C6 Internal Control Flashcards
Who is required to implement quality control?
Engagement Partner ( Audit Firms)
Components of Internal Control
CCRIM
✔ Control Environment
✔ Control Activities
✔ Risk Assessment
Information and Communications Systems
✔ Monitoring
Internal Control
Process designed and effected by those charged with governance, mgmt, and other personnel TO PROVIDE REASONABLE ASSURANCE about the achievement of the entity’s objectives with regard to
- Reliability of FR (FR Objective)
- Effective and efficient ops (Operational Obj)
- Compliance objective
4 essential concepts in the definition of IC
✔ Process
✔ Effected by those charged with governance, mgmt
✔ IC can be expected to provide REASONABLE assurance of achieving the Obj
✔ Designed to help achieve the obj
Examples of Inherent Limitations to IC’s effectiveness
✔ Cost benefit principle
✔ directed at routine transactions
✔ potential for human errors (mistakes of judgment, careless, etc)
✔ circumvention through collusion
✔ overriding of mgmt
✔ Inadequate procedures due to CHANGES IN CONDITIONS
Operational and compliance objectives may be relevant to the audit?
Yes, as long as it relates to the data the auditor evaluates
Responsibility of MGMT and Those charged with governance
MGMT - to establish a control environment and maintain policies and procedures to assist in achieving the objs.
Those charged with governance - ensure the integrity of fr systems through OVERSIGHT of mgmt.
Attitudes, awareness, and actions of mgmt. It sets the tone of an organization; the foundation providing discipline and structure.
Control Environment
A factor of Control Environment that discourages employees from engaging in dishonest, illegal, and unethical acts that could materially affect the FS.
Integrity and ethical values
Who is responsible for overseeing the financial reporting policies and practices of the entity?
The audit committee
A control environment factor that assesses mgmt attitude towards FR; their emphasis on meeting projected profit gosls
Mgmt philosophy and operating style
What CE factor requires an entity to have an audit committee?
Active participation of those charged with governance
A CE factor that provides a framework for planning, directing, and controlling the operations
To avoid incompatible functions
Organizational structure / assignment of responsibility
The risk that the business objectices will not be attained due to internal and external factors
Business risk
Policies and procedures that help ensure that mgmt directives are carried out
Control activities
Control activities:
PIPS
✔ performance reviews
✔ information processing
✔ physical controls
✔ segregation of duties
Assessing the quality of IC over time and on a timely basis taking corrective actions
Monitoring
Monitoring activities performed on a non-routine basis (by internal auditors)
Separate evaluations
Monitoring activities built into the normal recurring activities (ex. Bank recon)
Ongoing monitoring activities
IC in small businesses tend to be weak compared to larger entities
True
Weakness of IC in small business can be compensated by how?
If the owner/manager actively participates in the business operations
Are auditors responsible for establishing and maintaining accounting and IC systems?
No. Only give an adequate consideration because the ICS can have a SIGNIFICANT impact on the audit
5 steps in Considering the Internal Control
- Obtaining understanding of the internal control
- Documenting the understanding of accounting and internal control systems
- Assessimg the level of control risk
- Performing tests of control
- Documenting the assessed level of control risks
- Obtaining an understanding of IC involves: (objectives)
✔ Evaluating the design of a control
✔ determining whether it has been implemented
Initial understanding of the design is obtained by:
✔ inquiries
✔ inspection
✔ observation
Tracing one or two transactions through the entire accounting systems, from their initial recording to their final destination as a component of account balance.
walk-through test
This process confirms the auditor’s understanding of how the accounting systems and control procedures function.
walk-through test
Is the auditor required to obtain knowledge about the operating effectiveness of IC when doing step 1?
No. Go back to the objectives/definition of Step 1:
✔ Evaluating the design of a control
✔ determining whether it has been implemented
The auditor’s understanding of IC should be adequate to”
✔ Identifying types of potential misstatement
✔ Consider factors that affect ROMMS
✔ Design the nature, timing, and extent of AP
Commonly used forms of documentation for auditor’s understanding of IC (2)
✔ Narrative description
✔ Flowchart
✔ Questionnaire
What is the 3rd step in ICC?
Assessment of Control Risk
Levels to be obtained in preliminary assessment of CR
✔ At a high level
✔ At less than high level
What is the level of assessment when the controls are ineffective?
Thus, can the auditor perform TOC?
At a high level
not necessary anymore due to efficient manner obj; auditor should proceed to ST directly
When the controls appear to be reliable, the auditor should not determine whether it is efficient to obtain evidence to justify assessing it at a less-than-high level.
False. not
To exercise professional skepticism, the auditor should perform what when he assessed the assertion at a less than high level/ as a reliable control?
test of control (Step 4)
- to determine the effectiveness
The auditor should also identify specific internal control policies and procedures that are likely to prevent / detect and correct FS MMs.
True
TOCs are performed to obtain evidence about the effectiveness of the :
✔ Design of accounting and ICS
✔ Operation of the IC throughout the period
Will the auditor test all controls to determine their effectiveness?
No, only those they plan to rely upon; or likely to detect or prevent MMs.
The greater reliance on control, the _____ substantive tests are required to support the preliminary assessment at less than high level
greater / more
Evidence-gathering techniques in TOC:
- Inquiry
- Observation
- Inspection
- Reperformance
