Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
What is internal control?
|
A process designed to provide reasonable assurance that entity objectives will be achieved.
|
|
Three categories of objectives in internal control:
|
1. reliability of financial reporting
2. effectiveness and efficiency of operations 3. compliance with applicable laws and regulations |
|
What is the fundamental concept behind internal control?
|
Segregation of duties in order to elminate incompatible functions, which place a person in the position to both perpetuate and conceal errors or fraud in the normal course of duties.
- separation of authorization, record keeping and custody of assets |
|
Basic influences of internal control (6)
|
(MODERN)
Methods of information processing Organization and ownership characteristics Diversity and complexity of ops Entity's size Regulatory and legal requirements Nature of its business |
|
Components of internal control
|
(components of internal control fight CRIME)
Control activities Risk assessment Information and communication Monitoring control Environment |
|
What are control activities?
|
those policies and procedures established to provide reasonable assurance that management decisions are executed
|
|
What is risk assessment?
|
an entitys (not an auditors) location, evaluation, and management of risk.
|
|
Under Sarbanes Oxley, how long must be workpapers be retained?
|
7 years
|
|
Segregation of duties must separate what?
|
(ARC that protects from sea of troubles)
Authorization Recording Custody |
|
The overall attitude and awareness of the BOD concerning the imptce of IC is reflected in what?
|
The Control Environment
|
|
What are the 7 audit steps?
|
-Planning the audit
-Review internal control -Evaluate internal control, preliminary assessment of control risk-Consider evidence to justify further reduction of assessed control risk -Final assessed level of control risk (NET) -Perform substantive tests -Write audit report |
|
What are the 4 types of controls (compliance testing)?
|
Observation
Inquiry Inspection Re-perform procedures |
|
An auditor uses the knowledge provided by the understanding of IC and final assessed level of control risk primarily to determine NET of?
|
Substantive tests
|
|
Direct or inverse relationship between:
control risk and detection risk |
inverse
|
|
Direct or inverse relationship between:
detection risk and substantive testing |
inverse
|
|
Direct or inverse relationship between:
control risk and substantive testing |
direct
|
|
What is the primary consideration regarding an internal control policy or proecdure?
|
Whether it affects mgmt's financial statement assertions
|
|
In planning, the auditor's knowledge about the design of relevant IC policies and procedures should be used to?
|
Identify the types of potential misstatements that could occur
|
|
What are the 9 control activities you always want to be looking for?
|
(BANCISMOP)
Bonding Authorization/Approval Numeric checks Cross checks Internal audit function Separation of duties Mechanical devices Other Personnel polices/procedures |
|
If control risk is at maximum
|
- high probability of errors
- document basis for conclusion - no tests of controls - extensive substantive tests |
|
If control risk is below maximum
|
- document basis for conclusion
- identify specific p/p in place to be relied on - low probability of errors - perform test of controls |
|
The acceptable level of detection risk is inversely related to what?
|
Assurance provided by substantive tests
|
|
What are reportable conditions?
|
matters that come to an auditor's attention that should be communicated to an entity's audit committeeq because they represent significant deficiencies in the design or operation of IC
|
|
Control risk should be assessed in terms of what?
|
financial statement assertions
|
|
Mailing disbursement checks and remittence advices should be controlled by the employee who
|
signs the checks last
|
|
True or false: an auditor must search for reportable conditions
|
false
|
|
True or false: if control risk is below maximum, proper documentation about conclusion and supporting evidence are included in w/ps
|
true
|
|
True or false: To document ICs, an auditor must use both flowcharts and questionnaires.
|
false - can use anything
|
|
True of false: during planning the auditor is required to evaluate the operating effectiveness of controls over time
|
false - you dont evaluate the effectivessness in planning, just that they are there
|
|
True or false: substantive testing can be completely eliminated in performing an audit
|
False - you can never completely eliminate substantive testing
|
|
Where does the AP/Purchasing cycle begin?
|
With the factory user.
-runs out of material and fills out a Stores Requisition (SR) |
|
When a Purchasing Dept fills out a Purchase Order, where do the 4 copies go?
|
Copy 1 - Filed
Copy 2 - Sent to vendor Copy 3 - Blind copy to receiving dept Copy 4 - Sent to accounts payable department |
|
What are reportable conditions?
|
Deficiencies in IC design, or failure in IC operation
|
|
Are auditors required to search for reportable conditions?
|
No, but if you find something, you have to report them to the Board of Directors or Audit Committee
|
|
What is a material weakness?
|
Reportable condition that is EXTREMELY significant.
- as an auditor, not required to distinguish between material weaknesses and reportable conditions |
|
What if reportable conditions are not corrected?
|
- may feel its too expensive, may have compensating controls
- if a lot of time passes, may want to report on them a second time |