chap 12 assess control risk Flashcards
what is a design deficiency?
exists if a necessary control is missing, not properly designed, or not properly implemented
after obtaining an understanding of internal control , the auditors makes a what?
preliminary assessment of control risk
exists if a well designed control does not operate as designed or if the person performing the control is insuffienciently qualified or authorized
operation deficiency
what are 2 examples of entity level controls that have the potential to undermine controls for most of the transaction related audit objectives?
- an ineffective board of directors 2. managments failure to have any process to identify , assess, or manage key risk
exists if a significant deficiency , by itself or in combo with other significant deficiencies, results in a reasonable possibility that internal control will not prevent or detect material misstatements on a timely basis
material weakness
what is an example of a compensating control?
when a owner is actively involved in a small business
one elsewhere in the system that offsets the absence of a key control is what kind of control?
compensating
the likelihood of misstatements and their potential materiality are used to evaluate what?
if there are significant deficiencies or material weaknesses
what is the 2 reason for including only key controls?
- they will be sufficient to achieve the transaction related audit objectives 2. they provide audit efficiency
entity level controls have an overarching impact on what?
most major types of transactions in each transaction cycle
if there is more than a reasonalbe possibility (___) that a material misstatement (____) could result from the significant deficiency , then it is considered a what?
likelihood significance material weakness
auditors start with the assessment of what kind of controls before assessing transaction specific controls
entity level controls
what is a control deficiency?
exists if the design and implemenation or operation of controls doesnt permit company personnel to prevent or detect mistatments on a timely basis in the normal course of performing their assigned functions
the auditor should identify and include only those controls that are expected to have what?
the greatest effect on meeting the transaction related audit objectives
as part of evaluating control risk, auditors must evaluate whether key controls are ____ in the design of internal control
absent
what is a material weakness?
exists if a significant deficiency , by itself or in combo with other significant deficiencies, results in a reasonable possibility that internal control will not prevent or detect material misstatements on a timely basis
what are the 5 control activities that are also helpful as reminders of controls?
- separation of duties 2. proper authorization 3. adequate documents and records 4. physical control over assets and records 5. independent checks on performance
exists if a necessary control is missing, not properly designed, or not properly implemented
design deficienty
what is a significant deficiency?
exists if one or more control deficiencies exist that are less severe than a material weakness but are important enought to merit attention by those responsible for oversight of the companys financial reporting
when a compensating control exists, there is no longer a what?
significant deficiency or material weakness
the auditor uses the preliminary assessment of control risk to plan the audit for each what?
material class of transactions
what are the 3 levels of absence of internal controls?
- control deficiency 2. significant deficiency 3. material weakness
what is a operation deficiency?
exists if a well designed control does not operate as designed or if the person performing the control is insuffienciently qualified or authorized
what is a compensating control?
one elsewhere in the system that offsets the absence of a key control
what are the 6 steps in the preparation on the control risk matrix?
- identify audit objectives- for classes of transactions, account balances, and presentation and disclosure 2. identify existing controls- that contribute to accomplishing transaction related audit objectives 3. associate controls with related audit objectives 4. identify and evaluate control deficiencies , significant deficiencies, and material weaknesses 5. associate control deficiencies with related audit objectives 6. assess control risk for each related audit objective
exists if one or more control deficiencies exist that are less severe than a material weakness but are important enought to merit attention by those responsible for oversight of the companys financial reporting
significant deficiency
what is the critical decision in the evaluation of internal control?
assessing control risk for transaction related audit objectives
once auditors determine entity level controls including general controls are designed and placed in operation, they make a preliminary assessment for what?
each transaction related audit objective for each major type of transaction in each transaction cycle
what are key controls?
those that have the greatest effect on meeting the transaction related audit objectives
deficiencies and material weaknesses are the what?
absense of adequate controls
the preliminary assessment of control risk is a measure of the auditors expectation that what?
internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred
what are 3 useful tools to identify where controls are lacking ?
- questionnaires 2. flow charts 3. walkthroughs
what are 2 instances where the auditor may learn that the control deficiences are significant so that the clients FSs may not be auditable and they wont accept the engagement
- managment lacks integrity 2. the accounting records are deficient
what are the 2 dimensions that must be evaluated to determine if a significant internal control deficiency/ies are a material weakness?
likelihood significance
what are the 5 steps for identifying deficienies, significant deficiencies, and material weaknesses?
- identify existing controls 2. identify the absence of key control 3. consider the possibility of compensating controls 4. decide whether these is a significant deficiency or material weakness 5. determine potential misstatements that could result
before making the final assessment of control risk at the end of an audit, the auditor will do what 2 things?
- test controls 2. perform substantive tests
the auditor obtains an understanding of the design and implementation of internal control to make a preliminary assessment of what?
control risk
controls that have the greatest effect on meeting the transaction related audit objectives are called ?
key controls
exists if the design and implemenation or operation of controls doesnt permit company personnel to prevent or detect mistatments on a timely basis in the normal course of performing their assigned functions
control deficiency
auditors should evaluate the effectiveness of what kind of controls before evaluating automated application controls or manual control dependent on IT output?
IT general controls
many auditors use a control risk matrix to assist in the control risk assessment process at what level?
transaction
