Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Auditing > Week 6 > Flashcards

Week 6 Flashcards

1
Q

Internal control defined

A

Internal control encompasses the entity’s resources, systems, processes, culture, structure and tasks.
When controls are effective, the entity is more likely to achieve its strategic and operating objectives.
The auditor focuses on controls with a direct impact on the entity’s financial reporting, compliance and asset safeguarding (ASA 315; ISA 315).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AUASB Glossary

Internal Control

A

‘Internal control is the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Objectives of internal controls

A

Real

Recorded

Valued

Classified

Summarised

Posted

Timely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Real

A

Real – that is no fictitious or duplicated transactions

Assertions tested – occurrence, rights and obligations and existence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Recorded

A

Recorded – that is to prevent or detect omissions of transactions.
Assertions tested – accuracy, completeness, valuation and allocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Valued

A

Valued – that is correct amounts assigned to transactions.

Assertions tested – accuracy, valuation and allocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Classified

A

Classified – that is transaction are charged to the correct account.
Assertions tested – accuracy, valuation and allocation, classification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Summarised

A

Summarised – that is transactions must be summarised and totalled correctly.
Assertions tested – accuracy, valuation and allocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Posted

A

Posted – accumulated totals in transaction file are correctly transferred to general and subsidiary ledgers.
Assertions tested – accuracy, classification, valuation and allocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Timely

A

Timely – that is transactions are recorded in the correct accounting period.
Assertions tested – cut-off and completeness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3 auditor Objectives of internal controls

A

Auditor aims to gain an understanding of how the client uses internal controls to meet these objectives.
Focusing on these objectives helps auditor select controls for testing to gain greatest assurance that controls are operating effectively.
Failure of an entity’s controls to meet any of these objectives is a weakness in internal control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

All internal control systems have inherent limitations:

A

Human error that results in control breakdown.
Ineffective understanding of control’s purpose.
Collusion by two or more individuals to avoid control.
Software program control being overridden, disabled.
Management decisions about nature and extent of controls being implemented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Entity level internal controls potentially impact all entity processes.
Comprises:

A
  1. control environment
  2. entity’s risk assessment process
  3. IT and communications systems
  4. control activities
  5. monitoring of controls.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The control environment

A

Culture, structure and discipline of an entity.
Communication and enforcement of integrity and ethical values.
Commitment to competence.
Participation by those charged with governance.
Management’s philosophy and operating style.
Organisational structure, including IT.
Assignment of authority and responsibility.
Human resource policies and practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The entity’s risk assessment process:

A

How does the entity identify and respond to business risks?
Auditor is interested in how management identify, analyse and manage risks relevant to financial reporting, and how the risks might impact the audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Information systems and communication:

A

Designed to capture and provide information to conduct, manage and control entity’s operations.
Includes manual and automated systems.
Auditor is interested in systems relevant to financial reporting.

17
Q

Control activities:

A

Policies and procedures that help make sure management’s directives are carried out.
Performance review: actual vs budget and investigation of differences.
Information processing: manual or automated, to check accuracy, etc.
Physical control: security of assets and records.

Segregation of incompatible duties:
No one employee/group should be in position both to perpetrate a fraud and to cover it up.
Separate authorisation/custody/recording.

18
Q

When understanding client’s control activities, auditor considers:

A

Extent of reliance on IT.
Existence of necessary policies and procedures.
Extent to which control policies are being applied.
Clarity of management objectives for controls.
Existence of planning and reporting systems for performance and investigation of variance, and management action to follow-up.
Extent of segregation of duties.
Software controls over data and programs.
Periodic comparison between records and assets.
Safeguards over access to documents, records, assets.

19
Q

Monitoring of controls:

A

Does management monitor controls and modify as required when conditions change?
Ongoing monitoring procedures should be part of regular activities, e.g. internal audit function.
Auditor considers:
Are there periodical evaluations of internal controls?
Do client staff regularly obtain evidence of control functioning?
Extent to which information from external parties corroborate, or contradict, internal information.
Management act on audit recommendations, or respond to control difficulties on timely basis.

20
Q

Internal control in small entities:

A

Difficult to implement formal controls, segregate duties in small entities.
Reliance on owner-manager, heavily involved in daily business.
Auditor could increase substantive procedures to compensate for weaker controls.
Auditor must make overall assessment of effectiveness of entity-level controls.

21
Q

Transaction-level internal controls

A

These controls impact a particular transaction, or group of transactions.
They are aimed at preventing an error from entering the records, or detecting errors that do enter the records.
Controls are considered for transaction processes or flows, for example:
sales process
cost of sales process.

22
Q

When gaining an understanding of the transaction processes, the auditor:

A

Identifies major events and transactions in the process.
Identifies risks to correct processing of the transactions:
What Can Go Wrong? (WCGWs).
For each WCGW, auditor identifies one or more controls.
This understanding is documented and used to guide evaluation and testing of internal controls.

23
Q

Common forms of documenting controls:

A

Narratives

Flowcharts

Combination of flowchart and narrative:

Checklists and preformatted questionnaires:

24
Q

Narratives

A

Very useful when controls simple, straightforward.

Auditor uses words to describe each step of transaction from start to finish.

25
Q

Flowcharts

A

Useful for more complex controls – keep chart simple.

Conveys information visually.

26
Q

Combination of flowchart and narrative:

A

Use both techniques side-by-side.

Narrative used to explain details.

27
Q

Checklists and preformatted questionnaires:

A

Helps identify most common controls that should be present.

Useful for less experienced auditors.

28
Q

After documentation, auditor must assess control system:

A

Identify weaknesses that have financial reporting impact.
Draw conclusions about control risk.
Significant levels of professional judgement are required when deciding whether an internal control observation (individually or in combination with others) is relevant to the audit and should be tested.

29
Q

ASA260

A

ASA260 requires auditors to provide those charged with governance with timely observations arising from the audit that are significant and relevant to their responsibility to oversee the financial reporting process, and to promote effective two-way communication between the auditor and those charged with governance.

30
Q

Management letters

A

The auditor needs to communicate issues of governance interest as soon as practicable, and at an appropriate level of responsibility, including significant (or material) weaknesses in the design or implementation of internal control.
It is for these key reasons that the auditor prepares what is often called a management letter.
Letter from the auditor to the client, recommendations based on internal control assessment findings and other matters (ASA 260; ISA 260, and ASA 265; ISA 265).
Professional judgment required about which matters to include in letter.
Allows management to document their actions in response, and inform those charged with governance.
Often use interim and final management letters.

Auditing (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions