Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Auditing > Auditing Exam 3 > Flashcards

Auditing Exam 3 Flashcards

1
Q

What is Professional Skepticism?

A

A state of mind that is characterized by appropriate questioning and critical assessment of audit evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What applies professional skepticism?

A

Professional Judgement is often needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Professional Judgement?

A

Making informed decisions regarding obtaining auditing evidence and reaching conclusions based on this evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What makes professional judgement important?

A

Evaluating the reasonableness of various management estimates used in preparing financial statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Skepticism?

A

Appropriate questioning and critical assessment of evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Judgement?

A

Application of training, knowledge, and experience in making informed decisions during audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What prevents auditors from exercising good professional judgment in order to be professional skeptical?

A

Biases and Heuristics
External Factors/ Pressures
Not utilizing good judgement process/framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Biases?

A

Systematic errors in judgement resulting from use of heuristics and/ or the influence of external factors
-> Can be conscious or sub-conscious

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Heuristics?

A

Are mental shortcuts that make the judgement process more efficient and less cognitively demanding
-> Individuals make mental shortcuts every day
-> Mental shortcuts are not inherently bad
-> But can lead to biased judgement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What causes conscious bias?

A

Due to influences of some sort of self-interest. Judgement is biased because individual “wants” to reach a particular conclusion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What causes Sub-conscious?

A

Can be due to mental shortcuts. Heuristics, which individuals take when making judgements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Availability?

A

-> Using easily retrievable information (first thing to mind)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the risk with the heuristics?

A

Giving greater weight to easily retrievable information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Representativeness

A

Determining that an item belongs to a population based on the extent that the item shares representative properties of the population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Anchoring and Adjustment?

A

Occurs when making a judgement, you begin at a particular starting point and then adjust from the starting point based on the available information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Halo Effect

A

Auditor’s judgements about specific attributes of management can be influenced by their overall assessment of the organization.
-> If an auditor has an overall positive view of an organization, the halo effect could lead to under assessments, regarding the existence of accounting errors, and thus, ineffective audits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Confirmation Bias?

A

Auditors often subconsciously search for and overweight evidence that is consistent with their expectations.
->A client’s inventory has significantly increased
-> The client has not had a misstatement in several years.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Self-serving Biases affecting Auditors?

A

Auditor judgement can be biased in a manner consistent with their self-interest. Typically, this means that the auditor will be more likely to judge client- preferred accounting methods as appropriate for several reasons
-> Does not want to upset management due to long-term friendships
->Identify problems could lead to working longer hours and potential budget overruns
->Substantial estimation in financial statements creates substantial room for rationalization and bias.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Overconfidence?

A

Unwarranted confidence in one’s ability to make a decision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Strategies for Specific Heuristics/Biases

A

Availability-> Consider why something comes to mind, consider alternative explanations
Confirmation-> Consider alternative explanations, Consider disconfirming evidence
Anchoring-> Develop an independent judgement without an anchor, Consider alternative anchors, Consult with others without giving them an anchor
Overconfidence-> Challenges reasons for confidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Why do accountants not always exercise good Professional judgement?

A

Heuristics and Biases
External Factors/ Pressures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

External Factors

A

Client Demands-> Avoid delivering “Bad News”, Deadlines, Fees
Regulatory Expectations-> Accounting Regulators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Professional Judgement Framework?

A

Training-> Awareness of heuristics and biases
Decision Support Tools-> Judgement frameworks and those tailored to specific accounting judgements
-> Group decision making and consultation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Applying Professional Skepticism

A

->Recognize the biases and heuristics that you bring to your decision making
-> Inquiry alone is never enough. The auditor must obtain sufficient corroborative evidence
-> Unusual financial trends need investigation
->Documents need to checked for authenticity or possible alteration.
-> Ask questions, get answers, then verify the answers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Fraud

A

The act of knowingly making material misrepresentations of fact with the intent of inducing someone to believe the falsehood and act upon it and, thus, suffer a loss or damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Fraud and Auditor Responsibility

A

Auditors are responsible detecting material misstatements either caused by error or fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Fraud Risk Factors

A

Fraud risk factors are events or conditions that indicate
->Incentive or pressure to perpetrate fraud
-> Provide an opportunity to commit fraud
->Rationalizations or attitudes to justify fraudulent actions
Based on the relevance and pervasiveness of the fraud risk factors will determine if there an identified fraud risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Fraud Risk

A

Special case of risk of material misstatement related to those situations where management intended to mislead the marketplace by issuing fraudulent financial statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Types of Fraud that can cause misstatements?

A

Misappropriation of assets upon an entity
Fraudulent financial reporting by an entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Misappropriation of Assets

A

Intentional theft of funds or other property from an employer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Embezzlement

A

Is a type of fraud involving employees or nonemployees wrongfully misappropriating funds or property entrusted to their care, custody and control, often accompanied by false accounting entries and other forms of deceptions and cover-up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Larceny

A

Is simple theft. For example, an employee misappropriates an employer’s funds or property that has not been entrusted to the custody of the employee.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Defalcation

A

Is another name for employee fraud, embezzlement, and larceny
-> Fraud upon the entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Examples of Misappropriation of Assets

A

-> Using a company credit card for personal use
-> Employees remaining on the payroll after ceasing employment
-> Unauthorized discounts or refunds to customers
-> Theft of inventory by employees or others
-> Using a company car for unauthorized personal use
-> Writing checks to fictitious vendors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Fraudulent Financial Reporting

A

Intentional misstatements or omissions of amounts or disclosures intended to deceive financial statement users
Often referred to a “Management Fraud”
Fraud committed by management that injures investors and creditors through materially misstated financial information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Examples of Fraudulent Financial Reporting

A

-> Improper Asset Valuations
-> Unrecorded Liabilities
-> Timing Differences such as brining forward the recognition of revenues and delaying the recognition of expenses
-> Recording fictitious sales
-> Capitalizing items that should be expensed
-> Inappropriate application of accounting principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Fraud Risk Factors

A

-> Incentive or pressure to perpetrate fraud
-> Provide an opportunity to commit fraud
-> Rationalizations or attitudes to justify a fraudulent action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Motive

A

Fraud context, is some kind of pressure a person experiences and believes to be unshareable with friends and confidants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Types of Motives

A

-> Actual or perceived need for money (Economic Motive)
-> Habitual Criminal” who steals for the sake of stealing (Psychotic Motive)
-> Committing fraud for personal prestige (Egocentric motive)
-> Cause is morally superior, justified in making others victims (Ideological motive)
-> The perceived need to support or protect an individual or organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Incentive or Pressure to Commit Fraud

A

-> Management or other employees have an incentive or are under pressure which provides a reason to commit fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Fraud Risk Factors Entry-Specific

A

-> Pressure to meet market expectations and profit targets
-> A significant proportion of remuneration tied to earnings.
-> Pressure to meet debt covenants
-> A significant decline in demand for the client’s products or services
-> Falling profits or ongoing losses
-> A threat of bankruptcy or takeover
-> Planning to raise debt or renegotiate a loan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Opportunity

A

An opportunity is an open door for solving the unshareable problem by violating a trust
->Weak internal controls
-> Circumvention of internal controls
-> The greater the position, the greater the trust and exposure to unprotected assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Opportunity Circumstances

A

-> The absence of controls
-> Ineffective Controls
-> Ability of Management to Override Controls
-> Provide an Opportunity for a fraud to be perpetrated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Fraud Risk Factors related to Opportunity Condition

A

-> Ineffective system of internal control
-> A nonexistent or ineffective whistleblower system
-> A high turnover of staff with accounting or internal control responsibilities
-> Related-party transactions
-> Complex transactions to require estimates and judgement
-> A high volume of transactions close to year-end
-> Significant adjusting entries and reversals after year-end.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Segregation Duties

A

The same individual in an entity should not perform the following tasks
-> Authorizing Transactions
-> Recording Transactions
-> Maintaining custody of assets associated with a transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Rationalization and Attitude

A

When people do things that are contrary to their personal beliefs, outside their normal behavior, they provide an argument to make the action seem like it is in line with their moral and ethical beliefs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Rationalization to Justify a Fraud

A

Those involved are able to rationalize committing a fraudulent act or possess and attitude, character, or set of ethical values that allow them to knowingly and intentionally commit a dishonest act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Attitudes and Rationalizations Fraud Risks

A

-> Management attempts to justify marginal or inappropriate accounting on the basis or materiality, on a recurring basis.
-> Rationalization that other companies make the same inappropriate accounting choices
-> An excessive focus on maximization of profits and / or stock price
-> A poor attitude regarding compliance with accounting regulations
-> Management and employees who do not place a high priority on the entity’s values or ethical standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Management and Auditor Fraud Responsibilities

A

The primary responsibility for the prevention and detection of fraud rests with both the entity’s management and those charged with governance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Specific Inquiries w/ Management

A

-> Knowledge of fraud, alleged fraud or suspected fraud affecting the company
-> Management’s process for identifying fraud risks
-> Controls established to address identified fraud risks
-> Inquiries should not be limited to accounting and finance personnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Specific Fraud Risks

A

A fraud risk is often presumed for the following
-> Management override of controls
-> Improper revenue recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Management Override of Controls

A

-> Conflict of Interest between Management and Auditors
-> Management always has the ability to override their system on internal control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Improper Revenue Recognition

A

Fraud schemes often involve overstating revenue through fictitious sales transactions and / or recording revenue before it has been earned.

54
Q

Communication of Fraud

A

-> Auditors must always exercise significant care because accusations of fraud are taken very seriously by audit clients.
-> Evidence that fraud may exist must be communicated to appropriate level of management, usually at least one level above the people involved.
-> Fraud by management should be reported by the board of directors.

55
Q

Purpose of Risk Assessment Procedures

A

Professional standards require the auditor to gain an understanding of the entity and its
-> Business and Environment
-> Applicable financial reporting frameworks
-> System of internal control

56
Q

Management’s Financial Reporting Responsibility

A

Management’s policies and procedures around financial reporting should result in:
-> Accounting records maintained in reasonable detail to accurately reflect transactions
-> All transactions are recorded to permit financial statements to be prepared in accordance with generally accepted accounting principles
-> Transactions executed in accordance with authorization from the entity’s management
-> Unauthorized acquisition use or disposition the entity’s assets are prevented or detected on a timely basis.

57
Q

System of Internal Control

A

Actions designed and implemented by management with oversight by those charged with governance to provide reasonable assurance regarding the achievement of reliable financial reporting.

58
Q

Achievement of Internal Control Objectives

A

Effectiveness and efficiency of operations
Compliance with applicable laws and regulations

59
Q

Limitations of Internal Control

A

Internal control provides reasonable assurance, not absolute assurance, that management’s objectives will be achieved.
-> Human Error
-> Deliberate circumvention
-> Collusion

60
Q

Auditor’s Understanding of Entity’s System

A

Risk assessment procedures require auditors to obtaining an understanding of the system of internal control, specifically over financial reporting.

61
Q

Five Interrelated components

A

-> Control Environment
-> The entity’s risk assessment process
-> The entity’s process to monitor the system of internal control
-> The information system and communication
-> Control Activities

62
Q

Entity-Level Indirect Control Components

A

-> May not address assertion-level risks of material misstatements
-> Often do not directly prevent or detect or correct misstatements.
These allow for people to understand the system of internal control.

63
Q

A Control Environment Component

A

A control environment is the set of standard, processes and structures that provide the basis for carrying out the system of internal control across an entity.
-> Sets the “tone at the top” of an organization, influencing the control consciousness of its people
-> It is the foundation for all other components
-> As a result, an auditor must obtain a detailed understanding of the control environment and document that understanding.

64
Q

CEP: Principle 1

A

The entity demonstrates a commitment to integrity and ethical values
-> Communication and enforcement of integrity and ethical value
-> Management’s philosophy and operating style: approach to taking and managing risks and attitude, and actions toward financial reporting

65
Q

CEP: Principle 2

A

The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control
-> Participation by those charged with governance
-> Board and audit committee oversight

66
Q

CEP: Principle 3

A

Management establishes with board oversight, structures, reporting lines and appropriate authorities and responsibilities in pursuit of financial reporting objectives.
-> Organization structure
-> Assignment of authority and responsibility

67
Q

CEP: Principle 4

A

The entity demonstrates a commitment to attract, develop and retain competent individuals in alignment with financial reporting objectives.
-> Commitment to competence
-> Human resource policies and practices

68
Q

CEP: Principle 5

A

The entity holds individuals accountable for their control responsibilities in the pursuit of financial reporting objectives
-> Human resource policies and practices
-> Management’s philosophy and operating style
-> Attitude toward information processing and accounting functions and personnel.

69
Q

Evaluation of the Entity’s Control Environment

A

Based on the auditor’s understanding of the entity’s control environment. Evaluate:
-> Has management, with the oversight of those charged with governance, created and maintained a culture of honesty and ethical behavior.
->Does the control environment provide an appropriate foundation for the other components of internal control.
->Are there control deficiencies identified in the control environment and do they undermine the other components of the entity’s system if internal control.

70
Q

Risk Assessment Component

A

For financial reporting purposes, the entity’s risk assessment process.
-> How management identifies business risks relevant to the preparation of financial statements
-> Estimates their significance, assessing the likelihood of their occurrence and decides upon actions to manage them.

71
Q

Business risk that the risk assessment process should consider?

A

-> Changes in operating environment: Regulatory, economic, changes in competitive pressures
->New Personnel: New personnel may have a different focus on or understanding the entity’s system of internal control.
->New or revamped information system: Significant and rapid changes in information systems can change entity’s system of internal control.
->Rapid Growth: Significant and rapid expansion of operations can strain controls and increase the risk of breakdown in controls.

72
Q

Business Risk Assessment Process

A

New Technology-> May change the risk associated with the entity’s system of internal control.
New Business Models, Products, or Activities-> Entering into business areas or transactions with which an entity has little experience may introduce new risks.
New Accounting Pronouncements-> Adoption of new accounting principles or changing accounting principles may affect risks in preparing financial statements.

73
Q

Conclusion of Risk Assessment

A

-> Identifies its business risks relevant to the preparations of financial statements
-> Whether and how these business risks affect an entity’s ability to initiate, record, process, and report financial information consistent with the assertions of management in the financial statements.

74
Q

Monitoring Activities Component

A

A well functioning monitoring system:
-> Ongoing and separate evaluations
->Reporting deficiencies
The purpose of the monitoring activities component is to evaluate the effectiveness of the other control components.

75
Q

Examples of Monitoring Activities

A

Management process that involves ongoing evaluation of the controls.
-> Periodic evaluation by internal auditing
-> Supervisory review of controls
->Follow-up of reporting errors
->Follow-up of customer complaints
-> Audit committee inquiries

76
Q

Difference between process and a control

A

Process: The actual steps necessary to account for transactions and record them into the accounting records all the way through to the financial statements
Control: The specific actions to mitigate risks that can occur as transactions move through financial reporting process

77
Q

Process Risk Points

A

->The points in a process where a risk of misstatement could occur.
-> The description of a process risk point describes “where” and “how” a misstatement could occur.

78
Q

ESME

A

Entered, Stored, Manipulated, Exchanged and Extracted

79
Q

Risk of Material Misstatement

A

The risk of material misstatement is the likelihood that a material error exists in the financial statements.

80
Q

Roles Often Found in the Payroll Cycle

A

Human Resources: Hires and Onboards in New Employees, Updates Employee Master Files
Operations: Makes Hiring Requests, Approves of time records, changes to pay rates and changes in staff
Payroll Department: Prepares payroll checks and ACH disbursements, Prepare Payroll Register
Accounting: Records payroll information to general ledger.

81
Q

Information-Processing Controls

A

-> Information processing control are controls relating to the processing of information in IT applications or manual information processes in the entity’s information system.
-> Address process risk points.

82
Q

Activities of Transaction Controls

A

SAS 145
-> Authorization and Approval
-> Reconciliations
->Verifications
-> Physical or Logical Controls against unauthorized access, acquisitions, use of disposal
->Management Review Controls
-> Separating incompatible responsibilities

83
Q

Incompatible Responsibilities

A

Combinations of responsibilities that place a person alone in a position to create and conceal misstatements due to errors or frauds in her or his normal job

84
Q

Four Types

A

Authorization to Execute Transactions
Recording Transactions
Custody of assets involved in the transactions
Periodic reconciliation of existing assets to recorded amounts.

85
Q

Authorization and Approvals

A

Authorization: Affirms that a transaction is valid

86
Q

Reconciliations

A

Reconciliations compare two or more data elements and if differences are identified, action is taken to bring the data into agreement.

87
Q

Verifications

A

-> Verifications compare two or more items with each other or compare an item with a policy. Completeness, accuracy and validity of processing transactions.

88
Q

Identified Controls?

A

An auditor is required to test and implement these types of controls.

89
Q

What are some identified Controls?

A

-> Controls over the posting of journal entries.
-> Controls that address a risk that is determined to be a significant risk.
-> Controls for which the auditor plans to test operating effectiveness because substantive procedures alone do not provide sufficient appropriate evidence.
-> Other controls that, based on the auditor’s professional judgement, the auditor considers appropriate and efficient to enable the auditor to assess the risks of material misstatement at the assertion level and to design further audit procedures.

90
Q

Testing the Design

A

Control Design-> The control activity created in such as way that it mitigates the assigned risk.
Control Implementation-> The control activity performed as designed.

91
Q

Characteristics of design?

A

The nature of control-> Manuel vs. Automated
The Type of Control
>Detective vs. preventive
Frequency of The Control Operation
> Recurring, Daily Weekly, Monthly
The competence and authority of the individual performing the control activity.
The specific attributes or steps that make up the control activity.

92
Q

Process Owner

A

Individual who is responsible for initiating, processing and recording transactions

93
Q

Control Operator

A

Individual who performs specific actions to mitigate risks of material misstatements introduced during the process of

94
Q

Control Attributes

A

The specific procedures performed by the control operator that make-up activity and are important to the design of the control.
The parts of the control hat address the risks that the control is intended to address.

95
Q

CA- Control Description

A

Fixed asset subledger to general ledger reconciliation.

96
Q

Is it designed appropriately?

A

-> Judgement used in performing the control attributes
-> Precision of the operation of the control attribute
-> Information relied upon in performing each control attribute.

97
Q

Judgement with Control Attributes

A

-> Determine and apply the criteria for investigation
-> Identify Outliers
-> Determine whether the outliers are reasonable or correct

98
Q

Precision of Control Attributes

A

-> Predictability of Expectation= Does control attributes involve developing expectations
-> Level of Aggregation= Summary vs. Detailed Information
-> Consistency of Performance= Each time the control operates either pre-defined or ad hoc.
-> Criteria for Investigation= Does the criteria for investigation identify outliers.

99
Q

Information Sources

A

Reports generated directly from the entity’s IT system also known as system generated reports.
Reports generated using report writer that interface with the IT system or custom report.
Schedules created using end-user computing applications.
Information created by external parties.

100
Q

Information Characteristics

A

When information is used by the control operator to perform a control activity, the following need to be determined on the information.
-> Is the information relevant to the objective of the control

101
Q

Parts of Information Characteristics

A

Is the source of information reliable?
-> free of error, unbiased
->Information should be authentic and come from a reputable source
What is the source of the information- Internal or external?
Nature of Information-Electonic format or hard copy
Circumstances of how the information is obtained?
-> Provided by the entity or from the third party
Is the information complete and accurate?
-> Has management performed a control to determine if the information is completely accurate
-> Does the auditor need to directly test the information used in the operation of completeness and accuracy.

102
Q

Automated Controls

A

The nature of a can control can be either manual or automated or consist of control attributes that consist of a combination of two.
-> Automated controls are controls performed within various IT layers of technology.
->If designed and implemented properly, automated controls perform the same way each time they operate

103
Q

Categories of Automated Controls

A

System Access Control-> Access to information from a data warehouse is limited to previously- defined job functions.
System Configuration Control-> An entity sales application is configured to completely and accurately trade receivables and revenue only for “shipped orders” and using sales from the invoice.
Interface Control-> Information cannot be exchanged between applications or databases certain criteria is met.

104
Q

Data and Information Integrity

A

-> Automated controls also help ensure the integrity of data and information within the entity’s IT system.
-> Control operators rely on information in the performance of activities and attributes
-> Auditors need to perform procedures to conclude that the information used in the performance of a control activity is correct and accurate.
-> Auditors identify the risks that could cause information not to be complete and accurate.

105
Q

Automated control activities Include?

A

Application
Database
Operating System
Network

106
Q

IT processes found in each layer of Tech?

A

Access to programs and data
Program changes.
Program acquisition and development.
Computer Operations.

107
Q

Risks of Arising form IT

A

-> Risks exists in each of the IT processes and are often referred to as risks arising from IT. (Rafit)
A relevant RAFIT could prevent the effective operation of the related automated control and / or integrity of data and information within the IT system.

108
Q

General IT Controls

A

General It controls GITCs are in a place to address relevant risks arising from It or RAFITS. (GITCS)
Maintain integrity and security of data by addressing relevant RAFITS.

109
Q

Business Processes Activities

A

An entity’s business processes include the activities designed to
-> develop, purchase, produce, sell, and distribute and entity’s products and services
-> Ensure compliance with laws and regulations
-> Capture information, including accounting and financial reporting information.
-> Results in the transactions that are recorded, processed and reported by the information system
-> The information system includes the financial reporting process to prepare the entity’s financial statements.

110
Q

COSO view regarding information

A

Information is necessary for the entity to carry out internal control responsibilities to support the achievement of its objectives.
Information systems play a key role in the system of internal control as they produce reports, including operational, financial and compliance-related information, which make the operation and control of the business possible.

111
Q

COSO view of Communication

A

Communication is the continual, iterative process of providing, sharing and obtaining necessary information.

112
Q

Internal Communication

A

The means by which information is disseminated throughout the organization, flowing up, down and across the entity.

113
Q

External Communication

A

It enables inbound communication of relevant external information, and it provides information to external parties in response to requirements and expectations.

114
Q

Flows of transactions

A

To understand how information flows through the entity’s information system for significant classes, accounts and disclosures
-> How transactions are initiated, and how information about these transactions are recorded, processed, corrected as necessary, incorporated in the general ledger, and reported in the financial statements.
-> How information about events and conditions, other than transactions captured, processed, and disclosed in the financial statements.

115
Q

Information Processing Activities part 2

A

-> The accounting records, specific accounts in the financial statements, and other supporting records relating to the flows of information in the information system
-> Financial reporting process used to prepare the entity’s financial statements, including disclosures.
-> The tools, software and applications, including the IT environment, use financial reporting process.

116
Q

Relevant IT Environment

A

In obtaining an understanding of the flows of transactions and information processing activities in the information system.
-> The nature and characteristics of the IT applications used as well as the support infrastructure.
-> Complexity of customization level related to IT applications.
-> in house environment vs third-party service organizations or cloud applications.
-> The use of data warehouses
-> System-generated reports vs. report writers
-> End-user applications such as spreadsheets.

117
Q

IT application

A

A program set of programs that are used in the initiation, processing, recording, and reporting of transactions or information.

118
Q

IT infrastructure

A

Comprises the network, operating systems, and databases and their related hardware and software.

119
Q

Application

A

Technology designed to perform one or many functions, tasks or activities. Applications are often used to capture, process or extract data.

120
Q

Database

A

Technology that organize a collection of data or information so that it can be easily accessed, managed and updated.

121
Q

Operating System

A

Technology that control the basic operations of a computer and provides a software platform or which to run other software , such as applications or databases.

122
Q

Network

A

Technology that transports information or data between computers, either within an organization or between organizations.

123
Q

How to gain an understanding of information flows

A

-> Inquiries with management
-> Inspection of documents
-> performing a walkthrough
-> Prepare a flowchart
-> Prepare an IT system diagram based on the layers of technology.

124
Q

Walkthroughs

A

A walkthrough is an audit procedure used to trace a transaction from its origin through the company’s information systems to the point where it is reflected in the financial statements.
-> Involve inquiries with entity personnel, observation or employee actions and inspection of transaction documents.

125
Q

Flowcharts

A

Flowcharts use symbols, lines, and arrows to explain the actions and steps of accounting processes from the initiation of the transaction through its posting to the general ledger.
-> Often prepared with walkthroughs.

126
Q

Component of Entity’s System

A

Risk assessment procedures require auditors to obtain an understanding of internal control over financial reporting.

127
Q

Process

A

Consists of ongoing tasks and activities

128
Q

Risk

A

The possibility that an event will adversely impact a process from completing its tasks, activities or objects through the generation of errors and frauds.

129
Q

Control

A

An action established through policies and procedures to help ensure that the process completes its tasks and objectives.

130
Q

Indirect Controls

A

Controls that support direct controls

131
Q

Direct Controls

A

Controls that are precise enough to address risks of material misstatements at the assertion level.

132
Q

Identification and Assessment of Risks

A

The auditors identification and assessment of risks of material misstatement at the assertion level is influenced by:
-> The auditors understanding of the entity’s information processing activities in the information system and communication component.
-> The auditors identification and evaluation of identified controls in the control activities component.

Auditing (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions