II. Internal Control - Concepts and Standards - Obtaining an Understanding of Internal Control

Question 1

Based on the CLARIFIED STANDARDS: Performance Principle (Previous Lessons)

The auditor obtains an understanding of internal control and the flow of documents related to the entity’s transactions primarily through:

Why?

Answer 1

1. Inquiry of appropriate personnel
2. Observation of client activities
3. Review of documentation—The auditor reviews relevant documentation, including the client’s accounting manuals, prior-year’s audit documentation (working papers), etc.

• To properly plan the audit, more specifically, to determine the nature, the time, the extent of further audit procedures, and recall in addition to these risk assessment procedures (Consist of tests of controls and substantive procedures)

Question 2

What are some specific “transaction cycles”?

Answer 2

1. Revenue/receipts
2. Expenditures/disbursements
3. Payroll
4. Financing/investing activities
5. Inventory, especially if inventory is manufactured, rather than purchased

Question 3

Why must auditor document the understanding of internal control?

and

What are the 3 basic ways to document that understanding?

Answer 3

• Because it is very important to audit planning, it deals with our assessment of the risk of material misstatement and we have to design our audit to our audit procedures to be responsive to those risks.

1. Flowcharts - deals with tracing the key flow of documents through the accounting system, from origination of a source doc, all the way to the entries in the general ledger acct
2. Internal control questionnaires (ICQs) - a yes and no response.
3. Memos/Narrative Write-up (widely use) - to provide a narrative description of who does what.

Question 4

What is a “walk-through”?

Which of the following most accurately describes the process of a walkthrough?

Answer 4

We would take some small number of transactions and walk them through the system (Hence Walk) and source it all the way to the general ledger just to say okay this is consistent with what we have documented

Its an opportunity if something does not look right we can look back at it and revisit the discussion.

• Following a transaction from its origination until it is reflected in the financial statements

Note: A walkthrough means following a transaction from inception through the entity’s accounting system until the transaction is recorded in the entity’s general ledger.

Purpose: is to provide some degree of feedback to the auditor that the auditor’s understanding of the processes and controls in a particular transaction cycle is consistent with how the entity is, in fact, apparently processing its transactions.

Question 5

An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the auditor’s

Answer 5

Understanding of the system.

Note: A flowchart is a pictorial representation that utilizes a standard set of symbols to demonstrate the transaction processing procedures and accompanying data flow in an information system. It enables the auditor to summarize his/her understanding of the system in a clear, concise, and logical manner.

Question 6

Decision tables differ from program flowcharts in that decision tables emphasize

Answer 6

Logical relationships among conditions and actions.

Note: A decision table presents in tabular form the conditions and alternative actions related to making a particular decision. It emphasizes logical relationships (decision rules) among the conditions and actions.​

Question 7

Which of the following is a management control method that most likely could improve management’s ability to supervise company activities effectively?

Answer 7

Establishing budgets and forecasts to identify variances from expectations.

Note: This will enable management to supervise more effectively than the other controls listed. It provides a means for management to establish expectations, to compare them to actual results, and then to follow up in areas where significant differences appeared.

Monitoring compliance with regulatory requirements, limiting access to assets, and providing adequate support are important to the successful operation of the business but they do not necessarily help management to supervise more effectively.

Question 8

An auditor’s primary consideration regarding an entity’s internal control structure policies and procedures is whether they

Answer 8

Affect the financial statement assertions.

Note: Specifically, the auditor is interested in the policies and procedures that pertain to an entity’s ability to record, process, summarize, and report financial data consistent with the assertions embodied in the financial statements.

Question 9

When obtaining an understanding of an entity’s internal control procedures, an auditor should concentrate on the substance of the procedures, rather than their form, because

Answer 9

Management may establish appropriate procedures but not enforce compliance with them.

Note: The auditor is concerned about the effectiveness of the control and its ability to prevent or detect material misstatements in the financial statements. As a result, the auditor must focus on the substance of the control rather than the form.

• If the procedures are operating effectively, even though they are not documented, the auditor’s objectives are served.
  
  • Note, if the controls are not documented, the auditor may be unaware of them.

Question 10

In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain an understanding of an entity’s internal control structure need not be included because of the auditor’s judgments about materiality and assessments of

Answer 10

Inherent risk.

note: If the auditor has concluded that an account is immaterial and that inherent risk is low, the auditor might decide to skip the procedures used to obtain an understanding of the related internal controls because the risk of a material misstatement occurring is low. ​

Question 11

Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been​​

Answer 11

Implemented

Note: Obtaining an understanding of an entity’s internal controls over financial reporting involves evaluating the design of relevant controls and determining whether they have been implemented (sometimes referred to as “placed into operation”).

Question 12

Uses the knowledge provided by the understanding of internal control and the assessed level of the risks of material misstatements primarily to

Answer 12

Determine the nature, timing, and further audit procedures.

Question 13

Auditor would likely to be concerned about internal control as it relates to

Answer 13

Land and buildings.

• may involve a substantial portion of the client’s assets.

Common stock.

• involve a substantial portion of the client’s equity.

Minutes of board of directors’ meetings.

• should be received by the auditor in complete form so that the auditor may be aware of matters of significance.

Note: Shareholder meetings.are ususally publicly available

Question 14

Computer systems are typically supported by a variety of utility software packages that are important to an auditor. Why?

Answer 14

May enable unauthorized changes to data files if not properly controlled.

Note:

Client’s use of such programs implies that they are useful on his/her computer hardware, and therefore any flexibility is not of immediate relevance to the auditor.

Question 15

What is most likely to affect the extent of the documentation of the auditor’s understanding of a client’s system of internal controls?

Answer 15

The degree to which information technology is used in the accounting function.

Why?

Documentation of the understanding of a complex information system with a large volume of transactions may include flowcharts, questionnaires, and/or decision tables; documentation for an information system with limited or no use of IT and few transactions may be in the form of a memorandum.

Question 16

Systems flowcharts

Answer 16

Provide a visual depiction of clients’ activities

Why?

flowcharts provide a visual depiction of clients’ activities which make it possible for auditors to quickly understand the design of the system.

Note:

Flowcharts are suggested as being appropriate for documenting the auditor’s consideration of internal control.

Question 17

Questionnaire is most closely associated with which of the following?

Answer 17

Documentation.

Note:

May be completed during the auditor’s consideration of internal control to document the auditor’s understanding.

No one particular form of documentation is necessary regarding client internal control, and the extent of documentation may vary.

Question 18

Auditor should obtain sufficient knowledge of an entity’s information system to understand the

Answer 18

Process used to prepare significant accounting estimates.

Note:

It also states that this knowledge is obtained to help the auditor to understand:

(1) the entity’s classes of transactions,
(2) how transactions are initiated,
(3) the accounting records and support, and
(4) the accounting processing involved from initiation of a transaction to its inclusion in the financial statements

Question 19

Decision tables differ from program flowcharts in that decision tables emphasize

Answer 19

Logical relationships among conditions and actions.

Question 20

Typically be a control relied upon during an audit?

Answer 20

Use of the double-entry system.

• aids in more accurate recording of transactions.

An internal audit staff.

• internal audit staff strengthens internal control by determining if controls are functioning effectively.

Competent personnel.

• strengthen internal control because they would be less likely to commit errors in performing their duties.

note:

comparison-shopping staff is not generally relevant to recording, processing, summarizing, and reporting financial data.

Question 21

What is a walk-through?:

Answer 21

A procedure that involves tracing a transaction from its origination through the company’s information systems until it is reflected in the company’s financial report

Question 22

What is a major reason for maintaining an audit trail for a computer system?

Answer 22

Deterrent to fraud.

• may deter fraud since the perpetrator may realize that his or her act may be detected.

Monitoring purposes.

• audit trail will help management to monitor the computer system.

Query answering.

• make it much easier to answer queries.

note:

Analytical procedures use the outputs of the system, and therefore the audit trail is of limited importance.

Question 23

Relevance of various types of controls to a financial audit?

Answer 23

Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls may also be relevant.

Question 24

auditor would most likely be concerned with which of the following controls in a distributed data processing system?

Answer 24

Access controls.

Why?

The requirement is to identify the types of controls with which an auditor would be most likely to be concerned in a distributed data processing system. A distributed data processing system is one in which there is a network of remote computer sites, each having a computer connected to the main computer system, thus allowing access to the computers by various levels of users.

Question 25

Batch processing of transactions?

Answer 25

It is more likely to result in an easy-to-follow audit trail than is online transaction processing.

Note:

Similar nature of transactions involved with batch processing ordinarily makes it relatively easy to follow the transactions throughout the system.

Question 26

To obtain an understanding of a continuing client’s business, an auditor most likely would

Answer 26

A review of prior year working papers and the permanent file may provide useful information about the nature of the business, organizational structure, operating characteristics, and transactions that may require special attention.

Question 27

Walk-throughs provide evidence that helps auditors to

Answer 27

provide evidence to confirm their understanding of the flow of transactions and the design of controls, to evaluate the effectiveness of the design of controls and to confirm whether controls have been implemented.

Question 28

An auditor obtains knowledge about a new client’s business and its industry to

Answer 28

obtaining a level of knowledge of the client’s business and industry enables the CPA to obtain an understanding of the events, transactions, and practices that, in the CPA’s judgment, may have a significant effect on the financial statements.

Question 29

What controls would an auditor be likely to review?

Answer 29

Segregation of the asset-handling and recordkeeping functions.

• segregation of asset custody (handling) from recordkeeping and authorization functions is essential.

Company policy regarding credit and collection efforts.

• concerned with credit and collection efforts in testing the adequacy of the allowance for doubtful accounts.

Authorization of additions to plant and equipment.

• additions to plant and equipment are major expenditures which need to be properly controlled.

Question 30

Independent auditor sometimes uses a flowchart, which can best be described as a

Answer 30

Flowchart prepared during the consideration of internal control is a symbolic representation of a system of sequential processes. It can be used in lieu of the internal control questionnaire which has the same purpose

Note:

flowcharts are prepared as part of the consideration of internal control. The use of structure flowcharts assembles the internal control findings into a comprehensible format.

Question 31

When obtaining an understanding of an entity’s internal control, an auditor should concentrate on the substance of controls rather than their form because

Answer 31

management may establish appropriate controls but not act on them, thus creating a situation in which the form differs from the substance

Question 32

What are some typical question asked during a walk-through?

Answer 32

Have you ever been asked to override the process or controls?

What do you do when you find an error?

What kind of errors have you found?

Question 33

In an audit of financial statements in accordance with generally accepted auditing standards, an auditor is required to

Answer 33

Document the auditor’s understanding of the entity’s internal control.

Note:

the auditor’s understanding of internal control allows him/her to determine the nature, timing, and extent of further audit procedures.

Question 34

An auditor would most likely be concerned with controls that provide reasonable assurance about the

Answer 34

Entity’s ability to process and summarize financial data.

Niote:

auditor should obtain a sufficient understanding of an entity’s control to assess the risk of material misstatement.

Question 35

In an audit of financial statements, an auditor’s primary consideration regarding a control is whether the control

Answer 35

Affects management’s financial statement assertions.

Note:

control risk should be assessed in terms of financial statement assertions.

Question 36

Reconciliation of cash accounts by a competent individual otherwise independent of the cash function might make the likelihood of a significant misstatement due to the control deficiency remote. In this situation, reconciliation may be referred to as what type of control?

Answer 36

Compensating.

supplements a basic underlying control, in this case basic information processing controls related to cash.