Chapter 11 Understanding ActivityLevel Controls.docx
- 文档编号:30220682
- 上传时间:2023-08-07
- 格式:DOCX
- 页数:38
- 大小:362.45KB
Chapter 11 Understanding ActivityLevel Controls.docx
《Chapter 11 Understanding ActivityLevel Controls.docx》由会员分享,可在线阅读,更多相关《Chapter 11 Understanding ActivityLevel Controls.docx(38页珍藏版)》请在冰豆网上搜索。
Chapter11UnderstandingActivityLevelControls
BrowseLocation:
UnitedStates\PwCMaterial\Montgomery'sAuditing,TwelfthEdition\Part2:
TheoryandConcepts
PublishDate:
25June,2001
窗体顶部
窗体底部
11
UnderstandingActivity-LevelControls
11.1ControlActivities
(a)TransactionProcessingControls,
(i)Authorization,
(ii)CompletenessofInput,
(iii)AccuracyofInput,
(b)FileMaintenanceControls,
(i)IntegrityofStandingData,
(ii)CompletenessandAccuracyofUpdate,
(iii)CompletenessandAccuracyofAccumulatedData,
(c)AssetProtectionControls,
(i)PhysicalControls,
(ii)SegregationofDuties,
(d)ComputerControls,
(i)ChangestoApplications,
(ii)DevelopmentandImplementation,
(1)SystemDesignandProgramDevelopmentorAcquisition,
(2)ProgramandSystemTesting,
(3)Cataloguing,
(4)Conversion,
(iii)ComputerSecurity,
(iv)ComputerOperations,
(1)ComputerProcessingProcedures,
(2)BackupandRecoveryProcedures,
(3)SystemSoftware,
11.2MonitoringControls
11.3DevelopingtheUnderstanding
11.4EvaluatingDesignEffectiveness
11.5ApplicationtoSmallandMid-SizedEntities
11.6DocumentingtheUnderstandingandEvaluationofDesign
(a)Narratives,
(b)Flowcharts,
(c)ControlMatrices,
(d)InternalControlQuestionnaires,
Chapter10discussedinternalcontrolasitappliestotheentityasawholeandtotransactions,cycles,andtransactionclasseswithincyclesathigher,lessdetailedlevels.Thischapterfocusesoncontrolactivities,thatis,thosecontrolsthatdirectlyaddressspecificaccountbalancesandauditobjectives,andonmonitoringcontrolsthatoperateatthecycleortransactionlevel(incontrasttotheentitylevel).Controlactivitiesandtheselower-levelmonitoringcontrols,togetherwiththeaccountingsystem[asdiscussedinSection10.1(d)(i),TheAccountingSystem],operateattheactivitylevel;thatis,theyrelatetospecificbusinessprocessesandrelatedtransactionsandaccounts.Accordingly,theyaffectanentity'sfinancialreportingobjectivesmoredirectlythandocontrolsthatoperateathigher,lessdetailedlevels.Thischapterdescribesthedifferentcategoriesofcontrolactivitiesthattypicallyarepartofanentity'sinternalcontrol,aswellaslower-levelmonitoringcontrols(oftenreferredtohereinsimplyasmonitoringcontrols),andhowtheauditordevelopsanunderstandingofthem.
Whentheauditorplanstoassesscontrolriskatlow,heorsheislikelytoconsidertheentity'sfinancialreportingobjectiveswithrespecttoaccountbalancesthatarepartofatransactioncycleintermsofspecificcontrolobjectives[describedinSection9.3(a),ControlObjectives]tobemetbyinternalcontrol,ratherthanintermsofthemanagementassertionsorauditobjectivesofexistence/occurrence,completeness,andaccuracy.Eventhoughinevaluatingwhethertheentityhasmetthecontrolobjectives,theauditorconsidersallthecomponentstakentogether,thefocusisonthecontrolactivitiescomponent.Thisisbecause,ofallthecontrolcomponents,controlactivitiesoperateatthelowest,mostdetailedlevel.Theauditorconsiderswhethermanagementhasdesignedandplacedinoperationcontrolactivitiesthat,iftheyoperateeffectively,willachievethecontrolobjectives.Evidencethatcontrolactivitiesareoperatingeffectively,whichisobtainedbyperformingtestsofcontrols(discussedinSection12.3,PerformingTestsofControls),willenabletheauditortosignificantlyrestrictsubstantivetestsaimedattheexistence/occurrence,completeness,andaccuracyofaccountbalancesthatarepartofatransactioncycle.1
Whentheauditorplanstoassesscontrolriskbelowthemaximum(i.e.,notatlow),thefocusislikelytobeonmonitoringcontrolsthatoperateatthecycleortransactionlevel,ratherthanoncontrolactivities.Evidenceabouttheeffectiveoperationoftheselower-levelmonitoringcontrolsoftenissufficienttoenabletheauditortorestrictsubstantiveteststosomeextent,butnotbyasmuchasevidenceabouttheeffectiveoperationofcontrolactivitieswouldpermit.Thisisbecausemonitoringcontrolsoperateatahigherlevelthandocontrolactivitiesandthereforedonotprovideasmuchevidenceabouttheexistence/occurrence,completeness,andaccuracyofaccountbalancesasdocontrolactivities.
11.1ControlActivities
Incontrasttotheotherinternalcontrolcomponents,whichusuallyrelatetoalltransactionsintowhichanentityenters,controlactivitiesgenerallyareestablishedonlyforhigh-volumeorhigh-riskclassesoftransactions.Thedesignofcontrolactivitiesisinfluencedbythesize,complexity,andnatureofthebusinessaswellasbythenatureoftheentity'sinternalcontrolasawhole,particularlyitscomputerenvironment.Forinstance,alargeentityusuallyestablishesformalapprovedvendororcustomerlists,creditpolicies,andcontrolsovercomputersecurity.Asmallentitymaynotalwaysneedsuchcontrolstomeetitsfinancialreportingobjectives.
Managementdesignsandimplementscontrolactivitiesatvariousstagesanddata-processinglevels.Someofthoseactivitiesareapplieddirectlytotransactions,files,anddata,andarereferredtoasapplicationcontrols.Applicationcontrolsincludetransactionprocessingcontrolsandfilemaintenancecontrols.Transactionprocessingcontrolsareestablishedtoensurethattheentitymeetsitscontrolobjectivesrelatedtoindividualtransactions.Theachievementofcontrolobjectivesrelatedtodatastoredonfilesisensuredthroughfilemaintenancecontrols,whichareappliedtotransactioncyclesasawholeratherthantoindividualtransactions.Applicationcontrolsalsoincludeothercontrolactivities-referredtoasassetprotectioncontrols-thataddressthephysicalsecurityofrelatedassetsandrecordsandthesegregationofdutiesamongemployees.Computercontrolsdonotrelatetospecifictransactionsorfilesbuthaveapervasiveeffectonanentiretransactioncycle(s)orontheentityasawhole,becausetheabilityofothercontrolactivitiestoachievethecontrolobjectivesdependsontheirfunctioning.[Theterminformationprocessingcontrolssometimesencompassesbothapplicationcontrolsandcomputercontrols.Computercontrolssometimesarereferredtoasgeneralcontrolsorinformationtechnology(IT)controls.]Figure11.1showsthedifferentcategoriesofcontrolactivities.
Controlactivitiesusuallyinvolveacombinationofprogrammedcontrolproceduresbywhichthecomputergeneratesreports,andmanualoperationsthatareappliedtothosereports.Forexample,beforeavendor'sinvoiceispaidonitsduedate,acomputerprogrammaymatchallopeninvoicesdueonthatdatewiththefileofopenreceivingreports.Ifthereisamatch,thecomputerremovesboththeinvoicesandthereceivingreportsfromtheirrespectivefiles,putsthemintoapaidinvoicefile,andprintsoutthevendor'scheck.Ifthereisnomatch,eitherbecausethereisnoreceivingreportorbecausethedataonthereceivingreportdiffersfromthedataontheinvoice,thecomputerdoesnotprintoutthecheckbutinsteadprintsoutanexceptionreportofinvoicesdueforwhichnoreceivingreportexistsorforwhichthedataonthetwodocumentsdoesnotagree.Anaccountingsupervisorreviewsandclearstheexceptionreportbydeterminingthat,infact,thegoodshavenotbeenreceivedandnoreceivingreportshouldhavebeencreated,orthatthedataotherwisedoesnotagreeandthevendorshouldnotbepaid.
Intheexampleabove,thecomputerizedmatchingandthegenerationoftheexceptionreportareprogrammedcontrolprocedures;thereviewandclearingoftheexceptionreportisamanualcontrolactivity.Bothoperationsarenecessarytoachievethecontrolobjective-inthiscase,thatallpaymentstovendorsareauthorized.Inaddition,computercontrolsarenecessarytoensurethattheprogrammedcontrolprocedures(aswellasprogrammedaccountingprocedures)areappropriatelyimplementedandoperated,andthatonlyauthorizedchangescanbemadetoprogramsanddata.Otherwisetherecanbenoassurancethattheexceptionreportisaccurateandcomplete.
Anentity'scontrolactivitiesshouldaddressthevariouscontrolobjectivesthatitmustmeetinordertogeneratereliablefinancialinformation.OfthesevencontrolobjectivesdefinedinChapter9[Section9.3(a),ControlObjectives],three(authorization,completenessofinput,andaccuracyofinput)aremetbytransactionprocessingcontrols;three(integrityofstandingdata,completenessandaccuracyofupdate,andcompletenessandaccuracyofaccumulateddata)aremetbyfilemaintenancecontrols;andone(protectingassets)ismetbycontrolsthatrestrictaccesstoassetsandrecordsandsegregatedutiesamongemployees.Tobeeffective,controlactivitiesmustcovertheentireprocessingsystemfromtheinitialrecordingoftransactionstotheirultimaterecordingandstorageinmanualledgersorcomputerfiles.Collectively,thecontrolactivitiesthatachievethesevencontrolobjectivesensurethatalltransactionsthatoccurredareauthorizedandarerecordedcompletelyandaccurately,thaterrorsinexecutionorrecordingaredetectedassoonaspossible,thatrecordedaccountingdataisappropriatelymaintainedoncomputerfilesandinledgers,andthatassetsandrelatedrecordsareprotected.Theachievementofthosecontrolobjectivesdependsoncomputercontrols,totheextentth
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Chapter 11 Understanding ActivityLevel Controls
链接地址:https://www.bdocx.com/doc/30220682.html