Topic 6.2- Understanding and Assessing Internal Control Flashcards
why do auditors need to understand the level of internal controls in an entity? 2
Assess the level of control risk based on the
understanding obtained.
Influences decisions about the nature, extent and timing of audit procedures. ■ Auditability ■ Potential material misstatements ■ Detection Risk ■ Design of tests
what are internal controls?
Policies, processes and procedures that are
put in place by management
what do internal controls provide reasonable assurance on? 4
- reliable financial reporting
- effectiveness and efficiency of operations
- compliance with laws
- safeguarding assets and documents.
what are six objectives of internal controls?
■ Risks are identified and minimised ■ Management decision making is effective ■ Transactions are carried out in accordance with authorisation requirements ■ Prompt (timely) recording ■ Access to records and documents in accordance with management instructions ■ Detection and correction of errors
what are two types of internal controls?
-Management Controls
mitigate strategic risks and promote effectiveness of
decision making and efficiency of business activities.
-Transaction Controls
Deal primarily with reliability of accounting
information and compliance, i.e. authorisation, segregation of duties, pre-numbering docs
what are the 6 assertions that relate to internal controls and the audit procedures used to test them? 5
Occurrence -Authorisation Accuracy - Program Controls Completeness - Sequence Check Cut-off - Independent Check Classification - Independent Check
What are the 4 components of the Control Environment?
- risk assessment
- information systems
- control activities
- monitoring controls
What are the 5 steps in understanding clients internal controls?
■ past experience with client
■ Inquiries of key management
■ Read policy and systems manuals
■ Inspect documents containing policies and procedures
■ Observe entity activities and operations
3 Key decisions for the auditor when testing internal controls are?
■ Understand internal control
■ Assess control risk
■ Determine the extent of testing
7 control questions that an auditor asks?
Is there adequate segregation of duties?
Are there proper authorisations?
Are documents reconciled?
Does the client use pre-numbered documents and perform sequence checks?
Are there physical controls over source documents?
Are documents and records adequate?
what are three types of documents used to record the auditors understanding of internal controls?
- Internal control questionnaires
- Narrative memoranda
- Flowcharts
what is used to Determine the Assessed Level of Control?
Understanding Obtained in the Initial assessment of Control Risk.
Where the initial assessment suggests that the
controls are effective, what does the auditor test? if there is High Control Risk?
Low control risk = extensive tests of controls, reduced substantive testing
High control risk= reduced to no tests of control, extensive substantive testing
What type of audit strategy is appropriate where the preliminary assessment of control risk suggests that it is high?
Predominantly substantive approach