Chapter 9 - Control Risk Assessment Part 2 Flashcards
What is application programming interfaces?
The glue that connects IoT devices to the company’s applications and dashboards so the data can be analyzed.`
What does IoT and API improve?
- Business processes
- Accounting system
They improve the quality and accuracy of the data
What is the impact of IoT and API on the accounting system?
Financial transactions from any department are automatically recorded in the ERP without human intervention, reducing input errors. They are also continuously being monitored, reducing the need for reconciliation.
What is the impact of IoT and API on auditors?
Auditors cannot rely upon manual controls and must evaluate associated automated controls related to data from IoT, API, and the ERP, in addition to access controls and services providers in the processing of new e-commerce transactions.
What is the idea behind smart contracts?
Allow for all kinds of transactions to be made automatically without third parties, such as banks, to verify the payments.
What is a blockchain?
A distributed digital ledger to which certain computers, or nodes are granted access.
What is a smart contract?
A computer code running on top of a blockchain containing a set of rules by which the parties to the contract agree to interact with each other. When predefined rules are met, the agreement is automatic, no human intervention.
What is a benefit of the blockchain?
Fast and less expensive than traditional methods and it minimizes theft and fraud as no one person can alter the blockchain.
What are disadvantages of the blockchain?
Can have errors in coding and in interpreting intended outcomes. Risks relating to handoffs
How will the blockchain and smart contracts alter the way in which auditors perform controls risk assessment? Why?
- If it affects financial reporting, they need to understand the impact on the assessment of internal controls. Auditors must be concerned with the reliability, accuracy, and completeness of the data since blockchain can be unauthorized, fraudulent, illegal or involve related parties.
What is the consensus mechanism and what is the impact? What does this assist in assessing?
Dictates how parties reach agreements on the transactions to be added top the blockchain. Allows the auditor to assess reliability and the ability to be manipulated or altered, look at the consensus algorithm attacks.
What are the two situations where a test of controls is performed?
- When the auditors assessment of RMM at the assertion level includes an expectation that controls are operating effectively
- When substantive procedures cannot provide sufficient appropriate evidence.
What is the purpose of the tests of controls
The purpose of the test of controls is to determine and ensure that the control activities were working within the relevant period in preventing, detecting, and/or correcting misstatements. Unlike substantive testing, it does not look at the relevant assertions.
Which controls do we test?
Performed only on the controls that are suitably designed to prevent or detect a material misstatement in a relevant assertion and the auditor plans to test those controls.
What are the Three Characteristics of Effective Controls
- Well designed (Control design)
- In use (control implementation)
- Operate reliably throughout the period
What are the 4 Types of Procedures used to test controls?
- Inquiry
- Inspection
- Observation
- reperformance
What are three considerations to look at during the test of controls to ensure that it is effective?
- How the control was applied at the relevant times during the period
- The consistency with which the controls were applied
- By whom (or by what means) the controls were applied
What is the test data approach?
Reperformance of the control through processing the auditor’s test data on the client’s computer system and application program, including test data that the client’s control system should accept or reject, then comparing the actual output to the expected output to assess the effectiveness.
What are generalized audit software (GAS)?
Programs designed specifically for auditing purposes, to perform data analytics that test the effectiveness of client controls for an entire population.
What is the primary difference between the test of controls and the risk assessment procedures?
The extent to which procedures are performed. In risk assessment procedures, the auditor will examine one or two transactions or observe at one point in time. Controls tests are performed on large samples and observations are made at more than one time.
Describe the extent of controls tests meaning.
- What type of procedures will they use?
To obtain sufficient appropriate evidence regarding the effectiveness, they will use a combination of procedures like inquiry with inspection or reperformance. The greater the reliance to rely on the effectiveness of controls the more persuasive the evidence.
What are factors to consider whether more effective controls evidence is needed? (FREE)
- Frequency of control operations - Manual or automated. The auditor will test year end controls but also test a sample of controls that operate only monthly or quarterly.
- Expected rate of deviation
- Rational Testing
- Evidence from Other Controls Tests
What is the expected rate of deviation on manual controls and automated controls
Manual controls - Since manual controls are performed by people there may be manipulation. To test those controls they rely on sampling and selecting a sample of transactions to test whether the control is operating effectively.
Automated Controls - Expected rate of deviation is low as long as the computer is programed adequately. Thus the auditor may be able to assess only one transaction.
What is rotational testing? What are the exceptions?
Test of controls must happen for each specific control once every 3 years, three year rule.
Exceptions: If a key control has been changed it will be assessed in the current year and a proportion of other controls must be tested in the current year. Significant risk controls must be tested every year.