Internal Control

Question 1

Control risk increases with poor Internal Controls and sloppy accounting practices.

Answer 1

Internal Control

Question 2

Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.

Answer 2

Internal Control

Question 3

Internal control provides reasonable assurance that

Material misstatements will be prevented

Reliability/integrity of financial statements will be preserved

Assets are protected against misuse

Answer 3

Internal Control

Question 4

CEO/CFO must disclose Internal Control deficiencies

Management must provide assessment of Internal Control

Management must certify Financial Statements

Answer 4

Internal Control

Examination of IC is required under SOX

Question 5

Inverse Relationship

Stronger Internal Controls - Less Testing Needed

Weaker Internal Controls - More Testing Needed

Answer 5

Internal Control

Question 6

Reliability of Financial Reporting

Operational Efficiency/Effectiveness

Compliance with Law and Regulations

Answer 6

Internal Control

3 objectives of IC

Question 7

Control Environment

Risk Assessment

Information and Communication

Monitoring

Control Activities

Answer 7

Internal Control

5 components of IC

Question 8

Sets tone for the entire company

Answer 8

Internal Control- Control Environment

Question 9

Integrity/Ethics of Management
Competence of Management
Organizational Structure
Human Resource Policies
Assignment of Authority/Responsibility
Management's Style (riskier with a dominant/aggressive individual)
Board/Audit Committee involvement

Answer 9

Internal Control- Control Environment

Question 10

Detection Risk determines nature- timing- and extent of audit procedures.

Answer 10

Internal Control-Audit Risk Model

Question 11

Risk of material misstatement determines acceptable level of Detection Risk

Answer 11

Internal Control-Audit Risk Model

Question 12

Rapid growth in the company.

The methods management uses to identify risk- estimate its significance and assess the likelihood of occurrence

Major changes to operations- personnel- systems- IT- products- corporate organization- and foreign operations.

Answer 12

Internal Control- Risk Assessment

Question 13

No Internal Control testing is performed.

All audit procedures are increased in intensity to compensate for increased risk.

Answer 13

Internal Control- Audit Risk Model- CR assessed at MAX

Question 14

Auditor tests Internal Controls.

Auditor evaluates Control Risk based on tests

Auditor adjusts substantive tests accordingly

Weaker Internal Control - More substantive tests

Stronger Internal Control - Less substantive tests

Answer 14

Internal Control-CR assessed below MAX

Question 15

Performance Reviews

Information Processing

Physical Controls

Segregation of Duties

Answer 15

Internal Control- Control Activities
R
I
P
S

Question 16

Understand Client’s

Major transaction classes
Transaction initiation
Support records/documents
Transaction processing
Financial Statement internal reporting process
Financial Statement external reporting process

Answer 16

Internal Control-Information and Communications

Question 17

Through written documentation such as Internal Control memos- flowcharts- and questionnaires

Answer 17

Internal Control

Question 18

Were all transactions recorded?
Were they timely?
Measured appropriately?
Recorded in correct period?
Presented and disclosed properly?
Did Management communicate their responsibilities?

Answer 18

Internal Control-Information and Communications

Question 19

Auditor needs reasonable assurance that controls are functioning as designed and effective

Internal Control Testing should be strong as (IRON) so that nothing gets past them

Inquiry - Interview company personnel
Re-performance - Can it be replicated?
Observation - Watch the control be applied
INspection - Dig into the details/documents

If results are as expected- substantive procedures do not need to be adjusted

Answer 19

Internal Control

Question 20

Controls tested by auditor in a prior year can be used in the current year’s audit assuming they are re-tested every third year

Exception If the control has changed since the last audit

Answer 20

Internal Control

Question 21

Control Risk increases

Scope of substantive procedures increases

Detection Risk decreases

Material Weakness - Reasonable possibility that a material misstatement in Financial Statements would not be found- more than a remote chance of occurrence

Answer 21

Internal Control

Question 22

Reasonable possibility exists that a material misstatement in Financial Statements would not be found- and has more than a remote chance of occurrence.

Answer 22

Internal Control

Question 23

Tests Completeness

Starts with source document and traces forward to the journal entry.

Answer 23

Internal Control-Tracing

Question 24

Tests Existence.

Starts with a journal entry and searches for a voucher or source document to support the entry.

Answer 24

Internal Control-Vouching

Question 25

Non-compatible duties performed by separate individuals- such as

Authorization of asset disbursement vs. Recording of Assets vs. Custody of assets

If supporting audit evidence doesn’t exit - use Observation and Inquiry

Accounting should be segregated from Production

Answer 25

Internal Control-Segregation of Duties

Question 26

Employees who prepare vouchers/invoices should not also have the authority to SIGN CHECKS

Tip - Remember this as an underlying theme with Segregation of Duties. The authority to make a payment should not also lie in the hands of those creating invoices/vouchers. Why? People commit fraud by setting up fake companies and basically paying themselves

Answer 26

Internal Control

Question 27

Employees who have custody of assets should not also RECORD those assets

Someone in charge of petty cash should not also control the petty cash records

Treasury Department (custodians) should NOT have record keeping duties

They control assets and should not be able to adjust any recording of those assets

Answer 27

Internal Control

Question 28

Controls can’t stop collusion or bad judgment

Management can override controls

Cost vs. Benefit relationship of Internal Control

Answer 28

Internal Control-Limitations

Question 29

A written report to management is required.

Report declaring that no material weaknesses were found is allowed

Previous weaknesses reported that still exist should be reported again

Should be reported no later than 60 days after audit report release date

If one or more material weaknesses is uncorrected at year-end- an Adverse Opinion on Internal Control must be given

Answer 29

Internal Control-Material weakness

Question 30

A significant deficiency adversely affects a company’s ability to report in the financial statements according to GAAP.

A significant deficiency is a more than a remote likelihood of material misstatement by more than an inconsequential amount

Answer 30

Internal Control

Question 31

If a Significant Deficiency is identified- a written report to management required

Report declaring that no significant deficiencies exist is not allowed

Previous deficiencies reported that still exist should be reported again

Should be reported no later than 60 days after the audit report release date

Answer 31

Internal Control

Question 32

A control is not operating as intended.

Answer 32

Internal Control- Control Deficiency

Question 33

Are they competent?

Are they objective?

Answer 33

Internal Control- Using work of third party

Question 34

Auditor needs to understand the role of Internal Auditors within the organization because their work affects the audit plan

Responsibility for judgments about materiality or appropriateness of entries or estimates cannot be shared with third parties like Internal Auditors

Internal Auditors should be asked to do some of the legwork like preparing schedules or running reports

They should not be asked to make any decisions or judgments

Answer 34

Internal Control

Question 35

CEO/CFO must disclose deficiencies

Management must provide assessment of Internal Controls

Management must certify Financial Statements

Answer 35

Internal Control

Question 36

Has inverse relationship

Stronger Internal Control results in LESS substantive testing

Weaker Internal Control leads to MORE substantive testing

Answer 36

Internal Control

Question 37

Reliability of Financial Reporting

Operational Efficiency/Effectiveness

Compliance with Law and Regulations

Answer 37

Internal Control

Question 38

Control Activities

Risk Assessment

Information and Communications

Monitoring

Control Environment

Answer 38

Internal Control

Question 39

Integrity/Ethics of Management
Competence of Management
Organizational Structure
Human Resources Policies
Assignment of Authority/Responsibility
Management’s Style (riskier with a dominant/aggressive individual)
Board/Audit Committee involvement

Answer 39

Internal Control

Question 40

Auditor tests Internal Controls.

Auditor evaluates Control Risk based on tests

Auditor adjusts substantive tests accordingly

Weaker Internal Control - More substantive tests

Stronger Internal Control - Less substantive tests

Answer 40

Internal Control

Question 41

Understand Client’s

Major transaction classes
Transaction initiation
Support records/documents
Transaction processing
Financial Statement internal reporting process
Financial Statement external communication process

Answer 41

Internal Control

Question 42

Auditor must document understanding of Internal Control via Memos - Flowcharts - Questionnaires

Answer 42

Internal Control

Question 43

Auditor needs reasonable assurance that controls are functioning as designed and effective

Internal Control Testing should be strong as (IRON) so that nothing gets past them

Inquiry - Interview company personnel
Re-performance - Can it be replicated?
Observation - Watch the control be applied
INspection - Dig into the details/documents

If results are as expected - substantive procedures do not need to be adjusted

Answer 43

Internal Control