Internal Control Concepts and IT/ Internal Control - Sales, receivables, cash receipts cycle - Gleim Chapter 5 & 6 Flashcards
After identifying related party transactions the auditor should become satisfied about their purpose/ nature/ extent and effect. Among other things the auditor should obtain an understanding of the business purpose of the transaction.
Examine related party transactions
One such procedure is reviewing the extent and nature of business transacted with major customers/ suppliers/ borrowers and lenders
Identify related party transactions
Accomplished through the review of material investment transactions during the period
Determine existence of related party transactions
After identifying related party transactions/ the auditor should become satisfied about their purpose; nature; extent and effect. To fully understand a particular transaction; the auditor may confirm the transaction amount and terms; including guarantees and other significant data; with the other parties.
Examine related party transactions
Discussing significant information with intermediaries; such as banks or attorneys
Examine related party transactions
Considering whether transactions are occurring but are not being given proper accounting recognition. Examples include receiving or providing accounting; management or other services at no charge or a major shareholder’s payment of corporate expenses.
Identify related party transactions
Inspecting and obtaining satisfaction concerning the transferability and value of collateral may help to accomplish this.
Examine related party transactions
The auditor should test for reasonableness the compilation of amounts to be disclosed or considered for disclosure.
Examine related party transactions
One of these procedures is reviewing accounting records for large; unusual; or nonrecurring transactions or balances; paying particular attention to transactions recognized at or near the end of the reporting period.
Identify related party transactions
An auditor should inquire of management about whether transactions occurred with related parties.
Determine existence of related party transactions
An evaluation of an entity’s procedures for identifying and properly accounting for related party transactions
Determine existence of related party transactions
When may an auditor refer to the work of a specialist?
When the opinion is modified
Does the auditor need personal financial information from an Auditor’s Specialist?
The auditor does not need to request personal financial statements from the specialist. The auditor evaluates the specialist’s competence/ capabilities/ and objectivity/ not his/her financial position.
Why would the auditor need an Auditor’s Specialist?
The auditor may use the work of a specialist to obtain appropriate audit evidence e.g. to estimate the fair value of mineral rights.
Does the Auditor’s Specialist need to be independent?
The auditor should evaluate the relationship of the specialist with the client before selecting the specialist.
Why would an auditor use a specialist?
The auditor may use the work of a specialist to obtain appropriate audit evidence when the audit staff lacks the necessary professional competence.
If an auditor cannot consider an issue or condition; what is the effect on the opinion?
The auditor should express a disclaimer/ not an adverse opinion/ because of a lack of sufficient appropriate audit evidence.
What is the first thing an auditor should do when an omitted procedure has been discovered?
When the auditor decides that a necessary procedure was omitted the auditor should assess its importance to the auditor’s ability to support the previously expressed opinion.
Is it always required that an omitted procedure be performed?
The results of other procedures applied may compensate for an omitted procedure.
What is the next step after determining the unmodified opinion cannot be supported without the omitted procedure?
The auditor may determine that the omission impairs his/her current ability to support the opinion. If the auditor believes persons are currently relying (or are likely to rely) on the report; the auditor should promptly undertake to apply the omitted procedure or alternative procedures to provide a satisfactory basis for the opinion.
Is warranty estimation risk a high estimation uncertainty; low estimation uncertainty or not an estimate?
Estimation of warranty expenses is a process performed routinely by firms having sufficient data to perform the task. The auditor typically concludes that it involves low estimation uncertainty.
Are contingent liabilities a high estimation uncertainty; low estimation uncertainty or not an estimate?
Contingent liabilities that are probable and can be estimated should be recorded. Litigation is a complex process where there are few external predictable factors on which to base an estimate. This would create high estimation uncertainty for the auditor.
Are derivatives a high estimation uncertainty; low estimation uncertainty or not an estimate?
Derivatives that are not publically traded and for which the fair value is based on a model create high estimation uncertainty. The value is not based on market-based objective data.
Are current sales a high estimation uncertainty; low estimation uncertainty or not an estimate?
Sales are recorded based on objective data regardless of the terms of shipment. The amount is not subject to an estimated value and there is no need for an estimate.
Is determination of obsolete inventory a high estimation uncertainty; low estimation uncertainty or not an estimate?
Determination of inventory obsolescence is a process performed routinely by firms having sufficient data to perform the task. The auditor typically concludes that determination of inventory estimates involves low estimation uncertainty.
What is the entity’s identification and analysis of relevant risks as a basis for their management?
Risk assessment is the entity’s identification and analysis of relevant risks as a basis for their management. Expansion to foreign markets may result in changes in risk for example from currency exchange.
What are the policies and procedures that help ensure the achievement of management directives?
Control activities are the policies and procedures that help ensure the achievement of management directives. Direct functional or activity management such as the daily interaction between supervisors and line personnel is an example of a control activity.
The review of performance indicators such as daily and weekly sales revenue figures may be used as a
Control activity. Reviewing these indicators provides information as to whether or not entity objectives are being achieved.
These systems support the identification/ capture and exchange of information in a form and time frame that enable people to carry out their responsibilities.
Information and communication systems. The use of a job-order costing system by an airplane manufacturer is an example of an information system.
Customers and suppliers may provide information about the effectiveness of internal control.
Information and communication systems. An entity’s communication system affects both internal and external parties. In addition the entity must make clear to external parties that bribes and kickbacks are not allowed. The entity may accomplish this by providing its written policies to external parties on an annual basis
Sets the tone of an organization; influencing the control consciousness of its people. This component is the foundation for the other components.
An entity’s control environment. Management must reduce or remove incentives that increase the probability of dishonest or unethical acts. An example of this kind of incentive is making a manager’s bonus dependent on a high rate of growth in revenues.
Human resources represents what internal control component?
Control Environment. HR policies and practices include hiring individuals who display evidence of integrity and ethical behavior.
Corporate restructuring affects which internal control component?
Risk Assessment. Corporate restructuring is a factor that may change risk.
The process that assesses the quality of internal control performance over time.
Monitoring is the process that assesses the quality of internal control performance over time. Just as control systems change over time the way controls are applied may change as well. The monitoring process includes ongoing activities built into normal recurring operations such as supervision possibly combined with separate evaluations.
Encoding data before transmission over communications lines makes it more difficult for someone with access to the transmission to understand or modify its contents.
Access Control
This feature requires the remote user to call the computer/ give identification/ hang up and wait for the computer to call an authorized number. This control ensures acceptance of data only from authorized modems. However a call-forwarding device may thwart this control by transferring access from an authorized to an unauthorized number.
Access Control
This log records all uses and attempted uses of the system. The date and time codes used mode of access data involved and interventions by operators are recorded.
Access Control
Computer effort is expended most efficiently when data are processed in a logical order such as by customer number. This check ensures the batch is sorted in this order before processing begins
Processing Control
Certain amounts can be restricted to appropriate amounts or ranges such as hours worked less than 10 per day or invoices over $100K requiring supervisor approval.
Input Control
Automatic log-off (disconnection) of inactive data terminals may prevent the viewing of sensitive data on an unattended data terminal.
Access Control
A self-checking digit system is used to detect incorrect or nonexistent identification numbers. The digit is generated by applying an algorithm to the ID number. During the input process the check digit is recomputed by applying the same algorithm to the code actually entered.
Input Control
A device authorization table restricts access to those physical devices that should logically need access
Access Control
Run-to-run control totals (e.g. record counts or certain critical amounts) should be generated and checked at designated points during processing.
Processing Control
The data entry screen prevents certain types of incorrect data from entering the system. For example the system rejects any attempt to enter numerals in a name box or letters in an amount box.
Input Control
The use of passwords and identification numbers is an effective control in an online system to prevent unauthorized access to computer files. Lists of authorized persons are maintained in the computer. The entry of passwords or identification numbers; a prearranged set of personal questions; and the use of badges/magnetic cards/optically scanned cards may be combined
Access Control
Includes the policies and procedures to address specific control risks
The COSO component of Internal Control
Segregation of duties involves the separation of the functions of authorization/record keeping/and asset custody so as to minimize the opportunities for a person to be able to perpetrate and conceal errors or fraud in the normal course of his/her duties.
Decreases control risk
Collusion
Inherent limitation in internal control
Employing a new person
Increases control risk
Rapid growth of a client
Increases control risk
The control environment
The COSO component of Internal Control
Physical Controls involving the safeguarding of assets/records/periodic counts and recons that create asset accountability
Decreases control risk
Corporate restructuring change staffing and supervision assignments and does what to control risk?
Increases control risk
The potential for management to override a control
Inherent limitation in internal control
