Internal Controls Flashcards
Internal Control for Non Issuer
Auditor expresses opinion on the client’s financial statements NOT internal controls
Auditor is req to obtain evidence relevant controls were effective for entire period
Internal Control Issuers
SOX req integrated audit to provide assurance of fair financial statements AND effective IC
Issuers reliance on IC
More on IC less on substantive procedures
Time Period of auditors opinion
Issuer - Point in Time
Non Issuer- Entire period
Objectives of Internal Controls
ACE
Accurate & Reliable Financial Reporting
Compliance with Laws and Regs
Effectiveness and efficiency of operations
5 Components of Internal Control under COSO
CRIME Control Activities Risk Assessment Information and Communication Monitoring Control Environment
Risk Assessment
Identification, analysis, and management of risks related to fairly presented financial statements in conformity w/GAAP
Information and Communication
Info Systems: Methods to record, process, and summarize transactions
Communication: Establishing duties relating to IC and making known
Monitoring
Maintain Internal Control
Control Environment
Sets tone of Organization: CHOPPER Commitment to Competence HR policies & Practices Organizational Structure Participation of those charged with Governance Philosophy of Management Ethical Values Responsibility Assignment
Control Activities
PIPS Performance Reviews Information Processing (IT) Physical Controls Segregation of Duties
Segregation of Duties
ARCCS Authorization of Transactions Recording of transactions Custody of Assets Comparisons
Second Standard of Fieldwork
Auditor must obtain a sufficient UNDERSTANDING of the entity and Environment including its IC, to assess the RMM of the financial statements due to error or fruad, and to design the Nature, Timing, and Extent of further auditor procedures
6 steps to understanding CRIME
1) Obtain understanding of the design of IC (perform risk assessment procedures)
2) Document understanding of IC
3) Assess RMM
4) Perform tests of Controls
5) Reassess RMM and evaluate results
6) Document Conclusions and complete the planned substantive procedures
Understanding the design of CRIME
Have controls been implemented?
If improperly designed, may represent material weakness in IC
Only looking to see if implemented NOT operating effectively, unless financial statement audit