Internal Control Flashcards

1
Q

What does Vouching test?

A
  • Tests Existence
  • Starts with a record entry to source document that support the entry
  • Backwards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

With respect to signing checks - how are duties segregated?

A

Employees who prepare vouchers/invoices should not also have the authority to SIGN CHECKS

Tip - Remember this as an underlying theme with Segregation of Duties. The authority to make a payment should not also lie in the hands of those creating invoices/vouchers. Why? People commit fraud by setting up fake companies and basically paying themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

With respect to custody of assets - how should duties be segregated?

A

Employees who have CUSTODY of assets should NOT also RECORD those assets

  • Someone in charge of petty cash should not also control the petty cash records
  • Treasury Department (custodians) should NOT have record keeping duties
  • They control assets and should not be able to adjust any recording of those assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is required if a Material Weakness is identified?

A
  • A written report to management is required
  • Should be reported no later than 60 days after audit report release date
  • If one or more material weaknesses is uncorrected at year-end- an Adverse Opinion on Internal Control must be given
  • PCAOB Standard 4 is one in which management gathers evidence, including documentation that the material weakness no longer exists, and then prepares a written report so indicating. The auditors then plan and perform an engagement emphasizing the controls over the material weakness. The report issued indicates the auditor’s opinion that the material weakness “no longer exists” or “exists” as of the date of management’s assertion.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Significant Deficiency?

A
  • A significant deficiency is a deficientcy in IC that is less severe than a material weakness yet important engouh to merit attention by those in charge of governance
  • More than a remote likelihood of material misstatement by more than an inconsequential amount
  • A significant deficiency adversely affects a company’s ability to report in the financial statements according to GAAP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What must occur if a Significant Deficiency is identified?

A
  • If a Significant Deficiency is identified- a written report to management required
  • Report declaring that no significant deficiencies exist is not allowed
  • Previous deficiencies reported that still exist should be reported again
  • Should be reported no later than 60 days after the audit report release date
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Control Deficiency?

A

A control is not operating as intended

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What must an auditor ask if using the work of third parties?

A

Are they competent?

Are they objective?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What must an auditor understand with respect to internal auditors?

A
  • Internal auditors have two primary effects on the audit:
    • (1) their existence and work may affect the nature, timing, and extent of audit procedures, and
    • (2) CPAs may use internal auditors to provide direct assistance in performing procedures.
  • The CPA should assess both the competence (auditors consider the quality of internal auditors’ working paper documentation, as well as educational level, professional experience, professional certification, audit policies, and practices regarding assignment, supervision and performance) and objectivity (assessed by considering organizational status within the company, and policies for assuring that internal auditors are objective with respect to the areas being audited; the recommendations made in the reports of internal auditors is an important method of judging the objectivity of internal audit)* *of internal auditors
  • Responsibility for judgments about materiality or appropriateness of entries or estimates CAN NOT be shared with third parties like Internal Auditors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is required in an examination of Internal Control under Sarbanes-Oxley?

A
  • CEO/CFO must disclose deficiencies
  • Management must provide assessment of Internal Controls
  • Management must certify Financial Statements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the relationship between Internal Control and Substantive Testing?

A
  • Has inverse relationship
  • Stronger Internal Control results in LESS substantive testing
  • Weaker Internal Control leads to MORE substantive testing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Revenue Cycles

A
  1. Assume that the firm’s sales personnel prepare sales orders for potential sales (many other possibilities, such as the customer filling out the sales order, are found in practice).
  2. The sale is approved by the credit department,
  3. the goods are shipped, and
  4. the billing department (a part of accounting) prepares a sales invoice (a copy of which becomes the customer’s “bill”).
  5. After the sales invoice is prepared, the sales journal, the general ledger, and the accounts receivable subsidiary ledger are posted.
  6. The customer pays the account with a check, and a remittance advice is enclosed to describe which invoice the check is paying. As a preventive control, two individuals open the mail which includes these customer remittances.
  7. The checks are listed and sent to the cashier who daily deposits them in the bank (recall that the checks should not go to the accounting department, as that would give the accounting department custody of assets [checks in this case] as well as recordkeeping responsibility).
  8. Another copy of the list of checks and the remittance advices is sent to accounting to be used to post the cash receipts journal, which is subsequently posted to the general and accounts receivable subsidiary ledgers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Spending Cycle

A
  1. Assume that the purchase requisition is an internal document sent by the department in need of the supplies to the purchasing department.
  2. The purchasing department determines the proper quantity and vendor for the purchase and prepares a purchase order. One copy of the purchase order is sent to the vendor. Another copy is sent to the receiving department to allow receiving personnel to know that items received have been ordered; however, the copy of the purchase order sent to receiving will not have a quantity of items on it so as to encourage personnel to count the goods when they are received.
  3. When the goods are received, a receiving report is prepared by the receiving department and forwarded to the accounting department.
  4. A vendor’s invoice or “bill” is received by the accounting department from the vendor.
  5. When the accounting department has the purchase order, receiving report, and vendor’s invoice, the payment is approved and then recorded in the purchases journal since evidence exists that the item was ordered, received, and billed.
  6. A check and remittance advice is subsequently sent to the vendor in accordance with the terms of the sale.
  7. The purchase order, receiving report, and vendor’s invoice are stamped paid to prevent duplicate payments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Spending Cycle

Which documents need to be present before payment is approved?

A

Purchase order, receiving report, vendor’s invoice.

The agreement of the vendor’s invoice with the receiving report and purchase order → indicate that the goods were ordered (purchase order), received (receiving report), and the company has been billed (vendor’s invoice)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

IC report for FS Audit

Nonissuer/Non public

A

AU-C 265

Objective is to Communicate to those in charge with governance and management deficiencies in IC that in the auditor’s judgment, are sufficiently important to merit attention

  • communication should be no later than 60 days after the report release date
  • Test only the control you rely on
  • Limited use statement
  • No opinion - Disclaimer
  • No need to communicate control deficiency to those charge with governance
  • Definition of Material weakness
  • Written report of NO material Weakness identified
  • NO Written report of NO Significant deficiency identified
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Attestation Engagement

IC - Nonissuer / Non public

A

AICPA -SSAE 15

Under Attestation Engagement - the auditor is engaged to examine the internal control as of a specified date or for a period of time

  • Test ALL controls
  • Opinion - Management’s assertion is fairly stated
  • Inherent Limitation that IC may not prevent/detect and correct misstatement
  • Do not project IC in the future
  • General Distribution
  • No need to communicate control deficiency to those charge with governance
17
Q

PCOAB - IC report

Issuer/ Public

A

PCAOB – AS 15

Integrated with Audit FS

The auditor is engaged to AUDIT the internal control in accordance with standards of PCAOB as of a specified date

  • Test ALL controls
  • Opinion – Mgt maintained effective IC over financial reporting
  • Inherent Limitation that IC may not prevent/detect and correct misstatement
  • Do not project IC in the future
  • General Distribution
  • No need to communicate control deficiency to those charge with audit committee
18
Q

which disagreements between the auditor and management have to be communicated by the auditor to those charged with governance

A

the professional standards require that disagreements that should be communicated include those relating

  • to estimates,
  • the scope of the audit,
  • application of accounting principles,
  • the wording of the audit report, and
  • other matters.
19
Q

When using a service auditor’s report, the user auditor should:

A

a. Make inquiries concerning service auditor’s professional reputation

b. If necessary, supplement understanding of service auditor’s procedures by discussing them with the service auditor

c. make NO reference to the report of the service auditor in his/her audit report

20
Q

When the service organization performs data processing service to an audit client, its controls interact wiht the audit client’s internal control

A

In such circumstances three approaches are possible for the user auditor:

(1) test the user organization’s controls over activites of the service organization,

(2) use the service auditor’s report on the service organization’s internal contol policies, and

(3) perform tests of controls at the service organization

21
Q

Personnel and Payroll Controls

A

(1) Segregate:

  • Timekeeping
  • Payroll preparation
  • Personnel
  • Paycheck distribution

(2) Time clocks used where possible

(3)Job time tickets reconciled to time clock cards

(4)Time clock cards approved by supervisors (overtime and regular hours)

(5)Treasurer signs paychecks

(6) Unclaimed paychecks controlled by someone otherwise independent of the payroll function (locked up and eventually destroyed if not claimed). In cases in which employees are paid cash (as opposed to checks) unclaimed pay should be deposited into a special bank account.

(7) Personnel department promptly sends termination notices to the payroll department.

22
Q

Company-level controls

A
  • The auditors begin by considering company-level controls, because these controls have a pervasive impact on controls at the process, transaction, or application level.
  • Company-level controls include:
    • Controls within the control environment, including tone at the top, assignment of authority and responsibility, consistent policies and procedures, and company-wide programs such as codes of conduct and fraud prevention
    • Management’s risk assessment process
    • Centralized processing and controls
    • Controls to monitor results of operations
    • Controls to monitor other controls, such as internal audit, the audit committee and self-assessment programs
    • The period-end financial reporting process is always considered significant and includes: the consolidation procedures, use of spreadsheets, journal entries, significant nonroutine, nonsystematic transactions, and selection and application of accounting policies
    • Drafting of the financial statements and disclosures
    • Board of director approved policies that address business control and risk management
23
Q

Standard control for cash disbursements

A

(1) Pre-numbered checks with a mechanical check protector used

(2)Two signatures on large check amounts

(3) Checks signed only with appropriate support (purchase order, receiving report, vendor’s invoice). Treasurer signs checks and mails them

(4) Support for checks canceled after payment

(5) Voided checks mutilated, retained, and accounted for

(6) Bank reconciliations prepared by individual independent of cash disbursements recordkeeping

(7) Physical control of unused checks

24
Q

Example of significant deficiency

A

A deficiency in any one of the following controls would at least be a significant deficiency:
• Controls over the selection and application of accounting principles that are in conformity with generally accepted accounting principles
• Antifraud programs and controls
• Controls over nonroutine and nonsystematic transactions
• Controls over the period-end financial reporting process

25
Q

Walk-throughs

A

• A walk-through involves literally tracing a transaction from its origination through the company’s information systems until it is reflected in the financial reports.
• Walk-throughs provide the auditor with evidence to
1. Confirm the understanding of the flow of transactions and the design of controls
2. Evaluate the effectiveness of the design of controls
3. Confirm whether controls have been implemented

26
Q

Risk assessment Factors

A

Risk assessment. For financial reporting purposes an entity’s risk assessment is its identification, analysis, and management of risks relevant to the preparation of financial statements following GAAP (or some other comprehensive basis).

The following are considered risks that may affect an entity’s ability to properly record, process, summarize and report financial data:

  • *(1) Changes in the operating environment (e.g., increased competition)
    (2) New personnel
    (3) New information systems
    (4) Rapid growth
    (5) New technology
    (6) New lines, products, or activities
    (7) Corporate restructuring
    (8) Foreign operations
    (9) Accounting pronouncements**