Risk Assessment Part 2 M8 Flashcards
What are the 3 inherent limitations of Internal Controls?
- Management Overrides
- Human Error
- Deliberate Circumvention of Controls by collusion of two or more people.
How do the Auditor assess a issuer companies classes of transactions?
- When the auditor is obtaining an understanding of the information and communication component of internal control.
How do the Auditor assess a issuer companies philosophy and operating style of management?
- When the auditor is obtaining an understanding of the control environment component of internal control.
How do the Auditor assess a issuer companies integrity and ethical values of top management?
- When the auditor is obtaining an understanding of the control environment component of internal control.
How do the Auditor assess a issuer companies Oversight responsibility over financial reporting and internal control by the board or audit committee?
- When the auditor is obtaining an understanding of the control environment component of internal control.
Which procedures will provide a Auditor with evidence that the controls will prevent or detect a material misstatement?
- Observation and inspection may be used to evaluate the design of controls.
- Reperforming control activities may be used to test the operating effectiveness of the controls.
What is the considerations in Internal Control?
- The concept of reasonable assurance recognizes that the cost of an entity’s internal control should not exceed the benefits that are expected to be derived.
- Even a properly maintained system of internal control is unable to reasonably ensure that collusion among employees cannot occur.
- An exceptionally strong internal control that has been tested and can be relied upon by the auditor will allow the auditor to reduce (but not eliminate) substantive tests on significant account balances.
- In obtaining an understanding (planning phase#1) of an entity’s internal control, an auditor is required to obtain knowledge about the design of controls and whether they have been implemented.
- The auditor is concerned with operating effectiveness of the controls.
What are the steps taken to consider internal controls?
- An auditor may choose to perform tests of controls at the same
time obtaining an understanding of internal control. - The auditor generally would obtain an understanding of how internal control works before designing appropriate tests of controls.
- The auditor uses his or her understanding of internal control, as
well as the results of any tests of controls, to determine the nature, timing, and extent of substantive tests. - Tests of controls are generally performed before substantive
testing.
Which controls are relevant to financial statement audits?
- Compliance with income tax regulations
- use of passwords to limit data access
- generation of reports to facilitate variance analysis
How is service organizations part of a entity’s information system?
A service organization’s services are part of an entity’s information system if they affect any of the following:
- How the entity’s transactions are initiated;
- the accounting records, supporting information, and specific accounts in the financial statements involved in the processing and reporting of the entity’s transactions;
- the accounting processing involved from the initiation of transactions to their inclusion in the financial statements, including electronic means used to transmit, process, maintain, and access information;
- the financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures.
What are the interrelated components of Internal Control?
The COSO framework for internal control consists of five interrelated components CRIME.
- Management’s philosophy and operating style is a factor in the “C”ontrol environment. The control environment sets the tone of the organization and originates with management and those charged with governance, includes human resource policies and practices.
- “R”isk Assessment factors include changes in the entity from whichever source.
- Information processing is a factor of “I”nformation and communication.
- “M”onitoring is a factor of ongoing monitoring activities, evaluations of control procedures, etc.
- Segregation of duties and performance reviews is a factor of “E”xisting Control Activities. “E”xisting Control activities is another component of the COSO framework, and consists of control policies and procedures
What are the best IT controls to describe procedures?
-General controls are policies and procedures that relate to many applications and support the effective functioning and proper operation of the information system. General controls include procedures to ensure appropriate systems software acquisition.
-Physical controls relate to safeguarding assets, such as using security devices to limit access to programs and restricted areas.
-Application controls apply to the processing of individual transactions and help to ensure that transactions occurred, are authorized, and are completely and accurately processed and reported.
-Monitoring controls help assess the quality of internal control.
What is the presumptive fraud risk in every audit?
- Improper Revenue Recognition
- Management Override of Controls
What are the fraud risk factors?
- Incentive pressures
- Opportunity
- Rationalization
What conditions usually exist when fraud occurs?
- Ineffective controls
- the justification of fraudulent behavior
- a reason to commit fraud are all conditions that are generally present when fraud occurs.
