Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

36 Cards in this Set

  • Front
  • Back
What is internal control?
A process designed to provide reasonable assurance that entity objectives will be achieved.
Three categories of objectives in internal control:
1. reliability of financial reporting
2. effectiveness and efficiency of operations
3. compliance with applicable laws and regulations
What is the fundamental concept behind internal control?
Segregation of duties in order to elminate incompatible functions, which place a person in the position to both perpetuate and conceal errors or fraud in the normal course of duties.
- separation of authorization, record keeping and custody of assets
Basic influences of internal control (6)
Methods of information processing
Organization and ownership characteristics
Diversity and complexity of ops
Entity's size
Regulatory and legal requirements
Nature of its business
Components of internal control
(components of internal control fight CRIME)
Control activities
Risk assessment
Information and communication
control Environment
What are control activities?
those policies and procedures established to provide reasonable assurance that management decisions are executed
What is risk assessment?
an entity’s (not an auditor’s) location, evaluation, and management of risk.
Under Sarbanes Oxley, how long must be workpapers be retained?
7 years
Segregation of duties must separate what?
(ARC that protects from sea of troubles)
The overall attitude and awareness of the BOD concerning the imptce of IC is reflected in what?
The Control Environment
What are the 7 audit steps?
-Planning the audit
-Review internal control
-Evaluate internal control, preliminary assessment of control risk-Consider evidence to justify further reduction of assessed control risk
-Final assessed level of control risk (NET)
-Perform substantive tests
-Write audit report
What are the 4 types of controls (compliance testing)?
Re-perform procedures
An auditor uses the knowledge provided by the understanding of IC and final assessed level of control risk primarily to determine NET of?
Substantive tests
Direct or inverse relationship between:
control risk and detection risk
Direct or inverse relationship between:
detection risk and substantive testing
Direct or inverse relationship between:
control risk and substantive testing
What is the primary consideration regarding an internal control policy or proecdure?
Whether it affects mgmt's financial statement assertions
In planning, the auditor's knowledge about the design of relevant IC policies and procedures should be used to?
Identify the types of potential misstatements that could occur
What are the 9 control activities you always want to be looking for?
Numeric checks
Cross checks
Internal audit function
Separation of duties
Mechanical devices
Personnel polices/procedures
If control risk is at maximum
- high probability of errors
- document basis for conclusion
- no tests of controls
- extensive substantive tests
If control risk is below maximum
- document basis for conclusion
- identify specific p/p in place to be relied on
- low probability of errors
- perform test of controls
The acceptable level of detection risk is inversely related to what?
Assurance provided by substantive tests
What are reportable conditions?
matters that come to an auditor's attention that should be communicated to an entity's audit committeeq because they represent significant deficiencies in the design or operation of IC
Control risk should be assessed in terms of what?
financial statement assertions
Mailing disbursement checks and remittence advices should be controlled by the employee who
signs the checks last
True or false: an auditor must search for reportable conditions
True or false: if control risk is below maximum, proper documentation about conclusion and supporting evidence are included in w/ps
True or false: To document ICs, an auditor must use both flowcharts and questionnaires.
false - can use anything
True of false: during planning the auditor is required to evaluate the operating effectiveness of controls over time
false - you dont evaluate the effectivessness in planning, just that they are there
True or false: substantive testing can be completely eliminated in performing an audit
False - you can never completely eliminate substantive testing
Where does the AP/Purchasing cycle begin?
With the factory user.
-runs out of material and fills out a Stores Requisition (SR)
When a Purchasing Dept fills out a Purchase Order, where do the 4 copies go?
Copy 1 - Filed
Copy 2 - Sent to vendor
Copy 3 - Blind copy to receiving dept
Copy 4 - Sent to accounts payable department
What are reportable conditions?
Deficiencies in IC design, or failure in IC operation
Are auditors required to search for reportable conditions?
No, but if you find something, you have to report them to the Board of Directors or Audit Committee
What is a material weakness?
Reportable condition that is EXTREMELY significant.
- as an auditor, not required to distinguish between material weaknesses and reportable conditions
What if reportable conditions are not corrected?
- may feel its too expensive, may have compensating controls
- if a lot of time passes, may want to report on them a second time