Understanding Internal Control

Question 1

Control Environment

Answer 1

reflects the overall attitude, awareness, and actions of the board of directors, management, owners, and others concerning the importance of control and its emphasis in the entity.

I - Integrity and ethical values
C - Commitment to competence
H - Human resource policies and practices
A - Assignment of authority
M - Management’s philosophy and operating style
B - Board of directors or audit committee participation
O - Organizational structure

Question 2

Components of Internal Control

Answer 2

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication
5. Monitoring

Question 3

Control Activities

Answer 3

P - Performance reviews (budget to actual, forecasts, etc)
I - Information processing (controls that check accuracy)
P - Physical controls (assure physical security of assets)
S - Segregation of duties

Question 4

COSO Internal Control Principles

Answer 4

Control Environment

• demonstrates a commitment to integrity and ethical values
• exercises oversight responsibility
• establishes proper structures, reporting lines, authorities and responsibilities
• demonstrates a commitment to competence
• enforces accountability of individuals

Risk Assessment

• Specifies clear objectives
• Identifies and analyzes risks to achievement of it objectives
• Considers the potential for fraud in assessing risks
• Identifies and assesses changes that could affect internal control

Control Activities

• Selects and develops appropriate control activities to mitigate risks to achievement of objectives
• Selects and develops general control activities over technology
• Deploys control activities that establish what is expected and place policies into action

Information and Communication

• Obtains or generates and uses relevant information to support internal control
• Communicates information internally to support internal control
• Communicates information externally to support internal control

Monitoring

• Conducts evaluations of whether components of internal control are present and functioning
• Evaluates and communicates internal control deficiencies in a timely manner to appropriate parties

Question 5

monitoring activities

Answer 5

assessing the design and operation of controls on a timely basis and taking necessary corrective actions

Question 6

Risk Assessment Procedures

Answer 6

• inquiries of management and others
• observing the application of specific controls
• inspecting documents and records
• tracing transactions through the information system

Question 7

Tests of Controls Approaches

Answer 7

1. Inquiries of appropriate personnel
2. Inspection of documents and reports
3. Observation of the application of controls
4. Reperformance of the control by the auditor

Question 8

Understanding Information Systems

Answer 8

the auditor should obtain sufficient knowledge of the information system to understand the financial reporting process used to prepare the entity’s financial statements, including sufficient accounting estimates and disclosures. Helps the auditor understand:

1. entity’s classes of transactions
2. how transactions are initiated
3. accounting records and support
4. accounting processing involved from initiation of a transaction to its inclusion in the financial statements

Question 9

Assessing control risk

Answer 9

assessing control risk at a low level involves

1. identifying specific controls relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions
2. performing tests of controls to evaluate the effectiveness of such controls.

Question 10

Deficiency

Answer 10

the design or operation of a control does not allow management or employees, in the normal course of business, to prevent or detect misstatements on a timely basis

Question 11

Significant Deficiency

Answer 11

a deficiency, or combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight

Question 12

Material weakness

Answer 12

a deficiency, or combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis

Question 13

Control objectives

Answer 13

a specific target against which to evaluate the effectiveness of controls. A control objective for internal control generally relates to a relevant assertion and states a criterion for evaluating whether the company’s control procedures in a specific area provide reasonable assurance that a misstatement in the relevant assertion is prevented or detected on a timely basis.

Question 14

Management’s assessment

Answer 14

required under SOX

Question 15

Relevant Assertion

Answer 15

a financial statement assertion that has a reasonable possibility of containing misstatements that could cause the financial statements to be materially misstated

a. existence or occurrence
b. completeness
c. valuation or allocation
d. rights and obligations
e. presentation and dislcosure

Question 16

Significant accounts and disclosures

Answer 16

account or disclosure for which there is a reasonable possibility of material misstatement. determination is based on inherent risk, without regard to the effect of controls.

Question 17

Controls that might address risk of fraud

Answer 17

a. significant, unusual transactions
b. journal entries and adjustments made in the period-end financial reporting process
c. related-party transactions
d. significant management estimates
e. incentives or pressures of management to falsify or inappropriately manage financial results

Question 18

Design effectiveness

Answer 18

when controls satisfy the company’s control objectives and prevent or detect material misstatements

testing procedures include:

a. inquiry
b. observation
c. inspection of documents

Question 19

Operating effectiveness

Answer 19

when control is operating as designed and if the person performing the control possesses the necessary authority and competence.

testing procedures include:

a. inquiry
b. observation
c. inspection
d. reperformance

Question 20

Indicators of material weakness

Answer 20

1. identification of fraud on part of senior management
2. restatement of previously issued financial statements to reflect a correction of a misstatement
3. identification of a material misstatement that would not have been detected by the company’s IC
4. Ineffective oversight of external reporting and IC by the audit committee

Question 21

Types of Controls

Answer 21

a. compensating: supplements a basic underlying control (reconciliation of cash entries)
b. preventive: prevents errors or fraud from occurring

Question 22

Tracing forward

Answer 22

(source document to recorded entry) primarily tests completeness of recording and has a primary objective of detecting understatements

Question 23

Vouching

Answer 23

(recorded entry to source document) primarily tests existence and has a primary objective of detecting overstatements

Question 24

Segregation of duties

Answer 24

no one person should perform two of the following:

• authorization
• recordkeeping
• custodianship