Internal Control Flashcards

1
Q

What is internal control?

A

Provides reasonable assurance that

  1. ) Material misstatements will be prevented
  2. ) reliability and integrity of F/S will be preserved
  3. ) Assets are protected against misuse.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Examination of I/C is required by mgmt under?

A

Sarbanes-Oxley

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Under Sarbanes-Oxley what must management do?

A
  1. ) CEO/CFO must disclose deficiencies
  2. ) Mgmt must assess I/C
  3. ) Mgmt must certify F/S
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of relationship does I/C have with Substantive Testing?

A

An inverse relationship

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Stronger I/C =

A

Less testing needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Weaker I/C =

A

More testing needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 3 objectives of I/C?

A
  1. ) Reliability of Financial Reporting
  2. ) Operational efficiency/effectiveness
  3. ) Compliance with Law and Regulations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 5 components of I/C?

A
  1. ) Control environment
  2. ) Risk assessment
  3. ) Control activities
  4. ) Information and communication
  5. ) Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the control environment assessment do?

A

Sets tone for the entire company

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the 8 questions that the control environment assessment should address?

A
  1. ) How are mgmt’s integrity/ethics
  2. ) Is mgmt competent
  3. ) Healthy organizational structure
  4. ) Appropriate HR policies
  5. ) Authority/responsibility assignments
  6. ) What is mgmt’s style
  7. ) Is mgmt agressive
  8. ) Are the Board/Audit Committee actively involved
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the risk of material misstatement? (RMM)

A

determines acceptable level of detection risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is detection risk? (DR)

A

Detection risk determines the nature, timing, and extent of audit procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of growth is considered risky?

A

Rapid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are 3 risk assessment questions to ask about mgmt?

A

How does mgmt:

  1. ) Identify risks
  2. ) Estimate significance
  3. ) Assess occurrence likelihood
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When performing a risk assessment what are the major changes that need to be addressed?

A
  1. ) operations
  2. ) personnel
  3. ) systems
  4. ) IT
  5. ) products
  6. ) corporate organization
  7. ) foreign ops
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of I/C testing is performed when control risk is assessed at maximum?

A

None

17
Q

What types of procedures are performed when control risk is assessed below maximum?

A
  1. ) tests I/C
  2. ) evaluates control risk based on tests
  3. ) adjusts substantive tests accordingly
18
Q

What are 4 types of control activities?

A
  1. ) performance reviews
  2. ) information processing
  3. ) physical controls
  4. ) segregation of duties
19
Q

When it comes to information and communication what are 6 things an auditor needs to understand?

A
  1. ) major transaction classes
  2. ) transaction initiation
  3. ) support records/documents
  4. ) transaction processing
  5. ) financial statement internal reporting process
  6. ) financial statement external reporting process
20
Q

How can an auditor document I/C?

A
  1. ) memo
  2. ) flowchart
  3. ) questionnaires
21
Q

Understanding I/C allows the auditor to determine what?

A

The nature, timing and extent of planned audit procedures.

22
Q

What are 6 risks associated with material misstatements?

A
  1. ) were all transactions recorded
  2. ) were they recorded timely
  3. ) were they measured appropriately
  4. ) were they recorded in the correct period
  5. ) were they presented and disclosed properly
  6. ) did mgmt communicate their responsibilities
23
Q

I/C should be IRON strong. What does IRON stand for?

A

I - inquiry: interview co personnel
R - re-performance: can it be replicated
O - observation: watch the control being applied
N - inspection: dig into the details/documents

24
Q

Substantive procedures should not need to be adjusted if the results of I/C testing are?

A

as expected

25
Q

If internal controls are deficient:

A
  1. ) Control risk increases
  2. ) Substantive tests increase
  3. ) Detection risk decreases
  4. ) a more than remote chance that a material misstatement in F/S would not be found
26
Q

What does tracing test?

A

Tests completeness.

Starts with the source document and traces forward to journal entry

27
Q

What does vouching test?

A

Tests existence.

Starts with journal entry and searches for a voucher or source document to support the entry

28
Q

What does T before V and C before E mean?

A
Tracing = Completeness
Vouching = Existence
29
Q

What are 3 limitations of I/C?

A
  1. ) controls can’t stop collusion or bad judgement
  2. ) Mgmt can override controls
  3. ) cost vs benefit
30
Q

How are material weaknesses reported?

A
  1. ) reasonable possibility that controls will not prevent a material misstatement
  2. ) written report required; can issue a report with no material weaknesses
  3. ) previous weaknesses that still exist should be reported again
  4. ) should be reported no later than 60 days after audit report release date
  5. ) If one or more material weaknesses is uncorrected at year-end and adverse opinion on I/C must be given
31
Q

How are significant deficiencies reported?

A
  1. ) adversely affects company’s ability to report F/S in accordance with GAAP
  2. ) important enough to merit attention by those responsible for oversight of the company’s financial reporting
  3. ) written report to mgmt required: cannot issue a report with no significant deficiencies
  4. ) previous deficiencies reported that still exist should be reported again
  5. ) should be reported not later than 60 days after audit repot release date
32
Q

What is a control deficiency?

A
  1. ) a control is not operating as intended

2. ) written report to mgmt is not required

33
Q

When using the work of a third party (internal auditor) you should determine if they are:

A
  1. ) competent

2. ) objective

34
Q

An internal auditor reporting to the audit committee is:

A

More objective and reliable

35
Q

An internal auditor reporting to a manager is:

A

Less objective and reliable