AUD-Lesson 3_GRADUAL_Internal Control Continued Flashcards
What is AU-C 315?
Understanding the Entity and Its Environment and Assessing Risks of Material Misstatements
What is the name for entities that do not report to the SEC?
What is the name for entities that DO report to the SEC?
Nonissuers (do not report)
Issuers (Report)
What is an integrated audit as it required of issuers per Sarbanes Oxley?
It requires an opinion on internal control over finanicial reporting (ICFR)
What tests are performed if it is found that Internal Controls are 100% ineffective?
Substantive testsed are performed on Control Risk set at maximum
What is the neumonic for what assurance that is needed from internal controls?
ACE
Accurate and Reliable Financial Reporting
Compliance with laws and regulations
Effectiveness and efficiency of operations
What are the segregation of duties?
ARCC
Authorization of transactions
Recording (posting) of transactions
Custody of assets
Comparisons (Compare what got recorded actually got deposited)
What are the control activities?
PIPS
Performance Reviews
Information Processing
Physical Controls
Segregation of Duties
What is the control environment?
CHOPPER
Commitment to compentence
HR policies and practices
Org Structure
Participation of those charged w/ governance
Philosophy of management and Mgt operating style
Ethical values and Integrity
Responsibility assignment
What are the five components of internal control?
CRIME
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
What are the parts of Risk Assessment (R) in the components of internal control?
Some items are
Changes in operating environment
New personnel
New or revamped information systems
Rapid growth
What are the parts of Information and Communication in the components of internal control?
Uses relevent information
Communicates internally
Communicates externally
What are the parts of Monitoring (M) in the components of internal control?
Management conducts ongoing and/or seperate evaluations of controls
Management evaluates and communicates deficiencies
What are the steps to understanding internal controls?
- Obtain understanding the design of internal controls (perform risk assessment procedures - CRIME)
- Document Understanding of Internal Control
- Assess Risk of RMM
- Perform Tests of Controls
- Reassess RMM
- Document Conclusions
What is an ICQ?
It is an internal control questionnaire that consists of yes/no questions. Is part of documenting understanding of internal control
Yes is a strength, no is a weakeness
What is a substantive approach audit?
An audit in which control risk is set at a maximum due to insufficient internal controls where there is extensive substantive testing
What is a combined approach, or intergrated audit?
An audit in which control risk is not set to maximum since internal controls are operating. Thus the audit consists of a test of controls and substantive testing
How do you test controls (Tests of ARCC)
RIO
Reperformance
Inspection
Inquiry
Observation
What are the inherent limitations of controls?
Can still happen if internal controls are strong
COCO
Collusion
Override by management
Competence/Human error
Obsolescence
What is tracing and vouching?
Tracing: Goes from source to books and records
Vouching: Goes from books back to the source
What types of questions doe the Internal Control Questionnaire (ICQ) cover?
PRAISE
Physical Controls
Recording
Authorization
Independent Checks
Segregation of Duties
Evaluate Performance
What is covered by AS #5?
Material weaknesses and signficant deficiencies must be communicated in writing to audit committee prior to issuance of auditor’s report
What is covered by SOX Rule 404A?
Requires annual report to include a report for establishing and maintaining an adequate internal control and management’s assessment of internal control effectiveness
What is covered by SOX Rule 404B?
Requires auditor to attest to and report on management’s assessment of internal control
