriate audit procedures to control and
minimize audit risk.

MODULE 2: ASSESSING THE RISK OF MATERIAL MISSTATEMENTS

Assessing the risk of material misstatements involves evaluating potential

errors or fraud in financial statements.

1. Misstatements:
o Can arise from fraud (intentional) or error
(unintentional).
o Auditors focus on fraud and errors that could significantly
affect financial statements.
2. Components of Fraud:
o Incentive/pressure to commit fraud.
o Opportunity to commit fraud.
o Rationalization for committing fraud.
3. Types of Fraud:
o Fraudulent financial reporting: Misleading financial
statement users through manipulation,
misrepresentation, or misapplication.
o Misappropriation of assets: Involves theft, such as
embezzling, stealing, or unauthorized personal use.
4. Responsibilities:
o Management and governance are primarily
responsible for preventing and detecting fraud.