Internal Control

Question 1

An Examination of Internal Control Over Financial Reporting

Answer 1

Express an opinion based on effectiveness of internal control

Basic Steps:

1. Planning
2. Obtain understanding of internal control policies and procedures
3. Evaluate the design of internal control P&Ps
4. Test the effectiveness of IC P&Ps
5. Form opinion about management’s assertion of the effectiveness of IC

Question 2

An Examination of Internal Control Over Financial Reporting: Report

Answer 2

Heading - “Independent”
Introductory paragraph - We have examined
Scope Paragraph - lists what we did
Inherent Limitation Paragraph - Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate.

Opinion Paragraph: In our opinion, X Company maintained in all material aspects, effective internal control

table>

Question 3

Assessed RMM (Risk of Material Misstatement)

Answer 3

Affects: nature, extent, and timing or further audit procedures (NET)

Effects:
NATURE
RMM low - allows more reliance on client’s records
RMM high - need more outside corroboration
As RMM increases, so does the need for more relevant and reliable evidence.

EXTENT
RMM low - need less evidence
RMM high - need more evidence

TIMING
RMM low - allows some interim testing
RMM high - more testing at year-end and some testing at less predictable times

Question 4

Objectives of Internal Control

Answer 4

1. Reliability of financial reporting. Provide reasonable assurance that material misstatements are being prevented, detected, corrected on a timely basis.
2. Reasonable assurance of compliance with laws and regulations.
3. Reasonable assurance of effectiveness and efficiency of operations

Question 5

Internal Control: Management’s Responsibility

Answer 5

Responsible for establishing and maintaining the internal control structure

Question 6

Internal Control: Auditor’s Responsibility

Answer 6

Determine if controls are preventing, detecting, and correcting material misstatements on a timely basis (in other words, determine effect that internal controls have on F/S assertions)

Document understanding of each component of internal control

Question 7

Internal Control: Inherent Limitations

Answer 7

• human fallibility
• collusion
• management override

There are always inherent limitations

Question 8

Internal Control Components

Answer 8

CRIME (5)

1. Control Activities
2. Risk Assessment
3. Information and Communcation
4. Monitoring
5. Environment

Question 9

Control Activities

Answer 9

Specific policies and procedures that assure that all transactions are properly:

• initiated
• authorized/approved
• executed
• recorded

Includes proper segregation of duties (ARC)
A - Authorization
R - Recordkeeping
C - Custody of assets

Includes physical controls: locks on doors, EE ID badges (examples)

Question 10

Risk Assessment

Answer 10

How does management handle risks

Internal Risks:

• new employees
• high EE turnover
• rapid expansion
• new technology
• new products

External Risks:

• downtown in economy or industry
• industry downsizing
• increased competition

CHANGE = RISK

Question 11

Information and Communication

Answer 11

• quality of accounting records
• manamgent communicating to those charged with governance
• management establishing individual duties and communicating such to individual Ees

Question 12

Monitoring

Answer 12

• evaluation of internal control structure over a period of time
• client ability to adjust or improve
• internal audit function

Question 13

Environment

Answer 13

Control environment

• overall attitude of management and board of directors
• internal audit function
• management philsophy and integrity

Any weakness is the control environment is very disturbing/pervasive.

Question 14

Risk is Unavoidable

Answer 14

Auditors do not examine 100% of evidence supporting financial statements

Auditors could misinterpret evidence

Question 15

Audit Risk

Answer 15

The ultimate risk you take in auditing

• risk that financial statements are materially misstated, but we issue a clean opinion
• culmination of all risks: Control Risk, Inherent Risk, Detection Risk

Question 16

Control Risk

Answer 16

Risk that internal control structure is not preventing or detecting material misstatements on a timely basis

Every internal control structure has control risk

Auditor evaluates control risk

Question 17

Inherent Risk

Answer 17

Risk that an item, by its very nature, is materially misstated (cash, liquid assets, etc.)

Susceptibility of a relevant assertion and related account balance, class of transactions or disclosure to a material misstatement, assuming there are no related controls

Question 18

Risk of Material Misstatement (RMM)

Answer 18

RMM = control risk x inherent risk

Exists regardless of whether there is an audit

Auditor evaluates RMM

Question 19

Detection Risk

Answer 19

The risk that the auditor will fail to detect material misstatements

Only exists when there is an audit

Question 20

Risk Relationships

Answer 20

RMM DETECTION RISK FURTHER AUDIT PROCEDURES
High Low Extensive
Low High Limited

Direct Relationship: Control Risk and Further Audit Procedures (High/More, Low/Less)

Indirect Relationship: Detection Risk and Further Audit Procedures (High/Less, Low/More)

Question 21

Internal Control: Control Activites (Types that should be in any strong control structure)

Answer 21

BAND AIDS
B - Bonding (EE who work with cash) - recovery and deterrent
A - Authorization and approval (proper initialized, authoirzed, and approved)
N - Numeric and cross checks (pre-numbered documents - checks, POs, receiving reports, receipts; bank recon; A/P match)
D - Documentation controls - everything is documented

A - Appropriate physical controls - locks on doors, ID badges, safe, alarm system
I - Internal audit function - monitoring
D - Detailed personnel policies - hiring, firing, pay raises, mandatory vacations
S - Separation of duties - ARC - authorization, recordkeeping, custody of assets

Question 22

Internal Control: Deficiencies

Answer 22

Deficiency - design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis

Deficiency in Design - Control not there

Deficiency in operation - Control there, but ineffective

Auditor is required to submit written communication to those charged with governance for control deficiencies that are significant deficiencies or material weaknesses. If none found, no written communcation is required. If required by a governmental entity, generally, an auditor may not issue stating that no significant deficiencies exist.

Question 23

Significant Deficiency

Answer 23

Deficiency, or a combination of deficiencies, in internal control that is less severe than a material wearkness, yet important enough to merit attention by those charged with governance.

Question 24

Material Deficiency

Answer 24

Deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented or detected and corrected on a timely basis.

Question 25

Communication Highlights

Answer 25

State that purpose of audit was to express an opinion on financial statements, but not to express an opinion on the effectiveness of internal control

State that auditor is (accordingly) not expressin an opinion on efectiveness of internal control

State that indicates auditor’s consideration of internal control was not designed to identify all deficiencies in internal control that might be significant deficiencies or material weaknesses

Define material weakness and where relevant, significant deficiency

Identify the specific material weaknesses found an, if applicable, the specific significant deficiencies found

Restrict report

Deadline - Nonissuer - no later than 60 days following the audit report release date, but same is recommended
Issuer - required prior to the issuance of the auditor’s report on the financial statement

Question 26

Purchases and Accounts Payable Transaction Cycle (Part 1)

Answer 26

User Department -
-Prepares prenumbered Stores requisition
Copy 1: Filed
Copy 2: Sent to storeroom

Storeroom
-Receives copy 2 of SR and files it.
-Sends good to user department
-If storeroom runs out of raw material:
-prepares prenumbered purchase requisition (PR)
Copy 1: Filed
Copy 2: Sent to AP department
Copy 3: Sent to purchasing department

Question 27

Purchases and Accounts Payable Transaction Cycle (pt 2)

Answer 27

Purchasing Department
-Receives copy 3 or PR and files it
-Prepares prenumbered Puchase Order (PO)
Copy 1: Filed
Copy 2: Sent to vendor
Copy 3: Blind copy to recieiving (quantity blacked out)
Copy 4: Sent to A/P department

Receiving Department
-Receives blind copy 3 of PO
-Puts number received on blind copy and files it
-Prepares prenumbered Receiving Report (RR)
Copy 1: Filed
Copy 2: Sent to A/P department
Copy 3: Number received filled in and sent to purchasing departmnet for verification

Question 28

Purchases and Accounts Payable Transaction Cycle (pt 3)

Answer 28

Accounts Payable
-Cross checks all 4 documents received (PR, PO, RR, and vendor invoice)
-Records transaction in AP subsidiary ledger
-Prepaires prenumbered 3 copy voucher package (all 4 documents)
Copy 1: Filed
Copy 2: Sent to general accounting
Copy 3: Sent to treasury

Treasury Department

• Receives voucher package
• prepares and sends check to vendor
• cancels voucher package and files it
• approves write offs

General Accounting Department

• Receives copy 2 voucher package
• Updates general ledger

Question 29

Purchases and Accounts Payable Transaction Cycle - Documents Flow Recap

Answer 29

Stores requisition
Purchase requisition
Purchase order
Receiving report
Vendor’s invoice
A/P subsidiary ledger
Voucher package
Check
General ledger

Question 30

Sales and Accounts Receivable Transactions Cycle (pt 1)

Answer 30

Sales Department
-Receives purchase order (PO) from customer
-Prepares prenumbered 6 copy sales order (SO)
Copy 1: Billing with PO
Copy 2: shipping
Copy 3 & 4: credit
Copy 5: Customer
Copy 6: Filed

Credit Department

• Receives copies 3 and 4
• Approve customer credit
• SO Copy 3 (now approved SO) to shipping
• SO Copy 4 to billing

Question 31

Sales and Accounts Receivable Transactions Cycle (pt 2)

Answer 31

Shipping Department

• Receives Copy 3 approved SO from credit
• Receives Copy 2 original from sales
• Prepares prenumbered 3-copy bill of lading
• Copy 1: customer
• Copy 2: billing
• Copy 3: filed with Copy 2 & 3 SO

Billing Department
-Receives:
Copy 2 BOL from shipping
Copy 1 (original) SO
Customer’s PO from sales
Copy 4 (approved) SO from credit
-Prepares prenumbered 4 copy sales invoice
Copy 1: customer
Copy 2: A/R
Copy 3: general accounting
Copy 4: filed with SO, PO, and BOL
-Posts to sales journal

Question 32

Sales and Accounts Receivable Transactions Cycle (pt 3)

Answer 32

A/R department

• Receives Copy 2 sales invoice from billing
• Posts to customer’s account
• updates AR subsidiary ledger

General Accounting

• Receives Copy 3 sales invoice from billing
• Updates general ledger

Question 33

Sales and Accounts Receivable Transactions Cycle - Documents Flow Recap

Answer 33

Customer’s Purchase Order
Sales Order
Approved Sales Order
Bill of Lading
Sales invoice
Sales journal
A/R subsidiary ledger
general ledger

Question 34

Cash Receipts Transaction Cycle (pt 1)

Answer 34

Mail Clerk
-Opens mail
-Prepares pre-numbered daily remittance listing
Copy 1: Filed
Copy 2: Cashier or Treasury
Copy 3: A/R
Copy 4: G/A

Cashier or Treasury Department
-Receives Copy 2 of daily remittance listing
-Makes daily deposit
-Prepares prenumbered deposit summary
Copy 1: Filed
Copy 2: A/R
Copy 3: G/A

Question 35

Cash Receipts Transaction Cycle (pt 2)

Answer 35

Alternative to Mail Clerk/Cashier: Bank Lockbox

• Customers send check directly to company’s bank
• Bank performs functions otherwise performed by Mail Clerk and Cashier

A/R Department
-Receives and cross checks:
Copy 2 of deposit summary from cashier
Copy 3 of remittance listing from mail clerk
-Updates A/R subsidiary ledger
-Prepares pre-numbered cash receipts summary
Copy 1: Filed
Copy 2: G/A
-Updates cash receipts journal

Question 36

Cash Receipts Transaction Cycle (pt 3)

Answer 36

General Accounting

• Receives and cross checks:
• Copy 4 of daily remittance listing
• Copy 3 of deposit summary
• Copy 2 of cash receipts summary
• Updates general ledger

Question 37

Cash Receipts Transaction Cycle -Documents Flow Recap

Answer 37

Daily remittance listing
Deposit summary
A/R receivable subsidiary ledger
Cash receipts journal
Cash receipts summary
General ledger

Question 38

Property, Plant and Equipment (controls to look for)

Answer 38

Controls to look for:
Major purchases approved by BOD
Adequate insurance coverage
Physical safeguards and restricted access
Appropriate policy set up and maintained for expense vs. capitalization determinations

Question 39

Human Resouces (controls to look for)

Answer 39

Detailed personnel policies and procedures (hiring, firing, pay raises, mandatory vacations)

Separaion of duties (HR department hires, fires, and approves salary changes; payroll department prepares payroll)

Imprest Account: Separate payroll bank account

Question 40

Custody Checks

Answer 40

Signature machine and unused checks should be locked up

Unclaimed checks held by internal audit department