Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

51 Cards in this Set

  • Front
  • Back
3 key internal control concepts
1. Reliability of financial reporting
2. Efficiency and effectiveness of operations
3. Compliance with laws and regulations.
Reliability of financial reporting
Auditors focus here unless things in efficiency or compliance have material impact. As auditors we focus on this, this is our primary concern.
Efficiency and effectiveness of operations
If I'm the bus. this includes both financial and non-financial info. Accuracy based on the need for decision making (Exact or ballpark)
Compliance with laws and regulations
OSHA, EPA, Dept of edu
When do auditors worry about Efficiency and effectiveness of operations and Compliance with laws and regulations
only when they have a material impact on the financial statements.
5 components of COSO
1. Control environment -broad over all the others.
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring
What are the 3 components of the fraud triangle
1. Incentives/pressures
2. Opportunities
3. Attitudes/rationalizations
financial instability
Poor econ. conditions
tight debt covenant requirements
executive compensation incentives
debt covenants-you might trip you have incentive
Significant account investments that involve judgement huge allowance for doubt balance
Ineffective BOD/audit committee. Opp b/c they're oversight
High turnover/ineffective fin. staff
Bad/ineffective communication of values.
Known history of SEC violations
History of aggressive/optimistic forecasts to fin analyst and creditors.
if all three conditions exist what does that mean?
HIGH likelihood of financial fraud.
Control environment is
The big umbrella
What does COSO say about control environment?
That it should be STRONG. BCAOB calls this entity level controls.
What are the necessary conditions for good control environment?``
Integrity and ethical values
commitment to competence
BOD or audit committee participation
Management's philosophy and operating style
Organizational structure
Human resource policies and practices
Integrity and ethical values
Code of ethics and how it's communicated. Every organization must have one of these.
Commitment to competence
Commitment to training and development of employees. Competence means someone who is well qualified.
BOD or audit committee participation
ACtive and independent BOD and audit comittee must be 100% financially literate
Management's philosophy and operating style
Do you have a super agressive CEO vs. conservative? If super agressive you are likely to have bad control environment
Organizational structure
clear lines of responsiblity and authority
Allow people to know what job description is
Human resource policies and practices
Methods of hiring, training, promoting, and compensating employees.
Risk assessment policies who is in charge of these?
CPA doesn't do this management does
RISK assessment
Management is responsible for identification and analysis of rsiks related to the business and the preparation of financial statements.
What are the 5 control activites?
1. Adequate separation of duties
2. Proper authorization of trans and activities
3. Adequate documents and records
4. Physical controls over assets and records
5. Independent checks on performance
Adequate separation of duties what do you separate?
1. Custody -physical
2. recording- journal entries
3. Authorization - Can override controls
What is necessary for adequate separation of duties?
IF 2/3 are incompatible. If controls aren't separated it's no good.
What does proper authorization of transactions and activities entail?
general authorization or specific authorizations
General authorizations
Relate to overall policies such as credit limits. I'm authorized to make sale up to 40,000,000 without authorization.
Specific authorization
Relates to particular transactions can be a dollar amount.
ADequate documents and records:
Pre-numbered, prepared in real time don't pre fill our a form.
How should forms be designed?
They should be designed simply, for multiple uses, should gather info once for multiple purposes, designed to reduce errors.
Physical controls over assets and records
Lock up inventory
Backup and recovery of IT stuff
Independent checks on performance
Someone verifies what someone else does.
Information and communication
Accounting information system for financial information. TX's happen and reports are formed and sent to dept's who review them.
Internal audit division which ideally reports indep of the acct. or finance function.
If publically held co.files report to the SEC. Have internal audit committee so you have someone who reports to the board.
What is management responsible for?
1. Estblishing and maintainging internal controls
2. If a public co they must report on the operational effectiveness of internal controls.
What must the auditor include on the 10-k?
Statement that management is responsible for est. and maintainging an internal control.
2. Must identify the structure and procedures for financial reporting
3. Must identify the framework used to audit the controls often COSO is used.
Key concepts
1. Reasonable assurance
2. Inherent limitations on internal control
Reasonable assurance
Cost/benefit analysis
Not absolute assurance. It's reasonable. "only a remote likelihood that a material misstatement will not be prevented or detected on a timely basis"
Inherent limitations on internal controls
Human error
human laziness
Fraud incentives
possible collusion
What is the auditors responsibilities
Issue an audit report on management's internal control structiure and operations.
Test all stignificant classes of transactions and disclosures, rights and obligations, and values and obligations assertions.
When the auditor is issuing the control report what do they focus on?
1. Concentrate on controls related to fin. reporting (includes budget controls)
2. Emphasis is on classes of trans. not ending balances because balances are a sum of related transactions.
estimate of realizable value
rights and obligations
presentation and disclosure
What 3 procedures to docuent an understanding of internal control are typically used?
1. narrative
2. flowchart
3. internal control questionaire
easy to develop hard to understand.
Paragraph describing documents origins, processes, and dispositionsof transactions. IT's like someone talking describes exact process in a cycle can't track where documents go. Hard to identify control problems.
A diagram of a narrative.
Advantage easier to read and update
Disadvantage - hard to develop from scratch
Internal control questionarie
usually developed over time
Yes/no questions about contrls.
A no response indicates a control violation. Verifies if controls have been modified last year also legal liability. Did you inform the audit committee of all fraudulant transactions. You want the answer to be yes. A NO ALWAYS INDICATES A PROBLEM IN THESE.
Evaluate internal control implementation
1. Update and evaluate the auditor previous experience with the entity
2. Make inquiries of client personnel
3. Examine documents and records
4. Observe entity activities and operations.
5. Perform walkthroughs of the accounting system
Update and evaluate the auditor previous experience with the entity
Inquire about changes. Describe changes in internal control structure this year. Look for implementation of suggested changes from last year.
Make inquiries of client personnel
ASk open ended questions of personnel and then compare answers to the flowchart
Examine documents and records
Are the documents annotated and filed as described. Flowchart says should be stamped on or initialed check to see if they actually are.
Observe entity activities and operations
Watch the process happen
perform walkthroughs of the accounting system
PCAOB requires at least one walk through for each major class of transactions. Take one or more documents from beginning to end then observe and inquire about it.