Internal Control Standards 1 Flashcards
What are the requirements the auditor should focus on when Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement?
1 Risk assessment procedures
2 Understanding the entity and its environment, including its internal control
3 Assessing the risks of material misstatement
4 Documentation
Why should an auditor perform risk assessment procedures?
To obtain an understanding of the entity and its environment, including its internal control
What are types of Risk Assessment Procedures?
1 Inquiries of Management and Others 2 Observation and Inspection 3 Analytical Procedures 4 Review Information 5 Discussion among Audit Team Members
What are Observation and Inspection procedures?
Observation of entity operations, inspection of documents (e.g., internal control manuals), reading reports prepared by management and those charged with governance (e.g., minutes of meetings), and visits to the entity’s facilities
Why is it good to have Analytical Procedures?
They may assist the auditor in understanding the entity and its environment and identify specific risks relevant to the audit
What are Review Information procedures?
Review information about the entity and its environment obtained in prior periods
The auditor’s understanding of the entity and its environment consists of understanding what?
1 Industry, regulatory, and other external factors
2 Nature of the entity
3 Objectives and strategies
4 Measurement and review of the entity’s financial performance
5 Internal controller
What’s the purpose of Internal Controls?
1 Reliability of financial reporting
2 Effectiveness and efficiency of operations
3 Compliance with applicable laws and regulations
What are the 5 interrelated components of Internal Controls?
1 Control activities 2 Control Environment 2 Risk Assessment 3 Information and communication systems 4 Monitoring
What are Control Activities?
Policies and procedures that help ensure that management directives are carried out, especially those related to:
Segregation of duties, Physical controls, Authorization, Performance reviews, Information processing (EDP)
What is Control Environment?
Policies and procedures that determine the overall control consciousness of the entity, sometimes called “the tone at the top”
What is Risk Assessment?
The policies and procedures involving the identification, prioritization, and analysis of relevant risks as a basis for managing those risks
What is Information and communication systems?
The policies and procedures related to the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities
What is Monitoring?
The policies and procedures involving the ongoing assessment of the quality of internal control effectiveness over time. (The auditor should obtain an understanding of the sources of the information related to the entity’s monitoring activities and the basis upon which management considers the information to be reliable)
