...standards in conducting audits based on the Citywide Risk Assessment model or requested audits. Specifically, this section will cover the initial planning phase of the audit (preliminary survey) that begins with start the audit, preliminary survey and risk assessment, and development of the audit program. The purpose of audit planning process is to generate information and ideas to better understand the audit subject, determine the audit objective, and to develop the audit field work program. Planning also involves estimating the time and resources necessary to complete the audit. The evidence gathered in background research and later fieldwork is documented in the working papers. Key outputs of audit planning include an audit background memorandum; audit scope statement; risk and vulnerability assessment document; and field work audit program. AUDIT PLANNING PROCESS The audit planning process can be divided into the following three phases: 1) starting the project, 2) preliminary survey (planning the audit and conducting risk assessment), and 3) developing the audit program. These steps are followed by fieldwork and reporting. Details of each of the steps are noted below. Audit Start City Auditor assigns staff to audit. City Auditor and audit team hold a project initiation and expectation meeting. Job start letter sent to agency or department director. If requested audit, Audit staff research audit topic-program, policy, or agency. Conduct entrance conference with agency. o...
Words: 6307 - Pages: 26
...an audit client’s internal control? A. The auditor has two primary reasons for conducting an evaluation of a company’s internal control. 1) First, Sarbanes-Oxley (SOX) requires an audit of management’s assessment of internal controls for publicly traded companies. This type of audit is an integrated part of the financial statement audit. In some substances, the auditor issues three opinions: one on the company’s financial statements, one on management’s evaluation of their internal controls over financial reporting, and one on the effectiveness of a company’s internal controls. 2) The second reason for evaluating a company’s internal control is to assess control risk to give the auditors a basis for planning the audit and determining the nature, timing, and extent of audit procedures for the account balance (substantive) audit program. B. For secondary reason for evaluating internal control is to provide information useful to the management and directors for carrying out the company’s control mission. Regulators, Congress, and the public have been concerned about auditors’ communication of internal control and other matters to high levels in public corporations. Another responsibility is to communicate internal control matters noted in an audit to the audit committee of the company’s board of directors and directly to shareholders through their report on management’s assertion of effective internal control in the annual report. (Page# 148 -149...
Words: 1408 - Pages: 6
...MEMORANDUM TO: Accounting Staff FROM: Junior Accountant DATE: September 23, 2013 SUBJECT: Replacement of SAS 112 with SAS 115 The American Institute of CPAs (AICPA) Statement on Auditing Standards (SAS) Number 115 supersedes SAS Number 112. Going forward, auditors are to use rule SAS 115 when performing internal control audits. The rules have some similarities. However, the key differences in the rules are the definitions for control deficiency, significant deficiency, and material weaknesses. The change in rules also creates more opportunities for accounting firms to offer services. Similarities between SAS 112 and SAS 115: Similarities exist between SAS 115 and SAS 112. The rules require auditors to look at deficiencies found during an audit. The auditor must continue to identify the deficiencies found as significant deficiencies or material weaknesses.1 SAS 112 and SAS 115 require auditors to determine if internal controls can prevent and detect errors. Management receives written communication of the findings, as before. Both rules require management to become more aware of the weaknesses in the organizational internal controls. The differences in rules SAS 112 and SAS 115 are as significant as the similarities. Differences between SAS 112 and SAS 115: The differences between SAS 112 and SAS 115 are subtle but important. The major difference between the two rules is the definition of control deficiency, significant deficiency, and material weakness...
Words: 1974 - Pages: 8
...In India, there is reason to believe that instrument to exchange were in use from early times and we find that papers representing money were introducing into the country by one of the Mohammedan sovereigns of Delhi in the early part of the fourtheenth century. The word 'hundi', a generic term used to denote instruments of exchange in vernacular is derived from the Sanskrit root 'hund' meaning 'to collect' and well expresses the purpose to which instruments were utilised in their origin. With the advent of British rule in India commercial activities increased to a great extent. The growing demands for money could not be met be mere supply of coins; and the instrument of credit took the function of money which they represented. Before the enactment of the Negotiable Instrument Act, 1881, the law of negotiable instruments as prevalent in England was applied by the Courts in India when any question relating to such instruments arose between Europeans. When then parties were Hindu or Mohammedans, their personal law was held to apply. Though neither the law books of Hindu nor those of Mohammedans contain any reference to negotiable instruments as such, the customs prevailing among the merchants of the respective community were recognised by the courts and applied to the transactions among them. During the course of time there had developed in the country a strong body of usage relating to “hundis”, which even the Legislature could not without hardship to Indian bankers and merchants...
Words: 8689 - Pages: 35
...MEMORANDUM MEMORANDUM To : Mr. XYZ President, LJB Company From : M F Annigeri, T.E.L & Company, PA Date : 01-Oct-2011 Subject : Results of TEL Review of LJB Company Internal Controls Introduction: This memorandum transmits the review results for LJB Internal Controls requirement for the upcoming public issue of LJB. Further it also provides the details of current practices of Internal Controls and future recommendation as per the Federal Standards. Results & Recommendations: Based on our review we identified certain deficiencies that prevent LJB Company from fully satisfying the standards for Internal Control in the Federal Government. For your information and corrective action we, we have listed the below details. In the future, we anticipate conducting a follow up review to assess the actions you have taken. Considering your requirement and the fact that LJB Company has planned for IPO and reviewing your company’s information as provided by you, following are some of the details on establishing good strong Internal control for having a successful IPOs. Further keep in mind, while doing so the cost involved in the same should not exceed the desired benefits. Implement a light version of SOX with good documented and tested controls. Create and enhance current company policies and procedures to include risk management, insider trading, signing authorities and limits. SEC Complaint financial reporting...
Words: 1249 - Pages: 5
...INTERNAL CONTROL - NOTES 1 1. Definition of Internal Control Internal Control is a process designed by management of an entity to provide reasonable assurance that an entity achieves its objectives in the following categories: • • • Reliability of financial reporting Effectiveness and efficiency of operations, Compliance with applicable laws and regulations. 2. Major components 1. Control Environment – factors that set the tone of an organization and influences the consciousness of its people. There are seven factors (ICHAMBO). I – Integrity and ethical values C – Commitment to competence H – Human resource policies and practices A – Assignment of authority and responsibility M – Management’s philosophy and operating style B – Board of Trustees’ or audit committee participation O – Organizational structure 2. Risk Assessment – risks that may affect an entity’s ability to properly record, process, summarize and report financial data due to: Changes in the operating environment (e.g., increased competition) New personnel New Information systems Rapid growth New technology New lines, products, or activities Corporate restructuring Foreign operations Accounting pronouncements 3. Control Activities – various policies and procedures that help ensure that necessary actions are taken to address risks affecting the achievement of an entity’s objectives. (PIPS): P – Performance reviews (reviews of actual against budgets, forecasts) I – Information processing (checks for accuracy,...
Words: 853 - Pages: 4
...XYZ SCHOOLS Internal Audit Department Audit of School Activity Accounts FY xx Audit Planning Memorandum June, xxxx The purpose of this Memorandum is to lay out in sufficient detail the key tenants of the audit of XYZ schools (XYZ) FY xx School Activity Accounts. They are as follows: BACKGROUND: Activity Account funds are defined as all monies collected and disbursed by personnel within a school for the benefit of the school or a school-sponsored activity. These funds are considered both budgeted and unbudgeted funds under the control and supervision of the School Board with the principal having responsibility as prescribed by the School Board. School Activity Accounts that received and expended monies during the year for various student activities (i.e., National Honor Society, Student Government, and Athletics) are required to have a budget on file. Trust Accounts (i.e., General Fund, Field Trips, and Foundation Grants) which received and expended funds for a specified purpose are unbudgeted funds. OVERSIGHT/GOVERNANCE/ENABLING LEGISLATION: This engagement will be performed in accordance with; the board approved internal audit plan, XYZ policy xx, State Statutes, various XYZ policy and procedures (i.e., which refer to all relevant State Statues and State Board of Education rules), State Administrative Code rule 1234, and the Financial and Program Cost Accounting and Reporting for the State Schools manual Chapter x published by the State Department of Education...
Words: 1184 - Pages: 5
...engagements and make best use of these sources during planning. | 3. | Obtain and consider the following for the most recent internal audit of the auditable unit and consider whether any of this material could be updated and re-used: * Previous work papers * Most recent report * Status of management action on all findings | No. | Step | Reference (e.g., to supporting documents) | Done by orN / A | 4. | Determine whether any work needs to be done to verify management’s remedial actions on previous internal audit findings reported as cleared. | | | 5. | Consider the work planned for / already done by the external auditor for this auditable unit (normally this is done through periodic meetings rather than on an individual auditable unit basis) and determine the impact this may have on the nature, timing and extent of the internal audit work now being planned. | | | 6. | Consider any documentation or testing performed by management to discharge their Sarbanes-Oxley responsibilities or as part of a self-assessment process, then consider the impact on the scope of internal audit work (usually determined through periodic meetings with management). | | | 7. | Document the following decisions as regards the nature, timing and extent of work to be performed to test operational effectiveness of IT controls: * The overall quality of IT general controls and how this should be taken into account when auditing this or other...
Words: 698 - Pages: 3
...Miles Cohen 701465100 Chapter 5 Auditing homework Review Checkpoints (1-17, 19-22, 24-32) 1) The 3 goals of an internal control system according to COSO is (1) Reliability of financial reporting, (2) Effectiveness and efficiency of operations, (3) compliance w/ applicable laws and regulations 2) Human error due to mistakes in judgment, fatigue and carelessness can still occur 3) Reasonable assurance recognizes that the costs of controls should not exceed the benefits that are expected from the controls 4) * Management is responsible for establishing and maintaining adequate internal control over financial reporting, Auditors are responsible for evaluating and finding any risk for the internal control effectiveness 5) Control risk is the probability that an entity’s controls will fail to prevent or detect material misstatement due to error or frauds. 6) To see if the client’s internal control is effective at controlling control risk. 7) Control risk adversely affects all 3 aspects 8) 5 components of management’s internal control (1) control environment, (2) Risk assessment, (3) control activities, (4) Monitoring and (5) information and communication 9) The control environment is the tone set for the organization as the foundation for all other components of internal control 10) Audit committee is a subcommittee of the BOD that is generally composed of 3-6 independt members in the entity’s day-to-day management of the organizations BOD. 11) Risk assessment...
Words: 717 - Pages: 3
...CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT Answers to Review Questions 6-1 From management's perspective, the internal control provides a way to meet its stewardship or agency responsibilities. Management also needs a control system that generates reliable information for decision-making purposes. The importance of internal control to the auditor is rooted in the second standard of fieldwork. The controls that are relevant to the entity's ability to initiate, record, process, and report financial data consistent with management's assertions are the auditor's main concern. The auditor needs assurances about the reliability of the data generated within the entity's internal control system in terms of how it affects the fairness of the financial statements and how well the assets and records of the entity are safeguarded. 6-2 The potential benefits and risks to an entity’s internal control from information technology include (see Table 6-1): Benefits: • Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data. • Enhancement of the timeliness, availability, and accuracy of information. • Facilitation of additional analysis of information. • Enhancement of the ability to monitor the performance of the entity's activities and its policies and procedures. • Reduction in the risk that controls will be circumvented. ...
Words: 3770 - Pages: 16
...CHAPTER 21 1. Which of the following does not affect the form and content of working papers? a. Nature and complexity of the business b. Form of the auditor's report c. Specific audit methodology and technology used in the course of the audit. d. Estimated audit fee agreed upon between the client and the auditor. 2. Which of the following need not be documented in the working papers as required by PSA 230(Clarified)? a. Audit evidence obtained, the audit procedures applied and the testing performed have provided sufficient competent evidential matter to afford a reasonable basis for an opinion. b. The work has been adequately planned and supervised. c. A sufficient understanding of the internal control structure had been obtained to plan the audit and to determine the nature, timing and extent of tests to be performed. d. Basis in choosing the members of the audit engagement team. 3. When planning an audit, which of the following is not a factor that affects auditors' decisions about the quantity, type, and content of audit working papers? a. The auditors' need to document compliance with financial reporting standards. b. The existence of new sales contracts important for the client's business. c. The auditors' judgment about their independence with regard to the client. d, The auditors' judgments about materiality. 4. An audit working paper that shows the detailed evidence and procedures regarding the balance in the accumulated depreciation...
Words: 1823 - Pages: 8
...24 It is always a good idea for auditors to begin an audit with the professional skepticism characterized by the assumption that a. A potential conflict of interest always exists between the auditor and the management of the enterprise under audit. b. In audits of financial statements, the auditor acts exclusively in the capacity of an auditor. c. The professional status of the independent auditor imposes commensurate professional obligations. d. Financial statements and financial data are verifiable. 1.25 In an attestation engagement, a CPA practitioner is engaged to a. Compile a company’s financial forecast based on management’s assumptions without expressing any form of assurance. b. Prepare a written report containing a conclusion about the reliability of a management assertion. c. Prepare a tax return using information the CPA has not audited or reviewed. d. Give expert testimony in court on particular facts in a corporate income tax controversy. 1.26 A determination of cost savings obtained by outsourcing cafeteria services is most likely to be an objective of a. Environmental auditing. b. Financial auditing. c. Compliance auditing. d. Operational auditing. 1.27 The primary difference between operational auditing and financial auditing is that...
Words: 8496 - Pages: 34
...Memorandum To: Accountants From: junior accountant Date: October 22, 2012 Subject: SAS 115-Statement on Accounting Standards SAS 115 was issued by the Auditing Standards Board to provide guidance to auditors on what should be communicated to management and those in charge of governance within an organization. The SAS 115 requires the auditor to make communications, in writing, to management regarding imperative deficiencies and material weakness in internal controls that are noted in audit reports. It clarifies standards and provides guidance on communicating matters related to an entity’s internal control over financial reporting identified in an audit of financial statements. The new SAS No. 115 is going to affect this department in three different ways: 1. It defines three categories of control deficiencies that may be identified during the external audit of the financial statements: control deficiencies, significant deficiencies and material weakness. 2. It provides guidance on evaluating the severity of the deficiencies identified. 3. It requires the auditor to communicate in writing to managements and those charged with governance any significant deficiencies or material weaknesses that were identified. SAS No. 115 includes much of what was outlined in SAS No. 112 as it provides guidance to enhance the auditor's ability to evaluate deficiencies in internal control identified during an audit, and then communicate those deficiencies that the auditor believes...
Words: 476 - Pages: 2
...Changes and Benefits MEMORANDUM TO: Valued Clients FROM: DATE: April 23, 2012 SUBJECT: SAS 115 Changes and Benefits CC: Supervisor Dear Valued Client, In a recent move toward improving company communications pertaining to internal control matters it has been brought to our attention in this effort to provide the best service for clients Statement on Auditing Standards (SAS) No. 112 has been removed and replaced with SAS 115, which is in effect for audits being performed on or after December 15, 2009. Definitions Internal control is the method put into place by a company to be sure the integrity of financial and accounting information, meets operational, profitability targets, and transmit management policies throughout the organization (Investopedia). Control deficiency is the result of the design or operation of the control not allowing management, employees to prevent, or correct financial misstatements (Ken Plessner CPA). Material weakness occurs with the possibility of the material misstatement not being prevented, detected, and corrected on a timely basis (Ken Plessner CPA). Significant deficiency requires attention by those in charge but is not as severe as material weakness (Ken Plessner CPA). SAS 115 allows the practitioners to more effectively use their judgment when they become aware of and determine the severity of the deficiency found. If it is determined the deficiency is severe enough, they will report it in writing, to management...
Words: 521 - Pages: 3
...Memorandum To: Internal Accountants From: Team B Date: November 02, 2015 Subject: Enhanced Formal Communication The American Institute of Certified Public Accountant Board (AICPB) establishes SAS 112 and SAS 115 to provide policies that outline the description of material weakness and significant deficiencies with principles to communicating materials concerning the internal controls of an establishment. SAS 112 makes it easier for an auditor to locate discoveries that could not have been reportable before can now be reportable as there is the possibility of misstatement. The SAS explains that the importance of a control deficiency is reliant on the possibility of misstatement, not if a misstatement transpires. The SAS 112 forms...
Words: 560 - Pages: 3
