Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPA AUDIT > AUD CH 3 - Internal Control > Flashcards

AUD CH 3 - Internal Control Flashcards

1
Q

Steps in an Audit

A
  1. Prepare for the audit
  2. Obtain understanding the entity & environment (+ I/C)
  3. Assess RMM & Determine nature, timing, and extent of Further Procedures
  4. Performed test of controls
  5. Perform substantive procedures
  6. Formulate an opinion
  7. Issue audit report
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrated audit

A

Required by PCAOB

  • Audit for both internal control over financial reporting and of the financial statements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Non-issuer Test of controls

A

Draws a conclusion from the test controls as to whether or not the controls can be Relied upon on for the entire period for which Controls were tested

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Issuer Test of controls

A

Opinion on ICFR As of a specific point in time, The date of the Financial statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why would control risk be set at Maximum (100%)?

A
  1. Internal controls are not sufficiently reliable

OR

  1. Cost of testing controls Exceeds the potential benefit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When is internal control considered ineffective?

A

If one or more material weaknesses exist (may Exist when the F/S are NOT Materially Misstated)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of controls are more relevant to the financial statement Assertions?

A

Controls designed to produce accurate records And safeguarding Of assets

(*Controls for Adherence to laws and regulations & Promote efficiency are NOT relevant)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ACE

A

COSO Internal Control objectives

A – Accurate & Reliable Financial reporting (primary concern)

C - Compliance with laws and regulations (compliance auditing)

E - Effectiveness and efficiency of operations (operational auditing)

*we want reasonable assurance for these objectives that mgmt is responsible for (DIM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CRIME

A

COSO Integrated Framework – Internal Control (5 Components)

C - Control activities (PIPS – ARCC)

R – Risk Assessment (external/internal factors)

I – Information & Communication

M – Monitoring

E - Control environment (CHOPPER)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CHOPPER

A

Control Environment (internal control)

C - Commitment to competence

H - Human resource policies/practices

O - Organizational structure

P - Participation of governance

P - Philosophy of management & Operating style

E - Ethical values & Integrity

R - Responsibility assignment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PIPS

A

Control activities

P - Performance reviews

I - Information processing (General vs Application Controls)

P - Physical controls

S – Segregation of Duties (ARCC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ARCC

A

Part of PIPS (Control Activities – Segregation of Duties)

A – Authorization

R – Recording (Posting)

C - Custody of assets

C – Comparisons (Bank reconciliation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

UpDATeD

A

Steps to obtain understanding of internal control

  1. Up - Understand the DESIGN of CRIME (form) (perform Risk Assessment Procedures – AIIO)
  2. D - Document understanding (FIND) (form)
  3. Assess RMM (CR) (form)
  4. Test of controls (substance)
  5. e – Reassess RMM to det. CR
  6. D – Document Conclusions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AIIO

A

Risk assessment procedures

A - Analytical procedures

I – Inquiries (internal)

I – Inspections (docs)

O – Observation (Application of internal control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the goals of risk assessment procedures?

A

To Identify those controls that might reduce (implemented? only) RMM (not evaluating)

  1. Identify potential misstatements
  2. Consider factors that affect the RMM
  3. Design TOC and SUB Procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What techniques are available for the Auditor to gain information about the client’s Internal control?

A

PIIO

P - Prior audits

I – Inquiry (Internal)

I – Inspection (auth forms/Procedure Manuals)

O – Observation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

PIIO

A

Techniques available for the Auditor to gain information About the clients internal control Structure

P - Prior audits

I – Inquiry (Internal) (FORM)

I – Inspection (auth forms/Procedure Manuals) (FORM)

O – Observation (substance - ARCC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the requirement for documenting the understanding of internal control?

A

Must document:

  • key elements of the understanding (entity & enviro)
  • five components I/C (CRIME)
  • Sources of information
  • Risk assessment seekers performed

(form is Influenced by the size and complexity of the entity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

FIND

A

Techniques that are commonly used for documenting the Auditor’s Understanding of internal control structure (step 2)

F – Flowchart

I - Internal control Questionnaire (ICQ) (yes = strength, no = weakness)

N – Narrative or memorandum

D - Decision table/Tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Substantive Approach

A

No reliance on internal control

  • RMM assessed high
  • Controls appear Inadequate / Ineffective / Week
  • sub. Testing Is Cost-effective (Test of controls cost > benefit)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Combined approach

A

Reliance on internal control

  • RMM assess low
  • Controls appear effective
  • Expectation of operating effectiveness of controls
  • Test of controls Cost effective
  • sub testing ALONE doesn’t Provide enough sufficient audit evidence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How do you test substance of internal controls?

A

Test of controls

Which test the effectiveness of the design and operation of a control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the four procedures for testing controls?

A

Testing cycles for ARCC by doing RIIO

R – Re-performance

I – Inquiry

I – Inspection (documents)

O – Observation (MOST EFFECTIVE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

It controls have not changed since they were last tested, How often should the Auditor test the operating Effectiveness?

A

At least once every three years But the Auditor must determine there was no change through the performance of risk assessment procedures (AIIO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
During a test of controls what must the Auditor consider?
- How the control Was applied - Consistency of application - The individual Applied it
26
If the Auditor chooses not to rely on a control, How does that affect PCAOB and AICPA companies?
ISSUERS/PCAOB - Must still do tests of controls To evaluate internal control structure NON ISSUERS/AICPA - Substantive Testing ONLY
27
Test of controls is concerned with what type of Sampling?
Attribute Sampling -Frequency or Percentages (That it happened) \* $$ Does not matter (substantive testing will determine if AMOUNT is material – variable sampling)
28
What is The purpose for reassessing RMM?
- Must be done after test of controls To det. detection risk (Go back and verify your "Reliance on I/C" variable) - If control operates as expected, no change to scope sub. Testing scope - If Control does not operate as expected, scope of sub procedures Will increase (Decreasing DR)
29
What does detection risk tell you?
How much Substantive testing to do (inverse relationship) - Adjust audit program for substantive tests
30
What does the auditor need to document At the end of understanding internal Control structure?
- Communicate significant deficiencies and material weaknesses to management and governance - Basis for risk assessment - Assessment of the RMM at F/S level and Relevant assertion levels - Significant risks identified & Related controls Evaluated - Risks identified that require TOC To obtain Sufficient audit evidence
31
COCCO
Inherent limitations of internal control C – Collision O - Overriding by management (required to test in every audit) C – Cost C – Competence O – Obsolescence (change in Operations or Size)
32
The functions of control in regards to RMM?
- Preventing before misstatement occurs (most effective) - Detecting & Correcting after Misstatement occurs (less Expensive to implement, But could detect Too late)
33
What does the revenue cycle consists of?
Sales, Billings, and collections (Sales revenue / Accounts receivable / Cash receipts)
34
Bill of lading
Shipping document that signed by the carrier accepting goods from the shipping clerk
35
U-PERCV
Managements Financial statement assertions U – Understandability & Classification P – Presentation & Disclosure E – Existence or Occurrence (Vouching) R – Rights & Obligations C – Completeness (tracing) & Cutoff V – Valuation, Allocation, & Accuracy
36
Segregation of duties In the revenue cycle for authorization
Segregate Authorizing sales on Account & Authorizing credits to AR (discounts, returns, alllowances, write offs) \*neither should have access to cash
37
What does the spending cycle Consists of?
- Purchases / AP / Cash disbursements (Ordering, Receiving, and Paying)
38
Tracing
Source to book (complete transaction)
39
Vouching
Book to source (Existence/Occurrence)
40
Which department should have The quantity Blocked out on the P.O.?
Receiving department - Verify everything supposed to get
41
Common Auditing procedures for Spending cycle
PRAISE P – Physical Controls R – Recording A – Authorization I - Independent checks (Inventory counts) S – Segregation of Duties (inquiry & Observation) E – Evaluate Performance
42
Individuals with authority to approve vouchers for payment Should not have ? (Spending Cycle)
Access to unused Purchase Orders
43
What are the different departments n the personnel cycle?
1. Personnel (H/R) – Authorization (hire, fire, pay rates) 2. Payroll – recording (calculate pay) 3. Treasurer – Custody (sign/distribute checks & cash) 4. Controller – Comparison (bank rec.)
44
How does a service organization's Auditor report assist the user auditor? (payroll outsourcing)
- the audit report Will assist in gaining understanding of the internalControl structure (design) - Report is not considered a basis for determining the effectiveness (substance) - NO DIVISION OF RESPONSIBILITY & NO REFERENCE
45
What does the investing and financing Cycle consists of?
- Transactions involving acquisition and disposal of assets other than inventory - Transactions with creditors and shareholders
46
What would the Auditor do if there Very few transactions in investing and financing Cycle?
Test of Transactions - Most efficient to ignore the internal control structure - Assess RMM HIGH - Reduce Detection risk by performing excessive substantive test
47
What was the Auditor do if A large number of transactions occurred investing and financing cycle?
Test of balance - Most efficient To rely on the Internal Control structure (TOC) - Testing controls to determine the effectiveness - Assess RMM LOW - Accept higher DR by Performing only limited sub tests
48
What are Derivatives required to be reported at?
Fair value (Sub Procedures) FV Hedge (I/S) CF Hedge (IOC)
49
What does the PP&E cycle consists of?
Acquisitions, Disposals, and Depreciation expense - Existence (vouching) - Completeness (tracing)
50
What are some of the objectives PP&E?
- Verify EXISTENCE (by vouching) from records to physical assets (ID Unrecorded DISPOSALS) - Verify COMPLETENESS (by tracing) from physical assets to records (ID Unrecorded ACQUISITIONS)
51
What does the production and conversion cycle deal with?
Manufacturing operations (Similar to purchasing and spending cycle with mfg goods) - difficulty with RM to WIP to Fin Goods
52
What are the steps to prepare ICQ/Narrative?
USE PRAISE (2 yes/no questions for each letter) 1. What cycle are you in? 2. Key Controls (ARCCS) 3. For Each document - PPN? (Preprinted, pre-numbered, Numerical sequence) - Information on the document? - Send copies to whom?
53
For Issuers and Non-Issuers, When does a opinion on Internal control apply?
Issuers – all PCAOB audits ('audited' specific date) Non-Issuers – Attestation Engagement ('examined' specific date OR period of time) \*F/S Audits for Non-Issuers (disclaimer of opinion on I/C) (GAAS)
54
Under Attestation standards, what may the auditor of non-issuers report on in regards to internal control?
- Effectiveness of the entities internal control OR - Management assertion regarding the effectiveness of internal Control
55
Under PCAOB, What may the auditor of issuers report on in Regards to internal control?
Management assertion regarding the effectiveness of ICFR (on a specific date)
56
Under GAAS, What is the auditor Required to communicate In regards to the non-issuers internal control?
- significant Deficiencies and Material Weaknesses in Internal control (SD required for Report to be Issued) - Purpose: F/S audit, not assurance on I/C Effectiveness - Indicating No opinion (disclaimer) - Consideration of Internal control was NOT Designed to ID ALL SD & MW - Definition of MW & SD - ID which matters are MW and which are SD (ALL MATTERS including previously ID/not corrected) - LTD USE statement \* No later than 60 days after the report Release Date
57
Control deficiency
When the DESIGN and OPERATION of a control does not allow management or employees (in normal course of performing assigned functions) to prevent, or detect and correct misstatements, on a timely basis
58
Deficiency in design
1. Not put into place OR 2. put in place But not designed to mitigate the risk it was intended to address
59
Deficiencies in operation
Well-designed control is not operating OR Individual lacks Authority or ability to perform Control effectively
60
Material weakness
Reasonable possibility of Material misstatement Will Not be prevented, detected, and corrected on timely basis
61
Significant deficiency
Less severe than it's here we can see important enough to their attention by governance
62
What are the factors an Auditor will consider When evaluating a control deficiency?
Probability – Remote, Reasonably possible, Probable & Magnitude – Immaterial & Material \*use Auditor's Judgment (consider If others Draw the same Conclusion)
63
What is a remote and immaterial control Deficiency?
Neither a significant deficiency Nor Material weakness
64
What is Material and Probable control deficiency?
Material weakness
65
What are indications of material weaknesses?
- Ineffective oversight by governance - Restatements due to Material misstatements due to Error or fraud - Material Misstatements Identified by the Auditor (Would not be detected by I/C) - Fraud by senior management (immaterial and material)
66
What is a separate attestation Engagement to examine Internal control?
An examination of ICFR That is integrated with the F/S Audit for Non-Issuers (Same measure of materiality) AICPA
67
When would test of controls not be performed On a control Deficiency? (Attestation Integrated FS Audit/Examination of I/C)
- When the deficiency would not cause a Material misstatement To be More than REMOTE - Auditor is not required search for internal control Deficiencies That are not Material weaknesses
68
Top down approach
use in F/S Audit & I/C Examination (attestation engagement AICPA) 1. Assess Risk at the financial statements ( understanding, Control Enviro, & period-end Fin Reporting process) 2. Assess risk at the significant accounts/disclosures & relevant assertions (greater than remote, walkthrough (RIIO)) 3. Test effectiveness of design and operation Of controls (evidence for evaluation) 4. Evaluate deficiencies (Magnitude and probability) 5. Opinion on ICFR & Evaluate management's report
69
Report on Internal control (attestation engagement – AICPA)
\*INDEPENDENT in title 1. Intro paragraph - "examined ICFR", mgmt responsibility maint/assertion in mgmt report, Auditor Responsibility 2. Scope paragraph – accordance with AT by AICPA, reas. Assurance, design/operating eff., "we believe" 3. Definition Paragraph – ICFR 4. Inherent limitations Paragraph – may not p,d,&c // projections of any eval 5. Opinion Paragraph 6. Audit of financial statements Paragraph - "audited in GAAS", F/S, dates (same) \* Auditor Signature and date of report (city/state NOT required for AICPA) \*VERY SIMILAR TO PCAOB I/C AUDIT REPORT (if separate reports for F/S & I/C)
70
PCAOB Integrated audit
AUDIT of Internal control & audit of Financial statements (not "examination" of I/C... that is for AICPA attestation engagement for IC)
71
Difference between audit/examination of Internal Control in PCAOB & AICPA?
PCAOB audit is REQUIRED (F/S date audit) - communicate in writing MW & SD PRIOR to report issuance (others in timely manner to mgmt) AICPA (non-issuer) is required ONLY IF the auditor is engaged to examine the Internal Control (otherwise F/S would be GAAS alone) - specific date or period of time
72
GAAS vs PCAOB AS#5 Significant deficiencies and Material weaknesses definition (difference)
- GAAS: includes "to prevent, or detect AND CORRECT misstatements" - PCAOB: includes "to prevent or detect misstatements"
73
Differences between AICPA & PCAOB audit report on Internal Control?
- definitions of internal control (AS has provided one, AICPA COSO) - AS#5 PCAOB includes city & state from which report issued after the signature (not required for AICPA AT) - AICPA "examined" & PCAOB "audited"
74
Under PCAOB, what are the standards for being engaged to report on a previously reported internal control weakness that continues to exist (AS#4)?
1. Planning the engagement 2. Understanding of ICFR 3. Testing & Evaluating whether Material Weakness Continues to exist 4. Opinion on whether previously reported material weakness continues to exist
75
Auditing Standard No. 2 was issued pursuant to Section 404(b) of the Act. What is the subject matter of this standard?
An audit of internal control over financial reporting performed in conjunction with an audit of financial statements. (PCAOB)

CPA AUDIT (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions