Chapter 7 Flashcards
Explain the seven generally accepted objectives of internal control activities.
Internal controls are designed and implemented to ensure that transactions are real, recorded, correctly valued, classified, summarized, and posted, and timely.
Understand and describe the elements of internal control at the entity level.
Transaction-level controls are controls that impact a particular transaction or group of transactions. Transactions in this sense refer to transactions that are ordinarily recorded in the general ledger for the client and span from initiation of the transaction through to the reporting of the transaction in the financial statements. Transaction-level controls are those controls that respond to things that can go wrong with transactions.
Explain the different techniques used to document internal controls.
The most common forms of documentation are narratives, flowcharts, combinations of narratives and flowcharts, and checklists and preformatted questionnaires.
Explain the importance of identifying strengths and weaknesses in a system of internal controls
An important outcome of understanding a client’s system of internal controls is the ability to make observations, draw conclusions, and offer recommendations regarding the strengths and weaknesses observed. CAS 260 and CAS 265 require auditors to provide those charged with governance with timely observations arising from the audit. This is generally done through a management letter.
Explain how to communicate internal control strengths and weaknesses to those charged with governance.
A management letter (sometimes also referred to as a letter of recommendations) is a deliverable prepared by the audit team and provided to the client (including those charged with governance). It informs the client of the auditor’s recommendations for improving its internal controls.
Define internal control.
Internal control is the process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control. Controls include entity-level controls and transaction-level controls
Why is it important to understand (and assess) internal controls?
Because when controls are effective, the organization is more likely to achieve its strategic and operating objectives. Internal control is a very broad concept and encompasses all of the elements of an organization—its resources, systems, processes, culture, structure, and tasks. When these elements are taken together, they support the organization to achieve its objectives.
Where internal controls put in place by management agree closely with the theoretical framework, the internal controls may be described as _______. However, where internal controls do not agree closely with the theoretical framework, they may be described as _____.
strong, weak
Internal control, no matter how effective, can only provide an entity with reasonable assurance in achieving its financial reporting objectives. There are inherent limitations of internal control. These include:
human error that results in a breakdown in internal control
ineffective understanding of the purpose of a control
collusion by two or more individuals to circumvent a control
a control within a software program being overridden or disabled.
Internal control consists of five components
- the control environment
- the entity’s risk assessment process
- the information system, including the related business processes, relevant to financial reporting, and communication
- control activities
- monitoring of controls.
Gaining an understanding of the entity-level internal control components helps in
establishing the appropriate level of professional scepticism, gaining an understanding of the client’s business and financial statement risks, and making assessments of inherent risk, control risk, and the combined risk of material misstatement, which, in turn, determines the nature, timing, and extent of audit procedures.
The control environment also sets the foundation for effective internal control, providing discipline and structure, and includes the following elements
Communication and enforcement of integrity and ethical values
Commitment to competence (onsidering the skill levels required for particular positions within the organization and making sure that staff with the required skills are hired and matched to the right jobs)
Participation by those charged with governance
Management’s philosophy and operating style
Organizational structure
Assignment of authority and responsibility.
Human resource policies and practices.
The top five HR issues are:
- talent management and succession planning
- ethics/tone at the top
- regulatory compliance
- pay and performance alignment
- employee training and development.
One aspect of HR risk that is closely related to financial statement auditing is the effect
of HR policies on promoting and communicating ethical values throughout the organization and ensuring that the appropriate “tone at the top” trickles down through the organization
For financial reporting purposes, the entity’s risk assessment process includes
how management identifies risks relevant to the preparation of the financial statements to ensure a fair presentation in accordance with the entity’s applicable financial reporting framework. For identified risks, management estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them.
Risks relevant to financial reporting include
xternal and internal events and circumstances that may occur and adversely affect an entity’s ability to initiate, record, process, and report financial data consistent with the assertions of management in the financial statements. For example, new accounting pronouncements and significant changes to the financial reporting standards (such as the change from local accounting standards to IFRS) are externally created risks relevant to the entity’s financial reporting.
The role of information systems
is to capture and exchange the information needed to conduct, manage, and control an entity’s operations. The quality of information and communication affects management’s ability to make appropriate decisions in controlling the organization’s activities and to prepare reliable financial statements.