Internal Control 2 Flashcards
What is the relationship between Internal Control and Substantive Testing?
Inverse Relationship
- Stronger Internal Controls - Less Testing needed
- Weaker Internal Controls - More Testing Needed
If Internal Control is poor and a company’s accounting practices are sloppy - which risk is higher?
Control risk increases with poor Internal Controls and sloppy accounting practices
If Internal Control is poor - what is the effect on the audit?
Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements
What happens when Control Risk is below the maximum level?
- Auditor MUST verify the effeciveness of the IC so that it can be relied upon
- Identifying specific controls relevant to specific assertions,
- Test of control will be performed
- limited substantive tests may be performed
- Weaker Internal Control - More substantive tests
- Stronger Internal Control - Less substantive tests
What should an auditor understand with respect to Information and Communication on an audit?
Understand Client’s
- Major transaction classes
- Transaction initiation
- Support records/documents
- Transaction processing
- Financial Statement internal reporting process
- Financial Statement external reporting process
What does an auditor’s assessment of Detection Risk determine?
Detection Risk determines nature, timing, and extent of audit procedures.
What are the inherents limitations of IC ?
COCO
- Controls can’t stop Collusion - segregation of duties
- Management can Override controls
- Competence - bad judgment in decision makin - Human errors and mistakes
- Obscolescence - due to change in the company operation, size
- Reasonalble assurrance - Cost > Benefit - relationship of Internal Control
What is required in an examination of Internal Control under Sarbanes-Oxley?
- CEO/CFO must disclose Internal Control deficiencies
- Management must provide assessment of Internal Control
- Management must certify Financial Statements
What determines the acceptable level of Detection Risk?
Risk of material misstatement determines acceptable level of Detection Risk
What is the purpose of testing Internal Controls?
Auditor needs reasonable assurance that controls are functioning as designed and effective
When can controls tested by an auditor in a prior year be used in the current year’s audit assessment?
PCAOB ⇒ CAN NOT USE test every year
Audit Standard ⇒ Controls tested by auditor in a prior year can be used in the current year’s audit assuming they are re-tested every third year
Exception If the control has changed since the last audit
Internal Controls Deficiency
Deficiency in IC Exist when the design or operation of a control does not allow management or employees in the normal course of performing their assigned functions, to prevent, or detect and correct misstatement on a timely basis
- When an auditor becomes aware of deficiencies in IC* , the auditor will evaluate them to determine if they amount to material weakness or significant deficiency - probality and magnitude
- Control Risk increases
- Scope of substantive procedures increases
- Detection Risk decreases
What is a Material Weakness?
Material Weakness is Deficiency in IC such as there is a Reasonable possibility that a material misstatement in Financial Statements would not be found - and has more than a remote chance of occurrence
- result to Adverse opinon on IC
According to AU-C 315.A69, risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls include the following:
According to AU-C 315.A69, risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls include the following:
- Inquiry of entity personnel
- Observing the application of specific controls
- Inspecting documents and reports
- Tracing transactions through the information system relevant to financial reporting.
