Lec 11 & 12 Flashcards
what is the definition of internal control
the process designed by those in charge with governance to provide reasonable assurance about the achievement of the entity’s objectives
what are the entity’s objective
reliable financial reporting, effective and efficient operations, compliance with laws and regulations
what is the auditor and management responsible in regard to internal control
auditors are responsible for understanding, evaluating, and assessing existing internal controls
management is responsible for establishing and maintaining a system of internal controls
what are the six categories of misstatements
- recording invalid transactions - validity
- valid transactions are omitted - completeness issue
- unauthorized transactions are executed - issues with authorization
- transaction amounts are inaccurate - issue with accuracy
- transactions are classified incorrectly - issues with classification
- transactions are recorded in incorrect period - issues with proper period
how are control objectives linked to the 6 types of misstatements
they are designed in order to prevent misstatements
what do internal control objectives correspond with
management assertions
what is the primary reason for evaluating internal control
to give auditors a basis in determining the nature, timing and extent of the audit program - in short combined or substantive approach
describe the implications if the internal controls are assessed to be weak on nature, timing and extent
nature - tests that are consider higher quality need to be conducted - this will increase cost
timing - testing will need to take place closer to year end - delay and increase cost
extent - more testing will need to be done - increase cost
if controls are good, what sort of cheaper testing can be used
analytical procedures. better controls means better data, meaning more reliable results from the analysis
how are sample sizes affected when controls are weak
they need to be bigger
What is the credit manager control for A/r and what objective and assertion is it related to
a credit manager checks the customers credit worthiness before allowing a sale on account - this is linked with valuation and authorization
what is an example of substantive tests for valuation for A/R
examine subsequent collections - meaning looking at what has been collected 30 days after year end
how is the subsequent collections test altered if controls are good or bad
weak controls require 25% of the collections be examined
strong controls require 10% of collections be examined
what are the steps in risks assessment and audit procedures (9 step decision tree)
1 - understand business, f/s, and risk
2 - identify inherent risk of f/s assertions
3 - asses risk,magnitudes to identify if misstatements could occur
4 - identify the controls specific to inherently risky accounts
5a - if controls are weak or absent consider control risk
7a - can be reason to withdraw from audit engagement or develop a revised audit program that gathers sufficient audit evidence
5b & 6- tests reveal that controls related to significant risks are strong
7b - if controls are reduce risk to a satisfactory low level, develop a revised audit plan that provides sufficient appropriate audit evidence
8 - continue with substantive audit procedures
9 - if necessary revise audit program based on findings and perform new procedures
10 - evaluate audit and let management know about any weaknesses they can improve on
what type of controls do auditors test and define them
key controls. these are controls come from the 5 components of internal control and are important in accomplishing management control objectives
what does the design and operation of key controls do
helps prevent and detect material misstatement due to fraud or error
what are the 6 internal control objectives
validity, completeness, authorization, accuracy, classification, proper period
what are control objectives analogous with
they are analogous to management assertions when it comes to controls
validity corresponds with what assertions
existence and ownership
completeness corresponds with what assertions
completeness, and ownership
authorization corresponds with what assertions
existence, valuation and ownership
accuracy corresponds with what assertions
valuation
classification corresponds with what assertions
valuation and presentation and disclosure
proper period corresponds with what assertions
existence, completeness, ownership and presentation
if control assessment reveals that controls are good for authorization, what is the impact on substantive tests
less substantive tests done on existence, valuation and ownership
what are the 6 steps in the a/r and sales cycle
- customer places order (external doc)
- credit approval by manager - (if not approved sell in cash)
- sales order is generated (internal dic and prenumbered)
- shipping document (bill of lading and packing slip) and invoice
- post on a/r subledger and sales journal
- post on gl
how to test for validity objective in ar cycle
chose sample from sales journal and vouch to the external customer document
how to test authorizing objective in ar cycle
check if the sales invoices come from the client’s authorized price list and when the customer authorizes the sale on account
how to test accuracy in ar cycle
recalculate taxes and total in the sales invoice
how to test proper period in ar cycle
check the date of the shipment and ensure it belongs to the current accounting/fiscal period on the packing slip
how to test completeness objective in ar cycle
gain a sample from the sales order and trace it to the sales journal with the block sampling method
for completeness, why do we use the sales order and nor the customers order for the tracing
not all customers orders pass credit manager and become numbered sales orders
how do we test classification objective in ar cycle
when doing tracing testing for completeness, we inevitably will be testing for classification as we ensure that the sales orders have been placed in the sales journal
how many times are sales journals and ar subs posted to general ledger and how many of these should be test
posted 12 times a year and 3/12 should be tested
in the ar cycle, vouching helps which which ic objectives
validity, authrization, accuracy, and proper period
when doing tracing on the a/r cycle, what ic objectives are tested
completeness and classification
how important is the dollar amount in ic testing
dollar amount is irrelevant as we do not care by how much it is off, we care about whether the internal control is working or not
what are dual-purpose tests
test that test both control and substantive procedures
internal control steps
- obtain understaiding of relevant controls
- evaluate design effectiveness of controls
- assess control risk
- identify and asses risk of material misstatement - looking at high inherent risk account and identifying controls
- design tests of controls
- test controls
- evaluate results
- if risks have changed, go back and redesign procedure
- if you find risk, make management aware of it
what is a method of understadning the internla control
a walkthrough, which is a type of observation - needs to be done early on in the audit
what does it mean to evaluate design effectiveness
assess whether financial statements are auditable and if control seems too poor to test
what do we test when assessing control risk, strengths or weaknesses, and why not the other
we test strengths, which is the controls that should prevent, detect or correct errors. we do no test weaknesses because they exist when there is a lack of controls and theres no point in testing something not there
what does it mean to design tests for controls
gather evidence about design during understanding phase
what are control tests classified as
audit procedures that test effectiveness of controls - specific evidence must be obtained about the effectiveness of controls throughout the period
what are the two parts for testing controls
- identify data population from which sample is drawn from
- select items corresponding with standard or items that agree with info in another population
population of relevant source documents to F/S or other reports is testing what objective and assertion
completeness and completeness
F/S other other staatemtns being vouched to population of relevant source documents is testing what objective and assertion
validity and existence
example of testing controls through observation
test segregation of duties
exmaple of testing controls through reperfromance
recal discounts
exmaple of testing controls through inspection
looking for managers initial on document
t/f, some tests rely on dumenttion while other have none
true, testing for segregation of duties will leave to paper evidence
reponse to increased risk
- assign more experined staff
- increase supoervision
- make audit procedure less predctable
- add more audit procedures
what do audit standards reuquire of auditors in terms of finding wekanessess
the auditor must report hte weakness to an approporaite level of management in a management letter
why are management final closing entries risky and what can be done
they are risky because management might be enclined to override controls. more susbtantive testing is needed
internal control tests are done to help determine audit program. what three important things are in the audit program
nature, timing and exten of audit program and procedures
what would be the effect on nature, extent and timing if controls based on risk assessment are found to be weak
nature - more substantive testing done
timing - tests done closer to year end and not interim date
extent - sample sizes are bigger
overall this causes increase in prices and delays
what are the tree phases of evaluating internal control
1- understand teh control system and think of “what could go wrong”
2- asses control risks indentify strengths and weaknesses in accounting I/S
3- Testing controls and look at how audit procedures are used to ensure control objectives are being met
what are the controls relevant to an audit
the controls that might directly on indirectly lead to misstatment
what are the six categories of misstatment
validity
completeness
authorization
accuracy
proper period
classification
what is vallidity and give an example
invalid transactions recorded
fictiscious sales recorded to fake customers
related to existence
what is completeness and give an example
have all vallid transactions been posted
ship to customer but not recorded
related to compleetness
what is authorization and give an example
unathirized transactions occurring
order not approved for credit was shipped
related to ownership
what is accuracy and give an example
transaction amount innacurate
shipment left with inacurate qunatity or dollar amount
related to valution
what is classification and give an example
transactions classified incorrectly
sale of building recorded as sale revenue
presentation issue
what is proper period and give an example
transaction recorded in wrong period
shipment made in january had sale recorded in december
related to cutoff exitance/completeness
A/R proceudre is to select 75 samples and send possitive conf for. what is the nature, timing and extent
confirmation, interim date, 75 samples
a/r procedure is to compare trial balance to previous period and look for big changes and vouch to suporting doc (bill of lading and invoice)
analytical procedures and vouching, ye, all samples that are above the threshold
a/r procedure is to select invoices for the last 5 days of year and vouch for sales date on on bill of lading
vouching, ye, sales in last 5 days
a/r procedure is to send positive confirmation for 0 balance ar
confirmation, ye, all 0 bal samples
a/r procedure is to select bill of lading in last 5 days and trace to invoice
tracing, ye, all sales last 5 days
what does it mean for substantive testing if control objectives are strong
less substantive testing needs to be done
what assertions do all hte objectives relate to
validity - exitence, ownerhsip
completeness - completeness, ownership
authrirty - existence, valuation, ownership
accuracy - valuation
classification - valuaiton and presentation
proper period - all but valuation
what are application controls
controls that address hte objectives related to input, processing and output of accouting data
what are examples of general procedures
- capable personel
- perromance reviews
- seperation of duties
- supervision
- controlled access
- periodic comparison
- it controls
application controls examples
- revenue/receeivables/receipt
- payables/purchase/payment
- production and payroll
- investment and finance
what shows the understanding of i/c
documenttaionn through questionaires, narratives and flowcharts
what documenttaion method do regualtors prefer
flowcharts
what are the 7 steps in auditing i/c
- obtain understainfing
- evaluate design effectiveness
- assess control risk
- identify and asses risk of material misstatement
- design controls tests
- conduct test of controls
- evaluate results
what is done in the obtianing understanding step
i/c need to be understood sufficiently to plan examination and assess risk
done through questionaires, narratives, flowcharts, walkthroughs, enquiries
understanding contorl environment is cruscial
what is done in evaluating desing effectieness stage
evalaute wheather f/s are auditable
controls should not be tested if htey are weak and underealibale
what is done in teh assessing control risk step
use ARM to categorize CR - assess only control strenghts
examination of control environament, accuotnign system and procedures leads to 3 conclusions
- low cr - combines approach
- low cr - substantive approach
- high cr - substantive
what is done in the assesment of RMM
assess assertions and f/s
what is done in the desing step
determine required degree of comapliace
determine how well controls functioned during current fiscal year
what is done in the test of control step
data population is identified
action be taken to gather evidence
what are options for testing
vouching - statement o source doc
tracing - source doc to statment
observation - test segreagaiton of duties
inspection - look for managment initial on doc
what feature should samples have
they should span the entire peirod
what is done in evalauting results stage
if test conlusion support desing, keep CR
if test conclude differently, change CR
what does increased cr mean
more testing, more staff, more skepticism, more evidence, more supervision, less predictable tests
if deficiencies in control are found what must be done
should be voiced to management in the management letter and should change the audit procedure in order to do more substantive tests
