Internal Controls

Question 1

Assessment of internal controls occurs when in the audit

Answer 1

After audit planning and before substantive procedures

Question 1

Assessment of internal controls occurs when in the audit

Answer 1

After audit planning and before substantive procedures

Question 2

What is COSO

Answer 2

The most widely accepted way to design, maintain, and implement an internal controls system.

Not the mandatory framework required but most widely used

Question 3

What are the objectives of internal controls

Answer 3

Accurate and Reliable Financial Reporting
Compliance with applicable laws & regulations
Effective business operations

Question 4

What are the 5 components of COSO

Answer 4

COSO has 17 principes which are associated with 5 components. Acronym CRIME:
1. Control Activities
2. Risk Assessments
3. Information and Communication
4. Monitoring
5. Control Environment

Question 5

What is the control environment (COSO)

Answer 5

The firm envionment in which controls are being enacted
1. Integrity/Ethics
2. Board has oversight responsibility (doing their job)
3. etc

Question 6

What is Risk Assessment (COSO)

Answer 6

Identification, analysis, and management of risk

Question 7

What are Control Activities (COSO)

Answer 7

Develop controls that contribute to the mitiation of objectives to acceptable levels
Example: Segregation of Duties

Question 8

What is segregation of duties

Answer 8

Ensures that the following roles aren’t handled by the same person
1. Authorization
2. Recordkeeping
3. Custody
4. Comparison

Difficult in a small organization, alternative is disclose to auditors

Question 9

What is Monitoring (COSO)

Answer 9

Making sure all other components of COSO are working effectively in practice

Question 10

What is Information and Communication (COSO)

Answer 10

Identification, retention, and transfer of information on a timely manner enabling personnel to execute their responsibilities

• This applies both internally and externally
• Information needs to be accurate and reliable

Question 11

What are the inherent limitations of internal controls

Answer 11

Includes but not limited to:
1. Competence of Employees
2. Obsolescene (external events making IC obsolete)
3. Collusion
4. Override by Management
5. Cost Constraints (does benefit override cost)

Question 12

What is the correlation between Effective Controls, Control Risk, RMM, and Detection Risk

Answer 12

Controls are operating effectively:
1. Control Risk Down
2. Risk of Material Mistatement Down
3. Can afford a higher Detection Risk
4. Less Substantive work neccessary to test NET (nature timing extent)

Question 13

What is an integrated audit

Answer 13

For issuers auditors are required to do an integrated audit. Mandatory to do test of controls for effectiveness of ICFR. Conducts simultaneously with controls of financial statements

Non issuers do not need an integrated audit, optional

Question 14

What are the risk assessment steps

Answer 14

Question 15

Risk Assessment Examples

Answer 15

Question 16

How often must you retest internal controls

Answer 16

Every 3 years or 3rd audit

Question 17

What is a walkthrough

Answer 17

A test of internal controls by following a transaction from the beginning to end

Question 18

What is a test of details

Answer 18

Testing the details of a transaction to determine whether internal controls are operating effectively, whether they have been implemented, and look for material mistatements

Question 19

What are the two types of control defincies

Answer 19

Operating Deficiency: Designed properly but does not work
Design Deficiency: Not designed properly

Question 20

What are the three levels of deficiencies related to controls

Answer 20

1. Control deficiency: Exists when the design or operation of a control does not prevent, ir detect and correct mistatements on a timely basis
2. Significant deficiency: a deficiency or combination of deficiencies in internal controls less severe than material weakness but important enough to merit attention
3. Material Weakness: a deficiency or combination thereof in internal controsl such that there is a reasonable possibiklity that a material mistatement of the entty’s financial statements will not beprevented, detected, or corrected on a timely basis

Question 21

What is a SOC 1 Report

Answer 21

Provides an opinion on the design an operating effectiveness of controls (transaction and security focused)

Question 22

What are SOC Reports

Answer 22

Reports on controls for firms a company outsources information too

Question 23

What is a SOC 2 and 3 report

Answer 23

SOC 2: Provides an opinion on the design and operating effectiveness of controls over the security, availability, confidentiality, privacy, and integrity of systems used to proccess entity’s data at service organization (more security focused)

SOC 3: SOC 2 report dumbed down and released publicly