Internal Control Flashcards
In an attestation engagement to examine internal control of a non-issuer, what elements are included in the auditor’s report?
An auditor’s report based on an attestation engagement to examine internal control of a non-issuer will include:
1) TITLE using the word INDEPENDENT;
2) statement of management’s responsibility for MAINTAINING and EVALUATING the EFFECTIVENESS of internal control;
3) IDENTIFICATION of management’s assertion on internal control;
4) statement of the AUDITOR’S RESPONSIBILITY to report on either INTERNAL CONTROL or MANAGEMENT’S ASSERTION regarding internal control;
5) statement that the examination was CONDUCTED in ACCORDANCE with AICPA ATTESTATION STANDARDS, which REQUIRE the auditor to PLAN and PERFORM the examination to obtain REASONABLE ASSURANCE as to the effectiveness of internal control;
6) STATEMENT describing the examination along with the auditor’s belief that the EXAMINATION SUPPORTS the OPINION expressed;
7) DEFINITION of INTERNAL CONTROL;
8) an indication of the RISKS associated with internal control’s INHERENT LIMITATIONS;
9) auditor’s OPINION;
10) auditor’s SIGNATURE; and the REPORT DATE
If the control procedures leave no audit trail of documentary evidence, the auditor most likely will test the procedures by?
INQUIRY and OBSERVATION are procedures that can be performed REGARDLESS of whether or not there is an AUDIT TRAIL of documentary EVIDENCE and would be used by an auditor when performing TESTS of CONTROLS under those circumstances.
A performance indicator involves?
A performance indicator involves COMPARING results to EXPECTATIONS. The quantities in the accounting records are the amounts the company EXPECTS to have on hand, which is COMPARED to the PHYSICAL COUNT, making the procedure a PERFORMANCE INDICATOR.
Which activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud?
Approving a summary of hours each employee worked during the pay period will be helpful in PREVENTING OVER-PAYMENTS and payments to NONEXISTENT employees. Distributing checks directly to department employees would not prevent a fraudulent over-payment. Setting the pay rate for department employees does not prevent someone in payroll from paying at a different rate. The same would be true of hiring employees and authorizing them to be added to payroll, would not prevent over-payments.
What must be included in the written communication of significant deficiencies and material weaknesses in internal control identified in an audit of financial statements of a non-issuer company?
Written communication of significant deficiencies and material weaknesses in internal control is designed for those RESPONSIBLE FOR GOVERNANCE and, sometimes, MANAGEMENT. It is NOT designed for THIRDS PARTIES and the report will indicate such a LIMITED USE of the statement. An auditor’s report on internal control MAY indicate a LACK of material weaknesses since, due to their magnitude, it is considered the AUDITOR’S RESPONSIBILITY to be able to identify MATERIAL WEAKNESSES, similarly to a material misstatement to the financial statements. The auditor’s report would NOT, indicate a lack of SIGNIFICANT DEFICIENCIES as it is more likely that they may exist and go undetected.
An auditor most likely would assess Control Risk (Risk of Material Misstatement) at a high level if the payroll department supervisor is responsible for?
The payroll department supervisor SHOULD NOT BE AUTHORIZING payroll rate changes for all employees. The payroll department supervisor WILL EXAMINE authorization forms for new employees to make certain they are NOT paying nonexistent or UNAUTHORIZED employees and will COMPARE payroll registers to original batch transmittal data to VERIFY that the amount paid is correct. The payroll department supervisor will also have responsibility for hiring subordinate employees for that department. It is the responsibility of personnel, or human resources, however, to institute payroll rate changes that are ordinarily instituted by the employee’s department.
In an attestation engagement to examine internal control of a non-issuer, the measure of materiality
In an attestation engagement to examine an entity’s internal control that is INTEGRATED with an audit of its financial statements, the auditor will use the same measure of materiality as used in the planning and performance of the audit of the financial statements.
If an auditor is obtaining an understanding of an issuer’s information and communication component of internal control, which of the following factors should the auditor assess?
The objectives of the INFORMATION and COMMUNICATION component of internal control includes the IDENTIFICATION, RETENTION, and TRANSFER of RELIABLE information in a timely manner, which would include the classes of transactions reported in the financial statements.
An auditor is determining if internal control relative to the revenue cycle of a wholesaling entity is operating effectively in minimizing the failure to prepare sales invoices. The auditor most likely would select a sample of transactions from the population represented by the
By beginning with shipping documents, the auditor can TRACE forward to make certain that there is an invoice for each shipment. Beginning with the cash receipts file would require the auditor to work backward allowing the auditor to determine that amounts received were for goods shipped but would not provide evidence that all shipments were invoiced. If goods were shipped that were not ordered, perhaps inappropriately, there would be no customer order and, as a result, beginning with customer orders would not be useful in determining if such a shipment was invoiced. Beginning from the invoice file allows the auditor to work forward to determine if all amounts were collected, or backward to determine if all amounts invoiced were shipped, but it would not provide evidence as to whether all shipments were invoiced.
Which of the following would indicate a weakness in the company’s internal control?
Mailing signed checks gives the employee CUSTODY of assets. When that same employee is responsible for POSTING (RECORDING) vendor invoices into the accounts payable ledger, the INCOMPATIBLE duties of CUSTODY of ASSETS and RECORDING of transactions allows the individual to modify a signed check and hide the fact by recording it in the altered amount. Reviewing vendor invoices for signature approval and opening the incoming mail are NOT incompatible duties. The same person entering vendor invoices into the accounting system and reconciling the accounts payable ledger with the general ledger does not allow that individual to perpetrate and conceal fraud. It is not unusual for a treasurer to use a stamp for signing checks. It would be considered a weakness if the stamp was not securely maintained.
Inquiries about credit granting policies and sampling of sales transactions and examines evidence of credit approval. This test of controls most likely supports management’s financial statement assertion(s) of?
Evidence of credit approval will assist the auditor in evaluating the client’s estimate of UNCOLLECTIBLE ACCOUNTS related to the VALUATION or ALLOCATION. Credit approval, however, does not indicate that the goods or services were actually provided and that the entity has rights to the receivable.
Which of the following types of evidence would an auditor most likely examine to determine whether internal control policies and procedures are operating as designed?
Client records documenting the use of EDP programs can assist the auditor in determining if the programs are being used appropriately and with the proper authority, thus supporting conclusions about internal control. Comparing industry margins, confirming receivables, and comparing anticipated results to actual results are SUBSTANTIVE TESTS to support the information in the financial statements, and are not tests of controls.
The auditor’s opinion of an issuer’s internal control applies as of which date?
A report on the internal control of an issuer is INTEGRATED with an audit of the financial statements and, as a result, the auditor evaluates internal control for the period covered by the financial statements up through the DATE of the FINANCIAL STATEMENTS.
Certain internal control matters that come to an auditor’s attention should be communicated to an entity’s audit committee because they represent?
Internal control matters that are required to be communicated to the client’s governance include MATERIAL WEAKNESSES and SIGNIFICANT DEFICIENCIES, which are DEFICIENCIES in the DESIGN or OPERATION of the internal control structure. This includes those deficiencies that are SUFFICIENTLY SIGNIFICANT that they could result in a MATERIAL MISSTATEMENT to the financial statements, referred to as a MATERIAL WEAKNESS.
Which matters would an auditor most likely consider to be a significant deficiency or material weakness to be communicated to the audit committee?
A lack of OBJECTIVITY by those RESPONSIBLE for accounting decisions may result in the selection of accounting policies and practices that are designed to meet some reporting objective other than FAIR PRESENTATION. This might result in a material misstatement of the financial statements and would constitute a significant deficiency or a material weakness.
Which concerning accounts receivable would an auditor most likely perform to obtain evidential matter in support of an assessed level of control risk below the maximum level?
OBSERVING an entity’s employee preparing a schedule of past due accounts receivable will provide the auditor with evidence as to whether control procedures related to past due accounts are in place and operating as intended. As a result, this test may cause the auditor to reduce the level of control risk. Sending confirmations, inspecting an analysis of accounts receivable for unusual balances, and comparing uncollectible accounts expense to actual uncollectible accounts are all TESTS OF DETAILS that may provide evidence about the carrying amount of accounts receivable but not about control risk.
When communicating internal control structure related matters noted in an audit, an auditor’s report should indicate that?
When communicating on internal controls in conjunction with an audit, the auditor will issue a REPORT stating that the purpose of an audit is to REPORT on the financial statements and NOT to provide ASSURANCE on the internal control structure. The statement that errors and irregularities may occur and go undetected is part of the report on internal controls SEPARATE from an audit, not part of the report on internal controls in conjunction with an audit.
An auditor wishes to obtain evidence that all sales that were recorded during the period actually occurred. Which procedures would be most effective for that purpose?
To obtain evidence as to the OCCURRENCE ASSERTION, an auditor would TRACE a sample from the accounting records to source documents (VOUCHING) to determine if each entry recorded is supported by evidence that a sale occurred. This would be accomplished by tracing entries from the sales journal to source documents.
Which of the following departments most likely would approve changes in pay rates and deductions from employee salaries?
The PERSONNEL, or HUMAN RESOURCES, department will generally APPROVE PAY RATE CHANGES that are recommended by operating personnel, and deductions from employees’ salaries. The treasurer has CUSTODY of the cash, which should be segregated from authorization of transactions, the controller and payroll are responsible for the RECORD-KEEPING function, which should also be segregated from authorization of transactions.
In assessing Risk of Material Misstatement (Control Risk), an auditor ordinarily selects from a variety of techniques, including?
An auditor will generally make inquiries in assessing RMM, RECALCULATION is a SUBSTANTIVE TEST, NOT a risk assessment procedure nor a test of controls. REPERFORMANCE , such as of a control procedure, and OBSERVATION are both RISK ASSESSMENT procedures used in assessing RMM. Comparison and confirmation are both SUBSTANTIVE PROCEDURES and, while INSPECTION may be either a risk assessment procedure or a substantive test, VERIFICATION is generally more closely associated with SUBSTANTIVE testing.