3. Controls Flashcards
The responsibilities of the Audit Committee include…
Oversight of reporting, internal controls and risk management, internal and external audit, whistleblowing
What are the three types of business risk assessed through internal controls?
Financial, compliance and operational
What are the five elements of the internal control system?
- The control environment
- The risk assessment process
- The information systems
- Control activities
- Monitoring of controls
What is the purpose of an audit?
The ascertain the validity and reliability of information, and to assess a company’s system of risk management and internal control
What are the five elements of an assurance service?
- Three party relationship (user, preparer and scrutiniser)
- Underlying subject matter
- Criteria
- Evidence to support the opinion
- A written report
What does ‘true and fair’ mean in the context of an audit opinion?
That the financial statement is a) factual and complies with accounting standards and is b) clear, impartial and unbiased
Financial statement are considered a fair presentation is they are…
Complete, neutral and free from error
How often should the audit engagement letter be reviewed and reissued?
Reviewed every year, reissued when changes are needed
What are the 4 main limitations of external audit?
- Relies on integrity of client management
- Reporting involves judgement and subjective decisions
- Limited time taken on only a sample
- Minor errors and frauds may not be detected due to materiality thresholds
What are the 2 types of audit test?
Controls testing (ensure controls can prevent, or detect and correct, errors) and detailed testing (check for material misstatements in high risk areas)
What is audit risk?
The risk that an auditor gives an inappropriate opinion
What are the 3 elements of audit risk?
Inherent risk, control risk and detection risk
What are the two levels of inherent risk?
Financial statement level (affect the whole entity) and assertion level (specific claims in the financial statement)
What are the two conditions for audit evidence?
It must be sufficient (enough) and appropriate (reliable and relevant)
Reliability of audit evidence is greater if…
From an independent external source or subject to effective control if internal, obtained form the auditor themselves, documented (rather than verbal) or in its original form
Who is the audit report for?
The shareholders (also filed on public record)
What are the 4 opinions that an auditor can share in their report?
- An unmodified opinion (accounts are true and fair)
- A qualified opinion (isolated material misstatement)
- An adverse opinion (multiple or significant misstatements)
- A disclaimer (not enough evidence)
To whom does the auditor issue the report on control deficiences?
Privately, to those charged with governance (the board)