Chapter 12 Flashcards
Three types of documents used:
- Narratives
- Flowcharts
- Internal control questionnaires
Narratives-
a written description of the client’s internal controls
Flowcharts-
a diagram of the client’s documents and their sequential flow in the organization
Internal control questionnaires
a series of questions about the controls in each area as a means of identifying internal control deficiencies
Methods to evaluate whether the controls are implemented: (list 4)
- System walkthrough
- Make inquiries of client personnel
- Inspect documents and records
- Observe entity activities and operations
System walkthrough
the auditor selects one or a few documents of a transaction type and traces them from initiation through the entire accounting process
Make inquiries of client personnel
ask personnel to explain their duties
Inspect documents and records
by examining completed documents, records, and computer files, the auditor can evaluate whether information described in flowcharts, narrative, and questionnaires has been implemented
Observe entity activities and operations
improves the auditor’s understanding and knowledge that controls have been implemented
Many auditors use a control risk matrix to assist in the control risk assessment process at the transaction level:
- Identify audit objectives
- Identify existing controls
- Associate controls with related audit objectives
A control deficiency
exists if the design or operation of a control does not permit management/employees, in the normal course of performing their functions, to prevent, or detect and correct, misstatements on a timely basis.
A design deficiency
exists if a necessary control is missing, is not properly designed, or is not properly implemented.
An operation deficiency
exists if a well-designed control does not operate as designed or if the person performing the control is insufficiently qualified or authorized.
A significant deficiency
is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
A material weakness
s a deficiency, or a combination of deficiencies, in internal control over financial reporting that there is a reasonable possibility that a material misstatement will not be prevented, or detected and corrected, on a timely basis.
The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls: (List 4)
- Make inquiries of appropriate client personnel
- Examine documents, records, and reports
- Observe control-related activities
- Reperform client procedures
The extent to which tests of controls are applied depends on: (list 5)
- The preliminary assessed control risk
- Whether the control is manual or automated, and the frequency of the operation of the control
- Reliance on evidence from the prior year’s audit
- Testing of controls related to significant risks
- Testing less than the entire audit period
Management letters are not required by auditing standards, but auditors generally prepare them for the client to communicate:
- Less significant internal control–related issues
2. Opportunities to make operational improvements
Unqualified Opinion–The auditor will issue an unqualified opinion on internal control over financial reporting when two conditions exist:
- There are no identified material weaknesses as of the end of the fiscal year
- There have been no restrictions on the scope of the auditor’s work
Adverse Opinion
When one or more material weaknesses exist, the auditor must express an adverse opinion on the effectiveness of internal control
Qualified or Disclaimer of Opinion
A scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal control over financial reporting
