Chapters 6 & 7: Understanding and Auditing Internal Control Flashcards

1
Q

What is the purpose of internal controls?

A

To provide reasonable, but not absolute, assurance that the financial statements are fairly stated (can never be regarded as completely effective)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the inherent limitations of an entity’s internal control?

A
  1. Management override
  2. Personnel errors or mistakes
  3. Collusion
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Example of management override

A

A senior-level manager can force/require a lower-level employee to record entries in the accounting records that are not consistent with the substance of the transactions and that violate the entity’s controls.

OR

Management may enter into concealed side agreements with customers that after the terms and conditions of the entity’s standard sales contract in ways that should preclude revenue recognition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Example of Human Error or Mistake

A

Errors may occur in designing, maintaining, or monitoring automated controls. If IT doesn’t understand how the revenue system should process sales transactions, they may make software programming errors in modifying or updating the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Example of Collusion

A

An individual who receives cash receipts from customers can collude with the one who records those receipts in the customers’ records to steal cash from the entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Collusion

A

Secret or illegal cooperations or conspiracy, especially in order to cheat or deceive others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why do auditors need to obtain an understanding of internal controls?

A

In order to properly assess the risk of material misstatements of the financial statements whether due to error or fraud and to design the nature, timing, and extent of further audit procedures.
Plan the audit (what is the strategy, reliance, or substantive procedure they’re going to rely on)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do auditors obtain an understanding of internal controls?

A
  • Update and evaluate auditor’s previous experience with the entity
  • Inquiries of entity personnel
  • Inspection of entity documents and records
  • Observation of entity activities and operations
  • Tracing transactions through the information system (walkthrough)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How do auditors document their understanding of internal controls?

A
  • Procedure manuals and organizational charts
  • Flowcharts
  • Internal control questionnaires
  • Narrative description
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Auditor Documentation Requirements (in regards to ICFR)

A
  • The auditor’s understanding and evaluation of the design of each of the components of ICFR
  • The process used to determine the points at which misstatements could occur
  • The extent to which the auditor relief upon the work of others
  • The evaluation of any deficiencies discovered or other findings which could result in a report modification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How do auditors test controls?

A
  • Inquiry of appropriate entity personnel
  • Inspection of documents indicating the performance of the control
  • Observation of the application of the control
  • Reperformance of the application of the control by the auditor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why do auditors test controls?

A

To see if they can rely on the controls, if not, then they need to make readjustments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Components of Internal Control

A
  • Control Environment
  • Entity’s Risk Assessment Process
  • Control Activities
  • Information and Communication
  • Monitoring Activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Relationship of control risk and controls testing

A

Control risk high =
1. Controls do not pertain to an assertion
2. Controls are assessed as ineffective (why bother testing them if you know they don’t work)
3. Testing the effectiveness of controls is inefficient (cost-benefit)

Control risk low =
Following a reliance strategy, but MUST TEST CONTROLS TO BE RELIED UPON

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Types of control deficiencies and auditor’s responsibilities with respect to each one

A
  • Material weakness: report externally to audit committee and to management (worst one tbh, material) (adverse)
  • Significant deficiency: Report to audit committee and management (middle) (unqualified)
  • Control deficiency: Report to management (least bad, not material nor significant) (unqualified)

ALL ARE REASONABLY POSSIBLE AND PROBABLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Examples of Entity-Level Controls

A
  • Controls within the control environment (e.g. tone at the top, assignment of authority and responsibility, consistent policies and procedures, and entitywide programs, such as codes of conduct & fraud prevention, that apply to all locations and business units)
  • Controls over management override
  • The entity’s risk assessment process
  • Centralized processing and controls, including shared service environments
  • Controls to monitor results of operations
  • Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs
  • Controls over period-end financial reporting process
  • Policies that address significant business control and risk management practices
17
Q

Controls Typically Included for Testing

A
  • Entity-level controls
  • Controls over initiating, authorizing, recording, processing, and reporting significant accounts and disclosures and related assertions embodied in the financial statements
  • Controls over the selection and application of accounting policies tat are in conformity with GAAP.
  • Antifraud program and controls
  • Controls, including IT general controls, on which other controls are dependent
  • Controls over significant nonroutine and nonsystematic transactions, such as accounts involving judgments and estimates.
18
Q

Factors to Consider when Identifying Controls to Test

A
  • Points at which errors or fraud could occur
  • The nature of the controls implemented by management
  • The significance of each control in achieving the objectives of he control criteria and whether more than one control achieves a particular objective or whether more than one control is necessary to achieve a particular objective
  • The risk that the controls might not be operating effectively
19
Q

Factors that affect whether the control might not be operating effectively

A
  • Whether there have been changes in the volume or nature of transactions that might adversely affect control design or operating effectiveness
  • Whether there have been changes in the design of controls
  • The degree to which the control relies on the effectiveness of other controls
  • Whether there have been changes in key personnel who perform the control or monitor its performance
  • Whether the control relies on performance by an individual or is automated
  • The complexity of the control
20
Q

Types of Reports Relating to Audit of ICFR

A
  • Unqualified opinion: Signifies that the entity’s internal control is designed and operating (no material weakness)
  • Disclaim: A serious (more than minor) scope limitation
  • Adverse: Required if a material weakness is identified
21
Q

Identifying controls to test for integrated audit of ICFR

A
  1. Identify entity-level controls
  2. Identify significant accounts and disclosures and their relevant assertions
  3. Understand likely source of misstatement
  4. Select controls to test