PCAOB Standard 5 and SASI T 501 Flashcards
What is the general objective of IC?
To express an opinion on the effectiveness of the company’s IC
What happens if there is an existence of one or more material weaknesses?
IC is not effective
What is a control objective?
A specific target against which to evaluate the effectiveness of controls.
Control objective for IC generally relates to a relevant assertion and states a criterion for evaluating whether the company’s control procedures in a specific area provide reasonable assurance that a misstatement in that relevant assertion is prevented or detected on a timely basis.
What is management’s assessment?
The assessment required under provisions of SOX that is included in management’s annual report on internal control over financial reporting
What is a relevant assertion?
A financial statement assertion that has a reasonable possibility of containing misstatements that could cause the financial statements to be materially misstated (determination made without regard to the effect of controls)
What are significant accounts and disclosures?
An account or disclosure for which there is a reasonable possibility of material misstatement.
The determination is based on inherent risk, w/o regard to effect of IC
What is the structure of PCAOB Standard 5?
- Plan the audit
- Use a top-down approach to identify controls to test
- Test design and operating effectiveness of controls
- Evaluate identified deficiencies
- Wrap-up
- Report on internal control
What is the date structure used when assessing an opinion on IC effectiveness?
Effective at a point in time (as of) v. time period (entire year)
Compare IC for fraud v. errors risk.
Risk that IC will fail to prevent/detect misstatement caused by fraud usually is higher than the risk of failure to prevent or detect errors.
What is scaling?
Based on size of company; affects achievement of control objectives; natural extension of risk based approach to audits
What controls might address risk of fraud and management override?
- Control over significant, unusual transactions
- JE and adjustments made in period end financial reporting process
- Related party transactions
- Significant management estimates
- Incentives/pressures of management
What are the suggestions for using work of others in IC audit?
Assess competence and objectivity and use work in lower risk areas.
What are examples of entity level controls?
Controls over tone at the top (indirect effect on likelihood of misstatement)
Controls that monitor the operation of other controls (may monitor effectiveness of controls, but not at a level or precision that would address the assessed risk that misstatements will be prevented or detected)
What is the top-down approach?
Begin at financial stm level and used to select controls to test
Financial statements (entity level controls) - signif. accounts and disclosures - relevant assertions - major classes of transactions
Provide more examples of entity-level controls.
- Controls related to control environment (management philosophy and operating style); integrity and ethical values
- Controls over management override
- Company’s risk assessment process
- Centralized processing and controls
- Controls to monitor results of ops
- Controls to monitor other controls (internal audit, audit comm, self-assessment)
- Controls over period-end financial reporting process
- Policies that address significant business control and risk management practices
What should the accountant consider in identifying significant accounts and disclosures?
- Size and composition
- Susceptibility to misstatement
- Volume of activity, complexity, homogeneity of transactions
- Nature of account
- Accounting and reporting complexities
- Exposure to losses in account
- Possibility of significant contingent liabilities
- Related party transactions
- Changes from prior period accounts or disclosures
What are relevant assertions?
- Existences or occurrence
- Completeness
- Valuation or allocation
- Rights and obligations
- Presentation and disclosure