ch 6 review (exam 2)

Question 1

Internal Control Integrated Framework (COSO) addresses what three objectives of internal controls

Answer 1

1. operations
2. reporting
3. compliance

Question 2

why bother gaining an understanding of Internal COntrols

Answer 2

assess the control risk portion of risk of material misstatement (IR * CR)

Question 3

what are the 8 steps in assessing controls risk

Answer 3

1. understand document at entity level
2. understand the flow of transactions
3. WCGW for FS assertions
4. identify and document relevant transaction-level controls
5. evaluate strengths and weaknesses and determine preliminary audit strategy
6. perform test of controls
7. evaluate the evidence, assess control risk, and reevaluate audit strategy (if necessary)
8. report internal control weaknesses to those charged with governance

Question 4

What is the acronym for Step 1 in assessing control risk- the five components of internal controls (entity-level controls)

Answer 4

CRIME

Question 5

what do the letters in CRIME stand for

Answer 5

C- control environment
R- risk assessment
I- information and communication systems
M- monitoring
E- existing control activities

Question 6

what are some factors in control environment

Answer 6

1. organization demonstrates commitment to integrity and ethical values
2. BOD directors is independent from management and oversees IC
3. management establishes appropriate org structure
4. quality HR policies
5. org holds individuals accountable for IC responsibilites

Question 7

Things management does is risk assessment

Answer 7

-specifies clear objectives to enable identification and assessment of risk
- analyzes risk to determine how it should be managed
- considers fraud risk
- identifies changes that could affect IC

Question 8

things the organization does in Information and Communication systems

Answer 8

• uses relevant quality information to support IC
• internally communicates information to support IC
• communicates with external parties about IC

Question 9

things the organization does in Monitoring

Answer 9

-performs ongoing evaluations of IC
- communicates IC deficiencies in a timely manner to those responsible for taking action

Question 10

What is the acronym for step 2 in assessing control risk- understanding the flow of transactions and control activities at the transaction level

Answer 10

PAID TIPS

Question 11

What do the letters in paid tips (step 2) stand for

Answer 11

P- prenumbering of documents
A- authorization of transactions
I- independent checks to maintain asset accountability
D- documentation

T-timely and appropriate performance reviews
I- information processing controls (computer controls)
P- physical controls for safeguarding assets
S- segregation of duties

Question 12

what are auditors looking for under prenumbering of documents

Answer 12

• all transactions are recorded
• no transactions recorded more than once

Question 13

what is being looked for under the authorization of transactions

Answer 13

signed approval before commitment of resources

Question 14

what are some independent checks to maintain asset accountability

Answer 14

• internal auditors
• verify work of others (mgt/ owners)

Question 15

what are some documentation in step 2

Answer 15

• evidence of transactions
  -evidence of authorization

Question 16

what are some timely and appropriate performance reviews

Answer 16

compare actual results to budgets

Question 17

what are some information processing controls (computer controls)

Answer 17

• general controls
• application controls

Question 18

what are some physical controls for safeguarding assets

Answer 18

locks, security guard, alarm system

Question 19

what happens in step three in assessing control risks

Answer 19

identify what can go wrong for financial statement assertions

Question 20

what happens in step five in assessing control risks

Answer 20

identify strengths and weaknesses in a system of internal control and determine preliminary audit strategy

Question 21

what are some key terms used in step five

Answer 21

control deficiency, material weakness. significant deficiency

Question 22

what is a control deficiency

Answer 22

exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis

Question 23

what is a material weakness

Answer 23

very bad; a deficiency, or combo of deficiencies, in Internal Controls over financial reporting, such that there is reasonable possibility that a material misstatement of the FS will not be prevented or detected on timely basis

Question 24

what is significant deficiency

Answer 24

kinda bad; a control deficiency, or combo of deficiencies, in IC over financial reporting that is less severe that a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting

Question 25

what is magnitude

Answer 25

is it material or immaterial

Question 26

what is likelihood

Answer 26

the possibility of a misstatement

Question 27

what are the 4 types of likelihood

Answer 27

remote, reasonable, possibility, probable

Question 28

what are the two types of Systems Organization and Controls (SOC) 1 report

Answer 28

Type I and Type II

Question 29

which SOC 1 report is typically used more

Answer 29

Type II

Question 30

what do service auditors do in a SOC 1 Type I report

Answer 30

obtains an understanding of service organization controls

Question 31

what do service auditors do in a SOC Type II report

Answer 31

obtains an understanding of service organization controls and tests the operating effectiveness of these controls

Question 32

what type of service is the service auditor for a SOC 1 report performing

Answer 32

attestation service

Question 33

does a service auditor performing a SOC 1 report have to be independent

Answer 33

yes

Question 34

what are the 4 trust factor criteria the SOC 2 report that focuses on a service organization’s controls

Answer 34

1. information security
2. information availability
3. processing integrity of the user’s data by the service organization’s information system
4. confidentiality and privacy of the information processes by the service organization’s systems