Internal Controls Flashcards

1
Q

Internal Control for Non Issuer

A

Auditor expresses opinion on the client’s financial statements NOT internal controls
Auditor is req to obtain evidence relevant controls were effective for entire period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Internal Control Issuers

A

SOX req integrated audit to provide assurance of fair financial statements AND effective IC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Issuers reliance on IC

A

More on IC less on substantive procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Time Period of auditors opinion

A

Issuer - Point in Time

Non Issuer- Entire period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Objectives of Internal Controls

A

ACE
Accurate & Reliable Financial Reporting
Compliance with Laws and Regs
Effectiveness and efficiency of operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

5 Components of Internal Control under COSO

A
CRIME
Control Activities
Risk Assessment
Information and Communication
Monitoring
Control Environment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Assessment

A

Identification, analysis, and management of risks related to fairly presented financial statements in conformity w/GAAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Information and Communication

A

Info Systems: Methods to record, process, and summarize transactions

Communication: Establishing duties relating to IC and making known

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Monitoring

A

Maintain Internal Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Control Environment

A
Sets tone of Organization:
CHOPPER
Commitment to Competence
HR policies & Practices
Organizational Structure
Participation of those charged with Governance
Philosophy of Management
Ethical Values
Responsibility Assignment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Control Activities

A
PIPS
Performance Reviews
Information Processing (IT)
Physical Controls
Segregation of Duties
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Segregation of Duties

A
ARCCS
Authorization of Transactions
Recording of transactions
Custody of Assets
Comparisons
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Second Standard of Fieldwork

A

Auditor must obtain a sufficient UNDERSTANDING of the entity and Environment including its IC, to assess the RMM of the financial statements due to error or fruad, and to design the Nature, Timing, and Extent of further auditor procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

6 steps to understanding CRIME

A

1) Obtain understanding of the design of IC (perform risk assessment procedures)
2) Document understanding of IC
3) Assess RMM
4) Perform tests of Controls
5) Reassess RMM and evaluate results
6) Document Conclusions and complete the planned substantive procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Understanding the design of CRIME

A

Have controls been implemented?
If improperly designed, may represent material weakness in IC
Only looking to see if implemented NOT operating effectively, unless financial statement audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk Assessment Procedures to understand design of CRIME

A
Analytical Procedures
Inquiries of management and staff
Inspection of documents and records
Observing the applications of specific controls
Knowledge is used to :
Identify Errors or Fraud
Consider factors that affect RMM
Design tests of control and Substantive procedures
17
Q

Document Understanding of CRIME

A
FIND
Flowchart
IC Questionnaire (All deal with Segregation of ARCC)
Narrative or memorandum
Decision Table/Tree
18
Q

Understanding CRIME, assess Control Risk or RMM

A

No Reliance RMM up Substantive Approach (Looks @ dollars)

yes Reliance RMM down combined Approach

19
Q

Understanding CRIME, test of control

A
Testing Operating Cycles for ARCC
RIIO
Reperformance
Inspection
Inquiry
Observation*Most effective
ARRC (% or Freq not dollars)
**Must test effectiveness every 3 years
20
Q

Understanding CRIME, reassess RMM to determine DR

A

DR says how much substantive testing to do based on results of IC testing
Reassess CR for DR - Adjust Sub testing accordling

21
Q

Understanding CRIME, Document Conclusion

A

Document Conclusions
Required to communicate significant deficiencies and material weakness to management & those charged with Governance
Risk Assessment must ALWAYS be document
Auditor Document:
Assessment of RMM @ Financial Statement
BASIS of assessment
Sig Risks id’d & related controls evaluated
Risk id’d that req tests of controls to obtain sufficient audit evidence & related controls evaluated

22
Q

Steps to Understanding CRIME Public vs Non-Issuer

A

Non-Issuer 1,2,3, & 6

Public All Req

23
Q

SOX

A

Makes officers resp for effective IC & requires signing letter to disclose all sig IC deficiencies to issuers auditors and audit committee
Officer req to report fraud whether material or not
Basic Concept (COCO) Inherent Limitations Always Exists
Collusion
Override by Management
Competence
Obsolescence of IC