Understanding the Entity & Its Environment (Including Internal Control) Flashcards
What are we looking for when we are gaining an understanding of the entity, its environment, and internal control?
a
What are some examples of entities, environments, and internal control?
a
What is materiality? Why must we determine and document it?
a
What is risk assessment? Why must we conduct and document it?
a
Risk of what?
a
Why must we have discussions among the audit team regarding these procedures?
a
Why must we discuss a susceptibility of a material misstatement of the entities financial statements due to fraud?
a
What is fraud?
a
What are characteristics of fraud?
a
What are we discussing when we document required discussions regarding risk of fraud?
a
What kinds of inquiries are we making when we make and document inquiries of management about fraud?
a
What are we looking for when we identify and assess risks that may result in material misstatements due to fraud?
a
What are we doing when we perform and document risk assessment procedures?
a
What are we taking a risk assessment of?
a
How do we identify, conduct, and document appropriate inquiries of management and others within the entity?
a
How do we perform appropriate analytical procedures to understand an entity and identify areas of risk?
a
How do we obtain information to support inquiries through observation and inspection (including reading corporate minutes, etc)?
a
How do we consider additional aspects of the entity and its environment, including: industry, regulatory and other external factors; strategies and business risk; financial performance?
a
How do we consider internal control in evaluating the entity we are auditing and its environment?
a
How do we perform procedures to assess the control environment, including consideration of the COSO framework and identifying entity-level controls?
a
What are entity-level controls?
a
What are business processes and information flows? Why do we need to obtain and document an understanding of them?
a
What is the effect of information technology on the effectiveness of an entity’s internal control?
a
How do we perform risk assessment procedures to evaluate the design and implementation of internal controls relevant to an audit of financial statements?
a
How do we identify key risks associated with general controls in a financial IT environment,?
a
What is change management?
a
What is backup/recovery?
a
What is network access (e.g. administrative rights)?
a
What are financial transaction cycles?
a
What is application access control (e.g. administrative access rights)?
a
What are controls over interfaces?
a
What are controls over integrations?
a
What are controls over e-commerce?
a
What are controls over significant algorithms?
a
What are controls over reports?
a
What are controls over validation?
a
What are controls over edit checks?
a
What are controls over error handling?
a
How do we assess whether the entity has designed controls to mitigate key risks associated with general controls or application functionality?
a
What are general controls?
a
What is application functionality?
a
How do we identify controls relevant to reliable financial reporting and the period-end reporting process?
a
What are limitations of internal control?
a
What are the effects of service organizations on internal control?
a
What is the risk of management override of internal controls?
a
How do we document an understanding of the entity and its environment? Including each component of the entity’s internal control in order to assess risks?
a
How do we assess and document the risk of material misstatements?
a
How do we identify and document financial statement assertions and formulate audit objectives? Including significant financial statement balances, classes of transactions, disclosures, and accounting estimates?
a
How do we relate the identifies risks to relevant assertions and consider whether the risks could result in a material misstatement to the financial statements?
a
How do we assess and document the risk of material misstatement that relates to both financial statement level and specific assertions?
a
What is the meaning of financial statement level?
a
What is the meaning of specific assertions?
a
How do we identify and document conditions and events that may indicate risks of material misstatement?
a
How do we identify and document significant risks that require special audit consideration?
These risks include: significant recent economic, accounting, or other developments; related parties and related party transactions; improper revenue recognition; non-routine or complex transactions; significant accounting estimates; and illegal acts.
