Chapter 8 - Internal Controls Flashcards
Objectives of Internal Controls
Minimize Material Misstatements caused by human errors, fraud, irregularities
Safeguard assets for purpose of the company (Theft)
Ensure compliance with rules and regulations of GAAP
Ensure that the transactions are captured on a timely basis
Assertions established with Financial Statements
“Every CPA Can Right Very Properly”
Existence
Completeness
Cutoff
Rights and Obligations
Valuation
Presentation and Disclosure
How does the financial statement asserts come back to the objectives of an auditor?
The lack/weaknesses of these assertions establish the auditors objectives
What direction would “existence” misstatement be in ?
The account balance would be overstated. These transactions do not have an originating point. “ASSET ACCT”
What direction would “completeness” misstatement be in ?
The account balance would be understated. “LIABILITY ACCT”
What are the steps of an audit responsibilities for an external auditor
- Plan the audit
- Obtain an understanding of the client and its environment, including internal control
- Assess the risks of material misstatement and design further audit procedures
- Perform further audit procedures
- Complete the audit
- Form an opinion and issue the audit report
Five internal control components
- Control environment - Tone at the Top
- Accounting information system/ Communications
- Risk assessment
- Control activities
- Monitoring
Documenting the Understanding of Internal Control
•Questionnaires
Typically standardized by firm
•Written Narratives
Memos that describe flow of transactions
•Flowcharts
Systems flowcharts
•Walk-through
Trace one or two transaction through cycleDo you need to understand internal controls for non public companies?
Yes, in order to understand the nature timing and content
COSO framework is used to…
help companies establish effective internal controls.
Sponsored by: AICPA , PCAOB, Institute of Internal Auditors
Control Procedures Include
“satisfy the key elements of control”
Authorization Validity -> makes sure # ares correct Segregation of Duties Accuracy Timeliness Completeness Cut Off - No incorrect period transactions
Risk Assessment is defined as:
are all COSO objectives satisfied by internal control activities?
Accounting Risk equals
Inherent Risk X Control Risk X Detection Risk
Calculate Detection Risk by:
Audit Risk / IR * CR
To apply control activities you have to have a general and specific purpose. Examples of those are…
Segregation of Duties
Who Should access the system
Specific objective:
Validation of Inputs
External Auditors’ responsibilities regarding internal control structure of the company?
a. Auditors are required to obtain an understanding of the environment & internal structure
b. Test controls for effectiveness
Why do Auditors need to understand the tone and internal structure of a company?
Identify potential misstatements
Consider Factors that affect risk of material misstatements
Design test of controls and substantive procedures
Auditors responsibility for control deficiencies of internal control.
Provide a notice to both management and the audit committee and provide a notice for corrective action. They are required communication for both a significant deficiency or material weakness. Communication must be in writting
Define: Deficiency in internal controls
design of operation of a control does not allow management or employees to detect material misstatement or weakness in a timely basis.
Define: Material weakness in internal controls
Material weaknesses will not be prevented or detected on a timely basis.
How to prevent theft from accounts payable operator
Segregation of duties between assets and record keeping
Independent Validation of Paperwork for review
Approved Vendors and Manager approval
Limit on check balances for vendors
How to detect online theft or fraud from employees
Controls that detect transfers to employee’s accounts from business accounts
Separation of client’s accounts and employees accounts
How to prevent a computer from being hacked?
The passwords need to be established properly
How to prevent untimely transactions to affect real time transactions
compare the actual time to the real time of recorded transaction
What is the task asking for when writing down the objection and deviation of internal controls
The objective is the purpose that the internal control is performing and what they are doing to confirm the objective. The deviation would be the lack of the performing objective.
