Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
43 Cards in this Set
- Front
- Back
According to COSO, what does internal control provide assurance about?
|
1. Reliable financial reporting
2. Effective and efficient operations 3. Compliance with the law Safeguarding of assets is also important, but not in COSO. |
|
Name 3 benefits to using IT as an internal control.
|
1. Consistent application of complex calculations or large amounts of data
2. Faster 3. Easier to perform additional analysis 4. Reduction in control override or circumvention 5. Segregates duties through security controls |
|
Name 3 risks to using IT as an internal control.
|
1. Inaccurate processing of data or processing of incorrect data
2. Unauthorized access (hacking) 3. Potential loss of data (computer crash) 4. Unauthorized changes to programs or files |
|
Name 3 business risks.
|
1. Changes in the operating environment
2. New personnel 3. New technology 4. Rapid growth 5. Corporate restructuring |
|
Name the 7 factors that affect the control environment
|
1. Communication and enforcement of ethics
2. Competence 3. Leadership participation 4. Management philosophy and operating style 5. Organizational structure 6. Assignment of responsibility 7. Human resource policies and actions |
|
What are the 5 purposes of information systems?
|
1. Identify and record all valid transactions
2. Describe transactions on a timely basis and with enough detail to classify 3. Measure the proper monetary value 4. Determine the time when the transaction occurred 5. Present and disclose in financial statements Note: these align with the management assertions. |
|
What are the 4 types of control activities?
|
1. Performance reviews
2. Information processing controls 3. Physical controls 4. Segregation of duties |
|
Name 3 factors the auditor should consider when deciding whether to conduct a substantive interim test.
|
1. The control environment
2. Availability of information at a later date 3. The purpose of the substantive procedure 4. Assessed risk of material misstatement 5. The nature of the transactions and assertions 6. The ability to perform additional tests later |
|
What are 3 advantages to conducting an interim test of controls?
|
1. Auditor's staff is less busy
2. Client's staff is less busy 3. There is time to fix deficiencies 4. Data may be available that will not be available later |
|
What are management's responsibilities under Sec 404 of Sarbanes-Oxley?
|
1. Accept responsibility for ICFR
2. Evaluate the effectiveness of ICFR 3. Support this evaluation with evidence 4. Provide written assessment of ICFR |
|
What are auditor's responsibilities under Sec 404 of Sarbanes-Oxley?
|
1. To conduct tests of ICFR that integrate with tests of financial statements
2. To report on the effectiveness of ICFR in financial statements |
|
Identify 3 categories of controls that would almost always be chosen for testing.
|
1. Entity-level controls
2. Controls of unusual transactions 3. Controls over accounts requiring estimates or judgment 4. Controls of information technology 5. Anti-fraud controls 6. Controls over selection and application of accounting policies 7. Controls over information to be reported in financial statements |
|
List the steps in the auditor's process for an audit of ICFR.
|
1. Plan the audit of ICFR
2. Identify controls to test using a top-down, risk-based approach 3. Test the design and operating effectiveness of selected controls 4. Evaluate identified control deficiencies 5. Form an opinion on the effectiveness of ICFR |
|
Describe the steps in obtaining an understanding of ICFR using a top-down, risk-based approach.
|
1. Identify entity-level controls
2. Identify significant accounts and disclosures and the relevant assertions 3. Understand likely sources of misstatement 4. Select controls to test |
|
How does the auditor evaluate the competence of others who perform work for management?
|
1. Education level and years of experience
2. Relevant certifications 3. Company's audit policies, procedures, and checklists (i.e. how "foolproof" is it?) 4. Assignment of staff to work areas 5. Supervision and review of control activities 6. Quality of work documentation 7. Performance evaluations |
|
What factors should be present for the auditor to evaluate that others' work they use is objective?
|
1. Policies preventing audit of relatives
2. Policies preventing audit of own past or future position 3. Employment not dependent on results of audit 4. Direct access to the board or audit committee 5. Supervised by someone with sufficient status to see that the control is comprehensive and acted upon |
|
What are the two categories of entity-level controls?
|
1. The control environment
2. The period-end financial reporting process |
|
What makes an account or disclosure significant (that is, risky)?
|
1. Size and composition
2. Susceptibility to errors or fraud 3. Volume of activity, homogeneity, and complexity of transactions 4. Nature of the account or disclosure 5. Accounting and reporting complexities 6. Exposure to losses (i.e. cash can be stolen, goodwill can't) 7. Possibility of contingent liabilities 8. Related-party transactions 9. Changes in characteristics from prior period |
|
What are the period-end financial reporting process controls?
|
1. Controls to enter transaction totals into general ledger
2. Controls to record/authorize transactions 3. Controls to make year-end adjustments 4. Controls over drafting financial statements |
|
What should an auditor know about the client's period-end financial reporting processes?
|
1. Inputs, procedures, and outputs
2. Use of technology 3. Locations 4. Types of adjustments 5. Oversight by audit committee, board and managers |
|
What circumstances does AS5 indicate as material weaknesses, and why are they so bad?
|
1. Material OR NON-MATERIAL fraud by senior management.
2. Restatement of previous financial statements due to a prior material misstatement 3. Auditor catches a material misstatement that controls would not have 4. Ineffective audit committee |
|
What are an auditor's documentation requirements for an audit of ICFR?
|
1. Auditor's understanding and evaluation of internal control design and function
2. Audit process and evidence gathered 3. Evaluation of any weaknesses found |
|
What is a type 1 error, and what is it called in "accounting-ese"?
|
The control is rejected as ineffective when it is in fact effective. This is the "risk of assessing control risk too high", or the "risk of underreliance."
|
|
What is a type 2 error?
|
A "false negative". The control is accepted when it is actually faulty. This is the "risk of assessing control risk too low", or the "risk of overreliance".
|
|
Which types of evidence or circumstances would not use sampling?
|
1. Analytical procedures
2. Inquiry 3. Scanning 4. Testing the population 5. Not testing classes of accounts 6. Tests of automated controls |
|
What is the difference between statistical and nonstatistical sampling?
|
Nonstatistical sampling diverges from statistics principles because haphazard selection or judgement is used at some point in the process.
|
|
What are the advantages of nonstatistical sampling?
|
1. The design of the test is simpler and cheaper
2. It can be done by personnel without accounting training. 3. It can be done consistently and without error. |
|
What are the disadvantages of nonstatistical sampling?
|
1. Uncertainty cannot be quantified
2. The sample may not be fully representative 3. Sufficiency cannot be quantified |
|
How should a voided item be treated during a sample test?
|
A properly voided item is not a deviation, but should be replaced with a new item.
|
|
How should a missing item be treated during a sample test?
|
First, an alternative test is done to see if the control was in place for that item. If the test fails or cannot be done, then the item is treated as a deviation.
|
|
What are the advantages of monetary unit sampling?
|
1. Any distribution is fine
2. Smaller sample size 3. Automatically scales by account size |
|
What are the disadvantages of monetary unit sampling?
|
1. Understatements are less likely to be caught
2. Cannot deal with more than 100% misstatement 3. Special procedures needed for negative or 0 balances 4. Overstates sampling risk when errors increase |
|
What are the two methods for projecting misstatement in a nonstatistical sample test?
|
1. Ratio projection - apply the percent of the sample misstated to the population (Misstatement/% of population tested)
2. Difference projection - find the average misstatement per item and apply to all items in population. |
|
What is the difference between ratio projection and difference projection?
|
Ratio projection is used when errors are proportionate to the population size. Difference projection is used when errors stay relatively constant despite population size.
|
|
What are FASB's 2 requirements for revenue recognition?
|
1. Realized or realizable
2. Earned |
|
What are the SEC's 4 requirements for revenue recognition?
|
1. Evidence of an arrangement
2. Delivery/services rendered 3. Price is fixed or determinable 4. Collectibility is assured |
|
What are the 3 steps of control risk assessment?
|
1. Understand and document the revenue process
2. Plan and perform tests of controls 3. Set and document control risk |
|
What is a control for failure to perform/ship, which assertion is this, and how would it be tested?
|
Record after shipping document completed, occurrence, retesting or document inspection
Numerical invoices or monthly statements with independent complaint department are also good answers |
|
What is a control for failure to record sales, which assertion is this, and how would it be tested?
|
Matching shipping documents to sales invoices, completeness, reperformance
Numerical shipping documents, daily reconciliation of sales invoices to sales report, and checking the open-order report are also good answers |
|
What is a control for services provided to an insolvent customer, which assertion is this, and how would it be tested?
|
Have someone responsible for issuing credit, and do not ship without authorization, authorization, review of procedure
|
|
What is a control for sales made at the wrong price, which assertion is this, and how would it be tested?
|
Official (preferably electronic) price list, authorization, compare price list to invoices or review computer program
|
|
What are the 4 most important duty segregations and what do they prevent?
|
1. Credit-billing - sales made to unworthy customers
2. Shipping-billing - ship goods to self, don't bill 3. A/R-ledger - conceal own account receivable 4. Cash-A/R - pocket the cash |
|
What is a control for a sale incorrectly recorded at the wrong price, what is the assertion, and how would it be tested?
|
Authorized price list, accuracy, compare sales recorded to price list
Verification of mathematical accuracy and agreement to shipping document are also good answers. |