1-internal control standards Flashcards
the auditor should perform risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control. the procedures are….
inquiries of management and others
observation and inspection
analytical procedures
review information
discussion among audit team members
the auditors understanding of the entity and its environment consists of these 5 things
industry, regulatory and other external factors
nature of the entity
objectives and strategy
measurement and review of the entities financial performance
obtain a sufficient understanding of entities internal control
the auditor ____ perform substantive tests to some degree for all significant audit areas. cannot assess control risk so low that substantive testing is omitted entirely.
must
internal control consists of 5 components
control environment - tone at the top or policies/procedures to establish the overall control consciousness of the organization
risk assessment - policies/procedures to identify and analyze relevant risks and prioritize them so they can be effectively managed
information and communication system – policies/procedures related to identification, capture and exchange of info in a form and timeframe that enable people to carry out their responsibilities.
control activities – policies/procedures to provide reasonable assurance that managements specific objectives will be reached.
monitoring – policies/procedures involving the ongoing assessment of the quality of the internal control effectiveness over time.
internal control definition
a process –effected by those charged with governance, management, and other personnel– that is designed to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance of applicable laws and regulations.
Control Activities-5 components (SCARE)
segregation of duties controls-physical controls authorization review-performance review information technology
segregation of duties
authorization (execution)
access or custody
accounting or record keeping