Chapter 5 Flashcards
Internal control concepts and Information
What is collusion?
An inherent risk of internal control.
2 or more people may collude or management may override internal control.
Is human judgement considered an inherent risk in internal control?
Yes, because human judgement is faulty and controls may fail because of simple errors /or mistakes.
Internal controls are designed to provide reasonable insurance that?
material errors or fraud will be prevented, or detected and corrected, within a timely period by employees in the course of performing their assigned duties.
Which test will be best to assess auditor concern about management override as a limitation of internal control?
auditor should compare actual expenditures with budgeted amount to determine whether management has overridden approvals.
What is a control deficiency?
The lowest level of deficiency in the AU-C265 standards.
A control deficiency may arise either in the design or operation of the control.
What results in a design deficiency?
- when a necessary control is missing, or
2. A control operating as designed does not meet the control objective.
What results in an operating deficiency?
- when a properly designed control does not function as designed.
- The person performing the control does not have the authority or competence to perform it effectively.
What is the primary objective of procedures performed to obtain an understanding of internal control?
To provide an auditor with knowledge necessary for audit planning.
Audit plan describes:
- Risk assessment procedures
- Further audit procedures at the assertion level
- Other procedures required by GAAS
What are the 5 components of internal control?
- control environment
- risk assessment process
- control activities
- information systems
- monitoring
When may manual controls be suitable?
where judgment and discretion is required:
- for large, unusual, nonrecurring, transactions.
- for circumstances where misstatements are difficult to define, anticipate, or predict..
- in changing circumstances that require a control response outside the scope of an existing automated control, and
- In monitoring the effectiveness of automated controls.
What is the control environment of internal control?
Control environment provides discipline and structure, sets the tone of the organization, and influences the control consciousness of the employees.
What are the components of the control environment of internal control?
- participation of those charged with governance.
- integrity and ethical values
- organizational structure
- management philosophy and operating style
- assignment of authority and responsibility
- Human Resources policies and practices.
- commitment to competence
Which is one of the overriding principles of internal control?
Responsibility for the performance of duty must be fixed.
Fixing the responsibility for each duty makes it easier to trace problems to the persons responsible, and hold them accountable for their actions.
How may effective internal control be obtained?
By decentralization of duties and responsibilities.
Should one person be responsible for Authorization, recording, and custody of related assets?
No. one person should not be responsible for all phases of a transaction.
These duties should be performed by separate individuals to reduce the opportunities to allow any person to be in a position both to perpetrate and conceal fraud or error in the normal course of his or her duties.
Why may the understanding of IT in an attest engagement may most likely be required by the auditor?
To :
- determine the effect of IT on the audit
- understand its controls, and
- design and perform test of IT controls and substantive procedures.
In obtaining an understanding of the manufacturing entity’s internal control concerning inventory balances, an auditor most likely would:
Review the entity’s description of the inventory policies and procedures.
Auditor should obtain an understanding of internal control to plan the audit, Including knowledge about the design of relevant controls and whether they have been implemented.
What is the most logical order the audit step is performed?
- Evaluate the design of relevant controls and determine whether they have been implemented.
- Assess the RMM’s
- Design further audit procedures.
- Test controls
What is obtaining an understanding of internal control and then assessing RMMs used to do?
design further audit procedures (test of controls and substantive procedures).
What does test of controls do?
- Determine the operating effectiveness of controls.
Why is substantive procedures performed?
for all relevant assertions related to material classes of transactions, balances, and disclosures.
But the nature, timing, and extent of substantive procedures depend on the operating effectiveness of controls
What should the auditor document in an audit?
- The understanding of the entity and its environment and the components of internal control.
- The sources of information regarding the understanding,
- The risk assessment procedures performed.
The form and extent of the documentation are influenced by the nature and complexity of the entity’s controls.
in obtaining an understanding of each of the five components of internal control sufficient to plan the audit, how is an understanding obtained?
By performing risk assessment procedures to evaluate the design of controls relevant to the audit and to determine whether they have been implemented.
The auditor uses the understanding of internal control and the assessment of the RMMs to design…?
Further audit procedures.
These include:
Test of control, if relevant, and substantive procedures
What is a decision table?
It identifies the contingencies considered in the description of a problem, and the appropriate actions to be taken relative to those contingencies.
Decision tables are logic diagrams presented in matrix form.
Flow charts DO NOT present the sequence of actions described
What is a system flowchart?
a visual representation of a series of sequential processes, that is, of a flow of documents, data, and operations.
Why might a flowchart be preferred over a questionnaire?
Because a picture is more easily comprehended.
Documentation of internal control of a complex information system may include?
questionnaires, flowcharts, or decision tables.
What is the sequence of documents and operations on a well prepared systems flowchart
top to bottom and left to right
What is a system flowchart?
A symbolic representation of the flow of documents and procedures through a series of steps in the accounting process of the client’s organization.
When is a hot site used?
When fast recovery backup is critical.
Hot site includes all software , hardware, and other equipment necessary for a company to carry out operations.
Hot sites are expensive to maintain
Name the computer program that appears to be legitimate, but performs some illicit activity when it runs.
Trojan Horse.
Eg.
A game appearing friendly, but actually contains an application destructive to the computer system
What is Preformatting?
An online data entry control to avoid data entry errors.
The display of a document, with blanks for data items to be entered by the terminal operator
What is validity check?
tests identification numbers or transaction codes for validity by comparison with items already known to be correct or authorized.
eg.
validity check identify a transmission for which the control fields value did not match a pre-existing record in a file.
What is a hash total?
a control total without a defined meaning, such as total employees numbers, or invoice numbers, that is used to verify the completeness of data.
