Area 2 Assessing Risk and Developing a Planned Response Flashcards
What are the 5 components of internal controls?
CRIME
Control Activities Risk Assessment Information System Monitoring of Controls Environment of Controls
What are the commonly used computer-assisted auditing techniques?
Program code checking - the auditor reviews the client’s program documentation, including a narrative description and source code.
Parallel Simulation - processes client input data on an auditor-controlled program to test controls.
Controlled Reprocessing - the auditor maintains control over the reprocessing of previously processed results using a version of the program the auditor has tested, and compares the computer output of the original processing and reprocessing.
Integrated Testing Facility - processing of dummy records with the client’s records using the client’s program.
Input Controls Matrix - documents controls and their presence.
What are the inherent limitations of internal controls?
Competence: Human errors like mistakes or misjudgments by the company personnel.
Obsolescence: Change in the operating environment may result in existing internal control becoming obsolete, requiring a modification in internal control to suit the new operating environment.
Collusion: Though there may be segregation of duties, collusion between personnel may circumvent internal control.
Override by management: Management has the ability to override internal control.
Cost constraints: The cost of internal control should not exceed the benefits expected to be derived.
According to SOX, which service is a public accounting firm able to provide while also providing auditing services?
Tax Services
As long as there is no contingent fee.
Contingent fees are onky acceptable for requirements from legal authorities.
What is a walkthrough?
A Walk-through is following a transaction process right from the start to end to understand how the transaction is processed as it passes through various steps until it is finally reported on financial statements.
Inquiry of management, internal auditors, Those Charged with Governance, other employees within the entity.
Observation of control procedures
Inspection of relevant documents
Re-performance of controls.
Statement on Auditing Standards vs Statements on Standards for Attestation Engagements
SAS - Provide rules for audits and reviews of financial statements
SSAE - Provide guidance on inquiries regarding Management’s Assertions and SPECIFIC items.
The Statements on Auditing Standards provide guidance for audits of Financial Statements and reviews of interim Financial Statements
The Statements on Standards for Attestation Engagements are applicable to engagements to issue an assertion about subject matter that is the responsibility of another party. In an attest service, the practitioner is engaged to issue a report on subject matter or on an assertion about the subject matter.
What are the two types of fraud relevant to the auditor’s consideration?
fraudulent financial reporting and misappropriation of assets
How do you obtain an understanding of internal controls?
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been implemented.
Does an auditor have to test controls in order to rely on them if they were tested in a previous audit?
If the auditor plans to rely on controls that have not changed since they were last tested, the auditor should test the controls at least once in every third audit and should test some controls during each audit.
What is test data?
In the test data approach to testing a computerized accounting system, Test data are processed with the client’s computer and the results are compared with the auditor’s predetermined results.
What are the IT Control techniques?
Control totals are an IT control technique whereby a total is computed at a given stage in the processing cycle and recomputed at a later point. The totals are then compared to ensure that no data was dropped, added, or misprocessed.
A check digit is a number that is added within a numerical entry to check its accuracy.
Process tracing data apparently refers to ‘tagging’ of data, a technique used by auditors to follow a transaction through the processing cycle.
A validity test is designed to ensure that only data meeting specific criteria are allowed.
What are the walk-through procedures used to track a transaction to understand a company’s internal controls?
Inquiry of management, internal auditors, Those Charged with Governance, other employees within the entity.
Observation of control procedures as they are performed.
Inspection of relevant documents such as control descriptions and control flow charts.
Re-performance of controls.
What are the two types of fraud?
Fraudulent financial reporting (management fraud)
Misappropriation of assets (defalcation).
What are the considerations for an auditor when is planning a sample for a test of substantive details?
When planning a particular sample for a substantive test of details, such as subsequent cash receipts, the auditor should consider (1) the relationship of the sample to the relevant audit objective; (2) preliminary judgments about materiality levels; (3) the auditor’s allowable risk of incorrect acceptance; and (4) characteristics of the population, that is, the items comprising the account balance or class of transactions of interest.
What are the five components of internal control?
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
