Chapter 8 - Understanding the Internal Controls System Flashcards
What is a system of internal controls?
It is the policies and procedures designed, implemented, and maintained by management to provide reasonable assurance that:
1. There is reliable financial information
2. Effectiveness and efficiency in operations
3. Compliance with relevant laws and regulations
What are policies
Statements of what should or should not be done in an organization to affect controls.
What are procedures? How are procedures created?
Actions done to implement the policies. They may be created through formal documentation mandates or the result of behaviors that are not mandated but conditioned
What are the 4 broad objectives of management implementing internal controls
- Provide a strategic high level goals that support the mission of the entity
- Reliable financial reporting
- Efficiency and effectiveness of operations
- Compliance with laws and regulations
For public companies in Canada, what do they have to report on? What are the three levels of control that should exist?
They report on the effectiveness of internal controls over the financial reporting.
- Entity
- Information technology
- Business Process.
Describe the following control parts:
1. Entity Controls
2. Information Technology
3. Business Process
Entity - Controls that have a pervasive effect on the achievement of the organizations objectives for internal control, like the governance structure
Information Technology and General Controls - Controls that relate to the operating system, applications, and databases supporting the operation of information systems and forms the foundation of the information technology environment. , system access controls
Business Process - Controls embedded within a specific key financial business process like payroll.
What are the two key concepts that underlie managements design and implementation of controls
- Reasonable Assurance - Provides reasonable assurance that financial statements are fairly presented, includes a cost and benefits analysis, low level of control risk.
- Inherent Limitations - Effectiveness of the system depends on the competence and dependability of the people using it even if the technology was perfect and ideal.
What is management override?
The ability of management and / or those charged with governance to manipulate accounting records and prepare misleading and / or fraudulent financial statements by overriding internal controls, even where the controls may otherwise appear to be operating effectively.
What is collusion?
A cooperative effort among employees or management to defraud a business of cash, inventory, or other assets.
What are the responsibilities of management for public companies in Canada for reporting?
Which framework do they use?
What is COSO
What are management two parts of the assessment of internal control over financial reporting
Publicly report on the operating effectiveness of internal controls
Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control - Integrated Framework
COSO is the GAAP equivalent for internal controls, the framework used to assess the effectiveness of internal controls
- Evaluate and design of internal controls over financial reporting
- Management must test the operating effectiveness of those controls
What is the auditors main responsibility in assessment of the clients internal controls? Why? Is this responsibility always necessary?
Understand, identify, and evaluate the internal controls that are relevant to the audit -
Identify the risk of material misstatement at the financial statement level and assertion level.
Yes this responsibility is always necessary even if we do not intend to rely on the controls as we must understand the organizations circumstances and situation
What are relevant controls? Provide an example of a control that may not be relevant in general but may be relevant in a specific circumstance.
Controls that relate to reliability of financial reporting like compliance with laws and the safeguarding of assets.
Operation controls / Internal management information may not be relevant except where the information produced is used to develop analytical procedures or the information is required for the disclosure of the financial statement.
What are direct controls?
Controls that are precise enough to address RMM at the assertion level. Address the risk of the integrity of the information.
What are indirect controls?
Controls that are not sufficiently precise to prevent, detect, or correct misstatements at the assertion level but which support direct controls and therefore, have an indirect effect on the likelihood that a misstatement will be detected or prevented on a timely basis.
What preceeds the understanding of internal controls? What are the three parts of internal controls on the pervasive level and why are they important / briefly describe them
Identifying RMM at the financial statement level and assertion level.
Three parts include risk assessment, monitoring, and the control environment. They are indirect controls however they have direct control aspects, if they are deficient it could have a pervasive risk on the overall financial statement risk.
How does the auditor assess RMM at the financial statement level and inherently the assertion level?
How does the auditor assess RMM at the assertion level specifically?
Three parts include risk assessment, monitoring, and the control environment.
Understanding how the information is processed (the IS) and identification /evaluation of controls in the controls in the control activities components.
What are control activities?
These are controls to ensure the proper application of policies in all components of internal control and can be direct or indirect
What are the five components of internal controls?
- Control environment
- Risk Assessment
- Control Activities
- Monitoring
- Information and communication
What is the control environment?
Actions, policies, procedures that are set in place by management and those in charge of governance to provide an overall tone of the perspective on control creating a pervasive effect on identifying risk and implementing good controls., they provide the foundation for all other components
Describe how the control environment works?
If the management and governance seem to care about the controls, policies, and procedures than others will follow their lead and also care, improving the control environment. If management ignores it then the staff will also likely ignore it.
Describe integrity and ethical values - Control environment
The ethical values demonstrated by the tone of management and the board of directors provide signals to the employees of what is most important.
There should be a clear code of conduct and ethics to describe the position of the firm to the employees and to outsiders.
There should be processes to evaluate performance of individuals and teams, in addition to addressing deviations in a timely manner.
Describe the board of directors - Control environment
They have appropriate background, expertise, independent and scrutinize management behaviors.
North American exchanges have the creation of the audit committee who financially literate, independent.
What is the role of the audit committee?
- Consider the potential for management override of internal controls
- Oversee management fraud risk assessment process and anti fraud programs and controls
- Maintain ongoing communications with both internal and external auditors.
- Approves audit and non audit services
- Safeguards to the potential threats to auditors independence
Describe the structure, authority, and responsibility
It has an organizational structure that is appropriate for its size and operating activities, with clear defining lines of responsibility and authority.