Internal Controls

Question 1

Internal Control for Non Issuer

Answer 1

Auditor expresses opinion on the client’s financial statements NOT internal controls
Auditor is req to obtain evidence relevant controls were effective for entire period

Question 2

Internal Control Issuers

Answer 2

SOX req integrated audit to provide assurance of fair financial statements AND effective IC

Question 3

Issuers reliance on IC

Answer 3

More on IC less on substantive procedures

Question 4

Time Period of auditors opinion

Answer 4

Issuer - Point in Time

Non Issuer- Entire period

Question 5

Objectives of Internal Controls

Answer 5

ACE
Accurate & Reliable Financial Reporting
Compliance with Laws and Regs
Effectiveness and efficiency of operations

Question 6

5 Components of Internal Control under COSO

Answer 6

CRIME
Control Activities
Risk Assessment
Information and Communication
Monitoring
Control Environment

Question 7

Risk Assessment

Answer 7

Identification, analysis, and management of risks related to fairly presented financial statements in conformity w/GAAP

Question 8

Information and Communication

Answer 8

Info Systems: Methods to record, process, and summarize transactions

Communication: Establishing duties relating to IC and making known

Question 9

Monitoring

Answer 9

Maintain Internal Control

Question 10

Control Environment

Answer 10

Sets tone of Organization:
CHOPPER
Commitment to Competence
HR policies & Practices
Organizational Structure
Participation of those charged with Governance
Philosophy of Management
Ethical Values
Responsibility Assignment

Question 11

Control Activities

Answer 11

PIPS
Performance Reviews
Information Processing (IT)
Physical Controls
Segregation of Duties

Question 12

Segregation of Duties

Answer 12

ARCCS
Authorization of Transactions
Recording of transactions
Custody of Assets
Comparisons

Question 13

Second Standard of Fieldwork

Answer 13

Auditor must obtain a sufficient UNDERSTANDING of the entity and Environment including its IC, to assess the RMM of the financial statements due to error or fruad, and to design the Nature, Timing, and Extent of further auditor procedures

Question 14

6 steps to understanding CRIME

Answer 14

1) Obtain understanding of the design of IC (perform risk assessment procedures)
2) Document understanding of IC
3) Assess RMM
4) Perform tests of Controls
5) Reassess RMM and evaluate results
6) Document Conclusions and complete the planned substantive procedures

Question 15

Understanding the design of CRIME

Answer 15

Have controls been implemented?
If improperly designed, may represent material weakness in IC
Only looking to see if implemented NOT operating effectively, unless financial statement audit

Question 16

Risk Assessment Procedures to understand design of CRIME

Answer 16

Analytical Procedures
Inquiries of management and staff
Inspection of documents and records
Observing the applications of specific controls
Knowledge is used to :
Identify Errors or Fraud
Consider factors that affect RMM
Design tests of control and Substantive procedures

Question 17

Document Understanding of CRIME

Answer 17

FIND
Flowchart
IC Questionnaire (All deal with Segregation of ARCC)
Narrative or memorandum
Decision Table/Tree

Question 18

Understanding CRIME, assess Control Risk or RMM

Answer 18

No Reliance RMM up Substantive Approach (Looks @ dollars)

yes Reliance RMM down combined Approach

Question 19

Understanding CRIME, test of control

Answer 19

Testing Operating Cycles for ARCC
RIIO
Reperformance
Inspection
Inquiry
Observation*Most effective
ARRC (% or Freq not dollars)
**Must test effectiveness every 3 years

Question 20

Understanding CRIME, reassess RMM to determine DR

Answer 20

DR says how much substantive testing to do based on results of IC testing
Reassess CR for DR - Adjust Sub testing accordling

Question 21

Understanding CRIME, Document Conclusion

Answer 21

Document Conclusions
Required to communicate significant deficiencies and material weakness to management & those charged with Governance
Risk Assessment must ALWAYS be document
Auditor Document:
Assessment of RMM @ Financial Statement
BASIS of assessment
Sig Risks id’d & related controls evaluated
Risk id’d that req tests of controls to obtain sufficient audit evidence & related controls evaluated

Question 22

Steps to Understanding CRIME Public vs Non-Issuer

Answer 22

Non-Issuer 1,2,3, & 6

Public All Req

Question 23

SOX

Answer 23

Makes officers resp for effective IC & requires signing letter to disclose all sig IC deficiencies to issuers auditors and audit committee
Officer req to report fraud whether material or not
Basic Concept (COCO) Inherent Limitations Always Exists
Collusion
Override by Management
Competence
Obsolescence of IC