Quiz 2 Flashcards
What should the internal controls do
ensure assets and records are safeguarded, generate reliable information for decision making
How do good internal controls help auditors
gives the auditor assurance about the reliability of the data generated by the information system
the auditor uses risk assessment procedures to:
obtain understanding of internal controls, identify key controls, recognize types of potential misstatements, design tests
Internal Control framework
reliability of financial reporting, effectiveness and efficiency of operations, compliance with laws and regulations
why is reliability of financial reporting for internal controls relevant
it pertains to the preparation of the financial statements
why is compliance with laws and regulations relevant
only relevant when they relate to the data the auditor uses to apply auditing procedures
components of internal controls
control environment, entity’s risk assessment process, control activities, information and communication, monitoring activities
control environment
set of standards, processes, and structures that provides the basis for carrying out internal controls of an organization. Established by board of directors and senior management
entity’s risk assessment process
involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives, determining how risks should be managed. Management determines external environment and others things that imped objectives
Control Activities
actions established by policies and procedures to help ensure that management directives to mitigate risk to the achievement of objectives are carried out.
Information and Communication
necessary for the entity to carry out internal control responsibilities. communication occurs internally and externally for day to day activities. helps employees understand importance of internal controls
Ongoing evaluations
separate evaluations, or some combination of the two are used to ascertain whether each of the five components are present and functioning.
what is the substantive strategy based on
controls do not pertain to assertation, controls are assessed as ineffective, testing the effectiveness of controls is inefficient.
Reliance Strategy
plan to rely on internal control and assess control risk at a lower level
How does one understands internal controls
understand environment, understand risk assessment process, information system and communications, control activities, monitoring of controls
limitation of internal controls
management override of internal control, human error, collusion
assessing control risk
identify controls that will be relied upon, preform test of controls, conclude on the achieved level of control risk.
performing tests of controls
inquiry of personnel, inspect documents, observation of application of control, reperformance of control by auditor
interim test of controls
assertion tested not significant, control has been effective previously
Type 1 report
describes the service organization’s controls and assesses whether they are suitably designed to achieve specified internal control objectives
type 2 report
goes further by providing assurance on the operating effectiveness of the service organization’s controls based on the auditor’s test of controls (decrease control risk below high)
Control deficiency
does not allow management or employee to detect, prevent, or correct misstatement on a timely basis
significant deficiency
less severe than a material weakness, but is important enough to merit attention
material weakness
deficiencies such that there is a reasonable possibility that material misstatement will not be prevented, detected, or corrected, on a timely basis.
Section 404
managers must accept responsibility for establishing and maintaining adequate internal controls and accurate financial reporting
Integrated audit
financial statements and internal controls
control deficiency
design or operation of a control does not prevent or fix errors
steps in performing an audit of ICFR
Plan , identify, scope, evaluate, report
To identify significant accounts and disclosure and their relevant assertions auditors must think about…
size and composition, susceptibility, volume/complexity, nature of account
to understand the likely sources of potential misstatements auditors must…
understand flow of transactions, identify points that misstatements could arise, identify controls
disclaim opinion
serious scope limtation
what are some tech advances that reduce number of sampling techniques
development of well controlled automated information systems, powerful audit software to download entire populations
Audit sampling
selection and evaluation of less than 100 percent of the items in a population selected in a way that tests the entire population
Sampling risk 1
incorrect rejection, claims that there is misstatement or internal controls are not working properly when in fact everything is well
Sampling risk 2
claims that there is no misstatement or internal controls are working good when in fact the opposite is occuring
factors when determining sample size
desired level of confidence, tolerable error, expected error
Inspection of tangible assets
select sample to physically inspect and count
inspection of intangible assets
matching of documents, gather evidence, sample documentation
advantages of statistical sampling
design and efficient sample, measure the sufficiency, quantify sampling risk
disadvantages of statistical sampling
cost of training, cost to design, lack of consistency across audit team
Attribute sampling
estimate the proportion of a population that possess a specific characteristic
