Chapter 10 Flashcards
internal control objectives
reliability of financial reporting
efficiency and effectiveness of operations
compliance with laws and regulations
who’s responsibility is it to develop internal controls
management
reasonable assurance
companies should develop rules that give this
SOX 404
requires all public companies to issue an internal control report that includes:
a statement that management is responsible for establishing and maintaining adequate internal control structure and procedures for financial reporting
an assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company’s fiscal year
COSO
Committee of sponsoring organizations: developed the internal control framework used by most companies
audit objectives
occurence completeness accuracy posting and summarization classification timing
COSO framework
- Control Environment
- Risk Assessment
- Control Activities
- Information and communication
- Monitoring
control environment
consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity
board of directors
should regularly assess internal controls
audit committee
responsible for communicating with internal and external auditors, including the approval of audit and non audit services conducted by outside firms
audit committees can’t have this
- is not comprised solely of independent directors
- is not solely responsible for hiring and firing the company’s auditors
- does not establish procedures for the receipt and treatment of complaints regarding accounting, internal control, or auditing matters
- Does not have the ability to engage its own counsel and other advisors
- is inadequately funded
those charged with corporate governance
anyone responsible for overseeing the direction of an entity and the accountability thereof
risk assessment
managements identification and analysis of risks relevant to the preparation of f/s in conformity with appropriate accounting standards
control activities
adequate separation of duties proper authorization of transactions and activities adequate documents and records physical control over assets and records independent checks on performance
separation of custody of assets and…
accounting
separation of operational responsibility from
record keeping responsibility
separation of IT duties from
user departments
general authorization
where policies enable employees to be authorized on a broader scale
specific authorization
individual transaction authorization
adequate documents and records
numbering controls for documents
time stamps
etc.
chart of accounts
classifies accounts on the b/s and i/s
independent checks
careful and continuous review of the other four control activities
Information and Communication
purpose is to initiate, record, and report the entity’s transactions and to maintain accountability for the related assets
monitoring activities
deal with ongoing or periodic assessment of the quality of internal control by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions
narrative
written description of a client’s internal controls, includes:
the origin of every document and record in the system
all processing that takes place
the disposition of every document and record in the system
an indication of the controls relevant to the assessment of control risk
flowchart
a diagram of the client’s documents and their sequential flow in the organization
internal control questionnaire
asks a series of questions about the controls in each audit area as a means of identifying internal control deficiencies
key controls
controls expected to have the greatest effect on meeting the transaction related audit objectives
control deficiency
exists if design or operation of controls do not permit company personnel to prevent or detect misstatements
significant deficiency
exists if one or more control deficiencies exist tat is less sever than a material weakness
material weakness
exists if a significant deficiency, by itself or in combination with other significant deficiencies, results in a reasonable possibility that internal control will not prevent or detect material financial statement misstatements on a timely basis
5 step approach to identify deficiencies
- identify existing controls
- identify the absence of key controls
- consider the possibility of compensating controls
- decide whether there is a significant deficiency or material weakness
- determine potential misstatements that could result
management letter
used to communicate less sever issues
tests of controls
procedures to test effectiveness of controls
evidence from prior years
tests of control effectiveness must be every three years
section 404 reporting on internal control
unqualified opinion:
no identified material weaknesses
there have been no restrictions on the scope of the auditor’s work
adverse opinion:
when one or more material weaknesses exist
qualified or disclaimer of opinion:
scope limitation
