W9 Internal Control Systems Flashcards
What are substantive procedures
Substantive procedures are audit procedures designed to detect material misstatements at the assertion level.
Provide direct evidence that the information in the financial statements is accurate.
How can substantive procedures be categorized in
Test of details
Substantive analytical procedures
What are test of details
Involve testing a number of transactions from the client’s accounting and other records
Used to verify individual transactions and balances
What are substantive analytical procedures
Involve analysing relationships between information to identify unusual fluctuations which may indicate possible misstatement
What are test of controls
Tests of controls are audit procedures“designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level
What are the categories of assertions
Classes of transaction and events, and related disclosures, for the period
- Account balances and related disclosures at the period end
What are the assertions about classes of transactions and events and related disclosures for the period
Occurrence (actually occurred and pertained to the entity)
Completeness (all events/disclosures that should have been recorded/disclosed have been record/disclosed)
Accuracy (amounts have been recorded appropriately, disclosures have been appropriately measured and described)
Cut-off (Transactions and events have been recorded in the correct accounting period)
Classification (Transactions recorded in proper accounts)
Presentation
What are the assertions about account balances and related disclosures at the period end
Existence (assets, liabilities and equity interests exist)
Rights and obligations (entity controls rights to assets and liabilities are obligations of entity)
Completeness (a,l,e that should have been recorded have been recorded)
Accuracy, valuation and allocation (a,l,e have been included in f..s at appropriate amounts and any resulting valuation or allocation adjustments have been appropriately recorded)
Classification (a,l,e recorded in proper accounts)
Presentation
What are internal controls
Process designed and maintained by those charged with governance to provide reasonable assurance about the achievement of an entity’s objectives with regard to reliability of financial reporting, effectiveness of operations, and compliance with applicable laws and regulations.
What are the 5 different categories of control activities
Authorization and approvals
2. Reconciliations
3. Verifications
4. Segregation of duties
5. Physical controls
What is the control activity (Authorization and approvals)
Confirming the validity of a transaction
ex. a manager signing a purchase order to confirm that the order can be placed
What is the control activity (Reconciliations)
To address the completeness and/or accuracy of transactions
ex. a bank reconciliation
reconciliation of supplier statements with payables ledger
What is the control activity (Verification)
Address the completeness, accuracy or validity of transactions
ex. comparing actual spend to budgeted spend
What is the control activity (Segregation of Duties)
Assigning different people the responsibilities of authorizing transactions, recording transactions and maintaining custody of assets’ to reduce the risk of fraud and error
ex. warehouse staaff should not be responsible for the inventory count
What is the control activity (Physical controls)
Prevent theft of assets or data
example: restrictions on assets e.g keeping cash in a sage
Password restrictions to prevent access to computer files
Methods of classifying controls by their design
Preventative
Detective
Directive
Corrective
Classify controls by their design (Preventative controls)
Designed to limit the possibility of an undesirable outcome being realized
More important it is that an undesirable outcome should not arise, more important it becomes to implement appropriate preventative controls
Classify controls by their design (Detective controls)
Designed to identify occasions of undesirable outcomes having been realized
their effect is after the event, so only appropriate when it is possible to accept the loss/damage incurred or when corrective measures are available
Classify controls by their design (Corrective controls)
Designed to correct undesirable outcomes that have been realized
Provide a route of recourse to achieve some recovery against loss or damage
Classify controls by their design (Directive controls)
Designed to ensure that a particular outcome is achieved, and that appropriate guidance is provided in order to do so
Particularly important when it is critical that an undesirable event is avoided (typically associated with health and saftey or security)
What are the 5 components of internal control
Control environment
Risk assessment
Information system and communication
Control activities
Monitoring
Component of internal control (Control environment)
How managements responsibilities are carried out
how those charged with governance demonstrate independence from management and exercise oversight of the system
how the entity assigns authority and responsibility in pursuit of its objectives
how the entity holds individual accountable for their responsibilities (performance measures)
Component of internal control (The entitiy’s risk assessment process)
Must gain an understanding of the entity’s process for identifying business risk relevant to financial reporting, assessing the significance of those risks and addressing those risks.
Component of internal control (The entitys process to monitor the system of internal control)
This is the client’s continual process of evaluating the effectiveness of controls
over time and taking necessary remedial action.
Component of internal control (The information system and communication)
The information system relevant to financial reporting consists of all of the
activities and policies relevant to financial reporting and communication.
The information system includes all the procedures and records which are
designed to:
* Transfer info to the general/nominal ledger
- Maintain accountability for assets, liabilities and equity.
- Resolve incorrect processing of transactions.
- Process and account for system overrides
Component of internal control (control activities)
Control activities are the policies and procedures to achieve the control
objectives of management and those charged with governance
ex.
Authorization to confirm the validity of a transaction
Reconciliation to address the completeness or accuracy of transactions
Physical or logical controls to prevent theft of assets or data
