Internal Control Flashcards
Internal Control has five component. They are:
- Control Environment
- Risk Assessment
- Control Activities
- Information and Communication
- Monitoring
Think of CRIME which leads to control activities
Control environment
factors set the tone of an organization, influencing the control consciousness of its people.
7 control environment
IC HAMBO
Integrity and ethical values,
Commitment to competence
Human resource policies and practicies
Assignment of authority and responsibility
Management’s philosphy and operating style
Board of directors or audit committee participation
Organizational structure
Risk Assessment
its identificaiton, analysis, and management of risks relevant to the preparation of financial statements following GAAP.
Control activities
Are there control activities in place?
policies and procedures that help ensure that necessary actions are taken to address risks to achieving the entitty’s objectives. policies include
PIPS
Information and communciation
The accounting system, consisting of the methods and records establised to record, process, summarize, and report entity transactions and to maintain accountability.
Record, process, summarize, and report. To be effective, it should accomplish:
1) identify and record all valid tranactions
2) describe on timely basis
3) measure the value properly
4) record in the proper time period
5) properly present and disclose
6) communicate responsibilities to employees
Monitoring
Assesses the quality of internal control performance over time. Monitoring activities may be ongoing, separate evaluations, or a combination.
Limitations of internal control
- Human judgement in decision making cna be faulty
- Breakdowns can occur beacuse of human failure s such as simple errros or misstakes.
- Controls, whether manual or atomated, cna be circumvented by collusion
- Management has the ability to orrider internal contorl
- Cost constraints
- Custom, culture, and the corporate governnance system may inhibit fraud, but they are not absolute deterrents.
Foreign Corrupt Practices Act
Passed by congress in 1977.
- Requiring every corporation registed under the SEA of 1934 to maintain a system of strong internal accounting control.
- Requiring corporations to maintain accurate books and records, and making it 3) illegal for individuals or business entities to make payments to foreign officials to secure business.
Committee of Sponsoring Organization (COSO
Provide thought leadership through the development of comprehenseive frameworks and guidane on enterprise risk management, internal control, and fraud detterence
Committee composed of representatives of various profesional organization.
What are the ways to test of controls?
R - Reperformance
I - Inquiries
I - Inspection
O - Observation
What are the financial statement assertions?
R ights and obligations A llocation and valuation C ompleteness, cutoff E xsistence and occurence D isclosure
What is a dual purpose tests?
A test of controls and a substantive test is applied to the same transaction.
What are the components of Control activities?
PIPS!
Performance reviews (reviews of actual performance against budgets, forecasts, one another, etc.)
I
-
Information processing (controls that check accuracy, completeness, and authorization of transactions)
Physical controls (activities that assure the physical security of assets and records)
S
-
Segregation of duties (separate authorization, recordkeeping, and custody)
What are Risk assessments?
Risk of preparing the FS wrong!
1) changes in the operating environemnt (increase competition)
2) New employee or tech.
3) rapid growth
3) new technology
4) new lines, products, or activities
5) corporate restructing
6) foreign operations
7) accounting pronouncement
After planning the audit, the auditors should:
- obtain the understanding of the entity and its environment, including its IC.
- Assess the risks of material misstatement and design further audit IC.
How do you perform a test of controls?
Inquiries
Inspeciton
Observation
Reperformance
There are three types of deficiencies for IC
1) deficiency - a design or opearting deficiency
2) significant deficiency - a deficiency, or combination of deficiencies.
3) material weakness - is a reasonble possiblity that a mateiral misstatment of the FS will not be prevented or detected.
In an IC audit, the work of others, the auditor should
1) assess their competence and objectivity; do not use the work of thoes iwth low competence
2) use the work in lower risk areas.
What are the differences between PCAOB and AT501 in regards to IC?
1) PCAOB refers to this as an “audit” while AT 501 refers to it as an “examination”
2) AT 501 allows an auditor to examine effectiveness of internal control for a period of time. ex. 20x5
3) AT 501 allows for reporting on management’s assertion.
Reporting on whether a previously reported mateiral weakness continues to exist-
1) mangment gathers evidence, including documentation that the mateiral weakenss no longer exists, then prepares a written report so indicating. The audtiros tehn plan and perform an engagement emphasizing the controls over the mateiral eakenss. The auditor report issued indiciate the auditor’s opinion that the mateiral weakness “no longer exists” or exists” of the date of managmenet’s assertion.
When can auditors communicate issues with IC?
Communicaitons are best if issued by theaudit report realese date, but it can be up to 60 days after.