Internal Control Notes

Question 1

Assessing control risk

Answer 1

process of evaluating the design and operating effectiveness of an entity’s IC as to how it prevents or detects material misstatements in the FS

Question 2

assessed level of control risk

Answer 2

conclusion reached as a result of assessing control risk

Question 3

Internal control

Answer 3

• Responsibility of the management to establish a control environment and maintain policies an procedure
• means of achieving the entity’s objective

Question 4

Internal Control

Answer 4

(PSA 315)

• process
• designed and effected by those charged w/ governance, mgt, and other staff
• t o provide reasonable assurance
• about achievement of entity’s objective
• with regards to fs reporting
• Effectiveness and efficiency of operations and compliance with applicable law and regulations

Question 5

Inherent limitations of Internal Control (CRHCMI)

Answer 5

1. cost of IC > benefits to be derived
2. routine transaction
3. human error
4. collusion
5. management overriding
6. inadequate procedure

Question 6

NOTES

Answer 6

operational and compliance objectives may be relevant to the audit if they relate to data the auditor evaluates to determine the reliability of some fs assertions

Question 7

components of IC (CRICM)

Answer 7

1. Control Environment
2. Risk Assessment
3. Information and communication systems
4. Control Activities
5. Monitoring

Question 8

Control environment

Answer 8

• includes the attitudes, awareness, and actions of mgt and those charged w/ governance concerning the entity’s IC and its importance in the entity.
• includes gov and mgt functions and sets the tone of an org

Question 9

Control Environment Factors (IMACPA)

Answer 9

a. integrity and ethical values
b. Mgt philosophy and operating style
c. active participation of those charged with
governance
d. commitment to competence
e. personnel policies and procedures
f. assignment of responsibility and authority/
organizational structure

Question 10

Risk Assessment

Answer 10

Entity should take into account those business risks

Auditor should take into account those risks that are relevant to the prep of reliable FS

Question 11

Business risk

Answer 11

The risk that the entity’s objective will not be attained as a result of internal and external factors.

Question 12

Info and Communication system

Answer 12

• effective IC must provide timely information and communication
• communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.

Question 13

open communication(I&C)

Answer 13

help ensure that exceptions are reported and acted on

Question 14

Control Activities

Answer 14

policies and pro that help ensure that mgt directives are carried out

Question 15

Control Activities (PIPS)

Answer 15

1. Performance Reviews
2. Information Processing
3. Physical Controls
4. Segregations of Duties

Question 16

Specific control Procedures(CA) (PIPSA)

Answer 16

a. Performance Reviews
b. Info Processing
c. Physical Controls
d. Segregation of Duties
e. Authorization

Question 17

Performance Reviews (CA)

Answer 17

include reviews and analyses of actual performance versus budgets, forecasts and prior period performance

Question 18

Info Processing (CA)

Answer 18

• a variety of controls are performed to check accuracy, completeness, and authorization of transactions
• when computer processing is used in significant acctg application the it can be classified as general and application controls

Question 19

Physical Controls (CA)

Answer 19

physical security of assets, including adequate safeguards such as secured facilities over access to assets and records.

Question 20

segregation of duties (CA)

Answer 20

assigning different people the responsibilities of authorizing ,recording and maintaining custody of asset

Question 21

Monitoring

Answer 21

process of assessing the quality of internal control performance over time.

Question 22

Ongoing monitoring (M)

Answer 22

built into the normal recurring activities of an entity and include regular mgt and supervisory activities such as preparation of monthly bank recon.

Question 23

Separate Evaluations (M)

Answer 23

performed on a non-routine basis, such as functions performed by internal auditors.

Question 24

Internal Control for Small business

Answer 24

• IC tend to be weak but can be compensated if the owner/manager actively participates in the operations of the business

Question 25

Consideration of IC

Answer 25

auditors should give adequate consideration to these controls because the quality of the entity’s IC systems can have a significant impact on the audit.

Question 26

Steps to consideration of entity’s IC system (UDAPD)

Answer 26

a. understanding to the IC
b. Docu the understanding of IC
c. assess the level of Control risk
d. Perform tests of controls
e. Docu the assessed level of CR

Question 27

a. obtain understanding to the IC

Answer 27

involves:

a. evaluating the design of a control
b. determining whether it has been implemented

Question 28

initial understanding of the design

Answer 28

obtained by inquiry, inspecting documents and records, observing entity’s activity and operations

Question 29

Walk-through test(implementation)

Answer 29

involves tracing 1 or 2 transactions thru the entire accounting systems, from their initial recording at source to their final destination as a component of an account balance in the FS

Question 30

NOTES

Answer 30

• auditor is not required to obtain knowledge about the operating effectiveness of the IC when obtaining understanding of the entity’s IC
• In Understanding Internal Control the audit auditor is only concerned about the design of relevant control policies and procedure and whether such controls are actually being applied

Question 31

uses of understanding to IC for the Auditor

Answer 31

a. identify types of potential misstatements that can occur
b. consider factors that affect the risk of material misstatements
c. design the nature, timing, and extent audit procedures to be performed

Question 32

b. Documenting the understanding of IC

Answer 32

• the extent of documentation may vary depending on size and complexity of the entity and nature of the entity’s internal control systems.
• can be narrative, flowchart, questionnaire

Question 33

c. assess the level of Control risk

Answer 33

auditor’s preliminary assessment of control risk may be at a high level or less than a high level

Question 34

c. assess the level of Control risk

Answer 34

• if IC is NOT EFFECTIVE –> the auditor may simply assess control risk at a HIGH LEVEL –> no test of control –> rely on substantive tests
• if it is MORE EFFICIENT to rely on the entity’s IC –>less than high level —> :
  a. identify specific IC that likely prevent or detect and correct material misstatements
  b. perform test of control

Question 35

d. Perform tests of controls

Answer 35

before the auditor can rely on the effectiveness of internal control to reduce the substantive test, auditor must obtain evidence that they are working effectively as the preliminary assessment suggests

Question 36

d. Perform tests of controls

Answer 36

to obtain evidence of the effectiveness of ;

a. design of acctg and IC systems
b. operation of IC throughout the period

Question 37

NOTES

Answer 37

(PSA) auditor should obtain audit evidence thru test of control to support any assessment of control risk at less than high level

Question 38

Nature of test of control (IOIR)

Answer 38

contains 1 or a combination of:

a. inquiry
b. observation
c. inspection
d. Re performance

Question 39

Inquiry

Answer 39

consists of searching for the appropriate info about the effectiveness of IC from knowledgeable persons inside or outside the entity

Question 40

observation

Answer 40

refers to looking at the process being performed by the others

Question 41

Inspection

Answer 41

involves the examination of documents and records to provide evidence of reliability depending on their nature and source and the effectiveness of internal control over their processing.

Question 42

Re performance

Answer 42

repeating the activity performed by the client to determine whether proper results were obtained

Question 43

Timing of tests of control

Answer 43

-usually during an interim visit in advance of period end.

In determining whether or not to test the remaining period:

• results of the interim tests
• the length of the remaining period
• whether changes have occurred in the acctg and IC systems during the remaining period

Question 44

Extent of test of control

Answer 44

• auditor cannot examine all nature

- should determine the size of a sample sufficient to support the assessed level of control risk

Question 45

using the results of tests of control

Answer 45

• auditor uses assessed level of CR and IR to determine the acceptable level of DR
• Inverse relationship DR with CR & IR

Question 46

Operating effectiveness vs Implementation

Answer 46

• Audit evidence of implementation by performing risk assessment procedures, determines that the relevant controls exists and entity is using them.
• When performing test of operating effectiveness auditor obtain audit evidence that controls operate effectively

Question 47

e. Documenting the assessed level of CR

Answer 47

• if ACR is at high level –> document the conclusion

- if ACR is at low level –> document the conclusion and basis(results of the test of control)

Question 48

Communication of IC weakness

Answer 48

Auditor is required to report to the appropriate level of management material weakness in he design or operation of the acctg and IC system.

(in writing: earliest opportunity as possible so appropriate corrective action may be taken)

Question 49

NOTES

Answer 49

Emphasize that auditors are not required to search for and or identify IC weakness. just communicate if it come to their attention

Question 50

Management Letter

Answer 50

document for IC weakness together with other matters of concern