Chapters 6 and 7 Flashcards
There is an _____ relationship between the reliability of internal control and the amount of substantive evidence required by the auditor.
Inverse.
Internal control is the method by which an entity’s board of directors, management, and other personnel provide reasonable assurance about the achievement of objectives in the following categories:
(1) reliability of financial reporting,
(2) effectiveness and efficiency of operations, and
(3) compliance with applicable laws and regulations.
The controls that are of most direct relevance to a financial statement audit are those that contribute to the…
reliability, timeliness, and transparency of external financial reporting.
Internal control as defined by the COSO Framework consists of five components:
- Control Environment.
- Entity’s Risk -Assessment.
- Control Activities.
- Information and Communication.
- Monitoring Activities.
COSO
The Committee of Sponsoring Organizations of the Treadway Commission
Control environment
The board of directors and senior management establish the tone at the top regarding the importance of internal control and expected standards of conduct.
Entity’s Risk Assessment
A dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives
Information and Communication
Enable personnel to understand internal control responsibilities and their importance to the achievement of objectives.
Control activities
The actions established by policies and procedures to help ensure that management directives to mitigate risks to the achievement of objectives are carried out.
Control activities are commonly categorized into the following four types:
- Performance reviews (sometimes called “independent checks”).
- Physical controls.
- Segregation of duties.
- Information processing controls, including authorization and document-based controls.
Monitoring Activities
Ascertain whether each of the five components of internal control are present and functioning.
The effectiveness of any internal control system is subject to certain inherent limitations:
- Management override of internal control
- Personnel errors or mistakes
- Collusion.
To set control risk below high (e.g., at moderate or low), the auditor must:
- Identify specific controls that will be relied upon.
- Perform tests of the identified controls.
- Conclude on the achieved level of control risk given results of testing.
Interim Tests of Controls
- An auditor might test controls at an interim date because the assertion being tested:
A. May not be significant
B. The control has been effective in prior audits
C. More efficient to conduct the tests at that time.
What companies must comply to auditing internal control?
Large publicly traded corporations - called “accelerated filers.”