5.0 Management Assertions, Internal Control, Audit Risk Assessment

Question 1

What are the five components of entity-level internal controls

Answer 1

1. Control Environment - sets the tone of an entity and influences the control consciousness of its people. It is a combination of the culture, structure and discipline of an organisation.
2. Risk assessment - the entity’s process for identifying and responding to business risks.
3. Information system - captures and exchanges information needed to conduct, manage and control the entity’s operations.
4. Control activities - policies and procedures that ensure that management directives are carried out.
5. Monitoring - assesses whether controls are operating as intended and modified for changes in conditions on a timely basis.

Question 2

What are the approaches to internal control documentation?

Answer 2

a. Narratives: process is described in full.
b. Flowcharts: standardised graphics that represents complex flows of transactions and the key controls.
c. Combinations of narratives and flow charts:
d. Checklists & preformatted questionnaires: guides the process and assists in identifying critical controls. .

Question 3

What procedures are available to the auditor in obtaining an understanding of the internal control structure?

Answer 3

i. review of previous experience with the entity
ii. enquiries of appropriate management, supervisory and other entity personnel
iii. inspection of records, review of systems and systems documentation
iv. observation of the entity’s activities and operations.

Question 4

What factors will an auditor need to consider to understand the client’s control activities at the entity level?

Answer 4

a) Information processing controls (IPC)
i. General controls
ii. Application controls
b) Segregation of duties
c) Physical controls
d) Performance reviews

Question 5

What is audit risk?

Answer 5

Risk that an auditor expresses an inappropriate audit opinion when a financial report is materially misstated.

Question 6

What are the three components of audit risk?

Answer 6

1. Inherent risk (IR) is the risk that an account or assertion is materially misstated, assuming there are no related controls.
2. Control risk (CR) is the risk that a client’s system of internal controls will not prevent or detect a material misstatement.
3. Detection risk (DR) is the risk that the auditor’s testing procedures will not be effective in detecting a material misstatement.

Question 7

What are management assertions related to classes of transactions?

Answer 7

a. Occurrence - transactions & events occurred during the reporting and pertain to the entity.
b. Completeness - all transactions & events that should have been recorded have been recorded
c. Accuracy - amounts & other data relating to transactions & events have been recorded appropriately.
d. Cut-off - transactions & events have been recorded in the correct accounting period
e. Classification - transactions & events have been recorded in the proper accounts.
f. Presentation - transactions & events are appropriately aggregated, described & understandable.

Question 8

What are management assertions related to account balances?

Answer 8

a. Existence - exist at given date and occurred during the period
b. Completeness - balances that should be included have been included
c. Rights & Obligations entity holds or controls balance at a given date
d. Accuracy, valuation, allocation - reported at appropriate amounts, with valuation or allocation adj.
e. Classification - recorded in proper accounts
f. Presentation - appropriately aggregated, described & understandable.