Audit and Assurance Chapter 2 Flashcards
What is meant by internal control?
The process used by a client to prevent, detect and report risks and achieve objectives regarding operations, compliance with laws and regulations, and safeguarding assets.
What is meant by a controlled environment?
is the attitude, awareness, and actions of those charged with governance and management concerning the entity’s system of internal control and its importance in the entity.
What are some examples of a good control environment?
- Directors communicate and enforce integrity and ethical values
- Human Resources policies promotes controls
What should the information system relevant to financial reporting encompass?
- Identify and record all valid transactions
- Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting
- measure the value of transactions
- determine the time in which transactions occured
- present properly the transactions and related disclosures in the financial statements
What are control actvities?
are the policies and procedures that help ensure that management directives are carried out.
A strong control environment is demonstrated by having sound control activities.
What are some examples of control activities?
- Reconciliations
- Authorisation of documents
- Controls over arithmetical accuracy
What is meant by monitoring controls?
Those activities that the entity uses to keep an eye on how well it is achieving its objectives and how the entity initiates remedial action to address deficiencies in control.
What is an internal audit?
an independent control designed to evaluate other controls in place within an organization and add value throughout.
What are some factors that influence the need for internal audit?
- The company size or complexity
- Unexpected risk events or perceived problems in internal control
- a cost vs benefits approach, would it save more money than it costs?
What are some differences between internal and external audits?
Internal: responsible to Management whereas External: responsible to shareholders.
Internal: responsible for any task required by management or directors whereas External: responsible for an opinion on truth and fairness and compliance with laws and regulations.
Internal: any activity can be undertaken, whereas External: testing via evidence gathered.
Internal: standards used are anything whereas, External: standards used are laws and regs, auditing standards, and accounting standards.
what are some examples of internal audit work?
- Special investigations, such as fraud
- Reviewing accounting and systems of control
- Risk management
What issues can affect Internal audit?
- a lack of authority among internal audit staff who are unable to challenge management
- involvement in the implementation of systems that internal audit may be ultimately asked to review.
- familiarity with staff who work at the same organisation
- a lack of independence could compromise the extent or effectiveness of any work undertaken
According to ISA 610 Using the work of internal auditors, what criteria can external audit use to decide whether internal audit can be relied upon?
- The extent to which their organisational status and relevant policies and procedures support their objectivity
- Their level of competence
- Whether they display a systematic and disciplined approach, including quality control.
What are the three commonly used methods to document the client’s accounting system?
- Narrative notes; written descriptions of the system
- Internal control checklists/questionnaires; the audit firm will have a standard list of control questions for each type of system in place. The audit staff can quickly ascertain which are in operation by the client
- Flowcharts; diagrammatic representations of the system, usually broken down into separate activities.
How do auditors confirm the accounting system?
By performing walk-through tests. This involves following one or more transactions of each type through the accounting system to confirm that the system has been documented properly.
