Audit & Internal Control Flashcards
5 elements of internal control:
- Control Activities
- Risk assessment
- The Control Environment
- Information and Communication
- Monitoring
What are control activities?
Procedures and policies that governance put in place to help them achieve the objective of the company and minimise risk to an acceptable level.
What does risk assessment involve?
Identify, analyse impact and mitigate risks to an acceptable level.
What is the control environment?
Is the set of standards, processes, and structures that establish the tone for an organization and how it conducts its business
Why is the control environment the most important internal control?
It’s foundational to every other internal control component as it reflects the organization’s values, including its ethical & behavioral standards
Example of control environment:
Commitment to ethical values & board and audit committee oversight.
What does information and communication mean?
Relevant information should be identified, captured and communicated to employees to help them discharge their assigned responsibilities.
What is monitoring?
The constant assessment of internal controls e.g. internal auditing.
Objective of internal auditing:
Provide independent services designed to add value and improve organisation’s operations.
What does internal auditing evaluate?
The adequacy of governance, effectiveness of internal controls to protect assets and enhance value, quality of performance in terms of resource efficiency (all to mitigate risks)
How do auditing and governance problems relate?
Auditing started because of governance problems caused by agency problems (self-interest).
What is governance?
The exercise of economic and administrative authority to manage an entity’s affairs and resources with an objective in mind.
Overall objective of the auditor:
“ …to obtain reasonable assurance about whether the financial report as a whole is free from material misstatement, whether due to fraud or error…” (ISA 200)
What is the agency problem?
Managers may have incentives which influence the truth and fairness of financial reports.
What is the nature of an audit?
To review and assess whether an entity’s financial reports are accurately stated and compliant with all regulations and reporting frameworks.
What are the 3 levels of audit assurance?
- Reasonable assurance
- Limited assurance
- No assurance
How do internal auditors achieve their objective?
- Review whether information has been recorded correctly.
- Review whether systems and employee conduct comply with regulations
- Assess risks
- Review efficiency of resources
What is a material misstatement?
A significant error.
External auditors review internal auditors based on:
Organisational status and scope of internal auditing
3 categories of operational auditing
- Risk-based auditing
- Value-for-money approach
- Process audit (value & non-value adding activities)
What is an assurance engagement?
An engagement in which an external auditor makes a conclusion to enhance the degree of confidence of shareholders and other stakeholders about the evaluation financial reports against legal requirements and regulations.
What are the 6 different assurance services?
- Financial report audit
- Compliance audit
- Performance audit
- Comprehensive audit
- Internal audit
- CSR assurance
What is a financial report audit?
A review on whether whether the report is prepared in accordance with financial reporting frameworks.
What is a compliance audit?
Involves gathering evidence to ascertain whether rules, policies, procedures, laws and regulations have been followed e.g. tax audit.
What is a performance audit?
Refers to the economy, efficiency and effectiveness of an organisation’s activities.
Information in financial statements should be:
- Relevant
- Reliable
- Comparable
- Understandable
- True and fair
What are auditor’s responsibilities relating to the audit?
- Professional skepticism
- Professional judgment
- Due care
What is the information hypothesis?
The idea that auditing reduces information risk which comes from inaccurate financial statements.
What is the agency theory?
Due to the remoteness of the owners from the entity, the owners have an incentive to hire an auditor to assess information provided by management.
What are the reasons users demand audit services?
- Remoteness: users do not have access to information themselves.
- Complexity
- Competing incentives
- Reliability