search

What is weakness in auditing?

1 anos atrás
Comentários: 0
Visualizações: 192

An internal audit control system is like a good diet and exercise plan. Like the measures you take to protect your health, it consists of all the policies and procedures you have in place to protect your business’s assets. Assets include the premises, furnishings, equipment and, of course the money. Intangibles like your business’s reputation and name recognition are also assets.

Show

There are two main types of internal audit systems; preventive and detective. Preventive systems are designed to prevent problems. They’re the vitamins, healthy diet and exercise part. Detective systems are designed to identify problems that have already occurred like the diagnostic tests your doctor runs when you’re sick. The best internal audit systems include both.

Proactive preventive measures are critical to control losses. But your system also has to have a detective component in case a problem arises. The detective component is a set of guidelines for how to resolve problems. Detection should be ongoing because it provides proof that the preventive controls are working the way they’re supposed to.

A good internal control system does the following:

  • Controls risk.
  • Operates effectively and efficiently.
  • Protects tangible and intangible resources from waste and theft.
  • Prevents fraud.
  • Proactively identifies potential issues and reactively deals with them quickly when they occur.
  • Generates prompt and accurate reporting.
  • Measures progress toward your goals.
  • Complies with all laws and regulations that apply to your business.

Some famous internal control problems examples are the Enron and Lehman Brothers scandals. Both big companies went bankrupt but not before damaging untold numbers of lives through their losses.

More recently, Kenya Airlines lost an estimated $21.7 million because of incorrect billing and not charging the correct amount for excess baggage.

While the best course of action is to build a strong internal control system in the first place, weaknesses in internal audit control systems are usually pretty easy to fix. But first you have to know what they are. If your internal control system is missing any of the following elements you have internal control deficiencies:

  1. Robust physical security as in locks, alarms, cameras and limited access to your business’s valuables.
  2. Clearly defined employee roles and job responsibilities.
  3. Segregated employee duties, particularly in handling money. If one person is responsible for handling all the money from receiving it to depositing it in the bank you taking a big risk that it could be handled inappropriately.
  4. Management or owner approval of who does what on an ongoing basis and when a particular activity requires supervisory approval.
  5. Assets security including who has keys to the business, who can operate what equipment and who has access to cash and inventory.
  6. Regular business performance reviews to balance budgets, check that earnings are on target and confirm that goals are being met.
  7. Frequent reconciliations in which different sets of data are compared so that discrepancies and problems can be easily identified.
  8. Regular inventories compared with sales to ensure that no stock is missing through waste or theft.
  9. A disaster recovery plan to ensure data backup and assets protection. You should be able to continue to operate or at least recover quickly if your place of business is damaged or a natural disaster occurs.

This list may seem a bit daunting but time spent developing a strong internal audit control system is time well spent. It can save you a lot of money in the long run by preventing losses as much as possible, and identifying them and resolving them quickly when they happen.

Tool are available online to help you develop your own system. Following a template or outline, along with a quick study of internal control problems examples will set you on the right track.

The U.S. Department of Housing and Urban Development’s website contains information and tools designed to help recipients of federal funding develop their internal audit control systems. But they’re generic enough to apply to any business.

Start with their Internal Control Questionnaire and Assessment. It will help you figure out where to begin. Then use their Implementing the Five Key Internal Controls publication to build your system. This document contains an excellent visual aid in the form of a flowchart entitled “Summary of Internal Control Standards.”

Auditors often fail to capture and communicate internal control weaknesses, even though such communications are required by the audit standards.

But making our clients aware of control weaknesses can help them. How? It allows them to improve their accounting system. The result: prevention of future fraud and errors.

In this article, I’ll show you how to capture and communicate internal control deficiencies. By doing so, you’ll add value to your audit services and you’ll help your client protect their business.

At the end of the post, you’ll also see a video that summarizes this information.

What is weakness in auditing?

A Common End-of-Audit Problem

You are concluding another audit, and it’s time to consider whether you will issue a letter communicating internal control deficiencies. A month ago you noticed some control issues in accounts payable, but presently you’re not sure how to describe them. You hesitate to call the client to rehash the now-cold walkthrough. After all, the client thinks you’re done. But you know that boiler-plate language will not clearly communicate the weakness or tell the client how to fix the problem. Now you’re kicking yourself for not taking more time to document the control weakness (back when you initially saw it).

Here’s a post to help you capture and document internal control issues as you audit.

Capture and Communicate Internal Control Deficiencies

Today, we’ll take a look at the following control weakness objectives:

  1. How to discover them
  2. How to capture them
  3. How to communicate them

As we begin, let’s define three types of weaknesses:

  • Material weaknesses – A deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.
  • Significant deficiencies – A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
  • Other deficiencies – For purposes of this blog post, we’ll define other deficiencies as those less than material weaknesses or significant deficiencies.

As we look at these definitions, we see that categorizing control weaknesses is subjective. Notice the following terms:

  • Reasonable possibility
  • Material misstatement
  • Less severe
  • Merits attention by those charged with governance

Now let’s take a look at discovering, capturing, and communicating control weaknesses. 

1. Discover Control Weaknesses

Capture control weaknesses as you perform the audit. You might identify control weaknesses in the following audit stages:

  1. Planning – Risk assessment and walkthroughs
  2. Fieldwork – Transaction-level work
  3. Conclusion – Wrapping up

A. Planning Stage

You will discover deficiencies as you perform walkthroughs which are carried out in the early stages of the engagement. Correctly performed walkthroughs allow you to see process shortcomings and where duties are overly concentrated (what auditors refer to as a lack of segregation of duties).

Segregation of Duties

Are accounting duties appropriately segregated with regard to:

  • Custody of assets
  • Reconciliations
  • Authorization
  • Bookkeeping

Notice the first letters of these words spell CRAB (I know it’s cheesy, but it helps me remember).

Auditors often make statements such as, “Segregation of duties is not possible due to the limited number of employees.”

I fear such statements are made only to protect the auditor (should fraud occur in the future). It is better that we be specific about the control weakness and what the potential impact might be. For example:

The accounts payable clerk can add new vendors to the vendor file. Since checks are signed electronically as they are printed, there is a possibility that fictitious vendors could be added and funds stolen. Such amounts could be material.

Such a statement tells the client what the problem is, where it is, and the potential damage. 

Fraud: A Cause of Misstatements

While I just described how a lack of segregation of duties can open the door to theft, the same idea applies to financial statement fraud (or cooking the books). When one person controls the reporting process, there is a higher risk of financial statement fraud. Appropriate segregation lessens the chance that someone will manipulate the numbers.

Within each transaction cycle, accounting duties need to be performed by different people. Doing so lessens the possibility of theft. If one person performs multiple duties, ask yourself, “Is there any way this person could steal funds?” If yes, then the client should add a control in the form of a second-person review.

If possible, the client should have a second person examine reports or other supporting documentation. How often should the review be performed? Daily, if possible. If not daily, as often as possible. Regardless, a company should not allow someone with the ability to steal to work alone without review. The fear of detection lessens fraud.

If a transaction cycle lacks segregation of duties, then consider the potential impact from the control weakness. Three possible impacts exist:

  • Theft that is material (material weakness)
  • Theft that is not material but which deserves the attention of management and the board anyway (significant deficiency)
  • Theft of insignificant amounts (other deficiency)

My experience has been that if any potential theft area exists, the board wants to know about it. But this is a decision you will make as the auditor.

Errors: Another Cause of Misstatements

While auditors should consider control weaknesses that allow fraud, we should also consider whether errors can lead to potential misstatements. So, ask questions such as:

  • Do the monthly financial statements ever contain errors?
  • Are invoices mistakenly omitted from the payable system?
  • Do employees forget to obtain purchase order numbers prior to buying goods?
  • Do bookkeepers fail to reconcile the bank statements on a timely basis? 

B. Fieldwork Stage

While it is more likely you will discover process control weaknesses in the planning stage of an audit, the results of control deficiencies sometimes surface during fieldwork. How? Audit journal entries. What are audit entries but corrections? And corrections imply a weakness in the accounting system.

When an auditor makes a material journal entry, it’s difficult to argue that a material weakness does not exist. We know the error is “reasonably possible” (it happened). We also know that prevention did not occur on a timely basis.

C. Conclusion Stage

When concluding the audit, review all of the audit entries to see if any are indicators of control weaknesses. Also, review your internal control deficiency work papers (more on this in a moment). If you have not already done so, discuss the noted control weaknesses with management. 

Your firm may desire to have a policy that only managers or partners make these communications. Why? Management can see the auditor’s comments as a criticism of their own work. After all, they designed the accounting system (or at least they oversee it). So, these discussions can be a little challenging.

Now let’s discuss how to capture control weaknesses.

2. Capture Internal Control Weaknesses

So, how do you capture the control deficiencies?

First, and most importantly, document internal control deficiencies as you see them.

Why should you document control weaknesses when you initially see them?

  1. You may not be on the engagement when it concludes (because you are working elsewhere) or
  2. You may not remember the issue (weeks later).

Second, create a standard form (if you don’t already have one) to capture control weaknesses. 

Internal Control Capture Form

What should be in the internal control form? At a minimum include the following:

  1.  Check-mark boxes for:
    • Significant deficiency
    • Material weakness
    • Other control deficiency
    • Other issues (e.g., violations of laws or regulations) 
  2. Whether the probability of occurrence is at least reasonably possible and whether the magnitude of the potential misstatement is material
  3. Description of the deficiency and the verbal or written communications to the client; also the client’s response
  4. The cause of the condition
  5. The potential effect of the condition
  6. Recommendation to correct the issue
  7. Person identifying the issue and the date of discovery
  8. Whether the issue is a repeat from the prior year
  9. An area for the partner to sign off that he or she agrees with the description of the deficiency and the category assigned to it (e.g., material weakness)
  10. Reference to related documentation in the audit file

After capturing the weaknesses, it’s time to communicate them. 

3. Communicate Control Weaknesses

Material weaknesses and significant deficiencies must be communicated in writing to management and those charged with governance. Other deficiencies can be given verbally to management, but you must document those discussions in your work papers.

Provide a draft of any written communications to management before issuing your final letter. That way if something is incorrect (your client will let you know), you can make it right–before it’s too late. Additionally, discuss the control weakness with relevant personnel when you initially discover it. You don’t want to surprise the client with adverse communications in the written internal control letter. 

Internal Control Video Summary

Here’s a video that summarizes the information above.

Summary

The main points in capturing and communicating internal control deficiencies are:

  1. Capture control weaknesses as soon as you see them
  2. Develop a form to document the control weaknesses
  3. Communicate significant deficiencies and material weaknesses in writing

These communications can be somewhat challenging since you’re telling management they need to make improvements. So make sure all information is correct and let your senior personnel do the communicating.

How Do You Capture and Report Control Deficiencies?

Whew! We’ve covered a lot of ground today. How do you capture and report control deficiencies? I’m always looking for new ideas: Please share.

Get my free accounting and auditing digest with the latest content.

Thanks for joining me here at CPA Scribo. Charles Hall

Q&A What

Postagens relacionadas

What is darkness in japanese
What is darkness in japanese

What is the phase difference between the variation of displacement with time and the variation of acceleration with time for the body?
What is the phase difference between the variation of displacement with time and the variation of acceleration with time for the body?

A nurse is preparing to care for a client who is postoperative following an open cholecystectomy
A nurse is preparing to care for a client who is postoperative following an open cholecystectomy

Why did Tommy leave Junkyard Empire
Why did Tommy leave Junkyard Empire

What are the 10 different types of physical security?
What are the 10 different types of physical security?

What limitation in the first law is addressed by the second law of thermodynamics?
What limitation in the first law is addressed by the second law of thermodynamics?

How to delete a group chat on Instagram for everyone
How to delete a group chat on Instagram for everyone

Who among the following managers is most likely to be effective at providing performance feedback?
Who among the following managers is most likely to be effective at providing performance feedback?

What season is being experienced in the Northern Hemisphere when it is tilted towards the sun in June how about in the Southern Hemisphere?
What season is being experienced in the Northern Hemisphere when it is tilted towards the sun in June how about in the Southern Hemisphere?

What are other names for yautia?
What are other names for yautia?

Onde vai passar corinthians x bragantino
Onde vai passar corinthians x bragantino

Quem é o Calisto da novela O Cravo e A Rosa?
Quem é o Calisto da novela O Cravo e A Rosa?

Qual o melhor horário para tomar picolinato de cromo para emagrecer?
Qual o melhor horário para tomar picolinato de cromo para emagrecer?

Quem recebe pensão vitalícia tem direito ao décimo terceiro
Quem recebe pensão vitalícia tem direito ao décimo terceiro

Como terminou o jogo do Flamengo e Atlético?
Como terminou o jogo do Flamengo e Atlético?

O que é plano de ensino
O que é plano de ensino

Que hora começa o power couple
Que hora começa o power couple

Na escola italiana desenvolveram se várias correntes de pensamento contábil
Na escola italiana desenvolveram se várias correntes de pensamento contábil

Quais são os benefícios do sulfato de magnésio?
Quais são os benefícios do sulfato de magnésio?

Como ligar para uma agência do Banco do Brasil?
Como ligar para uma agência do Banco do Brasil?

Publicidade

ÚLTIMAS NOTÍCIAS

Which type of conflict is best described as interpersonal opposition based on dislike or disagreement among individuals?
1 anos atrás . por KnownHierarchy
How do you mix short acting and intermediate insulin?
1 anos atrás . por UntrainedSnack
Can u pin someone on Snapchat on Android?
1 anos atrás . por FullHardship
What total appears in row 6 of your query result?
1 anos atrás . por UnmovedRatification
Subcutaneous injection maximum volume Pediatric
1 anos atrás . por AppreciativeStillness
Says that behavior that is rewarded will increase, while behavior that is punished will decrease.
1 anos atrás . por IneffableInvasion
Which psychological changes is associated with aging?
1 anos atrás . por IncredulousFertilization
Which of the following stressors is likely to produce less strain than the other stressors?
1 anos atrás . por MigratoryOunce
How many Litres of water must be added to 75 Litres of milk that contains 13% water to make it 25% water in it?
1 anos atrás . por MortalRoadblock
What sum of money will amount to 72900 at 8% per annum for 2 years if the interest is payable annually?
1 anos atrás . por SuspendedUnification

Toplistas

#1
Top 8 resultado do jogo do bicho de hoje das 14 2022
1 anos atrás
#2
Top 5 treino para academia masculino 2022
1 anos atrás
#3
Top 6 comida tipica dos negros 2022
1 anos atrás
#4
Top 6 como ser ponto de coleta mercado livre 2022
1 anos atrás
#5
Top 7 sonhar com criança da o quê no jogo do bicho 2022
1 anos atrás
#6
Top 7 com quanto tempo escuta o coração do bebe 2022
1 anos atrás
#7
Top 8 resultado do jogo do bicho 14 30 2022
1 anos atrás
#8
Top 5 cha dos famosos para emagrecer 2022
1 anos atrás
#9
Top 7 receita de brownie sem ovo 2022
1 anos atrás
#10
Top 7 tua palavra é lampada para os meus pes senhor 2022
1 anos atrás

Publicidade

Populer

Publicidade

Sobre

Jurídica

Ajuda

Social

hometrzhko
direito autoral © 2024 estudarpara Inc.