Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CPA AUD > Chapter 3 - 3.1 & 3.2 > Flashcards

Chapter 3 - 3.1 & 3.2 Flashcards

1
Q

What are the primary objectives of internal controls?

A

A ccurate and reliable financial reporting

C ompliance with applicable laws and regulations

E fficient and effective operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does it mean when you set control risk to a maximum?

A

It means there is a 100% probability that an entity’s internal control system will not prevent or detect a fraud or error or allow it for correction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the financial statement assertions for the income statement?

A

C ompleteness

P eriod Cutoff

A ccuracy

C lassifiation

O ccurence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the financial statement assertions for the balance sheet?

A

R ights and obligations

A allocations and valuation

C ompleteness

E xistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the financial statement assertions for disclosures?

A

R ights and obligations

A ccuracy and valuation

C ompleteness

O ccurence

U nderstandability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are five components of internal control?

A

C ontrol activitites

R isk assessment

M onitoring

I nformation and communication

Control E nvironment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the parts of a good control environment?

A

C ommitment to competence

H uman resources policies & practices

O rganizational structure

P articipation of those charged with governance

P hilisophy of management and mgmt operating style

E thical values & integrity

R esponsibility assignment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the four principles of risk assessment for internal control?

A
  1. Specify suitable objectives
  2. Identify and analyze risk
  3. Assess fraud risk
  4. Identify and analyze significant change
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the focus of control activities in internal controls?

A

P erformance reviews

I nformation processing

P hysical controls

S egregation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the separate parts of segregation of duties?

A

A uthorization of transactions

R ecording (posting) of transactions

C ustody of assets

C omparisons

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does communication mean in terms of internal controls?

A

It means establishing individual duties and responsibilities relating to internal control and making them known to involved personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is monitoring for internal controls?

A

The means by which management determines if internal controls are being followed and if they are effective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the inherent limitations of internal controls?

A

C ollusion

O verride by management

P oor human judgement and errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the steps to understanding internal control?

A
  1. Obtain an understanding of I/C components (CRIME)
  2. Document your understanding of I/C
  3. Assess risk of material misstatement
  4. Develop an audit strategy to either:
    1. Perform test of controls (rely on I/C)
    2. Assess control risk to a max (not rely)
  5. Reassess risk of material misstatement and evaluate results
  6. Documents conclusions and plan substantive testing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of risk assessment procedures do auditors do on internal controls?

A

Analytical procedures

Inquiries

Inspection

Observation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are ways to document to the auditor’s understanding of internal control?

A

F lowchart

Internal control questionnaire (ICQ)

N arrative or memorandum

D ecision table/tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the four types of tests of controls an auditor performs on internal control?

A

R eperformance

I nquiry

I nspection

O beservation

18
Q

What does it mean when an auditor decides to NOT rely on controls related to a relevant assertion?

A

RMM will be equal to the assertion’s inherent risk assuming no relevant controls are in place.

Auditor will develop a test that applies substantive procedures to the assertion.

19
Q

What does it mean when an auditor decides to RELY on controls related to an assertion?

A

RMM will be REDUCED from IR, taking CR being below maximum

Auditor will perform the TEST OF CONTROLS for a population covering the entire period.

20
Q

How often should an auditor test operating effectiveness?

A

At least once every 3 years

21
Q

What happens if the auditor concludes controls are effective?

A

The nature, timing, and extent of audit procedures will be reduced

22
Q

What is dual purpose testing?

A

Doing both substantive testing and tests of controls for an assertion

23
Q

What types of deficiencies and weaknesses is an auditor required to communicate to management or governance?

A

Significant deficiencies and/or material weaknesses

24
Q

What are the different types of transactions or events in each operating cycle?

A

Initiation (Start)

Authorization

Completion or execution

Recording

Verification (Evaluate Defenses)

SACRED

25
What are the different things control activities watch for?
**P** hysical controls **R** ecording **A** uthorization **I** ndependent checks **S** egregation of duties **E** valuate performance **(PRAISE)**
26
When does a control deficiency exist?
When the design or operation of a control **DOES NOT** allow management or employees in the normal course of business to prevent, detect, or correct a misstatement on a timely basis. Can be a deficiency in design or operation.
27
What is a control deficiency in design?
A deficiency that occurs when a control has not been put in place or it has been put into place but it was not designed to address its intended risk.
28
What is a control deficiency in operation?
A deficiency that occurs when a control is not operating as designed or the individual responsible for it lacks authority or ability to perform it effectively.
29
What is a material weakness?
Deficiency or combination of deficiencies where there is reasonable possibility that a material misstatement will not be prevented, detected, or corrected on a timely basis.
30
What is a significant deficiency?
Deficiency or combination of deficiencies that are less severe than a material weakness but more than a control deficiency.
31
What are some indicators of a material weakness?
Ineffective oversight by those charged with governance Restatements of PY financial statements because of material misstatements from error or fraud Material misstatements not detected by internal control, but detected by the auditor Fraud by senior management. Both material and immaterial.
32
What must the auditor report to those charged with governance within 60 days after report release date?
Any significant deficiencies or material weaknesses found
33
What is in the report to governance/mgmt when communicating significant deficiencies and/or material weaknesses?
1. State purpose of audit was to report on financial statements, NOT assurance on effectiveness of internal controls 2. State auditor is NOT expressing an opinion on effectiveness of internal controls 3. State auditor's consideration of internal controls was not designed to find all significant deficiencies or material weaknesses 4. Include the definition of material weaknesses and significant deficiencies (if applicable) 5. Identify significant deficiencies and material weaknesses 6. State communication is only for governance and management (limited use)
34
Can you write a report saying there are no material weaknesses or no significant deficiencies?
Can write report saying no material weaknesses but can't say no significant deficiencies
35
What is the top down approach for an audit of financial statements and examination of internal controls?
1. Auditor assesses risk at the financial statement level (concentrates on entity-level controls). 2. The auditor looks at significant accounts and disclosures and their relevant assertions. 3. The auditor identifies potential deficiencies in design or operation 4. The auditor evaluates deficiencies based on magnitude and probability
36
What is included in the management representation letter for internal control over financial reporting?
1. Mgmt responsibility for internal control 2. Indication mgmt has performed an assessment of internal controls over financial reporting based on a set of criteria 3. Mgmt assessment did not incorporate results of procedures done by auditor 4. Mgmt assessment of internal controls over financial reporting as of a certain date 5. Indication mgmt has informed the auditor all all deficiencies in internal controls over financial reporting 6. Any fraud resulting in a material misstatement or involving people involved in internal controls over financial reporting 7. Indication significant deficiencies and material weaknesses from before have or have not been addressed 8. Indication of any changes to internal controls over financial reporting subsequent to date being reported on
37
What is included in an auditor's report on internal controls?
1. Title that includes the word **independent** 2. Appropriate addressee 3. Intro paragraph that contains 1. Identity of entity who is being audited, and indication that internal controls over financial reporting has been audited 2. Date of which internal controls over financial reporting were assessed 3. Criteria it was measured against 4. Management responsibility paragraph for: 1. Design, implementation, and maintenance of internal controls over financial reporting (DIM) 2. Assessment of effectiveness of ICFR 3. Providing management report on ICFR 5. Auditor responsibility paragraph for: 1. Expressing opinion on ICFR 2. Engagement in accordance with GAAS 3. Description of audit auditor did procedures to obtain evidence about existence of material weaknesses 4. Indication auditor believes examination supports opinion 6. Definition and inherent limitations of internal controls over financial reporting 7. Opinion 8. Auditor signature with city, state, and date of report
38
What type of opinion does a report get if there is a material weakness that isn't addressed?
An adverse opinion. Need a basis for adverse opinion before the opinion paragraph
39
What opinion does a report get if management applies a scope limitation to the auditor?
A disclaimer of opinion, or they can choose to withdraw from the engagement.
40
What is rule 404a of Sarbanes-Oxley?
Rule that requires the annual report for a public company to include a report on internal control that shows management's responsibility for internal controls and mgmt's assessment of its effectiveness.
41
What is rule 404b under Sarbanes-Oxley?
The rule that requires the auditor

CPA AUD (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions