Study and Evaluation of Internal Control Flashcards
Process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives
Internal control
Policies/procedures that entity establishes to achieve the control objectives of management or those charged with governance
Controls
Statements of what should (or should not) be done within the entity to effect control
Policies
True or false: Procedures may be enforced through the actions permitted by the IT applications used by the entity
True
Controls that are precise enough to address risk of material misstatement at the assertion level
Direct controls
Controls that support direct controls
Indirect controls
Which of the following is not a characteristic of internal control?
a. It is a process
b. It is effected by entity’s personnel
c. It provides absolute assurance of achieving its objectives
d. Choices a and b
c.
Reasonable, not absolute, assurance
Inherent limitations that may affect internal controls (COC CHA)
- Cost-benefit consideration
- Overriding by management of controls
- Collusion with parties outside the entity or with employees (in which controls may be circumvented)
- Changes in condition and compliance with procedures
- Human error
- Anticipated/routine transactions are the ones that controls only tend to focus, rather than unusual/non-routine transactions
Consists of plan of organization & procedures and records that are concerned with the decision processes leading to management’s authorization of transactions
Administrative control
Hint: “…MANAGEMENT’S AUTHORIZATION of transactions”
Plan of organization and the procedures and records that are concerned with the safeguarding of assets and the reliability of financial records
Accounting control
Hint: “…reliability of FINANCIAL RECORDS”
Policies and procedures adopted by management to assist in achieving orderly and efficient conduct of business, safeguarding of assets, prevention and detection of fraud and error, accuracy and completeness of accounting records, and timely preparation of reliable financial information.
Internal control system
Set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.
Control environment
The following understandings shall be obtained by the auditor for risk assessment process, except:
a. How to manage risks
b. Assignment of authority and responsibility
c. Identifying business risk relevant to FR objectives
d. Assessing significance of risks and likelihood of occurrence
b.
Enables the entity to have the ability to generate timely and meaningful information.
Information system
Components of an information system:
- Infrastructure
- Software
- People
- Input/data
- Output/meaningful information
Actions that help management mitigate risks in order to ensure the achievement of objectives.
Control activities
Hint: Control = mitigate
True or false: Control activities may be preventive, but never detective in nature and may be performed at all levels of the organization
False.
Preventive AND detective
Process of assessing the quality of internal control performance over time
Monitoring
Hint: Assessing = monitoring
Assess is to check.
To monitor is to see/check
How can monitoring be accomplished?
a. Performance by persons within same line function
b. Performed by internal auditors, audit committee, and/or external auditors
c. Both choices a and b
d. None of the choices
c.
When obtaining an understanding of relevant controls, how shall the auditor evaluate such controls?
- Inquiry of personnel;
- Design of controls; and
- Determination of such have been implemented
Way in which the entity’s system of internal control is designed, implemented and maintained varies with an entity’s ________ and _________
Size; complexity
How is an auditor’s understanding of the entity’s system of internal control obtained?
Risk assessment procedures
Specific audit procedures when obtaining audit evidence ( I O I T)
Inquiry
Observation
Inspection
Tracing transactions (aka walk-through tests)
Further audit procedures for internal controls involve:
- Tests of control
- Re-assessment of control risk
- Substantive procedures
Which of the following are primarily indirect controls?
a. Control environment
b. Information system and communication
c. Control activities
d. Risk assessment process
e. Options a and d
f. Options b and c
e.
When shall an auditor design and perform tests of control?
a. Auditor’s assessment of risks of material misstatement at assertion level includes an expectation that the controls are operating effectively
b. Substantive procedures cannot provide sufficient appropriate evidence at the assertion level
c. Either a or b
d. Both a and b, simultaneously
c
Tests of controls over the design of a policy or procedure includes:
Inquiry
Observation
Inspection
Reperformance
If the auditor obtains evidence about whether significant changes in controls have occurred subsequent to the previous audit and changes have been observed that will affect the relevance of the evidence, the action of the auditor is to:
Test the controls in the current audit
If the auditor obtains evidence about whether significant changes in controls have occurred subsequent to the previous audit and no changes have been observed that will affect the relevance of the evidence, the action of the auditor is to:
Test the controls at least once in every third audit
An identified and assessed risk of material misstatement that requires special audit consideration
Significant risk
If reassessment of control risk is changed to high, what would be the:
- Audit approach; and
- Effect on substantive test?
- No reliance approach
- More effective procedures, tests moved to nearer or at year-end, and will involve a larger sample size
If reassessment of control risk remains at less than high, what would be the:
- Audit approach; and
- Effect on substantive test?
- Reliance approach
- Less effective procedures, interim testing, and smaller sample size