Internal Control Flashcards
auditors of entities that do not report to SEC aka non-issuers are required to follow
GAAS issued by auditing standard board (ASB) of the AICPA
auditors of entities that DP report to SEC aka issuers are required understand
internal control
required to perform integrated audit 3 both internal control over financial reporting and of financial statements
5 assertions related to Events and Transactions that occurred during period of audit
CPA-CO
Completeness
Period Cuttof
Accuracy
Classification
Occurrence
4 assertions related to Account Balances
RACE
Rights and obligations
Allocation and Valuation
Completeness
Existence
5 assertions related to Presentation
RACOU-n
Rights and obligations Accuracy and valuation Completeness Occurence Understandability and Classification
auditor seeks reasonable assurance that internal control are achieving certain objectives:
ACE
Accurate and reliable financial reporting
Compliance w law and reg.
Effectiveness and efficiency of operations
5 components of internal control
CRIME
- control activities (C)
- risk assessment (R)
- info and communication (I)
- monitoring (M)
- control ‘E’nvironment (E)
control environment
CHOPPER
C-ommitment to competence
H-uman resource policies and practices
O-rganizational structure
P-articipation of those charged w governance
P-hilosophy of management and mgt operating style
E-thical values and integrity
R-esponsibility assignment
inherent limitation - things that could occur even if theres rly good internal control
COCO
Collusion (no segregation of duties)
Override by mgmt
Competence/Human error
Obsolescent (changes in company’s operation/size , change in tech, changes affecting entity’s business)
Management override, mistakes in judgment, and collusion among employees
reasonable assurance
cost of maintain internal control should now exceed benefit derived from having the control.
Segegration
ARCC
authorization
recording
custody
comparison/ reconciliation
what has more scope, internal control or assessment of risk of material misstatement?
In the assessment of RMM, the auditor will only test those controls that are expected to be relied upon, more limited in scope than an examination of internal control
In an examination of internal control, the auditor expresses an opinion in relation to the effectiveness of internal control, requiring an engagement more extensive in scope.
letter written about internal control is for who?
The distribution of the report on internal controls in conjunction with an audit is restricted to management, the audit committee and the board of directors
Control activities are the policies and procedures that
management uses to provide reasonable assurance that the entity’s objectives will be achieved
monitoring
Monitoring is the process the entity uses to make certain that policies and procedures are, in fact, being followed.
The control environment, or tone at the top,
would include the fact that management is control conscious and willing to commit the resources to develop policies and procedures, but the policies and procedures themselves are control activities
checking credit before sending item is part of manager’s assertion of
valuation
management’s assertions: implicit/explicit assertions regarding recognition, measurement, presentation, and disclosure of info in f/s and disclosures. goal is to give opinion about f/s
COCA-CURVE
Completeness
Occurence
Cutoff
Classification
Classification Understandability Rights and Obligations Valuation and Allocation Existence
purchasing manager would be responsible for
authorization, including negotiating terms with vendors, and would not defer to the accounts payable department
when to cancel documentation
Documentation will be canceled at the time payment is made, often by the check signer at the time checks are being signed
what does accounts payable do
Accounts payable will establish agreement between the vendors invoice, the receiving report, and the purchase order as a basis for determining that payment may be made.
personnel, aka
HR
generally approve pay rate changes that are recommended by operating personnel, and deductions from employees’ salaries
controller and payroll
are responsible for the recordkeeping function, which should also be segregated from authorization of transactions
treasurer
has custody of the cash, which should be segregated from authorization of transactions
Analytical procedures and testing account balances are part of
substantive testing
report on internal control will include
- acknowledgement of management’s responsibility for internal control;
- a description of what aspects of the system of internal control were examined;
- the criteria used for performing the evaluation;
- management’s assertion regarding the effectiveness of the entity’s internal controls;
- a description of any material weaknesses; and
- the date of the assertion
how to understand effectiveness of internal control:
- inquiry of client personnel
- inspection of documents and reports
- observation of client personnel because each provides evidence relevant to the functioning of internal controls.
communication of internal control structure related matters is normally addressed to
the board of directors or the audit committee
The report would not be addressed to the director of internal auditing or any member of management because the deficiency may be a result of management actions.
what should not be included in a report on internal control structure related matters noted in an audit
The report may NOT indicate that there are “no significant deficiencies”, which are more prone to going undetected in a financial statement audit engagement
may indicate that there are no material weaknesses since a properly designed and executed audit should identify all material weaknesses
When performing a risk assessment in an integrated audit of a nonissuer, the auditor will
- identify significant accounts, a misstatement of which could result in a material misstatement to the financial statements nad
- the relevant assertions related to those accounts
three categories of internal control objectives
- Operations Objectives
- Reporting Objectives
- Compliance Objectives
Audit evidence concerning segregation of duties ordinarily is BEST obtained by
Observation of duties.
can also:
- review of documentation of internal control procedures, 2. obtaining flowcharts,
- making inquiries.
significant deficiency defined as:
a control deficiency that is not as severe as a material weakness but significant enough to merit the attention of management.
Accounting pronouncements represent
an external factor that increases the risk that financial statements may be prepared that are not in conformity with GAAP
factors that would influence the form and extent of the auditor’s documentation of an entity’s internal control environment
Complexity and size of the entity
An auditor would decide not to test internal controls if
the controls are not likely to be effective at preventing or detecting misstatements or if it is more efficient to simply perform substantive tests
The auditor’s opinion of an issuer’s internal control applies as of which date?
date of financial statement
risk assessment procedures that are used when obtaining an understanding of the entity, including its internal control
- inquiries,
- analytical procedures, and
- observation and inspection
restriction of report on internal control from auditor is given to whom?
The distribution of the report on internal controls in conjunction with an audit is restricted to
- management,
- the audit committee and
- the board of directors.
recalculation is
a substantive test
Reperformance and observation are both
risk assessment procedures used to assess RRM
Comparison and confirmation are both
substantive procedures
inspection may be
either a risk assessment procedure or a substantive test,
verification
substantive testing
Control activities are the
policies and procedures that management uses to provide reasonable assurance that the entity’s objectives will be achieved
are designed to prevent errors and fraud or to detect and correct them on a timely basis in order to achieve the objective of reliable financial reporting.
The control environment, or tone at the top, would include
the fact that management is control conscious and willing to commit the resources to develop policies and procedures,
when would entity implemented automated controls to reduce risks of misstatement
Automated controls work best when there is a high volume of transactions, all of which have similar characteristics
objectives of internal control are
- accurate and reliable financial reporting,
- compliance with applicable laws and regulations, and
- effective and efficient operations
report on internal controls in conjunction with an audit is
not a general use report but is restricted to the use of management, the audit committee and the board of directors.
working papers of audit documentation includes
Working papers include the audit program or audit plan indicating work performed, analytical procedures performed demonstrating evidence gathered, and the adjusted trial balance demonstrating agreement with the financial statements.
use of specialist in unmodified opinion
not allowed to mention specialist in report
use of specialist in report that’s NOT unmodified opinion
can mention in other matter report
when can external auditors use internal auditor’s help
The auditor is most likely to rely on the work done by internal auditors for areas that represent the LOWEST risk of material misstatement, such as an item that can be evaluated objectively, rather than subjectively.
A performance indicator involves
comparing results to expectations
Which organization developed the framework most commonly used by the auditing profession for benchmarking internal controls of non-issuers
The Committee of Sponsoring Organizations of the Treadway Commission
aka COSO
entity’s internal control report over financial reporting
the auditor must include an inherent limitation paragraph indicating that errors and irregularities can occur and go undetected in any control structure
form of control activities
Segregation of duties
performance indicators
Descriptions of accounting procedures
Reviews of operating performance
A debit memo is
the document used to indicate that goods have been returned to vendors
credit memo
good being return to company
When engaged to examine and report on management’s written assertion about the effectiveness of internal control,
the written assertion must be in the form of a separate report that will accompany the accountant’s report
A credit balance in a suspense account will be reported as a reduction in assets or an increase in liabilities,
implying that financial position may be understated.
A debit balance in a suspense account represents an increase in assets or a decrease in liabilities,
implying that financial position may be overstated.
analytical procedures
A comparison of financial statement data to other data, including prior year data, industry data, or other sources of data
A performance indicator involves
comparing results to expectations
Performance indicators are benchmarks against which performance can be compared to identify potential problems
information processing control
designed to prevent certain information from being processed
