Module 3: Understanding Internal Control and Assessing Control Risk

Question 1

Foreign Corrupt Practices Act

Answer 1

A law passed by Congress in 1977 with provisions

(1) Requiring every corporation registered under the Securities Exchange Act of 1934 to maintain a system of strong internal accounting control.
(2) Requiring corporations [defined in (1)] to maintain accurate books and records, and
(3) Making it illegal for individuals or business entities to make payments to foreign officials to secure business.

Question 2

Perform Test of Controls

Answer 2

Test of Controls are used to test either the effectiveness of the design or operation of a control. Approaches include:

a. Inquiries of appropriate personnel
b. Inspection of documents and reports
c. Observation of the application of controls
d. Reperformance of the control by the auditor (when evaluating operations)

Question 3

CPAs use the work of internal auditors in two distinct ways:

Answer 3

1) Obtaining Audit Evidence (in essence using work performed by internal auditors in their normal role)
2) Providing direct assistance under the direction, supervision, and review of the CPAs (CPA assigns work to the internal auditors)

Question 4

Definition of Internal Control defined by COSO

Answer 4

a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories; (a) reporting, (b) operations, and (c) compliance.

Question 5

Components of Internal Control

Answer 5

(a) control environment, (b) risk assessment, (c) control activities, (d) information and communication, and (e) monitoring.

Question 6

Material Weakness

Answer 6

A deficiency, or combination of deficiencies, in IC such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or deleted on a timely basis.

Question 7

Control Environment

Answer 7

The control environment factors set the tone of the organization, influencing the control consciousness of its people. The seven control environmental factors (IC HAMBO): I = Integrity & ethical values; C = Commitment to competence; H = Human resource polices and practices; A = Assignment of authority and responsibility; M = Management’s philosophy and operating cycle; B = Board of directors or audit committee participation; O= Organizational structure

Question 8

Risk Assessment

Answer 8

An entity’s identification, analysis, and management of risk relevant to the preparation of financial statements following GAAP.

Question 9

(Risk Assessment) - The following are considered risks that may affect an entity’s ability to properly record process, summarize, and report financial data:

Answer 9

1) Changes in operating environment
2) New personnel
3) New information systems
4) Rapid growth
5) New technology
6) New lines, products, or activities
7) Corporate restructuring
8) Foreign operations
9) Accounting pronouncements

Question 10

Control Activities

Answer 10

composed of various policies and procedures that help ensure that necessary actions are taken to address risks to achieving the entity’s objectives.

Question 11

Control Activities policies and procedures include

Answer 11

P = Performance reviews 
I = Information processing
P = Physical controls 
S = Segregation of duties

Question 12

Information and communication

Answer 12

The accounting system consisting of the methods and records established to record, process, summarize, and report entity transactions and to maintain accountability of the related assets and liabilities.

Question 13

To be effective, the information and communication system should accomplish the following goals for transactions:

Answer 13

1) Identify and record all valid transactions
2) Describe on a timely basis
3) Measure the value properly
4) Record in the proper time period
5) Properly present and disclose
6) Communicate responsibilities to employees

Question 14

Monitoring

Answer 14

Assesses the quality of internal control performance over time. Monitoring activities may be ongoing, separate evaluations, or a combination thereof.

Question 15

Ongoing Monitoring

Answer 15

Activities that are often designed into recurring activities such as sales and purchases.

Question 16

Separate Evaluation Monitoring

Answer 16

often performed by internal auditors or other personnel and often include communication of information about strengths and weaknesses and recommendations for improving internal control.

Question 17

Limitations of Internal Controls

Answer 17

1) Human judgement in decision making can be faulty
2) Breakdowns can occur because of human failures such as simple errors or mistakes
3) Controls, weather manual or automated, can be circumvented by collusion
4) Management has the ability to override internal control
5) Cost constraints (the cost of internal control should not exceed the expected benefits expected to be derived)
6) Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents.

Question 18

Sarbanes-Oxley Act of 2002 (SOX) - Section 404

Answer 18

Requires that management acknowledge its responsibility for establishing adequate internal control over financial reporting and provide an assessment in the annual report of the effectiveness of internal control. Also requires that CPAs attest to management’s report on internal control as part of the audit of the financial statements.

Question 19

Sarbanes-Oxley Act of 2002 (SOX) - Section 302

Answer 19

Makes officers responsible for maintaining effective internal control and requires that principle executive and financial officers to disclose all significant internal control deficiencies to the company’s auditors and audit committee.

Question 20

Sarbanes-Oxley Act of 2002 (SOX) - Section 906

Answer 20

Requires that management certify reports filed with the SEC (primarily annual 10-K and quarterly 10-Qs) that the reports comply with relevant securities laws and also fairly present, in all material respects, the financial conditions and results of operations of the company.

Question 21

Deficiency

Answer 21

The design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.

Question 22

Significant Deficiency

Answer 22

A deficiency, or combination of deficiencies, in the IC that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting.

Question 23

Indicators of material weaknesses

Answer 23

(1) Identification of fraud, whether or not material, on the part of senior management
(2) Restatement of previously issued financial statements to reflect a correction of a misstatement
(3) Identification by the auditor of a material misstatement that would not have been detected by the company’s IC
(4) Ineffective oversight of external reporting and IC by the audit committee.