Internal Control Flashcards
If internal control is poor and a company’s accounting practices are sloppy, which risk is higher?
Control risk increases with poor internal control and sloppy accounting practice.
If internal control is poor, what is the effect on the audit?
Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.
For what does internal control provide reasonable assurance?
Internal control provides reasonable assurance that:
Material misstatements will be prevented
Reliability/integrity of financial statements will be preserved
Assets are protected against misuse
What is required in an examination of internal control under Sarbanes-Oxley?
CEO/CFO must disclose Internal Control deficiencies
Management must provide assessment of Internal Conrol
Management must certify Financial Statements
What is the relationship between internal control and Substantive Testing?
Inverse Relationship:
Stronger Internal Controls = Less Testing Needed
Weaker Internal Controls = More Testing Needed
What are the three objectives of internal control?
Reliability of Financial Reporting
Operational Efficiency/Effectiveness
Compliance with Law and Regulations
What are the five components of internal control?
Control Environment
Risk Assessment
Information and Communication
Monitoring
Control Activities
What is the purpose for a control environment assessment?
Sets tone for the entire company
What are the components of the Control Environment?
Integrity/Ethics of Management Compentence of Management Organizational Structure Human Resource Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement
What does an auditor’s assessment of Detection Risk determine?
Detection Risk determines nature, timing, and extent of audit procedures.
What determines the acceptible level of Detection Risk?
Risk of material misstatement determines acceptable level of Detection Risk
What items could increase the risk of material misstatement?
Rapid growth in the company.
The methods management uses to identify risk, estimate its significance and assess the likelihood of occurrence
Major changes to operations, personnel, systems, IT, products, corporate organization, and foreign operations.
What happens when Control Risk is assessed to be at the maximum level?
No internal control testing is performed.
All audit procedures are increased in intensity to compensate for increased risk.
What happens when Control Risk is below the maximum level?
Auditor tests internal controls.
Auditor evaluates Control Risk based on tests
Auditor adjusts substantive tests accordingly:
Weaker Internal Control = More substantive tests
Stronger Internal Control = Less substantive tests
Describe some common examples of Control Activities.
Performance Reviews
Information Processing
Physical Controls
Segregation of Duties
What should an auditor understand with respect to Information and Communication on an audit?
Understand Client’s:
Major transaction classes
Transaction initiation
Support records/documents
Transaction processing
Financial Statement internal reporting process
Financial Statement external reporting process
How must an auditor document understanding of internal control?
Through written documentation such as internal control memos, flowcharts, and questionnaires