Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
68 Cards in this Set
- Front
- Back
|
A company has three broad objectives in designing an effective internal control system
|
Reliability of financial reporting
Efficiency and effectiveness of operations Compliance with laws and regulations |
|
|
Reliablity of financial reporting
|
Management is responsible for preparing statements for investors, creditors, and other users. they must be fairly presented in accordance to GAAP.
|
|
|
Efficiency and effectiveness of operations
|
Controls within a company encourage efficient and effective use of its resources to optimize a companys goals. Accurate financial and nonfinancial information.
|
|
|
Compliance with laws and regulations
|
public, nonpublic, and not-for-profit organizations are required to follow many laws and regulations. Some relate to accounting onl indirectly, such as environmental protection and civil rights laws. others are closely related to accounting, such as income tax regulations and fraud.
|
|
|
What is managements responsibility for the entity's internal controls?
|
for establishing and maintaining
|
|
|
What are the auditors responsibility over internal controls?
|
understanding and testing internal control over financial reporting. To issue an audit report on managements assessment of its internal controls, including the auditors opinion on the operaint effectiveness of those controls.
|
|
|
What 2 key conepts underlie management's design and implementation of internal control.
|
Reasonable Assurance and Inherent Limitations
|
|
|
Management's design and implementation of internal control-Reasonable assurance
|
A company should develop internal contorls that provide reasonable, but not absolute assurance that the financial statements are fairly stated. Reasonable assurance allows for only a remote liklihood that materia misstatements will not be prevented or detected on a timely basis
|
|
|
Managements designand implementation of internal control- Inherent Limitations
|
Internal controls can never be completely effective, regardless of the care followed in their design and implementation.
|
|
|
Collusion
|
An act of two or more employees who conspire to steal assets or misstate records.
|
|
|
Management must issue an internal control report, what is included in that report?
|
1.A statement that management is responsible for establishing and maintaining internal controls for Financial reporting.
2. An Assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company's fiscal year. 3. Management must also identify the framework used to evaluate the effectiveness of internal control. |
|
|
What are the 2 components of Managements Assessment of internal control over financial reporting
|
1. Management must evaluate the design of internal control
2. Management must test the operating effectiveness of those controls. |
|
|
Design of Internal control.
|
Management must evaluate whether the controls are designed and put in place to prevent or detect material misstatements in the financial statements. Managment's Focus is on controls over all relevent assertions for all significant accounts and disclosures in the finanial statements.
|
|
|
Operating Effectiveness of those controls.
|
to test if the controls are operating as desgned and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively.test results for m the basis for assertion. Mangement must disclose any material weakness.
|
|
|
Whats included in the 10-K
|
A report on internal control filed with the SEC
|
|
|
Second GAAS fieldwork standard states
|
The auditor must obtain a sufficient understanding of the entity and its environment, including its internal controls, to assess the risk of material misstatement of the financial statements whether due to error or fraud and to design the understanding of internal control to assess control risk in every audit .
|
|
|
What Controls are the auditors concerned about?
|
1.Controls over the reliability of Financial reporting
2. Controls over Classes of Transactions. |
|
|
auditing controls over the reliabiltiy of financial reporting.
|
Auditor is less concerned with controls that affect the efficiency and effectiveness of company operations, because such controls may not influence the fiar presentation of financial statements.
|
|
|
Controls affecting internal management information
|
Budgets and internal performance reports. Important sources used by managment to run the business and can be important sources of evidence that help the auditor decide whether the financial statements are fairly presented.
|
|
|
If the controls over the internal reports are inadequate..
|
then the reports are not reliable for evidence.
|
|
|
Why do auditors emphasize internal controls over classes of transactions rahter than account balances?
|
Because the accuracy of accounting system outputs (account balances) depends heavily on the accuracy of inputs and pr
|
|
|
What are the 5 Coso Internal control components
|
1. Control Environment
2. Risk Assessment 3. Control Activities 4. Information and Communication 5. Monitoring |
|
|
What serves as an umbrella for the other four components?
|
the control environment.
|
|
|
Why is the Control environment so important.
|
Because it starts at the top at management. If the top management believes that control is important others in the organization will respond.
|
|
|
The Control Environment
|
Consists of the actions, policies and procedures that reflect the overall attitudes of top management, directors and owners of an entity about internal control and its importance to the entity.
|
|
|
What are the most important control sub components?
|
Integrity and Ethical Values
Commitment to Competence Board of director or Audit Committe Participation Management Philosophy and operating style Organizational Structure Human Resource Policies and Practices |
|
|
The components of control activities
|
segregation of duties,
adequate documents and records, proper authorization of transactions and activities, physical control over assets independent checks on performance. |
|
|
4 guidelines for adequate Separation of Duties.
|
1. Separation of the Custody of Assets from Accounting.
2. Separation of the Authorization of Transactions from the Custody of Related Assets. 3. Separation of Operational Responsibility from Record Keeping Responsibility. Separation of IT Duties from User Departments. 4. |
|
|
Proper Authorization of Transactions and Activities.
|
Every Transaction must be properly authorized. Authorization can be either general or specific.
|
|
|
General authorization
|
Management establishes policies and subordinates are instructed to implement these general authorizations by approving all transactions within the limits set by the policy.
|
|
|
Specific Authorization
|
Applies to individual transactions. For certain transactions managemnt perfers to authorize each transaction.
|
|
|
Examples of General Authorization
|
The issuance of fixed price lists for the sale of products, credit limits for customer, and fixed reorder points for making aquisitions
|
|
|
Example of specific Authorization
|
The authorizatoin of a sales transaction by the sales manager of a used-car company.
|
|
|
Authorization
|
a policy decision for either a general class of transactions or specific transactions.
|
|
|
Approval
|
implementation of management's general authorization decisions.
|
|
|
Adequate documents and records
|
Physical objects upon which transactions are entered and summarized.
|
|
|
Examples of Adequate Documents and Records
|
sales invoices, purchase orders, subsidiary records, sales journals and employee time cards.
|
|
|
The proper design and use of documents and records include (4)
|
1. Prenumbered Consecutively to facilitate control over missing documents
2.Prepared at the time a transaction takes place, or as soon as possible. 3. Designed for multiple use to minimize number of forms. 4.Constructed in a manner to encourage correct preparation. |
|
|
When entering transaction data into a computer the design of the input screen is made to facilitate what?
|
to minimize errors and improve efficiencies in the input process.
|
|
|
Physical Control over Assets and Records
|
Assets and records must be protected. IF a company is highly computerized, computer equipment programs and data files must be protected.
|
|
|
Physical precautions
|
the most important type of protective measure for safeguarding assets and records.
|
|
|
independent checks, or internal verification.
|
The need for independent checks arises because internal control changes over time, unless there is frequent review.
|
|
|
Who is responsible for performing internal verification procedures?
|
Those independent from those who originally responsible for preparing the data.
|
|
|
What is the least expensive means of internal verification
|
the separation of duties .
|
|
|
Information and communication
|
To initiate, record, process, and report the entity's transactions and to maintain accountability for the related assets.
|
|
|
To understand the design of the accounting information system the auditor determines (5things)
|
1. major classes of transactions of the entity
2. how those transactions are initiated and recorded. 3. what accounting records exist and their nature; 4. how the system captures other events that are significant to the financial statements, such as declines in asset values. 5. the nature and details of the financial reporting process followed, including procedures to enter transactions and adjustments in the general ledger. |
|
|
Monitoring activities
|
ongoing or periodic assessment of the quality of internal control by management to determine that controls are operating as intended and they are modified as appropriate for changes in conditions .
Some companies have an independed internal audit dept. |
|
|
what standareds require auditors to botain an understanding of internal control for every audit and document their understanding?
|
SAS 109 and PCAOB Standard 2.
|
|
|
What are some of the procedures auditors use to obtain an understanding of internal control
|
gathering evidence about the design of internal controls and wheather they are implimented and uses that information as a basis for audit.
|
|
|
What 4 types of evidence to obtain an undrstanding of the design and implimentation of controls?
|
documentation, inquiry of entity personnel, observation of employees performing control processes, and reperformance by tracing one or a few transactions through the accounting system from start to finish.
|
|
|
What three types of documents do auditors use to obtain and document their understanding of the design of internal control?
|
Narratives, flowcharts and internal control questionairres.
|
|
|
Narrative
|
a written description of the clients internal controls. A proper narrative of an accounting system and related controls describes four things
|
|
|
A proper narrative of an accountig system and related controls describe 4 things.
|
1. The origin o fevery document and record in the system
2. All processing that takes place 3. the disposition of every document and record in the system 4. An indication of the controls relevant to the assessment of control risk. |
|
|
FlowChart
|
A diagram of the clients documets and their sequential flow in the organization.
|
|
|
Why are flowcharts advantageous
|
provide a consie overview of the client's system, which helps auditors identify controls and dificiencies in the clients system
|
|
|
what are the 2 advantages of flowcharts over narratives
|
easier to read and update
|
|
|
Internal control questionaire
|
a series of questions about the contorls in each audit area as a means of identifying internal control deficiencies.
|
|
|
What does a no response on a questionarire indicate
|
potential internal control deficienceis.
|
|
|
What are the 2 main dissadvantages of a quesionaire?
|
the inability to provide an overview of the system and their inapplicability for some audits especially smaller ones.
|
|
|
what are 5 ways that the auditor understand the design and implementation?
|
1. Update and Evaluate auditors previous expierience with the entity
2.Make inquiries of client personnel 3. examine documents and records 4. observe entity activities and operations 5. Perform walkthroughs of the accounting system |
|
|
Walkthrough
|
The auditor selects one or a few documents of a transaction type and traces them from initiation through the entire accounting process. At each stage auditor makes inquires, observes activites and examines completed documents and records. PCAOB S2 requires auditors to do this once for each major class of transactions.
|
|
|
What must an auditors report on internal control include
|
1. opinion on whether managment of the effectiveness of internal control over financial reporting is fairly stated, in all material respects.
2. the auditors opinion on whether the company maintained , in all material respects, effective internal control over financial reporting as of the specified date. |
|
|
The auditor will issue an unqualified opinion on internal control when what two conditions exist?
|
There are no identified material weaknesses
There have been no restrictions on the scope of the auditors work. |
|
|
When material weaknesses exist, the auditor must express
|
an adverse opinion on the effectiveness of internal control.
|
|
|
What is the most common cause of an adverse opinion in the auditors report on internal control?
|
When management identified a material weakness in its report.
|
|
|
when there is ascope limitation present what type of opinion will an auditor express.
|
a qualified opinion or disclaimer of opinion. a restriction on the scope will not let the auditor determine material weakness.
|
|
|
What does Section 404 requires auditors to communicate with the audit committee ?
|
all significant deficiencies and material weaknesses
|
|
|
Why is the communication of significant deficiencies and material weaknesses done on a timely basis?
|
so that the management can correct these deficiencies and weaknesses and unqualified opinion by both the management and auditors
|
