Chapter 7: Internal Control

Question 1

What are the steps of an audit?

Answer 1

1. Plan the audit
2. obtain understanding of client and its environment including internal control
3. assess risk of misstatements
4. design further procedures
5. depends on planned assessed CR perform tests of controls
6. perform substantive procedures
7. complete the audit
8. issue audit report

Question 2

why consider internal control?

Answer 2

to assess the risk of material misstatement

to assess control risk and then determine the nature, timing, and extent of further audit procedures

Question 3

audit risk

Answer 3

the combined risk of material misstatement and the risk the auditor doesn’t detect the misstatement

Question 4

risk of material misstatement

Answer 4

inherent risk and control risk

Question 5

inherent risk

Answer 5

the risk of material misstatement before the controls

Question 6

control risk

Answer 6

the risk of the internal controls failing to prevent or detect and correct material misstatements that occur

Question 7

detection risk

Answer 7

the risk the auditor assumes/ restricts that they themselves won’t catch a material misstatement when there is one (disappears if no audit takes place)

Question 8

internal control

Answer 8

process effected by the entity’s BOD management and other personnel designed to provide reasonable assurance regarding the achievement of objectives:

1. reliability of financial reporting
2. effectiveness of efficiency of operations
3. compliance with applicable laws and regulations

Question 9

control enviornment

Answer 9

managements and directors attitudes awareness and actions

Question 10

risk assessment

Answer 10

the organization’s process of identifying potential risks to its financial reporting objectives and developing actions to address those risks

Question 11

accounting information and communication system

Answer 11

an info system should include methods and records that:

1. identify and record all valid transactions
2. provide on a timely basis sufficient detailed info about transactions to permit proper classification for financial reporting
3. allow for the recording of transactions at their proper monetary value in the financial statements
4. provide sufficient info to permit recording of transactions in the proper accounting period
5. properly present the transactions and related disclosures in the financial statements

Question 12

control activities

Answer 12

an organization will establish policies and procedures to help ensure management directives are carried out: 
 performance reviews
 info processing controls
 physical controls
 segregation of duties

Question 13

monitoring

Answer 13

due to changes among personnel and within the organization it is essential that internal controls be monitored over time to determine whether they continue to be relevant and able to address new risks of the organization

Question 14

implemented

Answer 14

placed in operation: to obtain use flowcharts. this must be done on ALL audits. used to identify types of potential misstatements, consider factors that affect the risk of material misstatements, design tests of controls, design substantive procedures

Question 15

operating effectiveness

Answer 15

relates to tests of controls (why they are done), concerned with how a control was applied, consistency with which it was applied, by whom it was applied

Question 16

actual control risk

Answer 16

the actual, unknown, risk that a material misstatement could occur in an assertion (or account) will not be prevented or detected on a timely basis by an entity’s internal control

Question 17

planned assessed level of control risk

Answer 17

this level is lower than the maximum level when the assessed level of risk of material misstatement presumes that controls operate effectively. (before testing controls)

Question 18

assessed level of control risk

Answer 18

the level at which control risk is assessed for purposes of determining the scope of substantive procedures. no test of controls this is at maximum

Question 19

level of understanding of internal controls required

Answer 19

design of structure and whether it has been implemented (placed in operation), or in other words the company is using the control

Question 20

level of knowledge required

Answer 20

controls have been placed in operation/implemented

Question 21

not required

Answer 21

tests of controls to figure out operating effectiveness

Question 22

documentation required

Answer 22

understanding obtained to plan the audit must be documented:

1. internal control questionnaire
2. checklists
3. written narrative of IC
4. flowcharts

Question 23

planned and assessed risk below max requires

Answer 23

identify IC procedures relevant to account or assertion

if no test of controls have been performed control risk must be assessed at maximum

Question 24

as the assessed level of control risk increases

Answer 24

the acceptable level of detection risk DECREASES, may modify nature, timing, and extent of substantive tests

Question 25

nature

Answer 25

type of audit testing

Question 26

timing

Answer 26

how closed to balance sheet date they are performed, the higher the risk of CR the later started

Question 27

extent

Answer 27

the amount of work/ how in depth (a lot of work if max CR)

Question 28

types of tests of controls

Answer 28

1. inquiries
2. inspection
3. observation
4. reperformance

Question 29

inquiries

Answer 29

discuss with appropriate client personnel the manner in which the control functions

Question 30

inspection

Answer 30

inspect invoices and determine whether evidence exists that the procedures have been performed

Question 31

observation

Answer 31

observe application of the procedures being applied to the invoices several times during the year

Question 32

reperformance

Answer 32

reperform the procedure by comparing quantities shown on each invoice to the quantities listed on the related shipping documents and by comparing unit prices to the client’s price lists

Question 33

communication of control related matters

Answer 33

to management and those charged with governance (ordinarily the audit committee)

Question 34

deficiency

Answer 34

when the design or operation of a control does not allow management or employees in the normal course of performing their assigned functions to prevent or detect material misstatements on a timely basis (not severe not necessarily required to be communicated)

Question 35

significant deficiency

Answer 35

a deficiency in internal control (or a combo of them) that is less severe than a material weakness, yet important enough to be required to communicate to those in charge of oversight of company’s financial reporting

Question 36

material weakness

Answer 36

a deficiency in internal control (or a combo of them) that is most severe and there is possibility that a material misstatement of the company’s financial statements will not be prevented of detected on a timely basis (obviously communicated)

Question 37

Use of internal auditors

Answer 37

objectivity- consider independence and policies for assuring they are object
competence- consider education, experience, professional certifications, audit policies, etc.
work performance- review their work

Question 38

service organizations

Answer 38

provide processing services to companies, referred to as user entities that decide to outsource a portion of their processing – service auditor report or test their controls

Question 39

integrated audit

Answer 39

required by publicly traded companies (done simultaneously)

Question 40

the focus is primarily on significant accounts and disclosures and relevant assertions

Answer 40

an account is significant and an assertion is relevant if there is a reasonable possibility that the account/assertion could contain material misstatement

Question 41

material weakness opinion

Answer 41

adverse opinion

Question 42

scope limitation opinion

Answer 42

qualified opinion or a disclaimer of opinion