CH 3 vocab Flashcards
Control activities implemented to mitigate transaction-processing risk that typically affect only certain processes, transactions, accounts, and assertions. These are controls that do not have an entity-wide effect.
Application controls
The component of internal control that includes control actions that have been established by policies and procedures. They help ensure that management’s directives regarding internal control are carried out.
Control activities
A shortcoming in internal controls such that the objective of reliable financial reporting may not be achieved.
Control deficiency
The component of internal control that includes the set of standards, processes, and structures that provides the basis for carrying out internal control across the organization. It includes the “tone at the top” regarding the importance of internal control and the expected standards of conduct.
Control environment
A comprehensive framework of internal control used to assess the effectiveness of internal control over financial reporting, as well as controls over operational and compliance objectives.
COSO Internal Control-Integrated Framework
Controls designed to discover errors that occur during processing.
Detective controls
Control tests built into an application to examine input data for obvious errors
Edit tests
Controls that operate across an entity and affect multiple processes, transactions, accounts, and assertions.
Entity-wide controls
Pervasive control activities that affect multiple types of information technology systems and are necessary for automated application controls to work properly (also referred to as information technology general controls).
General computer controls
The component of internal control that refers to the process of identifying, capturing, and exchanging information in a timely fashion to enable accomplishment of the organization’s objectives.
Information and communication
Pervasive control activities that affect multiple types of information technology systems and are necessary for automated application controls to work properly
Information technology general controls
Controls designed to ensure that authorized transactions are correct and complete and that only authorized transactions can be input.
Input controls
Control tests built into an application to examine input data for obvious errors (also referred to as edit tests).
Input validation tests
A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
Internal control
A deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis.
Material weakness
The component of internal control that determines whether the controls, including all five components, are present and continuing to function effectively.
Monitoring
Monitoring procedures that are built into the normal recurring activities of an entity.
Ongoing evaluations
Controls designed to provide reasonable assurance that all data are completely processed and that output is distributed only to authorized recipients.
Output controls
Controls designed to protect and safeguard assets from accidental or intentional destruction and theft.
Physical controls over assets
Controls designed to prevent the occurrence of a misstatement.
Preventive controls
Controls designed to provide reasonable assurance that the correct program is used for processing, all transactions are processed, and the transactions update appropriate files.
Processing controls
A financial statement assertion, for a given account, is most relevant to determining whether there is a reasonable possibility that the account could contain a material misstatement, without considering the effect of internal controls.
Relevant assertion
The component of internal control that is the process for identifying and assessing the risks that may affect an organization from achieving its objectives.
Risk assessment
A control activity that is designed to protects against the risk that an individual could both perpetrate and cover up a fraud.
Segregation of duties
A type of input test that has been developed to test for transposition errors associated with identification numbers.
Self-checking digits
Monitoring procedures that are conducted periodically, typically by objective management personnel, internal auditors, or external consultants.
Separate evaluations
An account that has a reasonable possibility of containing a material misstatement, without considering the effect of internal controls.
Significant account
A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting.
Significant deficiency
The leadership culture of the organization, including the board of directors, the audit committee, and management.
Tone at the top
Control activities implemented to mitigate transaction-processing risk that typically affect only certain processes, transactions, accounts, and assertions. These are controls that do not have an entity-wide effect.
Transaction controls
Includes the documents and records that allow a user (or auditor) to trace a transaction from its origination through to its final disposition or vice versa.
Transaction trail
A process whereby management (or the auditor) follows a transaction from origination through the organization’s processes until it is reflected in the organization’s financial records. This process includes a combination of inquiry, observation, inspection of documentation making up the transaction trail, and reperformance of controls.
Walkthrough
A special line of communication that is needed for anonymous or confidential communications, particularly when an employee is concerned that something is inappropriate in the organization’s operations.
Whistleblower function
