AUD-Lesson 3_GRADUAL_Internal Control Continued

Question 1

What is AU-C 315?

Answer 1

Understanding the Entity and Its Environment and Assessing Risks of Material Misstatements

Question 2

What is the name for entities that do not report to the SEC?

What is the name for entities that DO report to the SEC?

Answer 2

Nonissuers (do not report)

Issuers (Report)

Question 3

What is an integrated audit as it required of issuers per Sarbanes Oxley?

Answer 3

It requires an opinion on internal control over finanicial reporting (ICFR)

Question 4

What tests are performed if it is found that Internal Controls are 100% ineffective?

Answer 4

Substantive testsed are performed on Control Risk set at maximum

Question 5

What is the neumonic for what assurance that is needed from internal controls?

Answer 5

ACE

Accurate and Reliable Financial Reporting

Compliance with laws and regulations

Effectiveness and efficiency of operations

Question 6

What are the segregation of duties?

Answer 6

ARCC

Authorization of transactions

Recording (posting) of transactions

Custody of assets

Comparisons (Compare what got recorded actually got deposited)

Question 7

What are the control activities?

Answer 7

PIPS

Performance Reviews

Information Processing

Physical Controls

Segregation of Duties

Question 8

What is the control environment?

Answer 8

CHOPPER

Commitment to compentence

HR policies and practices

Org Structure

Participation of those charged w/ governance

Philosophy of management and Mgt operating style

Ethical values and Integrity

Responsibility assignment

Question 9

What are the five components of internal control?

Answer 9

CRIME

Control Environment

Risk Assessment

Control Activities

Information and Communication

Monitoring

Question 10

What are the parts of Risk Assessment (R) in the components of internal control?

Answer 10

Some items are

Changes in operating environment
New personnel
New or revamped information systems
Rapid growth

Question 11

What are the parts of Information and Communication in the components of internal control?

Answer 11

Uses relevent information
Communicates internally
Communicates externally

Question 12

What are the parts of Monitoring (M) in the components of internal control?

Answer 12

Management conducts ongoing and/or seperate evaluations of controls
Management evaluates and communicates deficiencies

Question 13

What are the steps to understanding internal controls?

Answer 13

1. Obtain understanding the design of internal controls (perform risk assessment procedures - CRIME)
2. Document Understanding of Internal Control
3. Assess Risk of RMM
4. Perform Tests of Controls
5. Reassess RMM
6. Document Conclusions

Question 14

What is an ICQ?

Answer 14

It is an internal control questionnaire that consists of yes/no questions. Is part of documenting understanding of internal control
Yes is a strength, no is a weakeness

Question 15

What is a substantive approach audit?

Answer 15

An audit in which control risk is set at a maximum due to insufficient internal controls where there is extensive substantive testing

Question 16

What is a combined approach, or intergrated audit?

Answer 16

An audit in which control risk is not set to maximum since internal controls are operating. Thus the audit consists of a test of controls and substantive testing

Question 17

How do you test controls (Tests of ARCC)

Answer 17

RIO

Reperformance

Inspection

Inquiry

Observation

Question 18

What are the inherent limitations of controls?

Can still happen if internal controls are strong

Answer 18

COCO

Collusion

Override by management

Competence/Human error

Obsolescence

Question 19

What is tracing and vouching?

Answer 19

Tracing: Goes from source to books and records
Vouching: Goes from books back to the source

Question 20

What types of questions doe the Internal Control Questionnaire (ICQ) cover?

Answer 20

PRAISE

Physical Controls

Recording

Authorization

Independent Checks

Segregation of Duties

Evaluate Performance

Question 21

What is covered by AS #5?

Answer 21

Material weaknesses and signficant deficiencies must be communicated in writing to audit committee prior to issuance of auditor’s report

Question 22

What is covered by SOX Rule 404A?

Answer 22

Requires annual report to include a report for establishing and maintaining an adequate internal control and management’s assessment of internal control effectiveness

Question 23

What is covered by SOX Rule 404B?

Answer 23

Requires auditor to attest to and report on management’s assessment of internal control