Gaining an Understanding of the Client's System of Internal Control Flashcards
What is the most commonly accepted framework for ICFR?
Internal Control Integrated Framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). It enables organizations to effectively and efficiently develop systems of internal control.
Why is understanding the internal controls of an organization important?
It is because when controls are effective, the organization is more likely to achieve its strategic and operating objectives.
Define internal control
It is a process, effected by an entity’s BOD, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting and compliance.
What are the three objectives of internal control?
- Operations (these pertain to the effectiveness and efficiency of the entity’s operations, including operational financial performance goals, and safeguarding assets against loss)
- Reporting (these pertain to internal and external financial and non-financial reporting - encompass reliability, timeliness, transparency)
- Compliance (these pertain to adherence to laws and regulations to which the entity is subject)
What are the five components of internal control?
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring activities
What are entity level controls?
The client’s control environment, risk assessment process, information system, control activities, and monitoring of controls that exist at the organizational level.
What is the control environment?
The attitudes, awareness, and actions of management and those charged with governance concerning the entity’s internal control and it importance in the entity. It is the foundation for all other components of internal control. Its a combination os culture, structure, and discipline of an organization.
What is the risk assessment process?
It is a process for identifying and responding to risks that an organization will not achieve its objectives.
What are control activities?
They are policies and procedures that help ensure management’s directives are carried out and that necessary actions are taken to address risks impacting the achievement of the organization’s objectives.
What is the information and communication system?
It is relevant to financial reporting objectives and consists of methods and records established to identify, assemble, analyze, classify, record, and report entity transactions and to maintain accountability for the related assets ad liabilities. Communication involves a clear understanding of individual roles and responsibilities pertaining to ICFR.
What is monitoring?
It is a process of assessing the quality of internal control performance over time, considering whether controls are operating as intended, and making sure controls are modified as appropriate for changes in conditions.
What are the five common categories of control activities?
- Authorization control
- Performance reviews
- Information processing controls
- Physical controls
- Segregation of duties
What are the three common classes of internal control weaknesses?
- Control deficiency (it exists when the design or operation of a control does not allow management or employees to prevent, or test and correct misstatements on a timely basis)
- Material weakness (occurs when there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or deleted on a timely basis)
- Significant deficiency (it is less severe than a material weakness, yet important enough o merit attention by those charged with governance
What is a management letter?
A document prepared by the audit team and provided to the client that discusses internal control weaknesses and other matters discovered during the course of the audit.
