Internal Controls AICPA Webinar Flashcards
What is an auditor required to do under GAAS?
1) Obtain an understanding of the entity, its environment, and internal controls.
2) Document the basis for assessing control risk.
3) Evaluate the design of controls relevant to the audit.
4) Determine whether controls relevant to the audit have been implemented.
What is control risk?
Control risk is the probability that financial statements are materially misstated, due to failures in the system of controls used by a business.
What are some factors to be considered while obtaining an understanding of the entity and its environment?
1) Nature of the entity
2) Objectives and strategies of the entity and the related business risks.
3) Measurement and review of the entities financial performance.
4) Internal controls
5) Industry, regulatory and other external factors (taxes and interest rates).
What are some risk assessment procedures?
1) Brainstorming
a) what are some of the fraud risks
b) what is the susceptibility of the company’s financial statement to material misstatement
2) Enquiries of management and others in the entity.
3) Analytical procedures
4) Observation and inspection
What are some types of analytical procedures?
1) Trend analysis - analysis of changes in account balances over time
2) Ratio analysis - the comparison of the relationship between accounts, the comparison of an account with non-financial data, the comparison of information between firms in an industry.
3) Regression analysis - it is the use of statistical models to quantify expectations and incorporate risk and precision
4) Reasonableness testing - it is the analysis of account balances or changes in account balances that uses current information and considers the changes in the environment to develop an explicit prediction of the account balance or relationship.
5) Budgets
6) Review of transactions over a certain limit
What is SOX section 404?
Each annual report to contain an internal control report stating 1) Management’s responsibilities for establishing and maintaining an adequate system of internal control 2) management’s assessment as of the end of the company’s most recent fiscal year, of the effectiveness of the company’s internal control.
