Internal Control Flashcards

1
Q

If Internal Control is poor and a company’s accounting practices are sloppy, which risk is higher?

A

Control risk increases with poor Internal Controls and sloppy accounting practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If Internal Control is poor, what is the effect on the audit?

A

More testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does Internal Control provide reasonable assurance for?

A

Internal control provides reasonable assurance that Material misstatements will be prevented
Reliability/integrity of financial statements will be preserved
Assets are protected against misuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is required in an examination of Internal Control under Sarbanes-Oxley?

A
  1. CEO/CFO must disclose Internal Control deficiencies 2. Management must provide assessment of Internal Control
  2. Management must certify Financial Statements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the relationship between Internal Control and Substantive Testing?

A

Inverse Relationship
Stronger Internal Controls = Less Testing Needed
Weaker Internal Controls = More Testing Needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 3 objectives of Internal Control?

A
  1. Reliability of Financial Reporting
  2. Operational Efficiency/Effectiveness
  3. Compliance with Law and Regulations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 5 components of Internal Control?

A
Control Environment 
Risk Assessment 
Information and Communication 
Monitoring 
Control Activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose for a Control Environment assessment?

A

Sets tone for the entire company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the components of the Control Environment?

A

Integrity/Ethics of Management
Competence of Management
Organizational Structure
Human Resource Policies Assignment of Authority/Responsibility
Management’s Style (riskier with a dominant/aggressive individual)
Board/Audit Committee involvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does an auditor’s assessment of Detection Risk determine?

A

The nature, timing, and extent of audit procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What determines the acceptable level of Detection Risk?

A

Risk of material misstatement (ROMM) determines acceptable level of Detection Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What items could increase the risk of material misstatement?

A

Rapid growth in the company.

The methods management uses to identify risk,estimate its significance and assess the likelihood of occurrence

Major changes to operations, personnel, systems, IT, products, corporate organization, and foreign operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What happens when Control Risk is assessed to be at the maximum level?

A

No Internal Control testing is performed.

All audit procedures are increased in intensity to compensate for increased risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What happens when Control Risk is below the maximum level?

A

Auditor tests Internal Controls.

Auditor evaluates Control Risk based on tests
Auditor adjusts substantive tests accordingly

Weaker Internal Control = More substantive tests Stronger Internal Control = Less substantive tests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe some common examples of Control Activities.

A
(PIPS)
Performance Reviews 
Information Processing 
Physical Controls 
Segregation of Duties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What should an auditor understand with respect to Information and Communication on an audit?

A

Understand Client’s Major transaction classes
Transaction initiation
Support records/documents
Transaction processing
Financial Statement internal reporting process
Financial Statement external reporting process

17
Q

How must an auditor document understanding of Internal Control?

A

Through written documentation such as Internal Control memos, flowcharts, and questionnaires

18
Q

What questions should be asked to determine the risk of material misstatement?

A
Were all transactions recorded? 
Were they timely? 
Measured appropriately? 
Recorded in correct period? 
Presented and disclosed properly? 
Did Management communicate their responsibilities?
19
Q

What is the purpose of testing Internal Controls?

A

Provide reasonable assurance that they are functioning as designed and effective

20
Q

What are some Internal Control Testing procedures?

A

(IRON)

Inquiry - Interview company personnel
Re-performance - Can it be replicated?
Observation - Watch the control be applied
INspection - Dig into the details/documents

If results are as expected, substantive procedures do not need to be adjusted

21
Q

When can controls tested by an auditor in a prior year be used in the current year’s audit assessment?

A

Controls tested by auditor in a prior year can be used in the current year’s audit assuming they are re-tested every third year

Exception - If the control has changed since the last audit

22
Q

What happens if Internal Controls are deficient?

A

Control Risk increases
Scope of substantive procedures increases
Detection Risk decreases

23
Q

What is a Material Weakness?

A

Reasonable possibility exists that a material misstatement in Financial Statements would not be found, and has more than a remote chance of occurrence.

24
Q

What does Tracing test?

A

Tests Completeness Starts with source document and traces forward to the journal entry.

25
Q

What does Vouching test?

A

Tests Existence. Starts with a journal entry and searches for a voucher or source document to support the entry.

26
Q

What activities represent Segregation of Duties?

A

Non-compatible duties performed by separate individuals.

Authorization of asset disbursement vs. Recording of Assets vs. Custody of assets

If supporting audit evidence doesn’t exit, use Observation and Inquiry.

Accounting should be segregated from Production

27
Q

With respect to signing checks - how are duties segregated?

A

Employees who prepare vouchers/invoices should not also have the authority to SIGN CHECKS

Why? People commit fraud by setting up fake companies and basically paying themselves

28
Q

With respect to custody of assets - how should duties be segregated?

A

Employees who have custody of assets should not also RECORD those assets

Someone in charge of petty cash should not also control the petty cash records

Treasury Department (custodians) should NOT have record keeping duties. They control assets and should not be able to adjust any recording of those assets

29
Q

What are the limitations on Control Activities?

A

Controls can’t stop collusion or bad judgment Management can override controls
Cost vs. Benefit relationship of Internal Control

30
Q

What is required if a Material Weakness is identified?

A

A written report to management is required.

Report declaring that no material weaknesses were found is allowed

Previous weaknesses reported that still exist should be reported again

Should be reported no later than 60 days after audit report release date

If one or more material weaknesses is uncorrected at year-end- an Adverse Opinion on Internal Control must be given

31
Q

What is the effect of a Significant Deficiency? What is it?

A

A significant deficiency adversely affects a company’s ability to report in the financial statements according to GAAP.

A significant deficiency is a more than a remote likelihood of material misstatement by more than an inconsequential amount

32
Q

What must occur if a Significant Deficiency is identified?

A

A written report to management required

Report declaring that no significant deficiencies exist is NOT allowed

Previous deficiencies reported that still exist should be reported again

Should be reported no later than 60 days after the audit report release date

33
Q

What is a Control Deficiency?

A

A control is not operating as intended.

34
Q

What must an auditor ask if using the work of third parties?

A

Are they competent? Are they objective?

35
Q

What must an auditor understand with respect to internal auditors?

A

Understand the role of Internal Auditors within the organization because their work affects the audit plan

Responsibility for judgments about materiality or appropriateness of entries or estimates cannot be shared with third parties like Internal Auditors

Internal Auditors should be asked to do some of the legwork like preparing schedules or running reports

They should not be asked to make any decisions or judgments