SU 5 Internal Control & IT

Question 1

What is internal control?

Answer 1

A process executed by mgmt, those charged with governance and others to provide reasonable assurance regarding:
1. Reliability of financial reporting
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations.

Question 2

CRIME: Five components of internal control (defined by COSO and auditing standards)

Answer 2

1. Control activities
2. Risk assessment process
3. Information systems
4. Monitoring
5. Control Environment

Question 3

CRIME “control activities”

Answer 3

Control activities: Policies and procedures that help ensure that management derivatives are carried out

Authorization
Performance reviews
Information processing
Physical controls
Segregation of duties

Question 4

CRIME: What is the risk assessment process?

Answer 4

Risk assessment process: 1.the entity’s identification and analysis of relevant risks. 2. Things that prohibit the entity from initiating authorizing, recording, processing and reporting data consistent with the FS assertions.

Question 5

CRIME: information systems

Answer 5

Business processes that support the identification capture and exchange of information.
1. Physical and hardware elements
2. People
3. Software
4. Data
5. Manual and automated procedures

Question 6

CRIME: monitoring of controls

Answer 6

Monitoring of controls: assesses the effectiveness of internal control over time.

Question 7

CRIME: control environment

Answer 7

The control environment sets the tone for the organization. It includes
1. governance and management functions
2. attitudes awareness and actions of management and those charged with governance regarding internal control and its importance.

Question 8

Internal control Fact

Answer 8

Internal control can only provide reasonable assurance that the entity’s objectives are met.

Question 9

Internal control Fact 2

Answer 9

An auditor must obtain an understanding of internal control to:
1. identify and assess the RMM
2. design further audit procedures.

Question 10

Evaluation of design

Answer 10

Considers whether a control can effectively prevent or detect and correct material misstatements.

Question 11

Internal control Fact 3

Answer 11

GAAS requires that the understanding of internal controls be documented.

Question 12

Flowcharting

Answer 12

Flowcharting: a way to understand internal controls.
Includes: system flowchart, program flowchart, document flowchart

Question 13

Flowcharts: system flowcharts

Answer 13

System flowchart: provides an overall view of the inputs, processes, and outputs of a system.

Question 14

Program flowchart

Answer 14

Represents the specific steps in a computer program and the order in which they will be carried out

Question 15

Document flowchart

Answer 15

Shows the flow of documents through an entity

Question 16

Batch processing

Answer 16

Transactions are accumulated and then processed as a single batch.

Batches are not released for processing unless the #of records reported by the system matches the # calculated by the user.

Question 17

Online real time processing

Answer 17

Transactions are updated on the database immediately as they are entered instead of being done in batches.

Question 18

General controls include

Answer 18

Controls over
1. data center and network operations
2. System Software acquisitions, change, and maintenance
3. Access security
4. Application system acquisition, Development and maintenance

Question 19

Validity check

Answer 19

Tests identification numbers or transaction codes for validity by comparing it with items that are known to be correct or authorized.

Question 20

Closed loop verification

Answer 20

Sends certain data back to the terminal for comparison with data originally sent by the operator.

Question 21

Limit check

Answer 21

Determines whether a numerical amount exceeds a predetermined amount.

Question 22

What are application controls?

Answer 22

1. Input controls
2. Processing controls
3. Output controls over a particular application

Question 23

What are the 2 basic processing modes?

Answer 23

1. Batch
2. online, real time

Question 24

Components of the control environment

Answer 24

1. Commitment to competence
2. HR policies and practices
3. Assignment of authority and responsibility
4. Management’s philosophy and operating style
5. Participation of those charged with governance
6. Integrity and ethical values
7. The Organizational Network

Question 25

Monitoring involves

Answer 25

1. Monitoring Ongoing activities
2. Actions of IA
3. Info from external parties like customers who complain

Question 26

Auditors Primary consideration regarding internal controls

Answer 26

How the control impacts managements FS assertions.

Question 27

In audit planning an auditors knowledge about internal controls is used to:

Answer 27

1. Evaluate the design of controls
2. Determine if the controls are implemented

This knowledge helps identify:

1. Types of misstatements
2. Factors that affect RMMs
3. Design further audit procedures

Question 28

Risk assessment procedures performed to obtain evidence about the design and implementation of relevant controls include:

Answer 28

1. Inquiries
2. Observations
3. Inspection
4. Tracing transactions

Question 29

Fact

Answer 29

Mgmt is concerned with the efficiency of internal control. Auditors are concerned with its design and operating effectiveness.

Question 30

Internal control effectiveness

Answer 30

Auditors obtain an understanding of internal control to design appropriate audit procedures not to express an opinion on internal control. No such opinion is expressed.

Question 31

Crime: risk assessment

Answer 31

Changes in operating environment
New personnel
New or revamped information systems
Rapid growth
New technology
New business models
Corporate restructuring
Expanded foreign operations
New accounting pronouncements
Changes in economic conditions