Premium Essay

Control Risk Summary

In:

Submitted By zhenzhuniao123
Words 485
Pages 2
At the assertion level:

AR = IR * CR * DR

Audit risk = the risk that the relevant assertions related to balances, classes of transactions, or disclosures contain misstatements that could be material to the financial statements when aggregated with misstatements in other balances, classes, or disclosures

Inherent risk = the susceptibility of a relevant assertion to misstatements that could be material, either individually or when aggregated with other misstatements, assuming there are no related controls. (The likelihood that a material misstatement exists in the financial statements without the consideration of internal control.)

Control risk = the risk that a material misstatement that could occur in a relevant assertion will not be prevented, or detected and corrected on a timely basis by the client’s internal control.

Detection risk = the risk that the auditor will not detect a misstatement that exists in a relevant assertion that could be material either individually or when aggregated with other misstatements. (Determined by the effectiveness of the audit procedure and how well the procedure is applied by the auditor.)
Note: can never be reduced to zero because of sampling risk.

To properly assess control risk, the auditor must understand the client’s controls and perform audit procedures to determine if the controls are operating effectively. • If the auditor sets control risk too low (i.e., overrelies on controls), the level of substantive procedures may be too low to detect material misstatements that may be present in the financial statement account o This is because when CR inappropriately decreases, the auditor increases the acceptable level of detection risk (i.e., increases the risk that the auditor will fail to detect a material misstatement if one exists in the account.)

If the controls are properly designed, and

Similar Documents

Premium Essay

Coso

...Enterprise Risk Management — Integrated Framework Executive Summary September 2004 Copyright © 2004 by the Committee of Sponsoring Organizations of the Treadway Commission. All rights reserved. You are hereby authorized to download and distribute unlimited copies of this Executive Summary PDF document, for internal use by you and your firm. You may not remove any copyright or trademark notices, such as the ©, TM, or ® symbols, from the downloaded copy. For any form of commercial exploitation distribution, you must request copyright permission as follows: The current procedure for requesting AICPA permission is to first display our Website homepage on the Internet at www.aicpa.org, then click on the "privacy policies and copyright information" hyperlink at the bottom of the page. Next, click on the resulting copyright menu link to COPYRIGHT PERMISSION REQUEST FORM, fill in all relevant sections of the form online, and click on the SUBMIT button at the bottom of the page. A permission fee will be charged for th e requested reproduction privileges. Committee of Sponsoring Organizations of the Treadway Commission (COSO) Oversight COSO Chair American Accounting Association American Institute of Certified Public Accountants Financial Executives International Institute of Management Accountants The Institute of Internal Auditors Representative John J. Flaherty Larry E. Rittenberg Alan W. Anderson John P. Jessup Nicholas S. Cyprus Frank C. Minter Dennis L. Neider William G. Bishop...

Words: 3205 - Pages: 13

Premium Essay

Risk Management

...RISK ASSESSMENT REPORT Template Information Technology Risk Assessment For Risk Assessment Annual Document Review History The Risk Assessment is reviewed, at least annually, and the date and reviewer recorded on the table below. | Review Date |Reviewer | | | | | | | | | | Table of Contents 1 INTRODUCTION 1 2 IT SYSTEM CHARACTERIZATION 2 3 RISK IDENTIFICATION 6 4 CONTROL ANALYSIS 8 5 RISK LIKELIHOOD DETERMINATION 11 6 IMPACT ANALYSIS 13 7 RISK DETERMINATION 15 8 RECOMMENDATIONS 17 9 RESULTS DOCUMENTATION 18 LIST OF EXHIBITS Exhibit 1: Risk Assessment Matrix 18 List of Figures Figure 1 – IT System Boundary Diagram 4 Figure 2 – Information Flow Diagram 5 List of Tables Table A: Risk Classifications 1 Table B: IT System Inventory and Definition 2 Table C: Threats Identified 4 Table D: Vulnerabilities, Threats, and Risks 5 Table E: Security Controls...

Words: 1518 - Pages: 7

Premium Essay

Coso

...Enterprise Risk Management — Integrated Framework Executive Summary September 2004 Copyright © 2004 by the Committee of Sponsoring Organizations of the Treadway Commission. All rights reserved. You are hereby authorized to download and distribute unlimited copies of this Executive Summary PDF document, for internal use by you and your firm. You may not remove any copyright or trademark notices, such as the ©, TM, or ® symbols, from the downloaded copy. For any form of commercial exploitation distribution, you must request copyright permission as follows: The current procedure for requesting AICPA permission is to first display our Website homepage on the Internet at www.aicpa.org, then click on the "privacy policies and copyright information" hyperlink at the bottom of the page. Next, click on the resulting copyright menu link to COPYRIGHT PERMISSION REQUEST FORM, fill in all relevant sections of the form online, and click on the SUBMIT button at the bottom of the page. A permission fee will be charged for th e requested reproduction privileges. Committee of Sponsoring Organizations of the Treadway Commission (COSO) Oversight COSO Chair American Accounting Association American Institute of Certified Public Accountants Financial Executives International Institute of Management Accountants The Institute of Internal Auditors Representative John J. Flaherty Larry E. Rittenberg Alan W. Anderson John P. Jessup Nicholas S. Cyprus Frank C. Minter Dennis L. Neider William G...

Words: 3205 - Pages: 13

Premium Essay

Corporate Compliance

...essential that the management team take steps to identify, access and manage risk. For many businesses, risk management has been identified as a way to thwart and reduce losses, as well as develop business performance. A collection of new tools have been introduced over the past few years to help measure enterprise risk. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has also played a major role in helping companies manage risk. COSO was formed in 1985 and is a U.S. private sector initiative whose major goal is to identify the different factors that lead to fraudulent activities such as fraudulent financial reporting and make recommendations to reduce the incidences. COSO established a variety of internal controls and criteria that companies and organizations can use to assess their control systems in order to manage risk. “In 2001, COSO initiated a project, and engaged PricewaterhouseCoopers, to develop a framework that would be readily usable by managements to evaluate and improve their organizations’ enterprise risk management” (COSO Executive Summary, 2004). Based on the many COSO recommendations of risk management, many companies and businesses have implemented enterprise risk management techniques within their organization. The goal of this paper is to summarize a plan to apply enterprise risk management for New Mexico Solutions. “The underlying principle of enterprise risk management is that every entity exists to provide value for its stakeholders...

Words: 1169 - Pages: 5

Premium Essay

Cmgt 442 Entire Course

...are the potential risks associated with the loss of this type of data? CMGT 442 Week 1 DQ 2 DQ 2: Based on the Barr article, what special issues must be addressed for a risk management strategy that supports Web-based systems? Why the risks are associated with disruption of these web-based systems critical and require diligent consideration? CMGT 442 Week 1 Summary For this first week’s weekly summary topic, please find and summarize an IS risk management related current event. You may reference any source (Newspaper, Magazine, e-article, etc.) but please be sure to cite your source based on APA standards. Please keep your summary concise (1 paragraph) and include your perspective(s) and conclusion(s). If your source is web based, you may include a hyperlink to the reference website. You may post your article summary at any time during the week. Please provide peer feedback to at least one of your fellow class member’s article summary. CMGT 442 Week 2 DQ 1 Based on the Keston (2008) article, how important is enterprise identity management for reducing risk throughout the enterprise? Explain why a viable risk management strategy must include, at a minimum, a solid enterprise identity management process. CMGT 442 Week 2 DQ 2 DQ 2: Based on the Barr (2009) article, what type of software should be considered to provide adequate security management across the enterprise? Is this a practical solution? Why or why not? CMGT 442 Week 2 Summary This week as we...

Words: 1299 - Pages: 6

Premium Essay

Risk Management

...Qualitest Compliance Wire Integration Risk Management Plan Revision History Date | DocumentVersion | Author | Comments/Notes | 10 April 2015 | V 1.0 | Levi Schenk | Initial Version | 12 April 2015 | V 1.1 | SAF | First edit | 14 April 2015 | V 1.2 | Levi Schenk | Second edit | 15 April 2015 | V 1.3 | SAF | Third edit | 17 April 2015 | V 1.4 | SAF | Fourth edit | Approvals Prepared By: _____________________________ Date: __________________ Levi Schenk Project/Validation Manager Signature below indicates this document has been determined to be accurate and complete. Approved By: ____________________________ Date: __________________ Cynthia KramerDaggett, Senior Director Quality systems (Qualitest Business Owner) Approved By: ____________________________ Date: __________________ David Haas Director IT (Qualitest IT Owner) Approved By: ____________________________ Date: _________________ Larry Kass Dir Compliance & Supplier Quality Third Party Quality (Qualitest - QA Compliance) Approved By: To be signed electronically in Master Control Ed Perazzoli IT Quality & Computer Validation Mgr (IT RM) Table of Contents Revision History 1 Approvals 2 1. Purpose 4 2. Project / System Overview 5 3. Definitions 5 4. INDEX OF ABBREVIATIONS AND ACRONYMS 6 5. References 7 6. Roles and Responsibilities 8 7. Risk Methodology – revisit with change forms. 9 8. Risk Management and assumptions 10 9. Risk Handling 12 10. Deviation Management 14 11...

Words: 2265 - Pages: 10

Free Essay

Enterprise Operations

...Operational Level Paper E1 ENTERPRISE OPERATIONS (REVISION SUMMARIES) Chapter 1 2 3 4 5 6 7 8 9 10 11 12 Topic Organisations Corporate Responsibility and Ethics The International Economy Information Systems Managing Information Systems Operations Management Quality Management Marketing Buyer Behaviour Human Resource Management Management Theory and Motivation The Legal Environment Page Number 3 13 17 27 35 45 55 61 73 79 93 101 E1 revision summaries 1 E1 revision summaries 2 Chapter 1 Organisations E1 revision summaries 3 Key summary of chapter Private sector organisations Sub-sectors of the economy not directly controlled by the government or state private business and households. Examples • • • • Private businesses e.g. self employed sole traders or partnerships. Companies (corporations) e.g. separate legal identity with limited liability for shareholders (owners). Private banks and building societies. Non-governmental organisations e.g. trade unions, charities, clubs etc. e.g. Public organisations Sub-sectors of an economy, or organisations, owned and directly controlled by the state or government. Examples • • • Local authorities. State owned industries e.g. the UK post office. Public corporations e.g. the British Broadcasting Company (BBC). Characteristics of public organisations • • • • Ultimately accountable to government. Goals and guidelines determined by government. Not-for-profit motive (NPO). Funded by the general public...

Words: 15334 - Pages: 62

Free Essay

Audit Slides

...Lecture 5 Audit of the Sales and Collection Cycle Summary of the Audit Process Phase 1 Plan and design an audit approach 1. Accept client and perform initial planning 2. Understand client’s business and industry 3. Assess client business risk 4. Perform preliminary analytical procedures 5. Set materiality & assess acceptable audit risk and inherent risk 6. Understand internal control and assess control risk 7. Gather information to assess fraud risk 8. Develop overall audit plan and audit program Phase 2 Perform tests of controls & substantive tests of transactions Plan to reduce assessed level of control risk? No Yes Phase 3 Perform analytical procedures and tests of details of balances 1. Perform analytical procedures 2. Perform tests 3. Perform additional tests of details of balances Phase 4 Complete the audit & issue an audit report 1. Perform tests for presentation & disclosure 2. Accumulate final evidence 3. Evaluate results 4. Issue Audit Report 5. Communicate with audit committee & management 1. Perform test of controls 2. Perform substantive tests of transactions 3. Assess likelihood of misstatements in financial statements Accounts in the Sales and Collection Cycle 14-3 Sales and Sales returns Transaction 4 Accounts Sales Accounts receivable Business Functions Processing customer orders Granting credit Shipping goods Billing customers and recording sales Documents & Records Customer order Sales order Customer or sales order Shipping...

Words: 2285 - Pages: 10

Free Essay

Osram

... revenue  to  global  revenue  from  24%  to  40%  by  2017   How  can  OSRAM  achieve  its  2017  goal?     Set  aggressive  target  in  China   market  and  commit  high  level   of  resource  &  investment   Focus  on  OS  &  GL  components   to  gain  market  share  now,  plan   for  growth  in  GL  luminaires  &   higher  value  products   Use  greenfield  strategy  to  gain   market  entry,  while  preserving   IP  &  managerial  control   Summary    Ι    Industry  Trends    Ι    Market  Analysis    Ι    Market  SelecAon    Ι    Entry  Strategy    Ι    Risks  &  MiAgaAon     1   Driving  by  key  trends,...

Words: 1476 - Pages: 6

Premium Essay

Afeffef

...the headings which need to be covered. The sections which follow outline the contents of the business plan. We hope that you will find the comments relevant and thought provoking and that you will be able to use these thoughts as a basis for preparation of a business plan which will adequately convey your ability to succeed. CONTENTS The business plan should summarise the proposed activity and the prospects for success for the venture, paying particular attention to factors that are critical to success or failure. The contents should be tailored to the particular individual requirements, circumstances or characteristics of the proposal. However, in general, they commonly fall within the following categories: • Executive Summary • Current position • Objectives • Product/Service and Operations...

Words: 1747 - Pages: 7

Premium Essay

It 244 Week 1

...policy—program-level, program-framework, issue-specific, or system-specific—is appropriate for your final project company. Assignment: Final Project Information Security Policy: Introduction Complete and submit Appendix C. Note. Section 1 Introduction of Appendix C corresponds to Section 2 of Appendix B in the final compilation due in Week Nine. In completing Appendix C, provide an overview of your final project company, describe the type of security policy that is appropriate for your scenario, and explain your security goals in terms of confidentiality, integrity, and availability. □ Week Three: Disaster Recovery Plan Analyze the mission-critical business processes and risks for your final project company as would happen during a business continuity risk...

Words: 899 - Pages: 4

Premium Essay

Coso Framework

...the negative impact on the market efficiency. As a result, COSO, the Committee of Sponsoring Organizations of the Treadway Commission, was formed in 1985. It has published several comprehensive frameworks to help organizations to improve business operation and governance and to avoid fraud. The aim of this report was to study the development of COSO, including its history and main frameworks and guidance regarding internal control, enterprise risk management and fraud deterrence. The report interpreted the three areas under COSO framework with their key compositions and most recent updates. After the detailed interpretation, conclusion and recommendations were given. Keywords: Fraudulent Financial Reporting, COSO, Internal Control, ERM, Fraud Introduction and Background Financial information is a significant and unique composition of the world of business. Analysis on financial information can always help users to make business decisions. However, driven by short-term profit and specific business purposes, companies would take the risk of releasing fraudulent financial reporting. Fraudulent information would fail to lead to good business decisions. Back to 1970s, due to the occurrence of questionable corporate political campaign practices like the Watergate...

Words: 3530 - Pages: 15

Premium Essay

Project Risk Summary Report

...COB Project Risk Report June 2014 |COB Project | Revision History |Change Log | |Revision # |Date of Revision |Owner |Summary of Changes | |01 |06/08/2014 | |DRAFT Released | | | | | | Table of Contents 1. Introduction 2 1.1 Purpose 2 1.2 Scope 2 1.3 Document Maintenance 2 2. Top 10 Risk 3 Appendix A - Project Risk Report A-1 Project Information A-1 Risks (Top 4) from Risk Register A-1 Corrective Action A-2 Introduction 1 Purpose The purpose of Project Status Summary Report is to provide a consistent approach of reporting the status of project activities across all major capital projects. 2 Scope The Project Status Report will identify the process (es) used to create, update, and publish the report. 3 Document Maintenance This document will be reviewed quarterly and updated...

Words: 612 - Pages: 3

Premium Essay

Auditing

...Table of Content EXECUTIVE SUMMARY 2 INTRODUCTION 3 ENTITY AND ITS OPERATING ENVIRONMENT OF THE COMMONWEALTH BANK OF AUSTRALIA 4 MATERIALITY LEVEL FOR AUDIT PURPOSE 4 1.NET PROFIT BEFORE TAX 5 2. TOTAL ASSETS 5 3.TOTAL REVENUE 5 4.TOTAL EQUITY 6 AUDIT RISK 6 A. ELECTRONIC DATA PROCESSING (EDP) 8 B. INVESTMENTS 8 C. CUT OFF PROCEDURES 8 COMMONWEALTH BANK OF AUSTRALIA’S INTERNAL CONTROL STRUCTURE 9 1. THE CONTROL ENVIRONMENT 10 2. RISK ASSESSMENT 10 3. CONTROL ACTIVITIES 10 4. INFORMATION AND COMMUNICATION SYSTEM 10 PRELIMINARY AUDIT STRATEGIES FOR SIGNIFICANT ASSERTIONS 11 1. EXISTENCE AND OCCURRENCE 11 2. COMPLETENESS 12 3. CUT OFF 12 4. RIGHTS AND OBLIGATION 12 5. VALUATION AND ALLOCATION 12 REFERENCES 14 Executive Summary The aim of this report is to develop an audit plan using the 2008 annual reports of the Commonwealth Bank of Australia. This report will provide an understanding of the underlying concepts of an overall audit strategy, which will be used for the verification of Commonwealth Bank operations. This strategy will bring forward the direction and scope of the Commonwealth Bank of Australia’s audit plan. This report will address five major points these are as follows: • Understanding the entity and its environment • Making preliminary judgements about materiality levels • Considering the audit risk • Understanding Commonwealth Bank of Australia’s internal control structure • Developing preliminary audit strategies for significant...

Words: 527 - Pages: 3

Premium Essay

Corporate Compliance Report

...Running head: CORPORATE COMPLIANCE REPORT Corporate Compliance Report Corporate Compliance Report With so many corporate scandals and misappropriation of finances, the United States government has developed many laws and action agencies to aid in reducing the amount of corporate mishandlings. Regulatory legislation mandating a report on internal controls is now a corporate obligation. Risk management is a fundamental area of importance to stakeholders. Organizations that are best practice companies look to the Committee of Sponsoring Organizations for guidance to develop efficient internal controls, enterprise risk and against fraudulent activities. This paper will outline a plan to implement enterprise risk for an organization of choice. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) “is dedicated to guiding executive management and governance entities toward the establishment of effective, efficient, and ethical business operations on a global basis. It sponsors and disseminates frameworks and guidance based on in-depth research, analysis, and best practices” (COSO, 2006). COSO is a private-sector program funded and sponsored by five professional organizations. The Committee conducted an 11-year research study to analyze instances of fraudulent financial reporting and determine contributing factors that lead to financial statement fraud (COSO, 2006). COSO’s research demonstrated that most fraudulent behavior involved the chief...

Words: 1730 - Pages: 7