Internal Controls Flashcards
Assessment of internal controls occurs when in the audit
After audit planning and before substantive procedures
Assessment of internal controls occurs when in the audit
After audit planning and before substantive procedures
What is COSO
The most widely accepted way to design, maintain, and implement an internal controls system.
Not the mandatory framework required but most widely used
What are the objectives of internal controls
Accurate and Reliable Financial Reporting
Compliance with applicable laws & regulations
Effective business operations
What are the 5 components of COSO
COSO has 17 principes which are associated with 5 components. Acronym CRIME:
1. Control Activities
2. Risk Assessments
3. Information and Communication
4. Monitoring
5. Control Environment
What is the control environment (COSO)
The firm envionment in which controls are being enacted
1. Integrity/Ethics
2. Board has oversight responsibility (doing their job)
3. etc
What is Risk Assessment (COSO)
Identification, analysis, and management of risk
What are Control Activities (COSO)
Develop controls that contribute to the mitiation of objectives to acceptable levels
Example: Segregation of Duties
What is segregation of duties
Ensures that the following roles aren’t handled by the same person
1. Authorization
2. Recordkeeping
3. Custody
4. Comparison
Difficult in a small organization, alternative is disclose to auditors
What is Monitoring (COSO)
Making sure all other components of COSO are working effectively in practice
What is Information and Communication (COSO)
Identification, retention, and transfer of information on a timely manner enabling personnel to execute their responsibilities
- This applies both internally and externally
- Information needs to be accurate and reliable
What are the inherent limitations of internal controls
Includes but not limited to:
1. Competence of Employees
2. Obsolescene (external events making IC obsolete)
3. Collusion
4. Override by Management
5. Cost Constraints (does benefit override cost)
What is the correlation between Effective Controls, Control Risk, RMM, and Detection Risk
Controls are operating effectively:
1. Control Risk Down
2. Risk of Material Mistatement Down
3. Can afford a higher Detection Risk
4. Less Substantive work neccessary to test NET (nature timing extent)
What is an integrated audit
For issuers auditors are required to do an integrated audit. Mandatory to do test of controls for effectiveness of ICFR. Conducts simultaneously with controls of financial statements
Non issuers do not need an integrated audit, optional
What are the risk assessment steps