Systems and Controls
19 October 2017
www.pwc.com/cz
PricewaterhouseCoopers Audit, s.r.o.
Agenda
Internal Control
2
October 2017Introduction to Audit
Systems
Cycles
Internal Control Systems
Questions
PricewaterhouseCoopers Audit, s.r.o.
October 2017Introduction to Audit
3
INHERENT RISK
X
CONTROL RISK
X
DETECTION RISK
AUDIT
RISK
PricewaterhouseCoopers Audit, s.r.o.
Internal Control
October 2017Introduction to Audit
4
PricewaterhouseCoopers Audit, s.r.o.
Internal control
Internal control is:
 the process designed and effected by those charged with governance
and other personnel
 to provide reasonable assurance about the achievement
of the entity’s objective
October 2017Introduction to Audit
5
PricewaterhouseCoopers Audit, s.r.o.
Internal control – continued
Internal controls are the mechanisms that clients design
in an attempt to:
The fundamental principle: the stronger the control system
the lower the risk of material misstatement in the financial
statements.
October 2017Introduction to Audit
6
Prevent
Detect
Correct misstatement
PricewaterhouseCoopers Audit, s.r.o.
Systems
October 2017Introduction to Audit
7
PricewaterhouseCoopers Audit, s.r.o.
Types of systems
October 2017Introduction to Audit
8
Manual system1
Computerised2
PricewaterhouseCoopers Audit, s.r.o.
Internal control systems
October 2017Introduction to Audit
9
PricewaterhouseCoopers Audit, s.r.o.
The components of an internal control system
October 2017Introduction to Audit
10
PricewaterhouseCoopers Audit, s.r.o.
Control environment
The control environment consists of:
• Organisational structure
• Communication and enforcement of ethical values
• Participation by those charged with governance
• Management’s philosophy and operating style
• Management need to have awareness
• Assignment of responsibility
• Human resource policies and practices
October 2017Introduction to Audit
11
PricewaterhouseCoopers Audit, s.r.o.
Internal control framework
COSO (Committee of Sponsoring Organizations of the
Treadway Commission)
• Five components of internal control:
• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring of controls
that need to be in place to achieve financial reporting and disclosure
objectives
October 2017Introduction to Audit
12
PricewaterhouseCoopers Audit, s.r.o.
Control activities
Examples of Control activities
• Authorisation
• Performance review
• Information processing
• Physical controls
• Segregation of duties
October 2017Introduction to Audit
13
PricewaterhouseCoopers Audit, s.r.o.
IT controls
Application controls
• Preventative
• Detective
General controls
October 2017Introduction to Audit
14
PricewaterhouseCoopers Audit, s.r.o.
Application controls
• Arithmetic checks
• Range checks
• Validation checks
• Sequence checks
• Existence checks
• Authorisation of transaction entry
• Exception reporting
October 2017Introduction to Audit
15
PricewaterhouseCoopers Audit, s.r.o.
General controls
• Data centre and network operations
• System software acquisition
• Change and maintenance
• Access security – passwords, door locks, swipe cards, backup
procedures
October 2017Introduction to Audit
16
PricewaterhouseCoopers Audit, s.r.o.
Monitoring of controls
Obtaining evidence regarding the design and implementation
• enquiries of relevant personal
• observing the application of controls
• tracing transactions through systems
• inspecting documents, such as internal procedure manuals
ISA 315 specifies that enquiry, alone, is not sufficient to understand
the nature and extent of controls.
October 2017Introduction to Audit
17
 This is the process of assessing the effectiveness of controls over time
and taking necessary remedial action.
 Responsibility of management
PricewaterhouseCoopers Audit, s.r.o.
What if controls do not work?
Ineffective controls
• It may be more efficient and cost effective not to rely on controls
at all as a source of assurance.
• It is possible that, even though the controls are not as effective as we
would like, and the risk of misstatement may be increased, it may
still be at an acceptable level.
Alternative sources
• External confirmation
• Analytical procedures
• Management representations
October 2017Introduction to Audit
18
PricewaterhouseCoopers Audit, s.r.o.
Limitations of internal controls
The need for substantive procedures cannot be eliminated entirely
due to inherent limitations to the reliance that can be placed on internal
control.
The auditor must always perform substantive testing
on material balances in the financial statements.
October 2017Introduction to Audit
19
PricewaterhouseCoopers Audit, s.r.o.
October 2017Introduction to Audit
20
PricewaterhouseCoopers Audit, s.r.o.
Control deficiencies and weaknesses
Auditors should communicate significant deficiencies in internal
control in writing to ‘those charged with governance’
Structure
• Deficiency
• Consequence
• Recommendation
October 2017Introduction to Audit
21
PricewaterhouseCoopers Audit, s.r.o.
Cycles
October 2017Introduction to Audit
22
PricewaterhouseCoopers Audit, s.r.o.
Control cycles
• Revenue cycle
• Purchases cycle
• Payroll cycle
• Inventory cycle
• Capital expenditure cycle
• Cash cycle
October 2017Introduction to Audit
23
PricewaterhouseCoopers Audit, s.r.o.
Questions
October 2017Introduction to Audit
24
Thank you for your attention.
This publication has been prepared for general guidance on matters of interest only, and does
not constitute professional advice. You should not act upon the information contained in this
publication without obtaining specific professional advice. No representation or warranty
(express or implied) is given as to the accuracy or completeness of the information contained
in this publication, and, to the extent permitted by law, PricewaterhouseCoopers Audit, s.r.o.,
its members, employees and agents do not accept or assume any liability, responsibility or
duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance
on the information contained in this publication or for any decision based on it.
© 2017 PricewaterhouseCoopers Audit, s.r.o. All rights reserved. “PwC” is the brand under
which member firms of PricewaterhouseCoopers International Limited (PwCIL) operate and
provide services. Together, these firms form the PwC network. Each firm in the network is a
separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL
does not provide any services to clients. PwCIL is not responsible or liable for the acts or
omissions of any of its member firms nor can it control the exercise of their professional
judgment or bind them in any way.