• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

21 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)

Internal Controls

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information & Communication
  5. Monitoring

Control Activity

  1. Policy (what to control)
  2. Procedure (how to control)
***responsibility of management

Control Categories

  1. Authorization
  2. Performance reviews
  3. Information processing
  4. Physical control
  5. Segregation of duties

Control Objectives

  1. Completeness
  2. Occurrence
  3. Cut Off
  4. Accuracy
  5. Classification

Information System Controls

  1. Access to data and programs
  2. Program changes and development
  3. Computer operations
  4. Continuity of operations

Control Frameworks

  1. Control environment (tone from top)
  2. Entity's risk assessment process
  3. Information systems
  4. Control Activities
  5. Client's monitoring of controls

Should ALL be tested

Key Internal Controls

  1. Mitigates RoMM
  2. Mitigates a risk affecting financial statements
  3. Detects and corrects material misstatement
  4. Detects and prevents fraud

ie a bank rec

COSO Framework

  • Control Environment (tone at top)
  • Key risks:
  • Operational
  • Compliance
  • Financial Reporting
  • Control activities for the key risks
  • Communicating the info to the employees
  • Monitoring

Credit Sales System

  • Identify Phases in system (sales order, fulfillment, invoicing, purchasing, returns...)
  • Identify: Objectives, Risks, Control activities

What can go wrong?

Purchasing System

Identify Phases in system (PO, reciving, invoice processing, payment processing, returns.)

Identify: Objectives, Risks, Control activities

Inventory System

identify where the risks are

Financial Reporting Process

what are the cut off dates?

journal entries


Payroll Cycle Example

  1. Risks
  2. Ask management re internal controls

What could go wrong in payroll that would impact the FS?

Assessing controls

Does the control work as desired? (design, implementation)

Does it mitigate the key risk?

Manual or automatic?

Who operates the control, how often?

Evaluation of control implementation walk through

Walk though a sample of 1.

Communicating control deficiencies

CAS 265

auditor to communicate with management

management letter




management letter




Testing operation of controls

Sample sizing

Inquire plus:




***is optional, "further audit testing***

IT Controls

Consider RoMM from client use of IT

Development of key application controls

Documentation of General Controls

  1. Understand the control
  2. procedures undertaken to test operating effectiveness
  3. Deficiencies detected
  4. Conclusions - re: effectiveness of the control and its impact on assertions.

If it is not documented it did not happen.


  1. Improve extent of audit testing
  2. Perform manually impossible procedures
  3. cost effective
  4. increase understanding of client system and operations.

CAAT - Types

  1. Audit software - Substantive
  2. Embedded audit facilities - recreate their IT enviroment to see if you can mess with it
  3. Test data techniques