Audit of Internal Control Steps Flashcards
what is the first step in the audit of I/C
obtaining understanding of the entity
what is done in the understanding step
the I/C of the client must be understood sufficently enough to be able to plan examination and risk assesemen
when must the understnding me donw
early in the audit
what 4 outlined methods can be used in obtaining undertadnig
- walkthrough
- narrative
- questionaire
- flowchart
what is the most important I/C compoenent to know for the understading step
the control environment
what is the second step in assessing I/C
evaluating desgin effectiveness
what is done in hte design effectiveness evaluation step
evaluate whether statements are auditable
why must it be evaluated if statemnets are auditable, what are the 2 outcomes
I/C evalauted as weak - effectiveness issue
I/C testing evaluated as expensive - efficiency issue
what is the third step in I/C assessment
assessment of control risk
what model is used in hte control risk assessment stage
the ARM model
in the assessment of control risk, do we asses weaknesses or strenghts
strenghts, because weaknesses are just lack of contorls
what are the three conclusions that we can come to after assessing controls risk
CR is high - pure substantive
CR is low - combined (common)
CR is low - pure substantive due to cost reasons (rare)
what is the 4th step in I/C audit
identify and asses RMM
what level is RMM assesed at?
at assertion level
what is the 5th step in audit I/C controls
design the control tests
when designing the control tests, what is determiend
the level of compliance that is required in order to consider controls as working
what is the 6th step of I/C controls
conducting test of controls
how is evidence gathered for the test of controls
gathered after a population is identifued and intention to get data is made
what control testing options are there
- inspections
- obserations
- inquries
- recalculation
should the sample be during a specific time in the period or for the entire period
should span and be representative of the entire preiod
what is the 7th, and final step in I/C audit
evaluating results
what 2 results are possible
results support design of CR
results condlude there is issued with CR
what should be done if the results are in line with the preceiveed CR
use the same assessed CR and proceeed as planned in the audit
what should be done if tests consclude dufferently about CR
CR should be reconsidered
since CR is reconsidered and thus increased, what possible implications could this mean in methodoology and staffing
- more staff with expenrience
- more skepticims
- more SAAE required
- more supervision
- less predicatable procedures
if control deficiencies are severe enough, should this be passed on to management
yes, it should be relayed in the Manamgent letter
what 3 things are assessed during the assessment of control risk
- control evnrionment
- application controls
- general controls
high volume and high turnover is or isnt inherently risky?
is very risky when it comes to assest missaproproaition
any time there is a salesman, what can go wrong
salesman can collude with buyer - can giver a lower selling price for personal gain
what is the risk whenever credit is involved
credit may be granted innapropriately and not collected
is cash given on hand dangerous?
yes
