Chapter 8: Internal Control and its Role in F/S Audits Flashcards
What is the role of internal control?
minimize risk of material misstatement and helping to plan audit tests
What is the relationship between internal control and control risk?
when internal control is strong, control risk is low
Evidence collecting strategies
Reliance and Substantive
How is the choice between what evidence collecting strategy to use made?
Depends on the strength of IC and cost of strategy
What strategy is used when controls are weak?
Substantive Strategy
Reliance Strategy
auditor places some reliance on ICs to help ensure the assertions are accurate (CR < 100%)
When is a reliance strategy acceptable?
when ICs are deemed to be adequate
Substantive Strategy
auditor decides not to place any reliance on ICs to help ensure assertion is correct (CR = 100%)
Reasons for employing a substantive strategy
1) CR is high, 2) Cheaper
COSO
primary framework used in US to understand and evaluate IC
Internal Control (COSO definition)
process effected by personnel that is designed to provide reasonable assurance regarding achievement of objectives
Objectives of Internal Controls
1) reliability of financial reporting, 2) Compliance with laws and regulations, 3) Effectiveness and Efficiency of operations, 4) Safeguarding of Assets
Internal Controls (Simple Definition)
processes, policies, devices, and organizational structures implemented by organization to mitigate threats
What is the primary purpose of financial reporting process?
to accurately identify, record, classify, aggregate and report transaction information and supporting information in compliance with GAAP
Four components of financial reporting system
1) Source documents, 2) Journals, 3) General and Subsidiary Ledgers, 4) Financial Statements
Source Documents
documents generated when transaction takes place, byproduct of transaction that provide information about transaction
Journals
where transactions are recorded and summarized
General Journals
used to record any transaction
Specialized Journals
used for specific types of transactions
Ledgers
used to aggregate transaction information that was recorded in journals, made up of accounts which have balances at specific points in time
General Ledger
summary of net activity for all accounts contained in chart of accounts at a particular point in time
Subsidiary Ledger
contain more detailed information about specific accounts
Trial Balance
list of general ledger accounts and their balances at specific point in time
Financial statements
report the line items that summarize a company’s account balances
Limitations for accounting ICs
1) Management Override, 2) Collusion, 3) Human misunderstanding/Error
Management override
person who has ability to fire an employee can often coerce employee to by-pass controls
Collusion
refers to two or more getting together to beat the system
Human misunderstanding/Error
humans may misunderstand or goof up their IC assignment which can cause a control failure
Segregation of Duties
no single individual is in a position where they can both perpetrate and cover-up fraudulent activity
Segregation of Duties at the Macro-Level of the Organization
Segregation of the accounting function from the operating function
Operating Function
enter into and complete transactions, have access to assets
Accounting function
ability to manipulate accounting records
Segregation of Duties at the Micro-Level of the Organization
At least three employees involved in processing a transaction: authorization, execution, and accounting
Requirements for Adequate Documentation of Transactions
1) Transaction Trail should be left and be easy to follow, 2) Using pre-numbered documents, 3) Document transaction events in a timely fashion
Physical Controls to Safeguard Assets
controls that impede the ability for someone to steal assets
Reconciliations
check for agreement between two or more different information sources that provide information about the same event or account
Types of Internal Controls
1) Company level controls, 2) System level controls, 3) Period-end controls
Company level controls
create control climate/attitude for organization (ex. corporate governance structure)
System Process Level Controls
day-to-day controls that ensure transactions occur correctly
Period-end controls
refers to controls over period-end adjustment and closing process
Forms of IT controls
general and application
General controls
controls that affect all IT applications
Application controls
controls that only impact specific IT application
Echo Check
components of system send messages to each other to verify transmission of data between components
Validity/Existence Check
computer compares input customer account number to internally stored list of valid account numbers to ensure account number correctly input
Control Total
comparison of computer processed totals to manually computed totals of all daily sales to ensure all of the day’s sales were accurately input and processed
Limit (reasonableness) Check
test to ensure that numeric value of data input does not exceed certain prescribed value
Parity check
computer adds a bit to each byte to make byte either positive or negative, done so computer can continuously verify internal accuracy of data transmission/processing
Check Digit Verfication
numerically-computed number added to five-digit part number to ensure accuracy of part number input