Internal Controls - Concepts and Standards Flashcards
What is the cardinal rule regarding cash receipts?
Ensure that they are recorded. By requiring employees to record all sales in the cash register and to give customers the cash register tape evidencing the sale, companies can ensure that all cash sales are recorded (the completeness of cash receipts for cash sales). The auditor can test controls by observing employees’ use of cash registers and tapes.
What does assessing control risk at below the maximum level mean?
Assessing control risk below maximum means that there are controls in place which are believed to lessen the risk of a material misstatement occurring undetected in the financial statements.
What is the ultimate purpose of assessing control risk?
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that material misstatements may exist in the financial statements. The assessment of control risk combined with the assessment of inherent risk aids the auditor in identifying where material misstatements might exist in the financial statements.
Why would an auditor decide to assess control risk at the maximum level?
Because the auditor believes evaluating the effectiveness of polices and procedures is inefficient.
Why are tests of controls performed?
The auditor performs tests of controls in order to reduce the assessed level of control risk, not increase it.
Why do auditors tests controls?
The auditor tests controls in order to rely on them and to reduce substantive testing.If testing controls won’t reduce substantive testing sufficiently ( i.e., enough to offset the cost of testing controls), the auditor will opt NOT to test controls. In other words, it would be inefficient to perform the tests of controls.
When an auditor assesses control risk at the maximum level, what is the required documentation?
The auditor is required to document the understanding of the system obtained to plan the audit. The auditor is also required to document the basis for the assessment of control risk, including when control risk is assessed at maximum.
What does it means when an auditor assesses control risk too high?
it means that the auditor’s sample indicates that the control is NOT working properly when it really is. Thus, control risk based on the auditor’s sample is higher than the true operating effectiveness of the control would warrant.
Procedures performed to assess control risk
Procedures performed to evaluate control risk include inquiries of personnel; inspection of documents and records; observation of activities and operations; and reperformance of the control procedure.
When should the auditor assess the operating effectiveness of internal control?
Whenever the auditor contemplates a reliance strategy (which means the same thing as “assessing control risk at less than the maximum level”) and only after performing the appropriate tests of control.
Identify 3 inherent limitations of internal controls?
- Cost of controls should not exceed expected benefits
- Mistakes may occur due to carelessness, fatigue, misjudgments, etc.
- Segregation of duties may break down due to collusion or management override of internal controls.
Identify 2 reasons for assessing control risk at the maximum level.
- The auditor believes that the design of internal control is ineffective; or
- The auditor believes that reliance on internal control (and performing applicable tests of control) is not an efficient audit strategy compared to a wholly substantive audit approach.
When should the auditor assess the design effectiveness of internal control?
In planning every audit under GAAS, as a basis for determining the nature, timing, and extent of further audit procedures.
What are significant deficiencies?
Significant deficiencies are deficiencies in the design or operation of the internal control structure that adversely affect financial reporting.
What are material weaknessess
Material weaknesses are deficiencies which make it likely that a material misstatement in the financial statements will occur and not being detected on a timely basis.
