Chapter 9: Assessing Control Risk for a F/S Audit

Question 1

What must auditors do to assess control risk in order to plan the audit?

Answer 1

determine whether and to what extent they can rely on internal controls in order to determine how much audit testing they need to do to verify management’s assertions

Question 2

Procedures used to meet GAAS 3rd standard of field work

Answer 2

1) Obtain an understanding of the IC structure and verify that controls have been placed in operation, 2) Document the understanding, 3) For each key assertion, assess control risk and document rationale for assessment, 4) If CR assessed at < 100%, perform tests of controls to ensure control is actually in place and functioning as intended, 5) Report to audit committee and management all significant or material control deficiencies found during audit

Question 3

Types of Control Weaknesses

Answer 3

1) Control Deficiency, 2) Significant Deficiency, 3) Material Weakness

Question 4

Control Deficiencies

Answer 4

IC design of operation would fail to prevent/detect a misstatement in a timely manner

Question 5

Significant Deficiency

Answer 5

control deficiency that is less severe than material weakness but is important enough to merit attention by those responsible for IC, could cause a problem

Question 6

Material Weakness

Answer 6

control deficiency where there is reasonable possibility that material misstatement will not be prevented or detected on a timely basis, will likely cause a problem

Question 7

What should auditor have clear understanding of related to organization’s IC structure

Answer 7

1) Origin of every document and record in the system, 2) All processing that takes place, 3) Final resting place of each document and record, 4) Control activities that exist

Question 8

Walkthrough

Answer 8

auditor walks through the control process and observes documentation and various activities being performed

Question 9

Why is written documentation of IC understanding important?

Answer 9

because it provides an easily recalled source of information that will be useful throughout the audit and it also provides evidence of compliance with the standards

Question 10

Levels of assessing control risk

Answer 10

1) Entity-Level Controls, 2) Process-Level Controls

Question 11

Relationship between entity-level controls and IC

Answer 11

if entity-level controls are weak, low reliance on IC

Question 12

Process-level controls

Answer 12

specific control procedures and information flows in place to help ensure specific f/s assertions are met

Question 13

Control assessment

Answer 13

consider the specific threats one wants to control and identify the controls that are available to minimize each threat

Question 14

Key control objectives for process controls

Answer 14

1) Completeness, 2) Accuracy, 3) Validity (occurrence), 4) Restricted Access

Question 15

Completeness

Answer 15

all transactions are processed

Question 16

Accuracy

Answer 16

transactions are processed accurately

Question 17

Validity (occurrence)

Answer 17

Only valid transactions are processed

Question 18

Restricted Access

Answer 18

Unauthorized access to transaction processing is prevented

Question 19

IC Questionnaire

Answer 19

firm develops questionnaire that list specific ICs that would typically be found in a well-controlled system

Question 20

Effectiveness of control design

Answer 20

refers to how well the control should work is used and implemented properly

Question 21

Effectiveness of control operation

Answer 21

refers to how often and well the controls are actually being used

Question 22

tests of control operating effectiveness/tests of controls/compliance tests

Answer 22

designed to determine whether a control is being used as it is intended to be used and whether it is being used frequently enough for the control to be deemed effective