II. Internal Control - Concepts and Standards - Obtaining an Understanding of Internal Control Flashcards
Based on the CLARIFIED STANDARDS: Performance Principle (Previous Lessons)
The auditor obtains an understanding of internal control and the flow of documents related to the entity’s transactions primarily through:
Why?
- Inquiry of appropriate personnel
- Observation of client activities
- Review of documentation—The auditor reviews relevant documentation, including the client’s accounting manuals, prior-year’s audit documentation (working papers), etc.
- To properly plan the audit, more specifically, to determine the nature, the time, the extent of further audit procedures, and recall in addition to these risk assessment procedures (Consist of tests of controls and substantive procedures)
What are some specific “transaction cycles”?
- Revenue/receipts
- Expenditures/disbursements
- Payroll
- Financing/investing activities
- Inventory, especially if inventory is manufactured, rather than purchased
Why must auditor document the understanding of internal control?
and
What are the 3 basic ways to document that understanding?
- Because it is very important to audit planning, it deals with our assessment of the risk of material misstatement and we have to design our audit to our audit procedures to be responsive to those risks.
- Flowcharts - deals with tracing the key flow of documents through the accounting system, from origination of a source doc, all the way to the entries in the general ledger acct
- Internal control questionnaires (ICQs) - a yes and no response.
- Memos/Narrative Write-up (widely use) - to provide a narrative description of who does what.
What is a “walk-through”?
Which of the following most accurately describes the process of a walkthrough?
We would take some small number of transactions and walk them through the system (Hence Walk) and source it all the way to the general ledger just to say okay this is consistent with what we have documented
Its an opportunity if something does not look right we can look back at it and revisit the discussion.
- Following a transaction from its origination until it is reflected in the financial statements
Note: A walkthrough means following a transaction from inception through the entity’s accounting system until the transaction is recorded in the entity’s general ledger.
Purpose: is to provide some degree of feedback to the auditor that the auditor’s understanding of the processes and controls in a particular transaction cycle is consistent with how the entity is, in fact, apparently processing its transactions.
An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the auditor’s
Understanding of the system.
Note: A flowchart is a pictorial representation that utilizes a standard set of symbols to demonstrate the transaction processing procedures and accompanying data flow in an information system. It enables the auditor to summarize his/her understanding of the system in a clear, concise, and logical manner.
Decision tables differ from program flowcharts in that decision tables emphasize
Logical relationships among conditions and actions.
Note: A decision table presents in tabular form the conditions and alternative actions related to making a particular decision. It emphasizes logical relationships (decision rules) among the conditions and actions.
Which of the following is a management control method that most likely could improve management’s ability to supervise company activities effectively?
Establishing budgets and forecasts to identify variances from expectations.
Note: This will enable management to supervise more effectively than the other controls listed. It provides a means for management to establish expectations, to compare them to actual results, and then to follow up in areas where significant differences appeared.
Monitoring compliance with regulatory requirements, limiting access to assets, and providing adequate support are important to the successful operation of the business but they do not necessarily help management to supervise more effectively.
An auditor’s primary consideration regarding an entity’s internal control structure policies and procedures is whether they
Affect the financial statement assertions.
Note: Specifically, the auditor is interested in the policies and procedures that pertain to an entity’s ability to record, process, summarize, and report financial data consistent with the assertions embodied in the financial statements.
When obtaining an understanding of an entity’s internal control procedures, an auditor should concentrate on the substance of the procedures, rather than their form, because
Management may establish appropriate procedures but not enforce compliance with them.
Note: The auditor is concerned about the effectiveness of the control and its ability to prevent or detect material misstatements in the financial statements. As a result, the auditor must focus on the substance of the control rather than the form.
- If the procedures are operating effectively, even though they are not documented, the auditor’s objectives are served.
- Note, if the controls are not documented, the auditor may be unaware of them.
In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain an understanding of an entity’s internal control structure need not be included because of the auditor’s judgments about materiality and assessments of
Inherent risk.
note: If the auditor has concluded that an account is immaterial and that inherent risk is low, the auditor might decide to skip the procedures used to obtain an understanding of the related internal controls because the risk of a material misstatement occurring is low.
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been
Implemented
Note: Obtaining an understanding of an entity’s internal controls over financial reporting involves evaluating the design of relevant controls and determining whether they have been implemented (sometimes referred to as “placed into operation”).
Uses the knowledge provided by the understanding of internal control and the assessed level of the risks of material misstatements primarily to
Determine the nature, timing, and further audit procedures.
Auditor would likely to be concerned about internal control as it relates to
Land and buildings.
- may involve a substantial portion of the client’s assets.
Common stock.
- involve a substantial portion of the client’s equity.
Minutes of board of directors’ meetings.
- should be received by the auditor in complete form so that the auditor may be aware of matters of significance.
Note: Shareholder meetings.are ususally publicly available
Computer systems are typically supported by a variety of utility software packages that are important to an auditor. Why?
May enable unauthorized changes to data files if not properly controlled.
Note:
Client’s use of such programs implies that they are useful on his/her computer hardware, and therefore any flexibility is not of immediate relevance to the auditor.
What is most likely to affect the extent of the documentation of the auditor’s understanding of a client’s system of internal controls?
The degree to which information technology is used in the accounting function.
Why?
Documentation of the understanding of a complex information system with a large volume of transactions may include flowcharts, questionnaires, and/or decision tables; documentation for an information system with limited or no use of IT and few transactions may be in the form of a memorandum.
Systems flowcharts
Provide a visual depiction of clients’ activities
Why?
flowcharts provide a visual depiction of clients’ activities which make it possible for auditors to quickly understand the design of the system.
Note:
Flowcharts are suggested as being appropriate for documenting the auditor’s consideration of internal control.
Questionnaire is most closely associated with which of the following?
Documentation.
Note:
May be completed during the auditor’s consideration of internal control to document the auditor’s understanding.
No one particular form of documentation is necessary regarding client internal control, and the extent of documentation may vary.
Auditor should obtain sufficient knowledge of an entity’s information system to understand the
Process used to prepare significant accounting estimates.
Note:
It also states that this knowledge is obtained to help the auditor to understand:
(1) the entity’s classes of transactions,
(2) how transactions are initiated,
(3) the accounting records and support, and
(4) the accounting processing involved from initiation of a transaction to its inclusion in the financial statements
Decision tables differ from program flowcharts in that decision tables emphasize
Logical relationships among conditions and actions.
Typically be a control relied upon during an audit?
Use of the double-entry system.
- aids in more accurate recording of transactions.
An internal audit staff.
- internal audit staff strengthens internal control by determining if controls are functioning effectively.
Competent personnel.
- strengthen internal control because they would be less likely to commit errors in performing their duties.
note:
comparison-shopping staff is not generally relevant to recording, processing, summarizing, and reporting financial data.
What is a walk-through?:
A procedure that involves tracing a transaction from its origination through the company’s information systems until it is reflected in the company’s financial report
What is a major reason for maintaining an audit trail for a computer system?
Deterrent to fraud.
- may deter fraud since the perpetrator may realize that his or her act may be detected.
Monitoring purposes.
- audit trail will help management to monitor the computer system.
Query answering.
- make it much easier to answer queries.
note:
Analytical procedures use the outputs of the system, and therefore the audit trail is of limited importance.
Relevance of various types of controls to a financial audit?
Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls may also be relevant.
auditor would most likely be concerned with which of the following controls in a distributed data processing system?
Access controls.
Why?
The requirement is to identify the types of controls with which an auditor would be most likely to be concerned in a distributed data processing system. A distributed data processing system is one in which there is a network of remote computer sites, each having a computer connected to the main computer system, thus allowing access to the computers by various levels of users.