Audit test 1 Flashcards
Audit Market Takeaways - invisible hand
People tend to pick the optimal quality for both parties.
How are prices in an Audited Market?
Prices are more stable
Information Asymmetry market
Prices are unstable
Assurance
Governance, Risk, and control
objectivity
integrity, accountability, and independence
5 competencies
competence, independence, credibility, connectivity, communication.
competence
skills and knowledge required to provide assurance and advisory services.
independence
the ability to inspire trust based on consistent competence and integrity.
3 party relationship
assurance professional - determines the scope of the assurance initiative, sets suitable assessment of subject matter, executes engagement then communicates.
accountable party - governs and manages subject matter suitable criteria
User - uses the conclusion
Business and audit objectives
sets objectives and then the auditors test to see if what management is saying is actually true.
systematic and disciplined approach internal auditing
planning, performing, and communicating.
COSO Cube - components
control environment, risk assessment, control activities, info & communication, monitoring activities.
Where is the most activity spent as an internal auditor in the coso cube?
Monitoring activities
Coso framework - objectives
operations, reporting, compliance
best reporting structure
Having the CAE report to the audit committee directly and they report to the board of directors.
Key elements of governance structure
Governance
Risk management
Internal control
Three lines model
Governing Body
management
internal audit
3 lines model keys
governing body delegates, directs, and has oversight over man. and auditors.
Management reports to the governing body and aligns and communicates internal audit.
Audit reports to governing body and aligns and communicates with management
Audit quality
function of independence and competence
Auditors role in enterprise risk management
Auditors can give assurance, but they shouldn’t be telling a company they need to do a specific thing.
What are controls
to help prevent, detect and correct inherent risk
inherent risk
All the risks associated with the audit that can’t be changed
contol risk
the chances their control system prevents, detects and corrects the inherent risk.
detection risk
allowable MOE - how much testing will the auditors have to do.
What does high DR mean?
High detection risk means that the company’s controls are good because they have a bigger margin of error.
what does a low DR mean
lower DR means that there is a lot on residual risk left over so auditors have a lower MOE and they need to catch a lot of those errors.
Relationship between residual risk, DR, and substantive testing
Higher residual=Lower DR=Higher testing
fraud triangle
Incentive/pressure - opportunities - attitudes
Entity level controls
controls related to the control environment-controls over management override.
process level controls
reconciliations of key accounts- such as inventory counts
transaction level controls
authorizations-source documents
Segregation of duties
separating important duties to different people to minimize the chance of fraud or theft.
control deficiency
design or operation of a control that does not prevent or detect misstatements on a timely basis.
Significant deficiency
is a control deficiency or combination of control deficiencies, in internal control over financial reporting that is less severe than a material weakness
Material weakness
Report externally, audit committee, and management
significant deficiency
report to audit committee and management
Control deficiency
report to management
Opinions of internal control effectiveness
unqualified, adverse, disclaimer
unqualified opinion
the company maintained, in all material respects, effective internal control over financial reporting
Adverse
The company had not maintained effective internal control over financial reporting - at least one material weakness.
what are the 4 general controls?
logical access, program development, program change, operations
logical access
Making sure the correct person is logging in - password requirements
Program development
Implementation of ERP
Program change
making sure updates go smoothly as planned
Operations
data center, disaster recovery, etc.
1ST LINE ROLE - 3 LINES MODEL
PROVISION OF PRODUCTS/SERVICES TO CLIENTS; MANAGING RISK - WORKERS DOING REVIEWS TO ENSURE THERE WERE NO MISTAKES
2ND LINE ROLE - 3 LINES MODEL
PROVIDES COMPLEMENTARY EXPERTISE, SUPPORT, MONITORING AND CHALLENGES RELATED TO THE MANAGEMENT OF RISK
Internal control components
control, (risk, control - inside comm/info), monitoring.
Environment, (assessment, activites comm/info), monitoring.
Assurance Engagement IT Responsibilities
Include the organization’s information systems in its annual audit planning process.
Identify and assess the organization’s IT risks.
Ensure that it has sufficient IT audit expertise.
Assess IT governance, management, and technical controls.
Assign auditors with appropriate levels of IT expertise to each assurance engagement.
Use technology-based audit techniques as appropriate.
