Chapter 3 - 3.1 & 3.2 Flashcards
What are the primary objectives of internal controls?
A ccurate and reliable financial reporting
C ompliance with applicable laws and regulations
E fficient and effective operations
What does it mean when you set control risk to a maximum?
It means there is a 100% probability that an entity’s internal control system will not prevent or detect a fraud or error or allow it for correction.
What are the financial statement assertions for the income statement?
C ompleteness
P eriod Cutoff
A ccuracy
C lassifiation
O ccurence
What are the financial statement assertions for the balance sheet?
R ights and obligations
A allocations and valuation
C ompleteness
E xistence
What are the financial statement assertions for disclosures?
R ights and obligations
A ccuracy and valuation
C ompleteness
O ccurence
U nderstandability
What are five components of internal control?
C ontrol activitites
R isk assessment
M onitoring
I nformation and communication
Control E nvironment
What are the parts of a good control environment?
C ommitment to competence
H uman resources policies & practices
O rganizational structure
P articipation of those charged with governance
P hilisophy of management and mgmt operating style
E thical values & integrity
R esponsibility assignment
What are the four principles of risk assessment for internal control?
- Specify suitable objectives
- Identify and analyze risk
- Assess fraud risk
- Identify and analyze significant change
What are the focus of control activities in internal controls?
P erformance reviews
I nformation processing
P hysical controls
S egregation of duties
What are the separate parts of segregation of duties?
A uthorization of transactions
R ecording (posting) of transactions
C ustody of assets
C omparisons
What does communication mean in terms of internal controls?
It means establishing individual duties and responsibilities relating to internal control and making them known to involved personnel
What is monitoring for internal controls?
The means by which management determines if internal controls are being followed and if they are effective.
What are the inherent limitations of internal controls?
C ollusion
O verride by management
P oor human judgement and errors
What are the steps to understanding internal control?
- Obtain an understanding of I/C components (CRIME)
- Document your understanding of I/C
- Assess risk of material misstatement
- Develop an audit strategy to either:
- Perform test of controls (rely on I/C)
- Assess control risk to a max (not rely)
- Reassess risk of material misstatement and evaluate results
- Documents conclusions and plan substantive testing
What type of risk assessment procedures do auditors do on internal controls?
Analytical procedures
Inquiries
Inspection
Observation
What are ways to document to the auditor’s understanding of internal control?
F lowchart
Internal control questionnaire (ICQ)
N arrative or memorandum
D ecision table/tree
What are the four types of tests of controls an auditor performs on internal control?
R eperformance
I nquiry
I nspection
O beservation
What does it mean when an auditor decides to NOT rely on controls related to a relevant assertion?
RMM will be equal to the assertion’s inherent risk assuming no relevant controls are in place.
Auditor will develop a test that applies substantive procedures to the assertion.
What does it mean when an auditor decides to RELY on controls related to an assertion?
RMM will be REDUCED from IR, taking CR being below maximum
Auditor will perform the TEST OF CONTROLS for a population covering the entire period.
How often should an auditor test operating effectiveness?
At least once every 3 years
What happens if the auditor concludes controls are effective?
The nature, timing, and extent of audit procedures will be reduced
What is dual purpose testing?
Doing both substantive testing and tests of controls for an assertion
What types of deficiencies and weaknesses is an auditor required to communicate to management or governance?
Significant deficiencies and/or material weaknesses
What are the different types of transactions or events in each operating cycle?
Initiation (Start)
Authorization
Completion or execution
Recording
Verification (Evaluate Defenses)
SACRED