Aud Deck 3-Internal Control Concepts and Standards Flashcards
The auditor obtains an understanding of internal control and the flow of documents related to the entity’s transactions primarily through-
1) Inquiry of appropriate personnel
2) Observation of client activities
3) Review of documentation-The auditor reviews relevant documentation, including the client’s accounting manuals, prior-year’s audit documentation (working papers), etc.
Transaction cycle-
Defined to be a group of essentially homogeneous transactions, that is, transactions of the same type.
Flow charts of transaction cycles-
A graphical depiction of the client’s accounting systems for major categories of transactions with emphasis on the origination, processing, and distribution of important underlying accounting documents.
Internal Control Questionnaires (ICQs)-
Questionnaires consisting of a listing of questions about client’s control procedures and activities; a “no” answer is usually designed to indicate a control weakness.
Narrative write-ups-
A written memo describing the important control-related activities in the transaction cycles under consideration.
To obtain reasonable assurance, which is a high, but not absolute, level of assurance, the auditor-focuses on the auditor’s requirements related to:
1) Risk Assessment procedures
2) Understanding the entity and its environment, including its internal control
3) Assessing the risks of material misstatement
4) Documentation
Risk Assessment Procedures-
A)Inquiries of management and others B)Observation and inspection C)Analytical Procedures D)Review Information E)Discussion among audit team members
Understanding the entity and its environment-including internal control-
1) Industry, regulatory, & other external factors
2) Nature of the entity
3) Objectives and strategies
4) Measurement & review of the entity’s financial performance
5) Obtain a sufficient understanding of internal control
Internal Control-
A process-effected by those charged with governance, management, and other personnel-that is designed to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.
Internal Control consists of 5 interrelated components-
1) Control Environment-The policies & procedures that determine the overall consciousness of the entity sometimes called ‘the tone at the top.”
2) Risk Assessment-The policies & procedures involving the identification, prioritization, & analysis of relevant risks as a basis for managing those risks.
3) Information & Communication Systems-The policies & procedures related to the identification, capture, & exchange of information in a form & time frame that enable people to carry out their responsibilities.
Internal control consists of 5 interrelated components continued-
4) Control Activities-The policies & procedures that help ensure that management directives are carried out especially those related to: a)authorization b)Segregation of duties c)Performance Reviews d)Information Processing e) Physical controls
5) Monitoring-The policies & procedures involving the ongoing assessment of the quality of internal control effectiveness over time.
Assessing the Risk of Material Misstatement-
1) Auditor’s Responsibility
2) Internal Control Considerations
3) Significant risks
4) Risks for which substantive procedures alone do not provide sufficient appropriate audit evidence.
5) Revision of risk assessment
Control deficiency-
When the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
