Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
Risk
|
Any threat to the economic welfare of a business
In monetary term combine value of exposed assets and probability of loss |
|
|
Risk = p(t) x p(f) x amount of loss
|
p=probability
t=threat f=failure of control |
|
|
Risks ^ Controls ^
|
Risk assessment drives design of controls, direct correlation
|
|
|
Minimize Risk (3)
|
insure/reduce possible losses
increase controls prevent threat occurence |
|
|
Factors Affecting Risks (5)
|
frequency of independent checks
adequacy of controls and communication of authority & responsibility physical controls consistency of control enforcement |
|
|
Control Risk
|
Risk of a control failure (mistakes/fraud aren't prevented or detected by controls)
|
|
|
Inherent Risk
|
Risk when there are no internal controls
|
|
|
Detection Risk
|
Risk that audit procedures will fail to detect misstatements
|
|
|
AAR (Acceptable Audit Risk): direct correlation with three factors
|
management integrity
# of financial statement users financial condition of auditee |
|
|
Evidence Required by Auditor: inverse correlation with
|
Calculated Detection Risk
|
|
|
AAR = IR x CR x DR
|
calculate audit risk
|
|
|
Control Risk inverse to Detection Risk
|
good internal controls, auditor can do less testing. Audit risk remains unchanged
|
|
|
Auditor Assesses
Auditor Influences |
IR & CR
DR |
|
|
Audit Risk and Materiality determine:
|
type and amount of evidence for auditor
|
|
|
Amount of evidence determines:
|
audit procedures to conclude with reasonable assurance
|
|
|
Internal Control-Integrated Framework
COSO-1992 |
broadly accepted model for designing and assessing internal controls
(applies to operations, reporting and compliance) |
|
|
Enterprise Risk Management-Integrated Framework
COSO - 2004 |
internal control and risk mgmt guidelines
|
|
|
Framework Components (5)
|
control environment/risk assessment/control activities/monitoring/ information and communication
|
|
|
COSO Control Activities (6)
|
assignment of authority and responsibility
transaction authorizations documentation and records security of assets separation of duties independent verification |
|
|
Separation of Duties
|
recording
authorization custody reconciliation |
|
|
General/Specific
Controls |
polices & procedures regarding the approach to IC (effects effectiveness of specific controls)/procedures that implement approach
|
|
|
Components of IC Structure (3)
|
Control Enviroment
Accounting System Control Procedures (gen./specific) |
|
|
Methods of Internal Controls (5)
|
Review/Monitoring
Physical Security Operational Organizational Personnel Management |
|
|
Review (Monitoring) Controls
|
Employee reviews
Internal/External Audits SOX committee (compliance reviews) |
|
|
Physical Controls
|
Smoke alarms
Maintenance on capital equipment ID badge (physical security) |
|
|
Operational Controls
|
Planning
Budgeting Information Technology |
|
|
Organizational Controls
|
each division has responsiblity
|
|
|
Personnel Mgmt.
|
Training
Development Supervision |
|
|
Stakeholder Roles in Internal Controls (5- stakeholders)
|
Board of Directors
External Auditors Senior Mgmt. Internal Auditors Staff Line & Managers |
|
|
B of D
Audit Committee |
oversight
define corporate culture set objectives approve strategies |
|
|
External Auditors
|
attest to financial statement (fairly represent company)
|
|
|
Senior Mgmt.
|
leadership
they must define, develop, document, implement, demonstrate internal controls |
|
|
Internal Auditors Role
|
assess IC environments and make recommendations/improvements
Validate IC and compare to industry standards |
|
|
Staff Line & Managers Role
|
Review & Monitor Controls
Contribute to design & implementation of IC |
|
|
SOX controls (3)
|
established:
1. PCAOB 2. higher standards of corporate responsibility (internal) and 3. enhanced financial disclosure (external) |
|
|
PCAOB Standard #5
|
auditors required to complete SEC #404, IC statement within annual report. Mgmt. evaluation of IC within 90 days prior to annual audit report
|
|
|
PCAOB Standard #5 requirements (3)
|
Audit is scaled to the size of the organization
Principles-based approach reliance of others' work TDRA-top down risk assessment approach for auditing FS & IC |
|
|
TDRA (5)
|
1. identify significant facts & disclosures
2. identify risks of material misstatements (risks of #1) 3. determine entity level controls which address risks 4. determine transaction based controls to compesate for entity-level control failures 5. determine nature/timing/extent of tests needed to complete IC assestment |
|
|
SOX section 302
|
Requires:
1. CEO & CFO cerify reports filed to SEC and 2. Mgmt design & implementation of IC |
|
|
SOC section 404 (4)
Auditors Responsibility |
1. Annual report responsibility of Mgmt for IC
2. Annual report has assessment of effectiveness of IC 3. External Auditor, attest & report on Mgmt of controls and procedures. 4. Certify IC can ensure accuracy and IC was evaluated |
|
|
Cost/Benefit of 404 compliance (7)
|
1. improved insight into procedures 2. more reliable reports 3. address control deficiencies 4. stronger IC 5. reduced fraud risk 6. improved efficiency 7. support for governance structure
|
|
|
IC protects 5 areas
S.C.A.R.E. |
Safeguard Assets
Comply with laws & regs Accomplish Goals Reliability of records & reporting Efficiency of operations |
|
|
Considerations during design of policies & procedures
|
potential risks
actual risk exposure stated risk |
|
|
FCPA (foreign corrupt practices act)
|
SEC monitors compliance with IC provisions of FCPA
controls: 1.bribes in foreign countries are prohibited 2.accurate record keeping requirement |
|
|
Five types of Internals Controls
|
1. preventive
2. corrective 3. detective 4. compensating 5. directive |
|
|
Preventive Controls
|
separation of duties
security alarm |
|
|
Detective Controls
|
random checks
reconciliations |
|
|
Corrective Controls
|
fix mistakes found in detection
|
|
|
Compensating Controls
|
overcome deficiencies in controls
(external audits) |
|
|
Directive Controls
|
policies for bidding & vendors
(good will) |
