Section 3: Internal Controls

Question 1

Components of IC

CRIME

Answer 1

• Control Activities
• Risk Assessment
• Information and Communication
• Monitoring
• Control Environment

Question 2

Control Activities

RIPS

Answer 2

• Reviews
• Information processing
• Physical controls
• Segregation of duties

Question 3

Segregation of Duties

ARCC

Answer 3

• Authorization
• Recording
• Custody of Assets
• Comparisons

Question 4

Objectives of IC

ACE

Answer 4

• Accurate and reliable financial reporting
• Compliance with laws and regulations
• Effectiveness and efficiency of operations

Question 5

Control Environment

CHOPPER

Answer 5

• Commitment to competence
• Human resource policies
• Organizational structure
• Participation by mgt
• Philosophy of mgt
• Ethical values
• Responsibility assignment

Question 6

Documenting Understanding of IC

FIND

Answer 6

• Flowcharts
• IC Questionnaire - only shows strengths of IC
• Narrative
• Decision Table

Question 7

Test of Controls

Testing ARCC by using RIIO

Answer 7

• Reperformance
• Inspection
• Inquiries
• Observation - most effective

Question 8

Inherent Limitations of IC

COCO

Answer 8

• Collusion
• Override by mgt
• Competence
• Obsolescence

Question 9

Financial Statement Assertions

U-PERCV

Answer 9

• Understandability and Classification
• Presentation and Disclosure
• Existence and Occurrence (Vouching)
• Rights and Obligations
• Completeness (Tracing) and Cutoff
• Valuation, Allocation, and Accuracy

Question 10

Investment Assertions

PERCV

Answer 10

• Presentation and Disclosure
• Existence
• Rights and Obligations
• Completeness
• Valuation

Question 11

Production and Conversion Assertions

PECV

Answer 11

• Presentation and Disclosure
• Existence and Occurrence
• Completeness and Cutoff
• Valuation, Allocation, and Accuracy

Question 12

Items to Test in IC

PRAISE

Answer 12

• Physical Controls
• Recording
• Authorization
• Independence Checks - are documents compared to verify agreement before transactions are executed? Are records reconciled?
• Segregation of Duties
• Evaluate Performance - Are policies written? Are unusual transactions investigated?

Question 13

Control Defieciency

Answer 13

When the design or operation of a control does not allow for mgt or employees, in normal course of performing functions, to prevent or detect and correct misstatements on a timely basis

Material or Significant Defic?

Look for Probability (Remote, Reasonable Prob, Prob) and Magnitude (Material, Immaterial)

Question 14

Design Deficiency

Answer 14

Needed control has not been put in place or the control put in place is not designed to mitigate the risk it was intended to address

Question 15

Operation Deficiency

Answer 15

Well-Designed control is not operating as designed or individual responsible for performing the control lacks authority or ability to perform ir effectively

Question 16

Separate Attestation Engagement to Examine IC

Top Down Approach

Answer 16

• First, the auditor assess risk at the F/S level
• Next, the auditor directs attention to significant accounts and disclosures and their relevant assertions
• Controls that address RMM in each of the relevant assertions is selected for testing