M & D FORUM

A Study on Internal Control Audit Risk DONG Liying School of Accounting, Hebei University of Economics & Business, P.R. China, 050061 [email protected] Abstract: As audited internal control information can enhance the credibility of financial reporting, so international organizations and institutions developed a certain specification of the internal control audit, formed a wealth of research results. This paper applies standard research methods to study how to reasonable control audit risk when Certified Public Accountants executy internal control audit against major problems of China’s internal control audit development. This paper proposes risk control paths of internal control audit only from the perspective of audit subject, include in As soon as possible to develop complex personnel of internal control audit, Strengthen the contact with internal audit department, Effective integration internal control auditing and financial reporting auditing. Keywords: Certified Public Accountants, Internal control, Audit risk

1 Introduction Establishing internal control system in Enterprises is to ensure the reliability of accounting records, because internal control systems can constraint management or staff reported the possibility of random error, and thus the authenticity of the content of financial reporting to provide reasonable assurance, become another important system arrangement to ensure reliable financial reporting. However, due to the Inherent limitations of internal control and pressure, opportunity and an excuse of management face, the credibility of control self-assessment report of internal management discoursing is still not high enough, so Certified Public Accountants is required to audit control self-assessment report of internal management discoursing, to enhance the credibility of internal control information, the internal control audit came into being. From the 1970s to 1980s, internal control audit services was produced in America, the cause is the listed company's financial reporting fraud, and abuse of power management events such as bankruptcy. In 1987, the United States Treadway Commission report pointed out that about half of the fraudulent financial fraud case because of failure of internal control arising. Treadway Commission issued a research report subsequently and recommended that all listed companies should accompany the annual financial report, signed with the management of internal control report, the effective implementation of top management to establish and maintain appropriate internal control commitments. However, this proposal was not mandatory. In 1992, COSO framework identified five core elements of internal control: control environment, risk assessment, control activities, information and communication, monitoring. In 1994, the American Institute of Certified Public Accountants President suggested that management should be published on the effectiveness of internal control report and management report of the Certified Public Accountants assessment. In 2004, COSO framework had added three elements, namely, goal setting, matters of identification and risk response, in order to strengthen the framework of the risk management section. Internal control audit services from the beginning towards a standardized track. internal control audit system began in 2002 in China's listed companies. In February 2002, China Association of Certified Public Accountants issued guidance on internal control audit, the opinion provisions of the Certified Public Accountants entrusted, on the management of the audited entity financial statements on a specific date and the effectiveness of internal control relevant to the identification of audit, and express an audit opinion. This is our initial audit of internal control systems form. April 2010, China officially released the Internal Control Audit Guidelines, the implementation of the system was to prevent business risk, internal control guidance Certified Public Accountants audit services with landmark historical significance. This study aims to analyze the nature of the internal

186

M & D FORUM control auditing and internal control audits’ main problems at this stage, and finds a pash of avoiding internal control audit risk.

2 The Nature of the Internal Control Auditing From the production of the internal control audit in domestic and international business, the internal control auditing was a form of forensic services, was a forensic services of Certified Public Accountants accepted a commission. In China, from the internal control audit guidance (2002) to the Internal Control Assurance Guidelines (Draft) (2008), to the Internal Control Audit Guidelines (2010), the nature of internal control audit was made clear to the qualitative identification. March 2002, the development of China's Institute of Chartered Accountants issued a guidance on auditing internal control, the opinion clearly stated the definition of internal control audits, internal control audit was that Certified Public Accountants accepted entrust, audited the management of the authorities was a specific date associated with the financial statements identify the effectiveness of internal control review and audit opinion. The opinion also provided that in accordance with relevant state regulations, establish a sound internal control and maintain its effectiveness, was management's responsibility for the audit unit; Certified Public Accountants’s responsibility is to understand, test and evaluation of internal control, issued audit report. Since then, China’ internal control appraisal business embarked on a standardized way. After 2006, China's listed company's internal control auditing system had undergone great changes, regulatory authorities through the annual financial statements of listed companies, disclosure and other means to encourage voluntary disclosure of listed companies to report internal control verification. July 2008, released by the China Association of Certified Public Accountants and in July 1, 2009 effective as the Internal Control Assurance Guidelines (draft) clearly provides the meaning of internal control assurance, internal control Kam card, was entrusted to the accounting firm of business and financial reporting, internal control effectiveness of the identification and forensic views published. And clear that the Certified Public Accountants’ responsibility was based on the forensic work, the effectiveness of internal control opinions issued identification; in the formation of opinion on the effectiveness of internal control, the Certified Public Accountants should be evaluated for management in accordance with relevant government departments and regulatory bodies The annual report of the corporate disclosure of internal control adequacy. In order to more effectively promote the listed companies to establish, implement and evaluate internal controls, forensic services to further deepen the internal control, regulate the accounting firm's internal control audit reports, April 26, 2010, China's Ministry of Finance Commission, the Audit Commission, China Securities Regulatory Commission, Insurance Regulatory Commission jointly formulated and promulgated Internal Control Audit Guidelines. Internal control audit is entrusted to the accounting firm, the benchmark for a particular design and operation of internal control on the effectiveness of the audit. The Certified Public Accountants should be the effectiveness of financial reporting internal control audit opinion, audit and internal control noted during the non-financial reporting internal control significant deficiencies in internal control audit report added, "major non-financial reporting internal control deficiencies described in paragraph "to be disclosed. The implementation of this system to prevent business risk, standardize corporate governance, internal control guidance for Certified Public Accountants auditing of great historical significance.

3 The Main Problems of China’ Internal Control Audit 3.1 Internal controls auditing system lack of enforcement Before 2006, China's relevant regulatory authorities were lack of enforcement of the internal control audit requirements, which resulted in some companies reluctant to disclose internal management control information. For example, in order to regulate the establishment of the internal control of listed 187

M & D FORUM companies, operation and information disclosure, September 2006, China’s Shenzhen Stock Exchange issued a Shenzhen Stock Exchange listed company's internal control guidelines, the Shenzhen Stock Exchange guidelines' provisions, the Certified Public Accountants should be directly on the company's evaluation of the effectiveness of internal controls and issued a verification report. The Shenzhen Stock Exchange Guidelines issued to listed companies to improve internal controls through the establishment and operation of internal control information transparency and full disclosure, listed companies to improve operating effectiveness of internal control. China Securities Regulatory Commission Announcement [2008] No. 48 on the 2008 annual report of listed companies to do work related to the announcement provided that a listed company's annual report in 2008 should be full disclosure to establish a sound internal control mechanism of the case. From the above requirements, We could seen that related specifications listed company shall issue a guide only forensic report, and there was no mandatory requirement to issue a verification report, which led directly to the vast majority of companies not want to disclose the existence of their own deficiencies in internal control, nor forensic accounting firm willing to employ its internal controls. Research resulted also confirmed this. Young red, Wang Wei (2008) by describing the statistics of the Shanghai Stock Exchange Annual Report 2006 of the internal control disclosure of information were analyzed, that in 2006 the Shanghai stock market information disclosure of internal control within the control of mandatory disclosure had not been effectively implemented, Voluntary disclosure of internal control information lack of motivation, internal control self-assessment and evaluation of accounting firmed to verify the lack of uniform standards and other issues. Ming Yang, Chun-Li Wang, Wang Bing (2009) A-share listed companies using 2007 data for the empirical test analysis found: the better the listed company's internal control environment, the easier it received a clean audit opinion; listed companies to disclose internal control verification opinion, there was obviously "nothing but good news," the disclosure of management behavior. 3.2 Internal control audit subject single From the internal control audit guidance (2002) to the Internal Control Assurance Guidelines (Draft) (2008), to the Internal Control Audit Guidelines (2010), the three internal control regulations audit subject was all accounting firm. The latest regulations Internal Control Audit Guidelines regulated, the accounting firm accepted commission to audit a specific benchmark on the design and operation of internal control effectiveness. The "specific reference date" in the Internal Control Evaluation Guidelines (2010) was the December 31, and required to submit evaluation report of internal control within 4 months after baseline reported. This time coincided with the financial report audit report quoted the time coincidence. Limited time in the audit with the audit of listed companies limited number of qualified accounting firms, accounting firms employing knowledge structure is not reasonable, internal controls are inadequate and ineffective implementation of such cases, as an internal control audit of the Certified Public Accountants is the main felt beyond their grasp. 3.3 Fewer studies of internal control audit risk In China’ Certified Public Accountants auditing standards, internal control has been an important basis that Certified Public Accountant determine substantive procedures. Because of financial reporting in the implementation of the Certified Public Accountants audit program has been audited for the same internal control risk were tested. However, as the business environment changes, and increasing complexity of the business, the company's internal control difficult to achieve sound. Moreover, the internal control audit business in China was still a new business; the launching of new business is still in the exploratory stage. Addition, China's Certified Public Accountants profession is still relatively young, existing practitioners, the competent services of the internal control audit personnel accounted for less proportion. In addition, from the nature of the internal control audit, we had also seen the contents of the internal control audit services in the event of changes, audit scope to expand. Internal control audit guidance provided in the audit of internal control was the management of the audit and accounting

188

M & D FORUM reports for a specific date related to the effectiveness of internal control. Internal Control Assurance Guidelines (draft) in the internal regulations control audit was to be forensic business and financial reporting, internal control effectiveness. Internal Control Audit Guidelines set forth in the internal control audit was to be audited on a specific reference design and operation of internal control effectiveness. This subtle change, not only increased the Certified Public Accountants’s audit costs, but also increased the risk of Certified Public Accountants audit. We had more access to domestic and foreign literature, only to retrieve one of the internal control audit risk article, Patterson ER, Smith JR (2007) used a theoretical model of SOX for auditors working relationship between the intensity and impact of internal control, that SOX increased the Certified Public Accountants 's risk and cost.

4 Risk Control Path of Internal Control Audit As an internal control audit subject, Certified Public Accountants should be how to obtain sufficient and appropriate audit evidence about the effectiveness of access of internal control design and operation in a limited period of time, and control reasonably internal control audit risk, has become a must face reality. In the current complex environment, inadequate and not active disclosure of internal control information, we think that the Certified Public Accountants can start with strict self-discipline to start; first to develop the internal control audit versatile talents, followed by strengthening the internal audit departments, the third is the effective integration of internal control auditing and financial reporting auditing. 4.1 As soon as possible to develop complex personnel of internal control audit Internal control audit is to help companies prevent risks, in the final analysis had to rely on a high level of internal control audit staff of professional quality. Internal Control Audit Guidelines Article sixth provisions the Certified Public Accountants should plan properly internal control audit, with professional competence of project team. However, there was no the relevant provisions on internal control audit staff should had specific areas of professional competence. Variability of the business environment, the complexity of business operations and audit time limitations are to some extent, affect the internal control audit risk. We think that the internal control audit staff should have a keen observation, careful thinking ability, excellent professional knowledge, ability and reasonable knowledge structure at least, and only have a team of internal control audit practitioners can perform internal control audits work; and established further education system of internal control employees is a System security to develop high-quality internal control auditor.

，

4.2 Strengthen the contact with internal audit department Under the guidance of comprehensive risk management framework of enterprise, internal audit department's focus is to help companies build internal controls. In the modern enterprise management process, internal audit of internal control as an important component, with supervision and other aspects of internal control responsibilities. The role of internal audit should not only supervise the enterprise's internal controls are implemented, should also help companies to control the environment to create, as the internal control process design consultant. It is more effective in helping management to achieve the desired control objectives in the process of playing a larger role. Therefore, the internal audit staff in understanding, assessing the risk level of internal control over accounting firm of certified public accountants more in-depth and appropriate. Internal Control Audit Guidelines Article IX clearly stated, the Certified Public Accountants used of internal audit staff, probably should be a corresponding reduction in work performed by Certified Public Accountants. Limited time in the audit of internal control, lack of audit experience, auditing and complex case, only strengthen the internal audit departments, more in-depth understanding of internal control, careful and reasonable assessment of internal control the level of risk to the reasonable control of the internal control audit risk. 4.3 Effective integration internal control auditing and financial reporting auditing 189

M & D FORUM In China, as company's internal control report is included in the financial reporting, so the audit subjects is Certified Public Accountant who audit financial report at the same time, therefore, implementation of internal control audit subject and implementation of financial report audit subject is same. The current mainstream financial report audit method is risk-based audit ,it requires Certified Public Accountants before the implementation of further audit program, should first understand the entity and its environment (including: internal control), and to assess the risk level of internal control, and then according to internal decide on the next level of risk control audit procedures. Since the understanding of internal control and evaluation is an essential part of the financial report audit, we should be integrated the internal control audit and financial reporting. On the one hand, it can avoid repeat audit, reduce the burden of the audited units, save audit cost; on the other hand, it will also help Certified Public Accountants to co-ordinate control audit risk. Therefore, we think, with an audit client's internal controls auditing and financial reporting auditing should be performed by a same account firms.

5 Conclusion Internal control auditing development suggests that internal control audit have been developed in most countries. As the internal control audit has the nature of economic assurance, internal control audit report is concerned by many stock market investors and other stakeholders, therefore, Certified Public Accountants as China's current internal control audit subject will pay more attention to internal control audit services. However, because of the inherent limitations of internal control, how to effectively complete internal control auditing, to reasonably avoid the internal control audit risk, it has been a focus of Certified Public Accountants. Based on China’ internal control Audit history shorter, the Certified Public Accountants 's own audit resources limited, this paper only studies a path of internal control audit risk control from the angle of audit subject. Fund: This paper is a stage research results of A Study on The Accounting Firm’s Risk Management System in Hebei Province from China Hebei Science and Technology Department soft science research plan, item number: 11457202D-80, project leader: DONG Liying.

References [1]. Weili Ge, Sarah Mcvay. The Disclosure of Material Weaknesses in Internal Control after the Sarbanes-Oxley Act. Accounting Horizon, 2005(Sep):137 158. [2]. Andrew J., Leone. Factors Related to Internal Control Disclosure. Journal of Accounting and Economics, 2007 (Sep):224 237. [3]. Ogneva M., Raghunandan K., Subramanyam K. R. Internal Control Weakness and Cost of Equity: Evidence From SOX Section 404 Disclosures. The Accounting Review, 2007(82):1255 1297. [4]. Patterson E.R., Smith J.R. The Effects of Sarbanes-Oxley Act on Auditing and Internal Control Strength. The Accounting Review, 2007(82):427 455. [5]. Rao Shenghua, strengthen internal control is a priority - ST Zhengbaiwen warning. China Certified Public Accountants, 2001(6):52 54(in Chinese). [6]. Zhang Limin, Qian Hua, Li Min instrument. Disclosure of internal control and improvement of the status quo - from our ST analysis of the data of listed companies. Audit Research, 2003 (5):10 15(in Chinese). [7]. Chen Guan Ting, Shao-hua. On the disclosure of listed companies and their audit of internal control. Audit Research, 2003 (6):34 38(in Chinese). [8]. Zhang Gang, Zhou Yunpeng. Internal control audit report analysis. Guangdong Economic Management College, 2004(6):67 69(in Chinese). [9]. Yang, red, Wang Wei 2006 Shanghai disclosure of internal control. Accounting Research,

～

～

～

～

～

～

～

～

190

M & D FORUM

～

2008(3):35 42(in Chinese). [10]. Ming Yang, Chun-Li Wang, Bing. Internal controls, auditing and forensic audit opinion. Financial Theory and Practice, 2009(3):60 66(in Chinese). [11]. Dengmei Jie, Wu Guoping. Audits of internal control system of the United States and its Implications for China. Taxation and Economy,2011(4):69 72(in Chinese). [12]. Yuan Min. Audit of internal control of listed companies: problems and improve - the evidence from the 2007 Annual Report. Audit Research,2008(5):90 96(in Chinese). [13]. Pan Qin. Internal control audit opinion on the impact of audit - based on 2009 data of China's A-share companies. Accounting magazine, 2011(3):80 82(in Chinese).

～

～ ～

191

～