Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
28 Cards in this Set
- Front
- Back
|
Describe management responsibilities under Section 404(a) of theSarbanes-Oxley Act
|
Section 404(a) of the Sarbanes-Oxley act requires managements of publicly traded companies to issue an internal control report that explicitly accepts responsibility for establishing and maintaining "adequate" internal control over financial reporting
-required for all public companies regardless of size |
|
|
auditor responsibilities under Section 404(b) of the Sarbanes-Oxley Act
|
the entity's independent auditor must audit and report on the effectiveness of ICFR. The auditor is required to conduct an integrated audit of the entity's ICFR and financial statements (required by AS5)
|
|
|
Based on currentregulations (i.e., post-Dodd-Frank), you should know which companies arerequired to comply with Section 404(a) and which companies are required tocomply with Section 404(b).
404(a) |
No exemption from requirement for managements assessment (SOX section 404(a))
|
|
|
Section 404(b)
|
-note on Dodd Frank act of 2010 -amended section 404(b) of SOX-non-accelerated filers exempted from requirement for an external audit of ICFR ( non -accelerated filer: smaller companies with public float ( market capitalization) less than $75 million) |
|
|
Based on the PCOABdefinition of internal control over financial reporting (ICFR), who isresponsible for the reliability of ICFR?
|
A process designed by, or under the supervision of, the company's principal executive and principal officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with GAAP and includes those policies and procedures that
(next card) |
|
|
3 policies and procedures
|
(1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company
(2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with GAAP, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition, of the company's assets that could have a material effect on the financial statements |
|
|
Know about theregulatory efforts that have been made to reduce the burden of compliance with404 requirements (e.g., Auditing Standard (AS) 5). I did not talk about thismuch in lecture so supplement the class notes with the textbook material.
|
required communications in an audit of ICFR
-the auditor must communicate in writing to management and the audit committee all significant deficiencies and material weaknesses identified during the audit (AS5) |
|
|
PCAOB AS5 states that auditors must conduct the audits of the financialstatements and ICFR in an integrated way. What does this mean
|
An integrated audit is composed of the audits of internal control and the financial statements. Planning the audit of ICFR should be combined with the planning stage of the financial statement audit. Further, the control testing impacts the planned substantive procedures. Also, the results of the substantive procedures are considered in the evaluation of internal control
|
|
|
What are entity-levelcontrols? Be able to provide specificexamples.
|
-controls within the control environment( eg. tone at the top, assignment of authority and responsibility, consistent policies and procedures, and companywide programs, such as codes of conduct and fraud prevention, that apply to all locations and business units)
-controls over management override -the entity's risk assessment process -centralized processing and controls, including shared service environments -controls to monitor results of operations -controls to monitor other controls, including activities of the internal audit function, the audit committee, and self assessment programs -controls over period end financial reporting processes -policies that address significant business control and risk management practices |
|
|
What is a control deficiency?
|
a control deficiency exists when the design or operation of a control does not allow management or employee, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis
|
|
|
Be able to differentiate between (and identify, describe, define) designdeficiencies and operating deficiencies.
design deficiencies |
design deficiency
-1. a control necessary to meet the relevant control objective is missing or -2.an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be meet |
|
|
operating deficiencies
|
operating deficiency
-1. a properly designed control does not operate as designed or -2. the person performing the control does not possess the necessary authority or qualifications to perform the control effectively |
|
|
Be able to differentiate between (and identify, describe, define)significant deficiencies and material weaknesses
significant deficiencies |
a significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting
|
|
|
materail weakness
|
- a control deficiency may be serious enough that it is to be considered not only a significant deficiency but also a material weakness in the system of internal control
- a material weakness is a deficiency, or a combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis |
|
|
What two factors does the auditor consider to determine whether thecontrol deficiency is significant?
|
two important dimension of the control deficiency
- likelihood( reasonably possible) -magnitude( material, consequential, inconsequential) |
|
|
What one factor does theauditor consider to determine whether a significant deficiency is a materialweakness?
|
contingencies, or reasonable possibility
idk |
|
|
Be able to give specificsituations that should be regarded as strong indicators that a materialweakness exists.
|
if a deficiency, or combination of deficiencies prevents the auditor form having reasonable assurance that transactions are recorded properly, then the auditor should treat the deficiency as an indicator of material weakness
|
|
|
indicators of material weakness
|
-identification of fraud, whether or not material, committed by senior management
-restatement of previously issued finical statements to reflect the correction of a material misstatement -identification by the auditor of a material misstatement of finical statements in the current period in circumstances that indicate that the misstatement would not have been detected by the company's ICFR -ineffective oversight of the company's external financial reporting and ICFR by the company's audit committee |
|
|
The auditor should obtain written representations from managementrelated to the audit of ICFR. Whatissues does the representation document address?
|
-management is responsible for establishing and maintaining effective ICFR
-management has performed an evaluation and made an assessment of the effectiveness of the entity's ICFR and specifying the control criteria -management did not rely on work performed by the auditor in formats its assessment of the effectiveness of ICFR. -management's conclusion about the effectiveness of the entity's ICFR based on the control criteria as of a specified date -management has disclosed to the auditor all deficiencies in the design or operation of ICFr identified as part of managements evaluation and has identified all such deficiencies that it believes to be significant deficiencies or material weaknesses -descriptions of any material fraud and any other fraud that, although not material, involves senior management or management or other employees who have a significant role in the entity's ICFR -control deficiencies identified and communicated to the audit committee during previous engagements have ( or have not) been resolved ( and specifically identifying any that have not) -descriptions of any changes in ICFR or other factors that might significantly affect ICFR, including any corrective actions taken by management with regard to significant deficiencies and material weakness |
|
|
Who signs the document?
|
while the required representations are typically drafted by the auditor, they are addressed to the auditor and are signed ( and worded as if written ) by the CEO and CFO
|
|
|
What should auditors doif management withholds these representations?
|
failure to obtain written representations from management, including management's refusal to furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion
|
|
|
Types of internalcontrol opinions and the situations in which each should be issued.
unqualified opinon |
an unqualified opinion signifies that the client's internal control is designed and operating effectively ( no material weaknesses)
|
|
|
disclaim of opinion
|
a serious scope of limitations requires the auditor to disclaim an opinion
|
|
|
adverse opinion
|
an adverse opinion is required if a material weakness is identified ( material weakness must be described )
|
|
|
Requirements for thecommunication of different types of internal control deficiencies.
unqualified opinon |
control deficiency
significant deficiency |
|
|
adverse opinion
|
material weakness
|
|
|
types of reports relating to the audit of internal control
unqualified opinion |
minor effect
|
|
|
discliam or withdraw opinion
|
severe limitation
|
