Lecture 6 Flashcards
What are the two methods of gaining audit evidence?
Testing internal controls and substantive procedures
Testing internal controls is one of the two methods of gaining audit evidence.
What formula represents the Audit Risk Model?
AR = IR x CR x DR
AR = Audit Risk, IR = Inherent Risk, CR = Control Risk, DR = Detection Risk.
What is the primary purpose of understanding internal controls in auditing?
To determine Inherent Risk (IR)
Understanding internal controls is crucial for assessing the risk of material misstatement.
What are the two key evaluations performed on internal controls according to ISA 315?
Design and Implementation (D&I)
These evaluations are part of Risk Assessment procedures.
What is assessed when testing controls according to ISA 330?
Operating effectiveness
This involves evaluating how controls function throughout the audit period.
What is necessary if substantive procedures cannot provide sufficient evidence?
Testing controls
This is mandated by ISA 315 for significant risks.
How can an auditor test a control?
Inquiry, Observation, Inspection, Reperformance
Inquiry alone is not considered sufficient for testing controls.
Who is responsible for the financial statements and establishing internal controls?
Those charged with governance and management
Their responsibilities are disclosed in the financial statements.
Are ‘Those charged with governance’ in the UK required to attest to the effectiveness of internal controls?
No, but they will be in the future
This change is anticipated due to evolving regulatory standards.
What significant event led to differences in internal control requirements between the UK and the US?
The Enron scandal
The scandal prompted stricter regulations in the US regarding internal controls.
What model is used to manage risks in major companies?
Three lines of defense model
This model outlines the roles of various functions in risk management.
What is the definition of Internal Audit according to the ICAEW Study Manual?
Independent assurance that the organisation’s risk management, governance and internal control processes are operating effectively
Internal Audit also considers wider issues beyond financial risks.
What does an internal auditor’s work plan typically include?
Monitor internal controls, perform detailed tests, review compliance, undertake investigations
These tasks are agreed upon with the audit committee.
What components are typically included in an internal audit report?
Scope, summary of findings, overall conclusion, recommendations, management response
The report should also include a rating of the issues addressed.
Why is organizational independence important for internal auditors?
To enable unrestricted evaluation of management activities
Independence allows for unbiased assessments of internal controls.
