Internal Controls Flashcards

1
Q

Assessment of internal controls occurs when in the audit

A

After audit planning and before substantive procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

Assessment of internal controls occurs when in the audit

A

After audit planning and before substantive procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is COSO

A

The most widely accepted way to design, maintain, and implement an internal controls system.

Not the mandatory framework required but most widely used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the objectives of internal controls

A

Accurate and Reliable Financial Reporting
Compliance with applicable laws & regulations
Effective business operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 5 components of COSO

A

COSO has 17 principes which are associated with 5 components. Acronym CRIME:
1. Control Activities
2. Risk Assessments
3. Information and Communication
4. Monitoring
5. Control Environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the control environment (COSO)

A

The firm envionment in which controls are being enacted
1. Integrity/Ethics
2. Board has oversight responsibility (doing their job)
3. etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Risk Assessment (COSO)

A

Identification, analysis, and management of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Control Activities (COSO)

A

Develop controls that contribute to the mitiation of objectives to acceptable levels
Example: Segregation of Duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is segregation of duties

A

Ensures that the following roles aren’t handled by the same person
1. Authorization
2. Recordkeeping
3. Custody
4. Comparison

Difficult in a small organization, alternative is disclose to auditors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Monitoring (COSO)

A

Making sure all other components of COSO are working effectively in practice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Information and Communication (COSO)

A

Identification, retention, and transfer of information on a timely manner enabling personnel to execute their responsibilities

  • This applies both internally and externally
  • Information needs to be accurate and reliable
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the inherent limitations of internal controls

A

Includes but not limited to:
1. Competence of Employees
2. Obsolescene (external events making IC obsolete)
3. Collusion
4. Override by Management
5. Cost Constraints (does benefit override cost)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the correlation between Effective Controls, Control Risk, RMM, and Detection Risk

A

Controls are operating effectively:
1. Control Risk Down
2. Risk of Material Mistatement Down
3. Can afford a higher Detection Risk
4. Less Substantive work neccessary to test NET (nature timing extent)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an integrated audit

A

For issuers auditors are required to do an integrated audit. Mandatory to do test of controls for effectiveness of ICFR. Conducts simultaneously with controls of financial statements

Non issuers do not need an integrated audit, optional

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the risk assessment steps

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Risk Assessment Examples

A
16
Q

How often must you retest internal controls

A

Every 3 years or 3rd audit

17
Q

What is a walkthrough

A

A test of internal controls by following a transaction from the beginning to end

18
Q

What is a test of details

A

Testing the details of a transaction to determine whether internal controls are operating effectively, whether they have been implemented, and look for material mistatements

19
Q

What are the two types of control defincies

A

Operating Deficiency: Designed properly but does not work
Design Deficiency: Not designed properly

20
Q

What are the three levels of deficiencies related to controls

A
  1. Control deficiency: Exists when the design or operation of a control does not prevent, ir detect and correct mistatements on a timely basis
  2. Significant deficiency: a deficiency or combination of deficiencies in internal controls less severe than material weakness but important enough to merit attention
  3. Material Weakness: a deficiency or combination thereof in internal controsl such that there is a reasonable possibiklity that a material mistatement of the entty’s financial statements will not beprevented, detected, or corrected on a timely basis
21
Q

What is a SOC 1 Report

A

Provides an opinion on the design an operating effectiveness of controls (transaction and security focused)

22
Q

What are SOC Reports

A

Reports on controls for firms a company outsources information too

23
Q

What is a SOC 2 and 3 report

A

SOC 2: Provides an opinion on the design and operating effectiveness of controls over the security, availability, confidentiality, privacy, and integrity of systems used to proccess entity’s data at service organization (more security focused)

SOC 3: SOC 2 report dumbed down and released publicly