Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
29 Cards in this Set
- Front
- Back
What are the 3 primary objectives of effective internal control?
|
1. Reliability of financial reporting
2. Efficiency & effectiveness of operations 3. Compliance with laws and regulations |
|
What are management's repsonibilities related to internal control
|
1. Establishing and maintaining
2. Reasonable assurance (can't have 100%) 3. Inherent limitations |
|
Management's section 404 of SOX to Internal control report must include
|
1. Management is repsonible for est. and maintaining adequate control structure and procedures for financial reporting
2. Assessment of operating effectiveness of control structure and procedures for financial reporting |
|
Auditor responsibilities related to internal control
|
- controls over the reliability of financial reporting
- controls over classes of transactions - Auditor responsibilities for testing internal control - must perform Test of controls (TOC) to report on effectiveness of Internal Control over financial reporting |
|
Sales Transaction related Audit objectives
|
- Sales are for shipments to exisiting customers (occurence)
- Exisiting sales transactions are recorded (completeness) - Sales for goods shipped correctly billed (accuracy) - Sales transactions are correctly included in the master files (posting & summary) - Sales transactions are correctly classified (classification) - sales are recorded on the correct dates (timing) |
|
What are the FIVE components of COSO internal control framework
|
Control Environments
- Monitoring - Risk assessment - Control activities - Information and communication |
|
What does COSO stand for
|
Committee of sponsoring organizations
|
|
The Control environment has what 3 main points
|
1. integrity and ethical values
2. Overt commitment to competence 3. Board of directors or audit committee participations - default for public companies |
|
The control environment has what 3 main components
|
1. Management's philosophy and operating style
2. Organizational structure (vertical/horizontal) 3. Human resource policies and practices |
|
Formal Risk Assessment Process (4 Steps)
|
1. Identify factors that may increase risk
2. Estimate the significance of the risk 3. Assess the likelihood of the risk occurring 4. Determine actions necessary to manage the risk |
|
Control activities
5 activities |
1. Adequate separization of duties
2. proper authorization of transactions and activities 3. physical control over assets and records 4. Independent checks on performance |
|
CART - Control Activities
|
Custody
Authorization Reporting Technology |
|
What is the purpose of an accounting information and communication system
|
Iniate, record, process, report (IRPR) the entity's transactions and to maintain accountability for the related assets
|
|
Monitoring does what
|
Deal with managements ongoing and periodic assessment of internal control performance
|
|
How does one obtain and document internal control?
4 Phases |
1. Obtain an understanding of internal control
2. Assess control risk 3. Design, perform, and evaluate tests of controls 4. Decide planned detection risk and substantive tests |
|
Phase 1: Obtain and Document understanding of internal control
|
REQUIRED
Gain evidence about - design of the internal controls - whether placed in operation - use of the information as a basis for the integrated audit |
|
Methods used to obtain and document the understanding of internal controls
|
Narrative
Flowchart Internal control questionnaire (yes/no) |
|
Evaluating Internal Control Operation
|
- Update and evaluate auditor's previous experience with the enitiy
- make inquiries of client personnel - examine docs and records - observe entity activities and ops - Perform walk-through of the accounting system |
|
Assess control Risk
|
- whether the financial statements are auditable
- determine assessed control risk by understanding obtained assuming the controls are being followed |
|
Control Risk Matrix
|
- Identify audit objectives
- Identify exisiting controls - Associate controls with related audit objectives - Identify and evaluate control deficiencies, significant deficiencies, and material weaknesses |
|
What is a significant deficiency
|
If one or more control deficiency exists that is less severe than a material weaknessm but more important enough to merit attention by those responsible for oversight of company's financial reporting
|
|
Material Weakness
|
Significant deficency by itself or in combo with other significant deficiencies results in a reasonable possibility that internal control will not prevent or detect material financial statement misstatements on a timely basis
|
|
Material weakness is ___
|
More likely than not misstated
|
|
GAAS says communications______
|
Communications to those charged with governance, auditor required to report significant deficiencies and material weakness in writing
|
|
How does one design and perform tests of controls?
|
1. Make inquiries of client personnel
2. Examine documents, records, and reports 3. Observe control-related activities 4. Reperform client procedures |
|
The auditor links control risk assessments to __________
|
the balance related audit objectives
|
|
What are the section 404 requirements for reporting on internal control?
|
The auditor's opninion on whether the company maintained effective internal control over financial reporting as of the specified date
|
|
Types of auditor opinions on internal controls
|
1. Unqualified
2. Adverse - material weakness exists 3. Qualified or disclaimer - scope restriction or unable to obtain sufficient evidence |
|
Differences with non-public companiesq
|
1. Reporting requirements
- no audit of IC only report if significant defencies exist 2. Extent of required IC 3. Extent of understanding 4. Assessing control risk 5. Extent of tests of controls |