Wiley Practitioner's Guide to GAAS 2020. Joanne M. Flood
That May Affect the Financial Reporting Process
Some IT systems process information that is not reflected in the financial statements. For example, an organization may have a sales and marketing system that tracks lead generation, customer contact information, and purchase history. IT general controls that affect the functioning of this system may or may not be included within the scope of an evaluation of financial reporting controls, depending on how management uses the information generated by the system.
For example, management and the sales team may use the information only to manage the sales process, in which case the sales system is not important to the financial reporting process. Or management may use the information generated from the sales system to monitor financial results, generate financial information, or perform some other control procedure.
For example, information in the sales system could be used to:
Calculate bonuses to salespeople, an amount that is reported in the financial statements.
Generate a key performance indicator, which management uses to identify anomalies in the accounting records or financial statements.
Generate nonfinancial information, which management uses in its monitoring process.
General controls related to nonfinancial systems may be included in management’s evaluation if the risk of failure of the control is significant. If the risk is small, then the system can be excluded from the scope of the evaluation.
General Controls Directly Related to Financial Information
Other IT systems at an organization are directly related to the processing of financial information; these systems include the accounting system, the sales system, or the inventory management system. To the extent that these systems process significant financial information where a material misstatement could occur, they will be included within the scope of the auditor’s evaluation.
IT systems that have a more direct effect on the financial reporting process typically are included within the scope of management’s evaluation. Relevant IT general control objectives usually relate to:
Logical access to programs and data
Physical access to computer hardware and the physical environment within which the hardware operates
System development and change
Effect on the internal audit function
AU-C 315 ILLUSTRATIONS
The following questionnaire will help the auditor assess risk. The existence of a condition covered by the questionnaire does not mean errors or fraud have occurred; it is a warning sign indicating increased risk in the audit areas affected. The questionnaire should be modified in accordance with the size and complexity of the entity.
Illustration 1. Risk Assessment Questionnaire
[Client]
[Audit date]
[Prepared by/Date] | [Reviewed by/Date] |
Instructions
The purpose of this questionnaire is to document and assess audit risk. It should be part of audit planning and updated during the audit. (AU-C 260.15)
The information required to complete this questionnaire comes from the following sources:
1 Client responses to our inquiries
2 Our knowledge of general and industry economic conditions
3 Our knowledge of the client
This questionnaire is divided into two major sections: external and internal factors. It is designed so that every “Yes” answer adversely affects risk exposure.
For every “Yes” answer, the item should be referenced to the appropriate audit documentation. The audit documentation should state our assessment of the effect of the condition on the risk of material errors or fraud.
External Factors
Yes | No | Working paper reference | |
General Economic and Financial Conditions Are there trade or other barriers to the client’s international business?Have the client’s domestic markets suffered from high unemployment?Have the client’s domestic markets suffered from high inflation?Has legislation passed that adversely affects the client?Are interest rates high in relation to the client’s capital needs?Has the client’s business been adversely affected by changes in the following:Interest rates?Unemployment rates?Money supply?Foreign currency exchange rates?Overall business conditions (depression, recession, inflation)? | |||
Industry Economic and Financial ConditionsAre the products of this industry subject to rapid obsolescence?Is the industry highly competitive?Have there been an unusual number of bankruptcies in this industry?Does the estimated income for the year deviate significantly from the industry average?Did the industry experience a strike or other labor unrest? Uses and Users of Financial Statements Will the financial statements be filed with the SEC?Will the financial statements be submitted to the client’s bank?Will the financial statements be submitted to credit agencies?Will the financial statements be submitted to stockholders?Will the financial statements be submitted to employees with reference to:Profit-sharing plans?Pension plans?Bonus arrangements?Other compensation arrangements?Will the financial statements be used in connection with negotiations relating to an acquisition or a disposal of a business or a segment of a business?Will the financial statements be used in connection with negotiations for:A loan?A performance bond?Private sale of stock?Are there other uses or users of these financial statements that may affect our risk? If so, list. |
Internal Factors
Yes | No | Working paper reference | |
Management’s Integrity
Are there any indications that management may lack integrity?Does management desire favorable company earnings because of the following:Need to meet forecasts?Need to support the price of the entity’s stock?Existence of management profit-sharing agreements?Does management desire low company earnings to reduce income taxes?Is management dominated by one or a few individuals?Does management have a poor reputation in the industry?Does management have a reputation for taking unusual or unnecessary risks?Has there been considerable turnover in senior management |