Internal Control - Concepts & Standards Flashcards
When obtaining an understanding of an entity’s internal control procedures, an auditor should concentrate on the substance of the procedures, rather than their form, because
Management may establish appropriate procedures but not enforce compliance with them.
An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the auditor’s
Understanding of the system
What documentation is not required for an audit in accordance with generally accepted auditing standards?
A flowchart of each major transaction cycle documenting the origination and processing of important accounting records.
What is a management control method that most likely could improve management’s ability to supervise company activities effectively?
Establishing budgets and forecasts to identify variances from expectations.
In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain an understanding of an entity’s internal control structure need not be included because of the auditor’s judgments about materiality and assessments of
Inherent Risk. If the auditor has concluded that an account is immaterial and that inherent risk is low, the auditor might decide to skip the procedures used to obtain an understanding of the related internal controls because the risk of a material misstatement occurring is low.
Decision tables differ from program flowcharts in that decision tables emphasize
Logical relationships among conditions and actions.
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been
Implemented. Obtaining an understanding of an entity’s internal controls over financial reporting involves evaluating the design of relevant controls and determining whether they have been implemented (sometimes referred to as “placed into operation”).
An advantage of using systems flowcharts to document information about internal control, instead of using internal control questionnaires, is that systems flowcharts
Provide a visual depiction of clients’ activities
The primary objective of procedures performed to obtain an understanding of the internal control structure is to provide an auditor with
Knowledge necessary for audit planning.
An auditor’s primary consideration regarding an entity’s internal control structure policies and procedures is whether they
Affect the financial statement assertions.
What procedure would an auditor most likely perform to test controls relating to management’s assertion about the completeness of cash receipts for cash sales at a retail outlet?
Observe the consistency of the employees’ use of cash registers and tapes.
After assessing control risk at below the maximum level, an auditor desires to seek a further reduction in the assessed level of control risk. At this time, the auditor would consider whether
Additional evidential matter sufficient to support a further reduction is likely to be available.
In addition to evaluating the frequency of deviations in tests of controls, an auditor should also consider certain qualitative aspects of the deviations.
The auditor most likely would give broader consideration to the implications of a deviation if it was
Initially concealed by a forged document.
When an auditor assesses control risk at the maximum level, the auditor is required to document the auditor’s
Understanding of the entity’s accounting system & basis for concluding that the control risk is at the maximum level
After obtaining an understanding of the internal control structure and assessing control risk of an entity, an auditor decided not to perform tests of controls.
The auditor most likely decided that
It would be inefficient to perform tests of controls that would result in a reduction in planned substantive tests.
Which of the following is not a step in an auditor’s decision to assess control risk at below the maximum?
In assessing control risk below maximum, the auditor must:
1) obtain an understanding of the internal control structure;
2) identify specific controls relevant to specific financial statement assertions; and
3) test the identified controls to determine if they are operating effectively. The auditor would NOT perform tests of details of transactions. These are substantive procedures which would generally be performed after the assessment of control risk is made.
Which of the following is a step in an auditor’s decision to assess control risk at below the maximum?
Identify specific internal control policies and procedures that are likely to detect or prevent material misstatements.