Internal Control

Question 1

What is the minimum level of understanding that the auditor must have or readily obtain as to the functioning of the client’s AIS in connection with the preparation of its F/S?

Answer 1

obtain understanding of the five components of internal control to asses the RMM in the F/S

Question 2

When assets such as finished goods are being shipped or received, exactly what type of controls should be in place?

Answer 2

buyer should reconcile the physical description of the asset and the shipping documents with documents independently received

the buyer should count the assets and verify the quantity received with the appropriate documentation

the buyer should verify the condition of the assets and should proceed with a freight claim if damage is found

the seller conveying the asset to the buyer should obtain a signed receipt or document copy for the shipment being made

Question 3

What is the definition of internal control?

Answer 3

Internal control is a system of policies and procedures designed to provide reasonable assurance to management that the company’s goals and objectives will be achieved in financial reporting, effectiveness and efficiency of operations and compliance with laws and regulations.

Question 4

Why is absolute assurance not possible in regards to an internal control in an audit?

Answer 4

certain inherent limits exist in any system of internal control

depends on competency and dependability of the people using it

human error exists

management has the ability to override

Question 5

How can the auditor test to determine whether specific control activities are functioning as efficiently and as effectively as intended?

Answer 5

talk with applicable entity personnel about the procedures they follow

observe entity employees as they perform critical tasks

trace transactions through each activity to provide evidence to indicate that the activities were performed as designed

re-perform key activities to verify that all situations were examined

Question 6

What approach should the auditor take so that reasonable assurance of no MM in an environment where an entity processes many transactions electronically?

Answer 6

obtain an understanding of the automated system

focus on assessing the changes to program that limit effectiveness of controls

Question 7

What is meant by the term control environment?

Answer 7

a company’s actions, policies, and procedures that reflect the overall attitude and philosophy of top management toward internal control and its importance to the entity

managements commitment to integrity and ethical values

The amount of risk management is willing to take

delegation of authority within the company

Human resource policies, practices and commitment to competence

management’s attitude toward financial reporting

BOD or audit committee participation

organizational structure

Question 8

What is meant by the term control activities

Answer 8

all other policies and procedures not included in the other four internal control components to ensure the necessary actions are taken to address the risks in the achievement of the entity’s objectives

performance reviews

general controls to ensure the accuracy of data processing

application controls applied to individual transactions

physical controls to safeguard assets and records

segregation of duties

Question 9

How is segregation of duties achieved?

Answer 9

having separate independent individuals or departments perform each of the following tasks

authorization of transactions and separation of authorization of transactions from custody of the related assets

recording of transactions and separation between the custody of assets from those accounting for them

Maintaining custody of assets and separation of operational responsibilities from record-keeping responsibilities

separation of IT duties from user departments

proper authorization of transactions and activities

Question 10

What is meant by the term information and communication?

Answer 10

the ability of the AIS to generate reliable info and convey it in a timely manner to those parties that need it

Question 11

What is meant by the term monitoring?

Answer 11

the ongoing or regular assessment of the quality of internal control by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions

Question 12

What are some fraud risk factors in the internal control system?

Answer 12

Failure of management to monitor certain significant controls

inadequate recording of assets that are susceptible to theft

lack of ID’d controls for authorizing transactions

failure to correct previously noted control weaknesses

Failure of certain key employees to take at least annual vacations

failure to record transactions on a timely basis

poor physical safeguards for the entity’s assets

Question 13

What are the two available approaches to designing and performing further audit procedures?

Answer 13

perform only substantive testing

perform both tests of controls and substantive tests (requires effective controls)

Question 14

In performing an assessment of internal control, what information does the auditor need to document?

Answer 14

the understanding of 5 internal control components

risk assessment procedures performed

assessment of RMM

basis for these assessements

Question 15

What are some of the methods used by the auditor to document the understanding of the company and its environment, including its internal control?

Answer 15

narratives

flowcharts

internal control questionnaires

Question 16

What is the definition of significant deficiency?

Answer 16

a control deficiency or a combination of deficiencies that is less severe than a material weakness but important enough to bring to the attention of those charged with governance

Question 17

When designing a questionnaire to learn about the design of internal control in a client’s AIS, how does the auditor determine the questions to be asked?

Answer 17

anticipating the controls that would normally be found the auditor then writes questions for each of the controls to determine if the control has been implemented

Question 18

In an internal control questionnaire, what response is normally anticipated?

Answer 18

the auditor would expect a “yes” answer, normally a “No” answer is an indication of a possible control problem

Question 19

How does the auditor determine controls to test in an AIS?

Answer 19

the auditor should ID specific control activities designed into the system that would reduce overall CR

Question 20

How and when does an independent auditor convey info about significant deficiencies to management and those charged with governance?

Answer 20

all significant deficiencies and material weaknesses must be reported in writing to management and those charged with governance

any items previously reported and not been re-mediated must be communicated again

a report that no significant deficiencies in IC is unacceptable. auditor may report that no material weaknesses were found

made no later than 60 days following the report release date

Question 21

How does failure to correct a deficiency impact a CPA’s work in the current year?

Answer 21

this may be a fraud risk factor and thus additional substantive procedures

assessment of CR will have to be raised

Question 22

What procedures are used by the auditor to test the operating effectiveness of controls?

Answer 22

inquiries

inspections

observation

reperformance

Question 23

What are some examples of inherent limitations of IC systems?

Answer 23

management override of control

collusion among employees

human error

controls may become unreliable due to changes in the entity or personnel

Question 24

What is the function of the internal auditor/audit staff in a company?

Answer 24

monitors company’s internal controls

test the design and functionality of the controls to ensure operational efficiency and effectiveness

Question 25

How does the positive assessment of the internal auditor impact the work of independent auditor?

Answer 25

evaluation IR and CR lower

gather less evidence through substantive testing or accept evidence that is less persuasive due to DR set at high level

Question 26

What is the definition of a service organization?

Answer 26

outside organization that provides accounting, payroll or other business services

Question 27

What are three ways that an auditor make an evaluation of service organizations?

Answer 27

test the entity’s own controls over the activities of the service organization

rely on the service auditor’s report on internal control issued by the independent auditor of the service organization

visit the service organization and perform tests of controls

Question 28

What is meant by the term risk assessment in regards to COSO framework?

Answer 28

managements identification, analysis and management of risks relevant to the entity’s ability to record, process, summarize and report financial information

changes in personnel

instillation of new computer systems

rapid business growth and/or new technology

geographical business expansion

introduction of new products

Question 29

Why should the auditor obtain sufficient knowledge of the entity’s risk assessment process?

Answer 29

to understand how management considers and deals with risks relevant to financial reporting

Question 30

What should the auditor consider when evaluation the design and implementation of the entity’s risk assessment process?

Answer 30

how management identifies business risks relevant to financial reporting, estimates the significance of the risks, assesses the likelihood of their occurrence, and decides upon actions to manage them