Chapter 6 - Internal Controls in Financial Statement Audits

Question 1

Management has the responsibility to design and maintain controls that provide reasonable assurance that:

Answer 1

1. The entity’s assets and records are properly safeguarded.
2. The information system generates reliable information for decision making

Question 2

The auditor has the responsibility to:

Answer 2

Obtain an understanding of the entity’s internal control
Assess control risk

Question 3

(ESSAY QUESTION) What is Coso’s Internal Control - Integrated Framework?

Answer 3

A system of internal control is designed and carried out by an entity’s board of directors, management, and other personnel to provide reasonable assurance about the objectives in three categories.

Question 4

(ESSAY QUESTION) What are the 3 Objectives of Coso’s Internal Control?

Answer 4

1. Reliability, timeliness, and transparency of internal and external Financial and Nonfinancial Reporting
2. Effectiveness and efficiency of operations, including safeguarding of assets
3. Compliance with applicable laws and regulations

Question 5

Which Controls are Relevant to the Audit?

Answer 5

Generally, internal controls that contribute to the Reliability, Timeliness, and Transparency of external financial reporting are the most relevant.

Question 6

ESSAY QUESTION - What are the Components of Internal Control (5)

Answer 6

Control Environment
Entity’s Risk Assessment Process
Control Activities
Information and Communication
Monitoring Activities

Question 7

!! Components of Internal Control: Describe the Control Environment !!

Answer 7

The set of standards, processes, and structures that provide the basis for carrying out internal controls across the organization.

Question 8

!! Components of Internal Control: Risk Assessment Process !!

Answer 8

A dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives, thereby forming a basis for determining how risks should be managed.

Question 9

!! Components of Internal Control: Control Activities !!

Answer 9

The actions established by policies and procedures to help ensure management directives to mitigate risks to the achievement of objectives are carried out.

Question 10

!! Components of Internal Control: Information and Communication !!

Answer 10

Info is necessary to carry out internal control responsibilities. Communication occurs both internally and externally and provides the organization with the info needed.

Question 11

!! Components of Internal Control: Monitoring of Controls !!

Answer 11

Evaluations, whether ongoing or separate, to ascertain whether the five components of internal control, including controls within each component, are present and functioning.

Question 12

! What are the Five Principles of Control Environment? !

Answer 12

1. The org demonstrates a commitment to integrity and ethical values.
2. The board demonstrates independence from management and exercises oversight of internal control
3. Management establishes structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
4. Org demonstrates a commitment to attract, develop, and retain competent individuals.
5. Org holds individuals accountable for their internal control responsibilities.

Question 13

! What are the Four Principles of the Risk Assessment Process? !

Answer 13

6. Org specifies objectives with sufficient clarity to enable the identification and assessment of risks.
7. Org identifies and analyzes risks to internal control and determines how the risks should be managed.
8. Org considers the potential for fraud
9. Org identifies and assesses changes that could impact the internal control system

Question 14

! What are the Three Principles of Control Activities? !

Answer 14

10. Org selects and develops control activities that mitigate risk. (Performance reviews, physical controls, separation of duties, info processing controls)
11. Org selects and develops general control activities over technology.
12. Org deploys control activities through policies that establish what is expected and procedures that put policies into action.

Question 15

! What are the Three Principles of Information and Communication for Internal Control? !

Answer 15

13. Org obtains or generates and uses relevant, quality info to support internal control.
14. Org internally communicates info necessary to support the functioning of internal control.
15. Org communicates with external parties regarding matters that affect internal control.

Question 16

! What are the Two Principles of Monitoring Controls for Internal Controls? !

Answer 16

16. Org selects, develops, and performs ongoing and/or separate evaluations to determine whether the internal control components are functioning.
17. Org evaluates and communicates internal control deficiencies in a timely manner to proper parties.

Question 17

Substantive Strategy is used and control risk is set at HIGH because of one or all of which 3 factors?

Answer 17

Controls do not pertain to an assertion.
Controls are assessed as ineffective.
Testing the effectiveness of controls is inefficient.

Question 18

How is Reliance Strategy used?

Answer 18

After obtaining an understanding of internal control and a “planned” assessment of control risk is developed. Relies on internal control and assess control risk at a lower level.

Question 19

Control Activities for Occurrence and Completeness

Answer 19

Segregation of Duties
Prenumbered documents that are accounted for
Daily or monthly reconciliation of subsidiary records

Question 20

Control Activities for Authorization

Answer 20

General and Specific authorization of transactions at important control points.

Question 21

Control Activities for Accuracy

Answer 21

Internal verification of amounts and calculations.
Monthly reconciliation of subsidiary records by an independent person.

Question 22

Control Activities for Cutoff

Answer 22

Procedures for prompt recording of transactions.
Internal review and verification

Question 23

Control Activities for Classification

Answer 23

Chart of accounts

Question 24

Control Activities for Presentation

Answer 24

Internal review and verification

Question 25

! What are ways to Document the Understanding of Internal Control? !

Answer 25

Procedures manuals and Org Charts
Flowcharts
Internal Control Questionnaires
Narrative Description

Question 26

ESSAY QUESTION - What are Limitations of an Entity’s Internal Control?

Answer 26

The cost of an entity’s internal control system should not exceed the benefits that are expected to be derived. Balancing costs with the related benefits requires considerable estimation and judgement on the part of management.

Acts limiting effectiveness of internal control:
Management override of internal control
Human errors or mistakes
Collusion

Survey’s have listed a lack of internal controls, overriding of existing controls, and lack of management review as some of the primary sources of internal control weakness related to fraud.

Question 27

!! How do you Assess Control Risk? !!

Answer 27

Identify specific controls that will be relied upon
Perform tests of these controls
Conclude on the achieved level of control risk

Question 28

!! What are the Major Types of Activities Used to Monitor Internal Control? !!

Answer 28

Internal audit function, including the sources of information related to those activities, and how those activities are used to initiate corrective actions to its controls.

Question 29

!! Substantive Strategy vs. Reliance Strategy !!

Answer 29

Substantive strategy means the auditor has decided not to rely on the entity’s controls as the main source of evidence about the assertions in the financial statements.

Reliance strategy means the auditor will rely on the entity’s controls to reduce the risk of misstatement to an acceptably low level.