Assessing Control Risk under AIPCA Standards Flashcards
Internal control consists of 5 interrelated components, what are they? COSO Cube
1) Control environment
2) Risk assessment
3) Information and communication systems
4) Control Activities
5) Monitoring
What is the control environment?
Policies and procedures to establish the overall control consciousness of the organization (the tone at the top)
What are the 7 specific elements for the control environment component?
1) Communication/enforcement of ethical values
2) Commitment to competence
3) Participation by those charged with governance
4) Management’s philosophy and operating style
5) Organization structure
6) Assignment of authority & responsibility
7) Human resource policies and practices
What is risk assessment?
policies and procedures to identify and analyze relevant risks & prioritize them so they can be effectively managed
What are control actives?
policies and procedures to provide reasonable assurance that managements specific objectives will be achieved
Memory aid “SCARE”- for control activities:
S: Segregation of duties C: Controls (for physical controls) A: Authorization (specific authorization of transactions) R: Review (performance review) E: EDP/IT (for information processing)
What is segregation of duties? What are the three components?
Authorization (execution)
Access (Custody)
Accounting (Record-keeping)
Define: Information and Communication component of internal controls:
Policies and procedures to identify, capture, and exchange relevant information in a form and time frame that enables personnel to meet their responsibilities
Define mentoring:
I/C is not a one-time activity. Policies should be looked at over time to make sure they are still effective.
What are risk assessment procedures that can be followed to to obtain an understanding of the entity and its environment (including internal controls)
Procedures:
1) Inquiries of management
2) observation and inspection of documentation
3) Analytical procedures performed in planning
4) Review of information obtained in prior periods
5) Discussion amount key audit team members about risk of material misstatements including material fraud.
When you find a significant risk what should you do?
obtain an understanding of relevant controls and if the control mitigates any risk
What are you required to document?
1) Discussion among audit team members and applicable financial reporting framework. Any decisions, who participated.
2) Key elements of the understanding obtained about the entity, it’s environment, and I/C
3) Assessment of the RMM
4) Identified significant risks and related controls for which the auditor obtained an understanding