Week 3: systems Audit & Internal Control Flashcards
how does ISA 200 deine inherent risk?
ISA 200 defines inherent risk as the:
risk of material misstatement may exist at both the financial report level and at the assertion level
risk of material misstatement at the assertion level consists of two components: inherent risk and control risk.
What are five factors impacting Inherent Risks at Financial report Level ?
five factors impacting Inherent Risks at Financial report Level:
Integrity of management
Management experience, knowledge and changes during the period
Unusual pressure on management
Nature of the entity’s business
Factors affecting the industry in which the entity operates
what are the two parts of the risk assesment?
financial report level:
pervuasive risks potentially affect many areas of the financial report e.g goign conern
assertation level:
specific risks generaly affect a limited number of specific balances e.g completeness of accoutns payabale
whata re the six factors of IT risks?
As IT risks can be pervasive to the entity, factors affecting overall IR associated with IT include:
significant changes in IT
insufficient IT skills and resources
lack of entity support and focus
high dependence on IT
reliance on external IT
reliability and complexity of IT.
how is Fraud is defined in ISA 240.12?
Fraud is defined in ISA 240.12 as:
‘An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.’
what are the two main elements of fraud?
the two main elements of fraud:
1) Fraudulent Financial
Reporting
2) Misappropriations of Assets
What are the four main ways assets are Misappropriated?
Misappropriations of Assets has four main parts:
1) Embezzling Receipts
2) Stealing Assets
3) Causing an entity to pay for goods not received.
4) Using an entity’s assets for personal use
who is primary responsible for the detection of fraud?
The primary responsibility for detection of fraud rests in the hands of management and those charged with governance (ISA 240.4)
what does ISA 240 requires auditors to do?
Auditors now have to proactively consider fraud. ISA 240 requires auditors to:
specifically consider risks of material misstatement in a financial report due to fraud
discuss an entity’s susceptibility to fraud with other members of the audit team
make more extensive enquiries of management with respect to fraud.
What makes up the fraud triangle?
the three things that make up the fraud triangle are:
1) pressure
2) opportunity
3) rationalisation
are auditors protected from defamtion actions?
In the event the auditor is doubtful about the course of action to take, the advice of legal experts such as the solicitor needs to be obtained.
A major concern of auditors is the risk of defamation. It important to highlight that in the majority of circumstances, auditors are protected from defamation actions as long as reporting is a faithful representation of the financial health of the company.
what are the 6 frsaud risk factors grouped under?
The risks are grouped under:
1) management
2) unusual pressures within an entity
3) market pressures
4) unusual transactions
5) unsatisfactory records
6) IT environment.
What is a related party? name some examples?
A related party is a person or an entity that is related to the reporting entity provided that they have significant control over the related entity or person.
creating fictitious terms of transactions with related parties
fraudulently transferring assets at amounts significantly above or below market value
engaging in complex transactions with related parties, such as special purpose entities, that are structured to misrepresent the financial position or performance of the entity
What is the going concern basis? name some examples
Entity is viewed as continuing in business for the foreseeable future without any intention or necessity to liquidate or otherwise cease its operations (ISA 570.2).
High Gearing
Inability to pay creditors
Negative Cash flows
Management’s intention to cease operations
Loss of major market, license or franchise
Legal proceedings
Non compliance with rule and regulations
What is Internal Control?
As per ISA 315.4, internal control is:
the process designed and implemented by those charged with governance, management and other personnel
to provide reasonable assurance regarding the achievement of the entity’s objectives concerning financial reporting
To ensure the effectiveness and efficiency of operations, and compliance with laws and regulations’ (ISA 315.4).
Why is internal control important?
According to ISA 315.A50, internal control is important to the auditor because:
1) It enables the auditor to identify types of potential misstatement and factors which affect the risks of material misstatements
2) It helps the auditor in designing the nature, timing and extent of audit procedures.
Who is responsible for internal control?
Primary responsibility lies in the hands of management and those charged with governance.
Management has a responsibility to adopt, maintain and supervise an appropriate internal control system
What are the five Components of Internal Control?
Components of Internal Control:
1) Control Environment
2) The Entity’s Risk Assessment Process
3) Information System
4) Control Activities
5) Monitoring of controls
What are seven things considered by the auditor whne evaluating the design of an entity’s internal control system?
The following are considered by the auditor when evaluating the design of an entity’s internal control system:
1) Communication and enforcement of integrity and ethical values
2) Commitment to competence
3) Participation by those charged with governance
4) Management’s philosophy and operating style
5) Organisational Structure
6) Assignment of authority and responsibility
7) HR policies and practices
