-Internal Control Flashcards Preview

CPA AUD Flashcards > -Internal Control > Flashcards

Flashcards in -Internal Control Deck (34)
Loading flashcards...
1
Q

If internal control is poor and a company’s accounting practices are sloppy, which risk is higher?

A

Control risk increases with poor internal controls and sloppy accounting practices.

See more @ another71.com/flashcards

2
Q

If internal control is poor, what is the effect on the audit?

A

Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.

3
Q

What does internal control provide reasonable assurance for?

A

Internal control provides reasonable assurance that:

  • Material misstatements will be prevented
  • Reliability/integrity of financial statements will be preserved
  • Assets are protected against misuse
4
Q

What is required in an examination of internal control under Sarbanes-Oxley?

A
  • CEO/CFO must disclose internal control deficiencies.
  • Management must provide assessment of internal control.
  • Management must certify financial statements.
5
Q

What is the relationship between internal control and substantive testing?

A

Inverse Relationship

  • Stronger Internal Controls = Less Testing Needed
  • Weaker Internal Controls = More Testing Needed
6
Q

What are the three objectives of internal control?

A

The objectives of internal control are:

  1. Reliability of financial reporting
  2. Operational efficiency/effectiveness
  3. Compliance with laws and regulations
7
Q

What are the five components of internal control?

A

The components of internal control are:

  1. Control Environment
  2. Risk Assessment
  3. Information and Communication
  4. Monitoring
  5. Control Activities
8
Q

What is the purpose for a Control Environment assessment?

A

A Control Environment assessment sets tone for the entire company.

9
Q

What are the components of the Control Environment?

A

The components of Control Environment are:

  • Integrity/Ethics of Management
  • Competence of Management
  • Organizational Structure
  • Human Resource Policies
  • Assignment of Authority/Responsibility
  • Management’s Style (riskier with a dominant/aggressive individual)
  • Board/Audit Committee involvement
10
Q

What does an auditor’s assessment of Detection Risk determine?

A

Detection Risk determines nature, timing, and extent of audit procedures.

11
Q

What determines the acceptable level of Detection Risk?

A

Risk of material misstatement determines acceptable level of Detection Risk.

12
Q

What situations or circumstances could increase the risk of material misstatement?

A
  • Rapid growth in the company
  • Major changes to
    • Operations
    • Personnel
    • Systems
    • IT
    • Products
    • Corporate organization
    • Foreign operations
13
Q

What happens when Control Risk is assessed to be at the maximum level?

A

No Internal Control testing is performed.

All audit procedures are increased in intensity to compensate for increased risk.

14
Q

What happens when Control Risk is below the maximum level?

A

Auditor tests Internal Controls.

Auditor evaluates Control Risk based on tests.

Auditor adjusts substantive tests accordingly.

Weaker Internal Control - More substantive tests

Stronger Internal Control - Less substantive tests

15
Q

Describe some common examples of Control Activities.

A

Control Activities include:

  • Performance Reviews
  • Information Processing
  • Physical Controls
  • Segregation of Duties
16
Q

What should an auditor understand with respect to Information and Communication on an audit?

A

An auditor must understand client’s:

  • Major transaction classes
  • Transaction initiation
  • Support records/documents
  • Transaction processing
  • Financial Statement internal reporting process
  • Financial Statement external reporting process
17
Q

How must an auditor document understanding of Internal Control?

A

An auditor documents understanding of Internal Control through written documentation such as:

  • Internal Control memos,
  • flowcharts,
  • and questionnaires
18
Q

What questions should be asked to determine the risk of material misstatement?

A
  • Were all transactions recorded?
  • Were they timely?
  • Were they measured appropriately?
  • Were they recorded in correct period?
  • Were they presented and disclosed properly?
  • Did management communicate their responsibilities?
19
Q

What is the purpose of internal control testing and what procedures does the auditor perform to test internal controls?

A

Auditor needs reasonable assurance that controls are functioning as designed and effective.

Internal Control Testing should be strong as (IRON) so that nothing gets past them

  • Inquiry - Interview company personnel
  • Re-performance - Can it be replicated?
  • Observation - Watch the control be applied
  • INspection - Dig into the details/documents

If results are as expected, substantive procedures do not need to be adjusted.

20
Q

When can controls tested by an auditor in a prior year be used in the current year’s audit assessment?

A

Controls tested by auditor in a prior year can be used in the current year’s audit assuming they are re-tested every third year.

Exception: if the control has changed since the last audit

21
Q

What happens if Internal Controls are deficient?

A
  • Control Risk increases
  • Scope of substantive procedures increases
  • Detection Risk decreases
  • Material Weakness - reasonable possibility that a material misstatement in financial statements would not be found - more than a remote chance of occurrence.
22
Q

What is a Material Weakness?

A

Reasonable possibility exists that a material misstatement in financial statements would NOT be found, and has more than a remote chance of occurrence.

23
Q

What does Tracing test?

A

Tracing tests completeness.

It starts with a source document and traces forward to the journal entry.

24
Q

What does Vouching test?

A

Vouching tests Existence.

It starts with a journal entry and searches for a voucher or source document to support the entry.

25
Q

What activities represent Segregation of Duties?

A

Non-compatible duties performed by separate individuals such as:

Authorization of asset disbursement vs. Recording of assets vs. Custody of assets

  • If supporting audit evidence doesn’t exist, use Observation and Inquiry.
  • Accounting should be segregated from production.
26
Q

With respect to signing checks, how are duties segregated?

A

Employees who prepare vouchers/invoices should not also have the authority to SIGN CHECKS.

Tip: Remember this as an underlying theme with Segregation of Duties.

The authority to make a payment should not also lie in the hands of those creating invoices/vouchers. Why? People commit fraud by setting up fake companies and basically paying themselves.

27
Q

With respect to custody of assets, how should duties be segregated?

A
  • Employees who have custody of assets should not also RECORD those assets.
  • Someone in charge of petty cash should not also control the petty cash records.
  • Treasury Department (custodians) should NOT have record keeping duties. They control assets and should not be able to adjust any recording of those assets.
28
Q

What are the limitations on Control Activities?

A
  • Controls can’t stop collusion or bad judgment.
  • Management can override controls.
  • Cost vs. Benefit relationship of Internal Control
29
Q

What is required if a Material Weakness is identified?

A
  • A written report to management is required.
  • Report declaring that no material weaknesses were found is allowed.
  • Previous weaknesses reported that still exist should be reported again.
  • Should be reported no later than 60 days after audit report release date.
  • If one or more material weaknesses is uncorrected at year-end, an Adverse Opinion on Internal Control must be given.
30
Q

What is the effect of a Significant Deficiency? What is it?

A

A significant deficiency adversely affects a company’s ability to report in the financial statements according to GAAP.

A significant deficiency is more than a remote likelihood of material misstatement by more than an inconsequential amount.

31
Q

What must occur if a Significant Deficiency is identified?

A
  • If a Significant Deficiency is identified, a written report to management is required.
  • Report declaring that no significant deficiencies exist is not allowed.
  • Previous deficiencies reported that still exist should be reported again.
  • Should be reported no later than 60 days after the audit report release date.
32
Q

What is a Control Deficiency?

A

A control is not operating as intended.

33
Q

What must an auditor ask if using the work of third parties?

A
  • Are they competent?
  • Are they objective?
34
Q

What must an auditor understand with respect to internal auditors?

A
  • Auditor needs to understand the role of Internal Auditors within the organization because their work affects the audit plan.
  • Responsibility for judgments about materiality or appropriateness of entries or estimates cannot be shared with third parties like Internal Auditors.
  • Internal Auditors should be asked to do some of the legwork like preparing schedules or running reports.
  • They should not be asked to make any decisions or judgments.