Systems and Controls 19 October 2017 www.pwc.com/cz PricewaterhouseCoopers Audit, s.r.o. Agenda Internal Control 2 October 2017Introduction to Audit Systems Cycles Internal Control Systems Questions PricewaterhouseCoopers Audit, s.r.o. October 2017Introduction to Audit 3 INHERENT RISK X CONTROL RISK X DETECTION RISK AUDIT RISK PricewaterhouseCoopers Audit, s.r.o. Internal Control October 2017Introduction to Audit 4 PricewaterhouseCoopers Audit, s.r.o. Internal control Internal control is:  the process designed and effected by those charged with governance and other personnel  to provide reasonable assurance about the achievement of the entity’s objective October 2017Introduction to Audit 5 PricewaterhouseCoopers Audit, s.r.o. Internal control – continued Internal controls are the mechanisms that clients design in an attempt to: The fundamental principle: the stronger the control system the lower the risk of material misstatement in the financial statements. October 2017Introduction to Audit 6 Prevent Detect Correct misstatement PricewaterhouseCoopers Audit, s.r.o. Systems October 2017Introduction to Audit 7 PricewaterhouseCoopers Audit, s.r.o. Types of systems October 2017Introduction to Audit 8 Manual system1 Computerised2 PricewaterhouseCoopers Audit, s.r.o. Internal control systems October 2017Introduction to Audit 9 PricewaterhouseCoopers Audit, s.r.o. The components of an internal control system October 2017Introduction to Audit 10 PricewaterhouseCoopers Audit, s.r.o. Control environment The control environment consists of: • Organisational structure • Communication and enforcement of ethical values • Participation by those charged with governance • Management’s philosophy and operating style • Management need to have awareness • Assignment of responsibility • Human resource policies and practices October 2017Introduction to Audit 11 PricewaterhouseCoopers Audit, s.r.o. Internal control framework COSO (Committee of Sponsoring Organizations of the Treadway Commission) • Five components of internal control: • Control environment • Risk assessment • Control activities • Information and communication • Monitoring of controls that need to be in place to achieve financial reporting and disclosure objectives October 2017Introduction to Audit 12 PricewaterhouseCoopers Audit, s.r.o. Control activities Examples of Control activities • Authorisation • Performance review • Information processing • Physical controls • Segregation of duties October 2017Introduction to Audit 13 PricewaterhouseCoopers Audit, s.r.o. IT controls Application controls • Preventative • Detective General controls October 2017Introduction to Audit 14 PricewaterhouseCoopers Audit, s.r.o. Application controls • Arithmetic checks • Range checks • Validation checks • Sequence checks • Existence checks • Authorisation of transaction entry • Exception reporting October 2017Introduction to Audit 15 PricewaterhouseCoopers Audit, s.r.o. General controls • Data centre and network operations • System software acquisition • Change and maintenance • Access security – passwords, door locks, swipe cards, backup procedures October 2017Introduction to Audit 16 PricewaterhouseCoopers Audit, s.r.o. Monitoring of controls Obtaining evidence regarding the design and implementation • enquiries of relevant personal • observing the application of controls • tracing transactions through systems • inspecting documents, such as internal procedure manuals ISA 315 specifies that enquiry, alone, is not sufficient to understand the nature and extent of controls. October 2017Introduction to Audit 17  This is the process of assessing the effectiveness of controls over time and taking necessary remedial action.  Responsibility of management PricewaterhouseCoopers Audit, s.r.o. What if controls do not work? Ineffective controls • It may be more efficient and cost effective not to rely on controls at all as a source of assurance. • It is possible that, even though the controls are not as effective as we would like, and the risk of misstatement may be increased, it may still be at an acceptable level. Alternative sources • External confirmation • Analytical procedures • Management representations October 2017Introduction to Audit 18 PricewaterhouseCoopers Audit, s.r.o. Limitations of internal controls The need for substantive procedures cannot be eliminated entirely due to inherent limitations to the reliance that can be placed on internal control. The auditor must always perform substantive testing on material balances in the financial statements. October 2017Introduction to Audit 19 PricewaterhouseCoopers Audit, s.r.o. October 2017Introduction to Audit 20 PricewaterhouseCoopers Audit, s.r.o. Control deficiencies and weaknesses Auditors should communicate significant deficiencies in internal control in writing to ‘those charged with governance’ Structure • Deficiency • Consequence • Recommendation October 2017Introduction to Audit 21 PricewaterhouseCoopers Audit, s.r.o. Cycles October 2017Introduction to Audit 22 PricewaterhouseCoopers Audit, s.r.o. Control cycles • Revenue cycle • Purchases cycle • Payroll cycle • Inventory cycle • Capital expenditure cycle • Cash cycle October 2017Introduction to Audit 23 PricewaterhouseCoopers Audit, s.r.o. Questions October 2017Introduction to Audit 24 Thank you for your attention. This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Audit, s.r.o., its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it. © 2017 PricewaterhouseCoopers Audit, s.r.o. All rights reserved. “PwC” is the brand under which member firms of PricewaterhouseCoopers International Limited (PwCIL) operate and provide services. Together, these firms form the PwC network. Each firm in the network is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way.