Chapter 5 (Internal Controls) Flashcards
the quality of internal control over financial reporting is a part of good…
corporate governance
provides accountability of those entrusted to run the company to those who have provided the resources
good internal controls
a response to the risks that stand in the way of achieving your objectives
internal controls
the better the quality of internal control the better the
control risk
responsibility for internal controls includes what two responsibilities
- management responsibility
- auditor responsibility
- management has primary responsibility for internal control
- Sarbanes-Oxley Act of 2002 (publicly traded companies)
management responsibilities
- second stand of fieldwork
- PCAOB auditing standard No. 5 (AS 5)
- For each fraud risk identified during planning stage, auditor should verify that client has attempted to mitigate through controls
auditor responsibility
company annual reports must include
- A statement that management is responsible for establishing and maintaining adequate internal control over financial reporting.
- A statement identifying the framework (usually COSO) management uses to evaluate the effectiveness of the company’s internal control.
- A statement providing management’s assessment of the effectiveness of the company’s internal control.
An Audit of Internal Control over Financial Reporting That Is Integrated with an Audit of Financial Statements
PCAOB Auditing Standard No. 5 (AS 5)
an integrated audit meaning you cannot go out and hire one firm to do one thing and then another to do another. it is either both or none.
integrated audit
auditors must provide their ___ on the effectiveness of client’s internal controls
opinion
committee of sponsoring organizations of the national commission of fraudulent financial reporting
coso
A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives
COSO definition by Internal control
Internal control - An integrated framework (COSO) has what three categories
(1) Reliability of financial reporting,
(2) Compliance with applicable laws and regulations,
(3) Effectiveness and efficiency of operations.
___ are the most important in analysis. they establish control objective, put controls in place and operate them
people
Control breakdowns that can cause failure to achieve control objectives:
- Human error
- Deliberate circumvention
- Management override
- Improper collusion
C.R.I.M.E
- Control activities
- Risk Assessment
- Information and Communication
- Monitoring
- Control Environment
- Sets the tone of an organization, influencing the control consciousness of its people.
- It is the foundation for all other components.
- It includes the integrity, ethical values and competence of the people
control environment
Management must set strategy, ID risks, understand the likelihood and manage.
Risk Assessment
control procedures include
- Physical controls over the security of assets
- Segregation of duties
- Information Processing
- -Approvals and authorization
- -Verifications and reconciliations
- Performance reviews
Management is charged with ensuring that control objectives are being met, so they must be active, doing things like:
- Studies of budget variances
- Bank reconciliations
- Counts of inventory
- Counts of cash on hand, etc.
the more active they are the more chance they have to catch
errors and fraud
CBA stands for…
Cost Benefit Analysis
Person should not be in position to create and conceal errors and fraud.
Separation of Duties
Physical access to assets and important records, documents, and blank forms should be limited to authorized individuals.
Physical Controls
An example of a physical controls
blank checks
Information Processing Controls
- Information technology general controls (ITGC)
- Information technology application controls (ITAC)
include controls over-data center operations, system software acquisition and maintenance, access security, etc. Apply overall to your IT environment.
information technology general controls
steps within the app. to control info processing.
information technology application controls
- Create inventory of spreadsheets used, including, name, description, department, frequency and extent of changes.
- Evaluate the use and complexity
- Determine the necessary level of controls
- Evaluate existing controls
- Develop an action plan for remediating control deficiencies
spreadsheet auditing
The identification, capture, and exchange of information in the form and time frame that enables people to carry out their responsibilities.
information and communication
In order to make effective decisions, mgmt must have access to
timely, relevant, reliable information.
produces a trail of operations
information system
