Chapter 5 - Internal Control Flashcards
ICs are designed to provide reasonable assurance in the following categories
- reliability of financial reporting
- effectiveness and efficiency of operations
- compliance with laws and regulations
ICFR objective is to see the…
reliability of financial reporting
limitations of IC include…
human error, collusion, management override (limitation of control, and cost/benefit analysis
there is often a trade off between the cost and ____ of ICs
effectiveness
the concept of reasonable assurance recognizes…
that the cost of ICs should not exceed the benefits
two types of controls
detective, preventive
why do we always asses iC even if we dont test it?
helps guide decisions
for each fruad risk, auditors must evaluate whether…
controls are in place to mitigate the fraud risk
must assess control risk to…
determine the nature, timing, and extent of substantial procedures to be performed
less reliance on control risk mean ____ CR, ____ RMM, ____ detected risk
higher, higher, lower
more reliance on control risk means ____ CR, ____ RMM, and ____ detection risk
lower, lower, higher
with more reliance on control risk, how do we adjust the nature?
more effective test
with more reliance on control risk, how do we adjust timing?
testing performed at year end
with more reliance on control risk, how do we adjust extent?
higher sample size
COSO is used by…
auditors and management
control environment sets the…
“tone at the top”
control environment is the…
foundation for all other components
audit committee is a…
subcommittee of the board that is generally composed of 3-6 “outside members”
audit committee provides a…
buffer between the audit team and operating management
all members of the audit committee must be…
financially literate
one member of the audit committee must be…
a financial expert
risk assessment is from the ___ perspective
managements
risk assessment is the…
management’s identification, analysis, and management of relevent risks to achievement of its objectives
one way to do risk assessment is through…
COSO’s ERM framework
we want a control to assess a _____ risk
specific
occurance always goes with
vouching
completeness always goes with
tracing
who used accounts recieveable aging reports?
CEO
who used new hire reports?
payroll clerk
four types of functional responsibilities that should be segregated
- authorization
- recording transactions
- custody of assets involved
- periodic reconciliation
the auditor cannot ever rely on info produced by the company’s info system without…
investigation
“audit trail”
trail of activities information systems provide
a well functioning monitoring system includes…
ongoing and separate evaluations and reporting deficiencies
phase 1 of internal control evaluation is
undertand and document
phase2 of evaluation is
asses the control risk (preliminary)
phase 3 of evaluation is
Identify controls to test and perform test of controls
entirety level controls are…
pervasive to the internal control system and the reliability of financial statements taken as a whole
entity level controls are not…
transaction specific
a narrative is..
in writing from start to finish including control
in phase 2 assessing cost risk, we consider..
cost effectiveness of reliance and testing
two reasons auditor may choose to not test controls
- Ic systems is TOO EFFECTIVE in preventing or detecting misstatements to rely upon to justify reductions in substantive testing
- it may take more time to test controls than to just perform more substance testing
for non public, how do we know ICS are not effective
- walkthrough discrepancy
- already tested internally
when we assess risk, we do not…
test every control
for efficiency, if we test audit controls it is ____ audit more
less
we want to test the _____ level controls we can
highest
exception testing is…
testing all items in a population
audit sampling is…
taking a sample from a population
lowest level of support for a control is…
inquiry
for testing of controls, direction…
does not matter
if an IC is design deficient..
do nto proceed
if IC is not design deficient…
test operating deficient
what serious IC deficiencies do we report to audit committee?
material weakness and significant dificeni