Assurance - Internal Control

Question 1

Provide the five components of internal control that are interrelated

Answer 1

The five controls that are interrelated rate
1. Control environment
2. Entity risk assessment process
3. Entity process to monitor the system of internal control
4. Information system and communication
5. Control activities
1 -3 - Indirect controls
4 -5 Direct controls

CAS 315 - a system of internal control
Key internal control - may be tested when the combined approach is taken.

Question 2

Who is responsible for incorporating internal controls? In addition, what are the objectives of internal control?

Answer 2

The responsibility is on management to design & implement internal control.
- Control system enables an entity to meet objectives, maximizing shareholder wealth

The objective of internal control:
1. Effectiveness & efficiency of operation
2. Reliability of financial reporting
3. Compliance with applicable laws and regulations

Question 3

Provide the two types of controls

Answer 3

Indirect controls - Controls that are not sufficiently precise to prevent, detect, or correct misstatement at the assertion level but support other controls and may have an indirect effect

Direct control - Are precise enough to address RMM at the assertion level.

Question 4

Explain the table used for indirect control

Answer 4

1. Control environment
   - Sets tone at the entity and reflects overall attitude, awareness, and response
   Elements: Oversight of management responsibilities
   -Control environment has an appropriate foundation
   - Control deficiencies have been identified
2. Entity risk assessment process
   - Identification analysis of management relevant risk to proportion
   Elements: Identifying business risks relevant to the objective
   - Assessing the significance of those risks
3. Monitoring control

Question 5

Provide the table for direct control

Answer 5

Direct control - information system and communication as well as control activities components are typically

Information system and communication
- Process to manage access
- Authentication
- Authorization
- Provisioning
- Deprovisioning access
- User access
- Change management process

• Need to understand entity information process activities data, information
• Accounting records, specific accounts in financial statement
• Financial reporting process user to prepare entity F/S
  -Understanding how an entity communicates significant matters that support the preparation of F/S

Question 6

What are the five types of control activities

Answer 6

P - Physical or logical control Ex. Access to warehouse key card
A - Authorization and approval. H/R must approve hiring a new employee
I - Independent verification - A/P clerk compares CEO authorization signature
R - Reconciliation Ex. Bank reconciliation prepared monthly
S - Segregation of duties - Ex. Individual open mail & prepare list cheques

Question 7

Provide the two types of control objective

Answer 7

1. Preventive control - Those designed to prevent a material misstatement
2. Detective controls - Are those designed to detect, report, and correct material misstatement

Question 8

Provide and explain the four types of direct controls

Answer 8

1. Manual controls - These are those that affect individual accounts or classes of transaction
   - Management approved individual transactions, approved time cards for employees, physical backup
2. Automated control - Computerized control - Authorization. Batch control, edit check, change control
3. Combination - These are both manual and automotive. Help to select to mitigate risk with processes
4. Information technology general control -
5. Access to the program data
6. Program change and development
7. Business Continuity
8. Computer operations

Question 9

What is needed to understand internal controls

Answer 9

1. Documenting internal control
   - All significant transaction account balances, and disclosures sufficient to assess RMM
   - All significant risks identified

Example of control that may be in place
1. Review the assumption used in the estimate
2. Use of experts for complex issues
3. Formal procedures for estimate
4. Approval of estimate by TCWG

Question 10

What is for auditors to do under CAS 315

Answer 10

Under CAS 315 - Auditors are to document the following about internal control in the audit
1. Key element of the auditor’s understanding of the entity system of internal control including the source of information
2. The evaluation of the design of the identified control, and determination of whether such control has been implemented

For the updated risk assessment process
1. Documentation is key for internal control and underlying business processes may unveil
2. There is an increased risk profile of the transaction (such as the risk of cash sales being misappropriated)

Question 11

What are the walkthrough and limitations of control

Answer 11

The walkthrough is a test that should be completed to confirm whether the auditor’s understanding of the control system is correct

Limitation of control - Human error, override, collusion, relevance, and obsolescence, cost