Chapter 7 Flashcards
Internal controls over financial reporting have two main objectives.
Prevent misstatements in the financial statements.
Detect and correct misstatements in the financial statements.
Preventive Controls
Applied to each transaction during normal processing with the intention of stopping errors or fraud from occurring
Detective controls
Applied after transactions have been processed to identify whether errors or fraud have occurred and to rectify the errors or fraud on a timely basis
Types of manual and automated controls
Purely manual controls
IT general controls
IT application controls
IT-dependent manual controls
Purely manual controls
Do not rely on the client’s IT environment for their operation.
IT General Controls (ITGCs)
Support the ongoing functioning of the automated aspects of preventive and detective controls, and provide a basis for relying on electronic audit evidence. The auditor needs to identify, understand, walkthrough, test, and evaluate the controls.
Five Types of IT General Controls
Data center and network operations
System software acquisition, change, and maintenance
Program change
Access
Application system acquisition, development, and maintenance
IT Application Controls
Fully automated controls that apply to the transactions and include e.g., edit checks, validations, calculations, and authorizations. They may be important in enforcing the segregation of incompatible duties.
IT-Dependent Manual Controls
A preventive or detective control that has both manual and automated aspects. Consideration is given to both the manual and the automated aspects.
Tests of controls (controls testing)
Audit procedures performed to test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.
Audit procedures included in the tests of controls
Inquiry, observation, inspection of physical evidence, reperformance, and tests of software controls using test data.
Effect of the combination of testing procedures
Provides evidence that the control operated as intended throughout the period for which the auditor wishes to place reliance on the control.
Professional judgments about the tests of controls
What controls should be selected for testing?
What audit procedures should be performed?
How many items should be selected for testing (the extent of tests of controls)?
When to perform tests of controls.
What controls should be selected for testing?