Ch 5 Flashcards
0
Q
Internal control is a process that is designed to provide reasonable assurance regarding Achievement of what 3 objectives?
A
1 reliability of financial reporting
2 effectiveness and efficiency of operations
3 compliance with applicable laws and regulations
1
Q
COSO
A
Committee of Sponsoring Organizations
2
Q
Management objectives of financial reporting 2
A
Reliable financial reports
Safe guard assets
3
Q
Management objectives of operations, 5 examples
A
1 good business reputation 2 ensuring positive return on investment 3 increasing market share 4 promoting new product innovation 5 using assets efficiently
4
Q
Management objectives of compliance
A
Comply with laws and regulations that affect entity
5
Q
4 common limitations to internal control systems
A
1 human error due to mistakes in judgement, fatigue, carelessness
2 deliberate circumvention by people in system
3 management can override controls
4 collusion among people who are supposed to act independently
When separation of duties is supposed to occur
6
Q
Reasonable assurance recognizes that costs of controls…
A
Should not exceed benefits that are expected from the controls
7
Q
Integrated audit process
A
Describes an audit process that is designed to provide an
Opinion on both the financial statements and internal control
System of entity
8
Q
3 reasons auditors must evaluate entity’s internal control
A
1 assess effectiveness of internal control
2 identify fraud risk in planning stage of audit
3 assess risk of material misstatement for each relevant assertion
9
Q
Risk of materials misstatement (RMM), why is it assessed?
A
Give audit team basis for planning audit
And determining nature, timing and extent of further audit
procedures
10
Q
RMM is composed of…
A
Inherent risk and control risk
11
Q
Inherent risk
A
Susceptibility of an account to misstatement
12
Q
Control risk
A
Probability that an entity’s controls will fail to prevent
or detect Material misstatements due to errors or frauds that
Would otherwise have entered the system
13
Q
What should an audit team do when entity’s control risks are high?
Nature, timing, extent?
A
Audit team would use substantive tests of details to obtain
External evidence (nature) near the entity’s fiscal year end
(Timing)
With large sample sizes (extent)
14
Q
When there is higher control risk, detection risk is…
2) when there is lower control risk, detection risk is…
A
Lower
2) higher
15
Q
More reliance is placed on internal control when control risk is…
A
Lower
16
Q
Lower control risk: nature, timing, extent
A
Nature: less effective tests conducted
Timing: testing can be performed at interim of year
Extent: lower sample size
17
Q
5 interrelated components of internal control
A
1 control environment 2 risk assessment 3 control activities 4 monitoring 5 information and communication
18
Q
Control environment factors include 3 things
A
1 integrity
2 ethical values
3 competence of entity’s personnel
19
Q
7 general principles of effective internal control environment
A
1 integrity and ethical values 2 board of directors 3 management's philosophy and operating style 4 organizational structure 5 financial reporting competences 6 authority and responsibility 7 human resources
20
Q
Audit committee
A
Subcommittee of board of directors that is generally composed
Of 3 to 6 independent member (not involved in daily operations)
All members are financially literate and one is financial expert
21
Q
Purpose of including independent members in audit committee
A
Provide buffer between audit team and operating management
Team
22
Q
Business risks
A
Factors, events and conditions that prevent organization
From achieving business objectives,
including effective financial reporting
23
Q
Purpose of risk assessment for an entity?
A
Identify risks, estimate their significance and likelihood
And how to manage risks
24
Control activities
Specific actions a client's management and employees take to
| Ensure that management's directives are carried out
25
Important reason why professional standards require audit team to document their understanding of internal control system?
Their understanding of whether management has implemented
Control activities
that are sufficient to address risks of material misstatement
For each relevant assertion
26
How audit team should account for Control activity: information technology
Assess whether client has taken advantage of significant
advances in information technology
By using entirely automated control systems
27
How audit team should account for Control activity: level of integration with their risk assessment process
Has audit client's management addressed identified risks
| To achieve financial reporting objectives?
28
How audit team should account for Control activity: selection and development of control activities
Control activities are selected/developed considering their cost
And potential effectiveness in mitigating identified risks
29
How audit team should account for Control activity: policies and procedures
Have policies related to reliable financial reporting been
| Documented and communicated throughout company?
30
Preventive controls, define,
| Examples
Procedures that prevent misstatements before they occur
Ex. Limiting access, hiring competent people, requiring approval,
Separating duties
31
Detective controls
Procedures that detect misstatements after they occur
32
Performance reviews require what of management?
Require management's active participation in supervision of
| Operations
33
What 4 duties should be separated for entities accounting staff under separation of duties?
1 authorization to execute transactions
2 recording transactions
3 custody of assets involved in transactions
4 periodic reconciliation of existing assets to recorded amounts
34
Incompatible responsibilities
Combinations of responsibilities that place a person alone in
A position to create
and conceal misstatements due to errors Or frauds in his
Normal job
35
Information system
Entity's system, usually built on technological Platform
that has been designed to produce information necessary for entity
to Operate and control its business operations
36
2 fundamental principles of monitoring
1 ongoing and separate evaluations
2 reporting deficiencies
37
Monitoring: ongoing and separate evaluations
Evaluations enable management to determine whether other
| Components of internal control continue to function over time
38
Monitoring: reporting deficiencies
Internal control deficiencies identified and communicated in
Timely manner to parties taking corrective action
Also reported to management and board as appropriate
39
3 phases of internal control evaluation
1 understanding
2 assessment
3 testing
40
What 5 areas must be understood to understand internal control?
```
1 control environment
2 accounting system
3 risk assessment
4 control activities
5 monitoring
```
41
3 ways auditors document understanding of internal control?
1 narrative memo
2 questionnaire
3 flow chart
42
An accounts significance is based on its...
Inherent risk
43
Relevant assertions
Those that represent possibility of material misstatement
44
Entity level controls
Controls pervasive to internal control system and reliability of
Financial statements taken as a whole
45
How are the following types of entity level controls assessed? 2 things:
Controls related to control environment
Controls related to management override
Centralized processing and shared service environments
Controls to monitor results of operations
Controls to monitor other controls
1 primary evidence to test controls gather through observation,
inquiry and examination of documents
2 auditor must assess whether managements integrity, values
And operating style promote effective control consciousness throughout entity
46
Entity level control: managements risk assessment
| What is audit teams assessment? 2 things
1 audit team needs to gain understanding of how client assesses
And responds to risk
2 if client already uses enterprise risk management, inquiry
And obtaining documentation of ERM is usually enough
47
Entity level control: period end financial reporting process
| How does audit team assess? 3 things
1 assess processes used to produce financial statements and
How IT is involved in period end process
2 document who is participating from management team and
Where process takes place
3 needs to understand and document the types of adjusting
Entries that have occurred and understand oversight by
management, board, and audit committee
48
Entity level control: policies that address significant business control and risk management policies
4 aspects of assessment by audit team
1 review and evaluate documentation
2 review previous years audit work with entity
3 responses to inquiries by client personnel
4 examination of documents and records
49
Transaction level controls
Controls that pertain to specific classes of transactions, account
Balances and disclosures
50
The purpose of gaining an understanding of internal control is to evaluate...
Design effectiveness
51
Design effectiveness
Determines whether the controls over financial reporting (if
operating effectively)
would be expected to prevent/detect Errors or fraud that result in material misstatement on financial Statements
52
Walk through
Combination of inquiry of personnel, observation of entity's
Operations
And document and examination while tracing transactions through
Audit trail from initiation of transaction to recording on financial st.
53
Operating effectiveness
Whether control is operating as designed
Whether person performing the control possesses the necessary
Authority and qualifications to perform control effectively
54
Internal control questionnaire
Organized under headings that identify questions related to
Relevant management assertions
and overall control environment
55
Narrative description (of each important control subsystem)
Describes all environmental elements, accounting system and
All control activities
Effective for audit of small businesses
56
Accounting and control system flow chart
Pictures that help audit team assess key control points in the
process
Can be helpful in identifying missing controls
57
2 reasons why audit team might not test internal controls
1 internal control system is too ineffective at preventing and
detecting misstatements
2 takes more time for the audit team to test the internal Controls
than it would to perform substantive tests for relevant Assertion
58
Phase 2: Assess control risk
Auditors seek to identify internal control activities that are
Explicitly designed to support reliable financial statement reporting
59
If audit assessment is less than maximum level, what does this mean?
Audit team wishes to rely on internal controls to modify the
Nature, timing and extent of further audit procedures
60
If audit assessment is less than maximum level, what must they do?
They must perform tests of controls
61
Perform tests on internal controls: required level of effectiveness is a matter of what?
Professional judgement
62
Generally the most effective test of controls is...
Reperformance
63
4 types of control tests from least persuasive to most persuasive
1 inquiry of client personnel (least persuasive)
2 observation of control activity being performed
3 inspection of relevant documentation
4 reperformance of the control activity (most persuasive)
64
Substantive procedures
Detect material misstatements in account balances and financial
Statement disclosures for each relevant assertion
65
Control risk is almost always raised, what is the one exception where it can be lowered?
If you were in error understanding the controls phase
There are additional controls you were unaware of
66
Dual-purpose tests
Single audit test that produces both control testing and
| substantive testing
67
Focus in Auditing Standard 5 (AS 5)
Whether material weakness exists at end of year being reported
68
Scope of Internal control audit
Test each relevant control activity each year
69
Reporting of internal control audit
Opinion on effectiveness of internal control
70
Timing if internal control audit
Evaluate effectiveness of internal control as of fiscal year end
71
Scope of financial statement audit
Test relevant control activities if relying in them
72
Reporting of financial statement audit
No opinion in internal control
73
Timing of financial statement audit
Evaluate effectiveness if internal control throughout fiscal year
74
AS 5 emphasizes 6 step audit process designed to evaluate effectiveness of internal control system over financial reporting
```
1 planning the engagement
2 using top down approach
3 testing controls
4 evaluating identified deficiencies
5 wrapping up
6 reporting internal control
```
75
Control risk is used to determine...
The nature, timing and extent of further audit procedures
76
Inherent risk is used to determine...
The nature, timing and extent of tests of controls
77
Top down approach
Focuses on threats of integrity to external financial reporting
78
Internal control deficiency
Exists when either the design or operation of control under
Consideration
doesn't allow company management or employees To detect
Or prevent material misstatement quick enough
79
Design deficiency
Problem relating to necessary control that is missing
Or existing control that is poorly designed, failing to satisfy
Control's objective
80
Operating deficiency
Occurs when properly designed control is either ignored
Or inappropriately applied
Ex. Could result from poorly trained employees
81
2 groups of serious internal control deficiencies
1 material weakness
2 significant deficiency
82
Material weakness
Deficiencies that give reasonable possibility that material
misstatement would not be prevented or detected on timely
Basis
Ex. Restatement of previously issued financial statements, fraud by senior management
83
Significant deficiency
Combination of deficiencies in internal control that is less
Severe than material weakness
Important enough to merit attention by those charged with
Governance
84
Managements annual report on internal control over financial reporting
Report required by SOX that states management responsible
For establishing and maintaining internal control over financial
Reporting
Identifies framework management uses to evaluate effectiveness
Of internal control, provides management's assessment of
Internal control
85
3 written representations audit team must obtain from managment
1 its responsibility for effective internal control over financial
Reporting
2 it's evaluated effectiveness of internal control over financial
Reporting
3 it has disclosed all internal control deficiencies and frauds to
The audit team
86
AS 5 imposes 2 requirements for SEC registrants related to entity's internal control over financial reporting at date of financial statements
1 management's report on its assessment of internal control
Over financial reporting
2 auditor's report on internal control over financial reporting
87
Auditors' report on internal control over financial reporting
Provides opinion on effectiveness if entity's internal control
Over financial reporting
88
Adverse opinion on internal control over financial reporting
Opinion issued when company has material weakness
And not maintained an effective internal control over financial
Reporting
89
Scope limitations
Audit teams could encounter scope limitations on their ability to
Evaluate effectiveness of entity's internal control over financial
Reporting
Ex, failure to obtain written representations from managment,
Management has implemented new controls in response to
Identified martial weakness
90
Scope limitation may result in...
The issuance of disclaimer of opinion on internal control over
Financial reporting or withdrawal from engagement
91
Management letter
Letter contains commentary and suggestions on variety of
Matters in addition to internal control matters
Report audit teams issue to managment
