Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

acct 563 > Deck 1 > Flashcards

Deck 1 Flashcards

1
Q

Describe the four requirements that management must meet in order for the external auditor to complete the audit of internal controls?

A
  1. Accept responsibility for the effectiveness of the entity’s ICFR
  2. Evaluate the effectiveness of the entity’s ICFR using suitable control criteria.
  3. Support the evaluation with sufficient evidence, including documentation
  4. Present a written assessment regarding the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

• Control Deficiency-

A

exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

• Significant Deficiency

A

is a control deficiency, or combination of control deficiencies, in ICFR that is less severe than a material weakness yet important enough to merit attention by those responsible for oversight of the entity’s financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

• Material Weakness –

A

a deficiency or combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the two dimensions that auditors consider when categorizing control deficiencies.

A
  1. Likelihood- if more than remote, the issue will be considered a deficiency, significant deficiency, or a material weakness depending on magnitude.
  2. Magnitude- Auditor relies on the same concept of materiality as is used in determining financial statement materiality.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the three steps in the process management uses to assess the effectiveness of their system of internal controls.

A
  1. Identify financial reporting risks and related controls
  2. Consider which locations to include in the evaluation
  3. Evaluate evidence about the operating effectiveness of ICFR.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What two procedures provide evidence about the operating effectiveness of control procedures?

A
  1. Direct testing of the control – usually performed on a periodic basis by individuals with a high degree of objectivity with respect to the control being tested.
  2. Ongoing monitoring – includes self- assessment procedures and procedures to analyze performance measures designed to track the performance of the control.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe the three disclosures management must include in their report for a material weakness of internal control.

A
  1. The nature of the material weaknesses
  2. Its impact on the entity’s financial reporting and its ICFR
  3. Management’s current plans, if any, for remediating the material weakness.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Identify the four steps included in a top-down, risk-based audit of internal controls.

A
  1. Identify entity-level controls.
  2. Identify significant accounts and disclosures and their relevant assertions.
  3. Understand likely sources of misstatement.
  4. Select controls to test.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What five procedures do auditors use to evaluate the design effectiveness of internal controls?

A
  1. Inquiry
  2. Observation
  3. Walkthroughs
  4. Inspection of relevant documentation
  5. Subjective evaluations of whether the controls are likely to prevent or detect errors or fraud that could result in misstatements assuming they are operated as prescribed by qualified persons.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What factor determines the amount and type of evidence necessary for auditors to determine whether a control is operating effectively?

A

• Risk associated with the control being tested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe three factors auditors consider when deciding on the extent of tests for operating effectiveness.

A
  1. Nature of the control – manual controls should be subjected to more extensive testing than automated controls in view of the greater variability inherent in controls involving people.
  2. Frequency of operation- Generally, the more frequently a manual control operates, the greater the number of operations of the control the auditor should test.
  3. Importance of the control – the more important control, the more extensively it should be tested.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is the objective of the statistical technique known as attribute sampling?
A

• The objective is to determine the operating effectiveness of a control for purposes of the internal control audit for public companies or to determine the degree of reliance that can be placed on controls for a financial statement audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. How Do Auditors use attribute sampling when they test the operational effectiveness of internal controls?
A

• Used to estimate the proportion of a population that possesses a specified characteristic. determine operating effectiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. How do public accounting firms typically document the steps they perform when using an attribute sampling plan?
A

• They document each phase of the sampling application in the working papers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Why is it essential that completion of a control procedure leave documentary evidence in order to use attribute sampling for testing the control?
A

• So that way you know that control was performed and by whom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. For what two reasons do auditors test the operating effectiveness of internal controls during an integrated audit? (p278)
A

i. Evaluate the operating effectiveness of the internal control for purposes of the internal control audit for public companies
ii. Determine the degree of reliance that can be placed on the controls for a financial statement audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. While planning an attribute sampling technique for testing controls, why do auditors need to determine the test objectives?
A

• To determine what controls you want to test.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. Describe three choices auditors must make to define the characteristics of the population they want to test.
A

i. Define the sampling population – because sample results can be projected only to the population from which the sample was selected
ii. Define the sampling unit – the individual members of the sampling population are called sampling units.(What am I going to look at?)
iii. Define control deviation conditions – carefully define what is considered a deviation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. Describe the three key inputs that must be identified in order to determine sample size.
A

i. Desired Confidence level – risk that the sample results will support a conclusion that the control is functioning effectively when in truth it is not.
ii. Tolerable deviation rate – the maximum deviation rate from a prescribed control that the auditor is willing to accept and still consider the control effective.
iii. Expected population deviation rate – the rate the auditor expects to exist in the population.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. Describe two methods that auditors can use for selecting sample items in a way that all items have an equal likelihood of being selected.
A

i. Random-Number Selection – selecting a random sample using random numbers generated by a spreadsheet application or audit sampling software.
ii. Systematic Selection -the auditor determines a sampling interval by dividing the sampling population by the sample size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. Describe the two qualitative attributes that auditors consider when they analyze deviations observed while performing tests of controls.
A

i. First, the nature of each deviation and its cause and consequences should be considered
ii. Second, the auditor should consider how the deviations may impact the other phases of the audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. What two choices do auditors have when results from tests of controls do not support the planned level of control risk?
A
  1. Test other controls. Using different information

2. Increase the assessed level of control risk and modify the nature, extent, or timing of substantive procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. Differentiate application controls from general controls.
A
  • Application controls- ensure the validity, completeness, and accuracy of financial transactions.
  • General Controls – are not application-specific , but rather apply to all systems. Include controls over IT governance, IT infrastructure, network and operating system security, database access…etc
25
Q
  1. Describe how application and general controls influence the reliability of account balances.
A

Poor database security controls cause the data processed by systems with adequate built-in application controls may be at risk from an individual who circumvents database security and changes, steals, or corrupts stored transaction data. Thus, general controls are needed to support the environment in which application controls function, and both are needed to ensure accurate financial reporting.

26
Q
  1. What is a disaster recovery plan?
A

Is a comprehensive statement of all actions to be taken before, during, and after a disaster, along with documented, tested procedures that will ensure the continuity of operations

27
Q
  1. Describe three options for providing duplicate data processing facilities following a disaster.
A
  • The Empty Shell – is an arrangement where the company buys or leases a building that will serve as a data center.
  • The Recovery operations Center- is a fully equipped backup data center that many companies share.
  • Internally Provided Backup – Self-reliance, to develop standardized hardware and software configurations, which ensure functional compatibility among their data processing centers and minimize cutover problems in the event of a disaster.
28
Q
  1. Describe three back-up resources that should be stored off site to facilitate recovery after a disaster.
A
  • Backup Data Files – At a minimum, databases should be copied daily to tape or disks and secured off-site.
  • Backup Documentation – Should be backed up and stored offsite in the same manner as data files.
  • Backup Supplies and Source Documents – check stocks, invoices, purchase orders, and any other special-purpose forms that cannot be obtained immediately.
29
Q
  1. What three functions are common to all computer operating systems
A
  • Translate high-level languages into language the computer can execute.
  • Allocates computer resources to users, workgroups, and applications.
  • Manages the tasks of job scheduling and multiprogramming.
30
Q
  1. Describe four components typically found in secure operating systems.
A
  • Log- On Procedure- Is the first line of defense against unauthorized access
  • Access Token – contains key information about the user, including user ID, password, user group, and privileges granted to the user.
  • Access Control List – controls access to system resources, such as directories, files, programs, and printers.
  • Discretionary Access Privileges – allow them to grant access privileges to other users.
31
Q
  1. Describe procedures that are typically used to implement:
A

Access privileges – Management should be concerned that individuals are not granted privileges that are incompatible with their assigned duties.

Passwords- If the user cannot provide the password, the OS should deny access.

Malicious software- Purchase software only form reputable vendors, and accept only those products that are in their original, factory-sealed packages.

Audit trails- are logs that record activity at the system, application, and user-level.

32
Q
  1. Describe the six controllable activities that distinguish an effective systems development process
A
  • System Authorization Activities- requires a formal environment in which users submit requests to systems professionals in written form.
  • User Specific Activities – Create a detailed written description of the users’ needs.
  • Technical Design Activities- Translate user specifications into a set of detailed technical specifications for a system that meets the user’s needs.
  • Internal Audit participation- Internal Audit department needs to be independent, objective, and technically qualified.
  • Program Testing- All program modules must be thoroughly tested before they are implemented.
  • User Test and Acceptance Procedures- Prior to system implementation, the individual modules of the system need to be formally and rigorously tested as a whole.
33
Q
  1. What four types of controls should be required for all post-implementation changes or system maintenance?
A

• formal authorizations
technical specifications
Testing
Documentation updates

34
Q

• Requisitioning

A

requesting goods or services for an authorized individual or department within the industry, Purchase Requisition.

35
Q

• Purchasing

A

Description, quality, and quantity of the goods or services being purchased, Purchase order.

36
Q

• Receiving

A

records the receipt of goods. Receiving report

37
Q

• Cash disbursements

A

– preparing and signing checks for paying vendors and authorizing electronic fund transfers. Check register

38
Q

• Accounts payable-

A

also responsible for ensuring that all vendor invoices, cash disbursements, and adjustments are recorded in the accounts payable records.

39
Q

Describe the specific risk of misstatement that increases if the following functions are not segregated:

A
  • purchasing and requisitioning – if one individual is responsible for requisition, purchasing, and receiving functions, fictitious or unauthorized purchases can be made. This can result in theft, or payment for unauthorized payments.
  • purchasing and receiving - if one individual is responsible for requisition, purchasing, and receiving functions, fictitious or unauthorized purchases can be made. This can result in theft, or payment for unauthorized payments.
  • invoice processing and accounts payable – If one individual is responsible for the invoice- processing and the accounts payable functions, purchase transactions can be processed at the wrong price or terms, or a cash disbursement can be processed for goods that have not been received. Over payment for goods and services or theft of cash.
  • cash disbursement and accounts payable – unauthorized checks supported by fictitious documents can be issued, and unauthorized transactions can be recorded. This can result in theft of the entity’s cash.
40
Q

Identify two industry factors that can influence inherent risk and describe how those factors increase the potential for misstatement.

A
  • Whether the supply of raw materials is adequate

* How volatile raw material prices are

41
Q

What three steps must auditors perform in order to choose a reliance strategy for planning engagements?

A
  1. Understand and document the purchasing process based on a reliance strategy
  2. Plan and perform tests of controls on purchase transactions
  3. Set and document the control risk for the purchasing process
42
Q

What actions must auditors take when tests of controls do not support the planned level of control risk?

A

• Set a higher level of control risk and increase testing.

43
Q

Explain how the following internal controls over purchasing transactions support the stated management assertions:

A
  • Occurrence: Segregation of duties, if not segregated an employee can hide a transaction and steal cash.
  • Occurrence: Requiring an approved purchase order and receiving report before recording purchases. This makes it possible to ensure that all orders have been authorized.
  • Completeness: Accounting for numerical sequence of purchase orders, receiving reports, and vouchers. Ensure the right amounts are on the orders. or make sure the purchases orders have been received.
  • Authorization: Requiring approval of purchase requisitions and purchase orders before procurement. Properly authorized
44
Q

Explain how the following internal controls over purchasing transactions support the stated management assertions:

A
  • Accuracy: Verifying that information on vendor invoices match purchase orders and receiving reports. transactions may be recorded at incorrect amounts
  • Cutoff: Forwarding all receiving reports to the accounts payable department on a daily basis. Match the vendor invoices are matched immediately with the original purchase orders and receiving reports. Make sure transactions are reported in the correct period.
45
Q

Explain how the following internal controls over cash disbursement transactions support the stated management assertions:

A

• Occurrence: Preparing and reviewing bank reconciliations on a monthly basis. Finding cash disbursements that are recorded but not actually made.

46
Q

Explain how the following internal controls over cash disbursement transactions support the stated management assertions:

A
  • Completeness: Reconciling daily cash disbursements with posting in accounts payable records. Cash disbursements are made but not recorded.
  • Authorization: Requiring authorized source documents before preparing checks. Making sure it was approved before processed?
  • Accuracy: Reconciling vendor statements with accounts payable records
47
Q
  1. Why are auditors concerned about identifying contingent liabilities?
A

• They need to know whether a loss will affect the financial statement. What do we need to disclose about the contingent liability.

48
Q

a. Accrue the loss for a contingent liability

A

If the loss is probable and reasonably estimable.

49
Q

b. Disclose the loss for a contingent liability

A

event is judged to be reasonable possible or the amount cannot be estimated.

50
Q

c. Does not have to report the loss for a contingent liability

A

loss contingencies judged to be remote are neither accrued nor disclosed.

51
Q
  1. Describe the procedures that auditors use to search for unidentified contingent liabilities?
A
  • Reading the minutes of meetings of B.O.D
  • Review contracts, loan agreements, leases and correspondence from government agencies.
  • Reviewing Tax returns, IRS reports
  • Confirming or otherwise documenting guarantees and letters of credit obtained from financial institutions or other lending agencies. (
  • Inspecting other documents
52
Q
  1. Why are auditors concerned about identifying subsequent events?
A

• They might affect the financial statements by changing the value of assets etc

53
Q
  1. Describe the nature and financial impact of Type I and Type II subsequent events
A

a. Type I- existed at the date of the balance sheet and affect the estimates that are part of the financial statement preparation process
b. Type II – did not exist at the date of the B/S but arose subsequent to that date. (Usually require disclosure)

54
Q
  1. Describe procedures that auditors use to identify subsequent events?
A
  • ask management about subsequent events or whether three have been any valuation changes
  • Read any interim financial statements that are available for the period
  • Examine the books of original entry
  • Read the minutes of the B.O.D
  • Ask legal counsel about any litigation
55
Q
  1. Explain how the following procedure help auditors determine whether the risk of misstatement has been reduced to an acceptable level. • Final analytical procedure
A

review the adequacy of the evidence gathered in response to unexpected fluctuations in the account balances identified during the planning of the audit and identify unexpected relationships

56
Q
  1. Explain how the following procedure help auditors determine whether the risk of misstatement has been reduced to an acceptable level. • Obtaining a representation letter-
A
  • all information was given to management
57
Q
  1. Explain how the following procedure help auditors determine whether the risk of misstatement has been reduced to an acceptable level. • Working Paper Review
A

make sure every issue are resolved

58
Q
  1. Explain how the following procedure help auditors determine whether the risk of misstatement has been reduced to an acceptable level. • Final Evaluation of Audit Results
A

did we gather enough evidence to support our conclusion? Do all of the immaterial misstatements add up to be material?

59
Q

How does management’s assessment of financial reporting risk influence selection of locations and individual controls to be tested?

A

• If a location is more risky then than the others, then they are more likely to be audited,

acct 563 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions