A2-Risk Assessment - Part 2 Flashcards

1
Q

what is internal control?

A
  • a process effected by those charged with governance, by management, and other personnel, designed to provide reasonable assurance about the achievement of the entity’s objectives
  • 3 categories of an entity’s objectives: financial reporting, operations, and compliance
    1. reliability of financial reporting (FS fraud = lying)
    2. effectiveness and efficiency of operations (asset misappropriation = stealing)
    3. compliance with applicable laws and regulations (corruption = cheating)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

which objective is most relevant to the audit?

A
  • The reliability of the financial reporting objective is the most relevant to the audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what are the 5 components of internal control?

A

CRIME - CPA is required to understand each element of CRIME as it relates to financial reporting;

  1. Control environment: leadership; tone at the top
  2. Risk assessment: management’s identification of risk NOT auditor
  3. Information and communication systems: a means of recording transactions and communication responsibilities; support the identification, capture, and exchange of info in a timely and useful manner
  4. Monitoring: assessment of internal control performance over time
  5. Existing control activities: control policies and procedures

It’s a CRIME not to have a strong internal control framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What common circumstances would raise concern regarding management’s philosophy and operating style?

A
  • management consumed with meeting the budget
  • management dominated by one person
  • management compensation contingent upon the entity’s financial performance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what effect if entity has a weak control environment?

A

affect NET; the auditor may perform more(extent) substantive procedures (nature) as of the balance sheet date (time) rather than at interim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what are policies and procedures of existing control activities?

A
  • in a well-designed internal control environment, fraud and errors should be PREVENTED and/or DELETED by employees in the ordinary course of their job/business
  • PAID TIPS
    1. Prenumbering of documents: “your checkbook”
    2. Authorization of transactions: “signed approval”
    3. Independent checks to maintain asset accountability: “checks and balances” verification of work previously done by others
    4. Documentation: “paper trail”
    5. Timely and appropriate financial performance reviews: “analytical review” comparison of actual performance to budgets, forecasts, and prior periods; comparison of financial to nonfinancial info
    6. Information processing controls: ensure transactions are valid, properly authorized, completely and accurately recorded
    7. Physical controls for safeguarding assets: “security”
    8. Segregation of duties: provides a cross-check the work of one individual on the work of another one.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what are the 3 common functions that need segregation of duties?

A
  • segregation of duties is your ARC to protect against a flood of troubles
  • ARC
    1. Authorizing transactions
    2. Record keeping or recording transactions
    3. Custody of related assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is the purpose of internal control? and exceptions?

A
  • prevent and or detect and quickly correct
  • exceptions: collusion (involve 2 or more people) and management override and human error
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what are the procedures used to obtain evidence about the design and implementation of internal controls?

A
  1. Inquiry of entity personnel
  2. Observation of application of controls
  3. Inspection of documents and reports
  4. Walk-throughs: assist the auditor in obtaining and understanding of the IT systems that are used process and record financial transactions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can a walk-through be performed?

A

One or both of the following
1. select a single transaction and trace it through the entity’s info processing system
2. identify the key steps

A complete and accurate list of walk-thru: Inquiry, observation, inspection of relevant documentation, and reperformance of controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what items should auditor document?

A

Documentation may include any item the auditor can FIND:
1. Flowchart: depicts auditor’s understanding of internal control
2. Internal control questionnaire or checklists
3. Narrative: lengthy written version of flowchart, so it’s hard to “see” weakness in internal control
4. Documentation from client: including copies of the entity’s procedures manuals and org charts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is IT general control?

A
  • policies and procedures relate to many applications and support the effective functioning and proper operation of the information system
  • ex: password, backup/recovery system, admin rights to the network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is IT application control?

A
  • apply to the processing of INDIVIDUAL transaction
  • ex: maintain and review accounts and trial balances, check mathematical accuracy of records
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what are benefits of IT?

A
  • ability to process large volumes of transactions and data accurately and consistently
  • improve timeliness
  • enhance segregation of duties, ability to monitor the performance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what are IT risks?

A
  • potential reliance on inaccurate system
  • unauthorized access to data
  • unauthorized changes to data
  • failure to make required changes or updates to systems
  • inappropriate manual intervention
  • potential loss of data

Audit should:
1. document use of programs
2. perform tests more often during the year: to ensure the system is still working accurately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what is the difference between an entity’s risk assessment and auditor’s risk assessment?

A
  • Entity’s risk assessment concerns about managing risks that affect entity’s objectives (financial reporting, operations, and compliance)
  • Auditor’s risk assessment concerns with risk that material misstatement could occur in the financial statements
17
Q

How are an entity’s objectives and component of internal control linked together?

A
  • an entity’s objectives, which are that the entity strives to achieve
  • the components of internal control, which represent what is needed to achieve the objectives
18
Q

what is internal control relevant to?

A

internal control is relevant to an entire entity, or to any of its operating units or business functions