Internal Control
Introduction
1 INTRODUCTION TO AUDITING
What is auditing?
Auditing (= review / exam):
• Is a systematic process
o Structured as a dynamic activity in a local manner
• Of objectively obtaining and evaluating evidence
o Independent and objective
o Facts and figures
• Regarding assertions about economic actions and events
o Collect information about management assertions
• To ascertain the degree of correspondence between those assertions and established criteria
o Depending on the type of audit the established criteria are fixed by law or set by the company
herself
• And communicating the results to interested users
o Examples: the boss, management, investors, shareholders, banks, clients, accountant,
government, employees,…
o Important deviations between observed reality and established criteria should be indicated
To perform an audit there must be 2 things:
• Information in a verifiable form
• Standards by which an auditor can evaluate information
o Information can be:
▪ Quantifiable -> financial statements, Tax information
▪ Subjective -> effectiveness of computer systems or efficiency of operations
Criteria for evaluating information vary depending on the information being audited.
• Audit of financial statements (FS)
o Criteria are the BGAAP or IFRS
▪ Belgian Generally Accepted Accounting Principles -> notion of book value
▪ International Financial Reporting Standards -> notion of marked-to-market
• Audit of internal control (IC)
o Criteria is a recognized framework (COSO)
▪ Committee of Sponsoring Organizations of the Treadway Commission
If the information is subjective, it is more difficult to establish criteria.
The auditors and entities being audited will agree on the criteria before the audit starts.
➔ Example: in an audit of effectiveness of IT systems, the criteria might include level of errors.
Evidence is:
• All information used by the auditor to determine whether the information being audited is in
accordance with the established criteria.
Auditors must obtain enough information with a sufficient quality and quantity.
Evidence can be in all types of forms:
• Electronic data about transactions
• Written or electronic communication from externals
1
, • Observations by the auditor
• Oral statement of the client
Auditor requirements:
• Must be qualified to understand criteria
• Must be competent to know types and amount of evidence
o Necessary to make a proper conclusion
• Must have an independent mental attitude
If an auditor is not competent or independent, the audit is of little value.
The auditor must communicate the findings to interested users (management, investors, banks, clients,
accountants, government, employees,…).
The audit report communicates the degree of correspondence between:
• Information audited
• Established criteria
2 AUDITING VERSUS ACCOUNTING
Accounting
Accounting:
• The recording, classifying, and summarizing of economic events in a logical manner.
• Purpose -> providing financial information for decision making
o Accountants must develop a system to make sure that the entity’s economic events are
properly recorded on a timely basis and at a reasonable cost.
Types of accounting principles for different companies:
• Listed companies (public company)
o IFRS for consolidated statements
o BGAAP for individual financial statements
• Non-listed companies
o BGAAP for individual and consolidated statements
Every company needs to use BGAAP for individual statements, because taxes are calculated on BGAAP financial
statements. IFRS is not accepted as tax basis.
Auditing
(Financial) audit:
• An independent examination of accounting and financial statements.
• Purpose -> determining whether recorded information properly reflects the economic events that
occurred during the accounting period
A financial auditor must know and understand the accounting standards to perform an audit.
An auditor is not involved with financial statement preparation.
➔ !!! Auditing without prior accounting is not possible !!!
Short summary
Accounting Auditing
• Keeping records of transactions + • Examination of financial statements on
preparing financial statements fairness
2
, • Continuous basis (daily recording) • Periodic process (after financial
statements are ready)
• Very detailed • Samples
• Accurately record and present • Verify accuracy and reliability of financial
transactions statements
• Internal employee of the company • External / independent company
3 TYPES OF AUDIT
Financial audit
Financial audit:
• The process of examining an organization’s financial records to determine if they are accurate and in
accordance with applicable rules, regulations and laws.
The need for financial audit primarily stems from the separation of ownership and control in large companies.
➔ Shareholders nominate directors to run the company’s affaires on their behalf.
Because the directors report on the financial performance and position of the company, shareholders need
assurance over the accuracy of these financial statements before being able to rely on them.
External audit provides reasonable assurance to the owners of the company that the financial statements are
free from material misstatements.
Belgian law requires that all large companies have their financial statements externally audited.
The financial audit will be executed in compliance with the ISA (International Standards on Auditing).
➔ Professional standard for the performance of financial audits.
External auditors:
• Required to comply with professional auditing standards (ISA)
• Should follow ethical guidelines such as those issued by IFAC
Conditions types of companies
General conditions:
• An annual turnover in excess of 9 000 000 EUR (exclusive of VAT)
• Total assets over 4 500 000 EUR
• More than 50 employees on average during the year
Small companies meet not more than one of these conditions.
Large companies are companies that have meet 2 of the 3 conditions.
Micro-companies are undertaking that do not exceed more than one of the following criteria:
• An annual turnover of 700 000 EUR (exclusive of VAT)
• Total assets of 350 000 EUR
• An annual average of 10 employees
It is only when a company meets these conditions for 2 consecutive years that a micro-company becomes a
small company or that a small company becomes a large company.
Operational audit
Operational audit:
• An examination of the manner in which an organization conducts its business, with the objective of
pointing out improvements that will increase its efficiency and effectiveness.
• Conducting an operational audit can include:
o The evaluation of organizational structure
3
, o Computer operations
o Production methods
o Marketing
o … and many other areas in which the auditor is qualified
• Primary users of the recommendations -> management team
o Managers of divisions that have been reviewed
Operational audits are usually conducted by the internal audit staff, though specialists can be hired to conduct
reviews in their areas of expertise.
Managers often review and report on the effectiveness of various processes and procedures within the
companies they manage.
Difference financial and operational audit:
• Financial audits review the accuracy of financial records, processes and procedures, while an
administrative audit might examine the efficiency of support functions such as payroll and HR.
o These activities contribute indirectly to the functioning of the business.
Operations consists of those work processes that directly crate the products or services that are the company’s
main business.
Forensic audit
Forensic auditors:
• Investigators of legal and financial documents that are hired to look into possible fraudulent activities
within a company.
o Money laundering
o Tax evasion
o Insider trading
▪ When you become aware of information that the outside world doesn’t know and
you start ‘selling’ it.
o Employee fraud
o Financial statement fraud
▪ The deliberate misrepresentation of the financial condition of a company.
o Bankruptcy fraud
• Many forensic auditors work closely with lax enforcement personnel and lawyers during investigations
and often appear as expert witnesses during trials.
Companies who may want to prevent fraudulent activities from occurring can also hire a forensic auditor to
investigate the company.
Registered Belgian forensic auditors are represented by the IFA, the National Professional Federation of Fraud
Auditors in Belgium.
Compliance audit
Compliance audit:
• Is conducted to determine whether the company is following specific procedures, rules, or regulations
set by some higher authority.
• Results -> are typically reported to management, rather than outside users
o Why? -> Management is primary concerned about compliance with procedures, rules and
regulations.
Information Technology audit
IT (Information Technology) audit:
• Involves the assessment of the controls relevant to the IT infrastructure within an organization.
• Certain goals of an IT audit:
4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller janavandenbriele. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.26. You're not tied to anything after your purchase.