#5 Internal Control - Concepts and Standards Flashcards by Michael Platt

List the disadvantages of flowcharts to document the auditor’s understanding of internal controls.

Tedious and time consuming to initially prepare.

2. Might fail to recognize deficiencies by getting overly absorbed in details.

How well did you know this?

Not at all

Perfectly

Identify 3 Ways auditor’s might document their understanding of internal controls.

Flowcharts of transaction cycles
Internal Control Questionnaires
Narrative write-ups (memos)

How well did you know this?

Not at all

Perfectly

List the disadvantages of ICQ’s to document the auditor’s understanding of internal control.

These are generic and not tailored to any client specifically
Irrelevant questions may annoy clients
Client might conceal deficiencies by incorrect answers.

How well did you know this?

Not at all

Perfectly

What is the purpose of performing a walkthrough?

Obtain some feedback as to whether the way the auditor has understood (and documented) the entity’s internal controls is consistent with the way the entity is actually processing such transactions.

How well did you know this?

Not at all

Perfectly

Identify 3 procedures an auditor might perform to obtain an understanding of internal controls?

Inquiry of appropriate personnel
Observation of client’s activities
Review entity’s documentation of internal controls

How well did you know this?

Not at all

Perfectly

List the advantages of narratives (memos) to document the auditor’s understanding of internal controls?

Tailored to client
Can be detailed or as general as desired
Easy to prepare
Easy to read

How well did you know this?

Not at all

Perfectly

List the disadvantages of narratives (memos) to document the auditor’s understanding of internal controls.

Writing such a memo is rather unstructured, lacking a systematic approach
It may be rather easy to overlook relevant internal control issues.

How well did you know this?

Not at all

Perfectly

Define transaction cycle.

A group of essentially homogeneous transactions, that is, transactions of the same basic type.

How well did you know this?

Not at all

Perfectly

List the advantages of using flowcharts to document the auditor’s understanding of internal controls.

Systematic approach with emphasis on important Accounting records
Tailored to client
Fairly easy for others to review and understand
Easy to update from year to year.

How well did you know this?

Not at all

Perfectly

List the advantages of ICQ’s to document the auditor’s understanding of internal controls.

Can have a standard form for many clients

2. Deficiencies are easily indicated by “no” answers.

How well did you know this?

Not at all

Perfectly

When should the auditor assess the design effectiveness of internal control?

In planning every audit under GAAS, as a basis for determining the nature, timing and extent of further audit procedures.

How well did you know this?

Not at all

Perfectly

Identify 3 inherent limitations. Of internal controls.

Cost of controls should not exceed expected benefits.
Mistakes may occur due to carelessness, fatigue, misjudgements, etc.
Segregation of duties mat break down due to collusion or management override of internal controls.

How well did you know this?

Not at all

Perfectly

When should the auditor assess the operating effectiveness of internal control?

Whenever the auditor contemplates a reliance strategy (which means the same thing as “assessing control Risk at less than the maximum level”) and only after performing the appropriate tests of control.

How well did you know this?

Not at all

Perfectly

Identify 2 reasons for assessing control Risk at the maximum level.

The auditor believe s that the design of internal control is ineffective.
The auditor believes that reliance on internal control (and performing applicable tests of controls) is not an efficient audit strategy compared to a wholly substantive audit approach

How well did you know this?

Not at all

Perfectly

Identify 3 risk assessment procedures that might be used by an auditor to obtain an understanding of the entity and its environment, including its internal control.

1 Inquires of management and others;

Observation and inspection;
Analytical procedures.

How well did you know this?

Not at all

Perfectly

Define Internal Control

A process - effected by those charged with governance, management, and other personnel - designed to provide reasonable assurance about the achievement of the entity’s objectives with regards to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

Identify the five interrelated components of internal controls.

Control Environment
Risk Assessment
Control Activities
Information and Communication systems
Monitoring

What is meant by the term Monitoring as it relates to internal controls?

The policies and procedures involving the ongoing assessment of the effectiveness of internal control over time.

What is meant by the term control activities?

The policies and procedures that help ensure that management directives are carried out especially those related to (1) segregation of duties, (2) physical controls, (3) authorization of transactions, (4) Performance reviews, and (5) information processing.

What is meant by the term Control Environment?

The policies and procedures that determine the overall control consciousness of the entity, sometimes called “the tone at the top.”

What is meant by the term information and communication systems?

The policies and procedures related to the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.

What are three objectives of internal control as identified in the definition of internal control?

Reliability of financial reporting
Effectiveness and efficiency of operations
Compliance with applicable laws and regulations.

What is meant by the term risk assessment?

The policies and procedures involving the identification, prioritization and analysis of relevant risks as a basis for managing those risks.

Define the term risk assessment procedures.

Procedures performed to obtain an understanding of the entity and its environment, including its internal control.

List some examples of appropriate responses by the auditor to risks of material misstatement at the financial statement level.

Assign more experienced staff to the engagement; Provide closer supervision; Use specialists; Use more unpredictable audit procedures.

When must tests of control be performed?

When the auditor's risk assessment includes and "expectation of the operating effectiveness of controls." Note that this is frequently referred to as "relying" on internal control as a partial basis for the auditor's conclusions, or "assessing control risk at less than the maximum level."

What specific matters should the auditor document regarding the auditor's assessment of the risks of material misstatement?

The discussion with key members of the audit team about the risks of material fraud and errors; The major elements of the understanding of the five components of internal control; The assessment of the risks of material misstatement ( at the financial statement and relevant assertion levels) and the basis for that assessment; The risks identified and the related controls the auditor evaluated.

Define the term significant risks.

Risks that the auditor believes require special audit consideration.

What is the auditors responsibility for assessing the risk of material misstatment

The auditor should identify and assess the risks of material misstatement (1) at the financial statement level and (2) at the relevant assertion level related to classes of transactions, account balances, and disclosures.

Describe the auditor's requirements for communicating deficiencies in an entity's internal controls?

1. The auditor must communicate in writing the significant deficiencies (including material weaknesses) identified in the audit. 2. The auditor may choose to communicate lesser matter, too.

Define material weakness.

``` A deficiency (or combination of deficiencies) internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented or detected and corrected on a timely basis. ```

What is meant by the term deficiency in design?

When a control necessary to meet the control objective is missing, or when the control objective is not always met, even if the control operates as designed.

Define "significant deficiency."

A deficiency (or combination of deficiencies) internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

What is meant by the term deficiency in operation?

When a properly designed control does not operate as designed, or when the person performing the control doesnt have the authority or competence to effectively perform the control.

Describe the timing of the required communication of significant deficiencies in internal control.

Under AICPA Professional standards, written communication is required no later than 60 days after the audit report release date (including matters communicated orally during the audit.)

Why isnt a "systematic and disciplined approach, including quality control" a relevant consideration when the external auditor uses an internal audit function to provide direct assistance?

Because the work performed by the internal audit function is subject to the external auditor's direction, supervision and review.

When using the work of the internal audit function to obtain audit evidence, what three matter should the external auditor evaluate?

1. Objectivity-The internal audit function's organizational status and the objectivity of the internal auditors; 2. Competence of the internal auditors; and 3. Whether the internal audit function applies a "systematic and disciplined approach, including quality control."

What are the two ways the external auditor might use the work of an internal audit function?

1. To obtain audit evidence; and | 2 To provide direct assistance.

When using the internal audit function to provide direct assistance, what two matters should the external auditor evaluate?

1. Objectivity - the internal audit function's organizational status and the objectivity of the internal auditors; and 2. Competence of the internal auditors.