Assessing Control Risk under AIPCA Standards Flashcards

1
Q

Internal control consists of 5 interrelated components, what are they? COSO Cube

A

1) Control environment
2) Risk assessment
3) Information and communication systems
4) Control Activities
5) Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the control environment?

A

Policies and procedures to establish the overall control consciousness of the organization (the tone at the top)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 7 specific elements for the control environment component?

A

1) Communication/enforcement of ethical values
2) Commitment to competence
3) Participation by those charged with governance
4) Management’s philosophy and operating style
5) Organization structure
6) Assignment of authority & responsibility
7) Human resource policies and practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is risk assessment?

A

policies and procedures to identify and analyze relevant risks & prioritize them so they can be effectively managed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are control actives?

A

policies and procedures to provide reasonable assurance that managements specific objectives will be achieved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Memory aid “SCARE”- for control activities:

A
S:  Segregation of duties 
C: Controls (for physical controls) 
A: Authorization (specific authorization of transactions) 
R: Review (performance review) 
E: EDP/IT (for information processing)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is segregation of duties? What are the three components?

A

Authorization (execution)
Access (Custody)
Accounting (Record-keeping)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define: Information and Communication component of internal controls:

A

Policies and procedures to identify, capture, and exchange relevant information in a form and time frame that enables personnel to meet their responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define mentoring:

A

I/C is not a one-time activity. Policies should be looked at over time to make sure they are still effective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are risk assessment procedures that can be followed to to obtain an understanding of the entity and its environment (including internal controls)

A

Procedures:

1) Inquiries of management
2) observation and inspection of documentation
3) Analytical procedures performed in planning
4) Review of information obtained in prior periods
5) Discussion amount key audit team members about risk of material misstatements including material fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When you find a significant risk what should you do?

A

obtain an understanding of relevant controls and if the control mitigates any risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are you required to document?

A

1) Discussion among audit team members and applicable financial reporting framework. Any decisions, who participated.
2) Key elements of the understanding obtained about the entity, it’s environment, and I/C
3) Assessment of the RMM
4) Identified significant risks and related controls for which the auditor obtained an understanding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly