Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
128 Cards in this Set
- Front
- Back
|
Internal control
|
A processed designed to provide reasonable assurance regarding the achievement of management's objectives in the following categories: 1) reliability of financial reporting, 2) effectiveness and efficiency of operations, & 3) compliance w/ applicable laws & regulations.
|
|
|
Limitations of internal control
|
1) Personnel errors
2) Management override 3) Collusion 4) Cost-benefit tradeoff |
|
|
Section 404(a) of the Sarbanes-Oxley Act requires management of all public companies to issue an internal control report that includes the following:
|
1) A statement that management is responsible for establishing & maintaining an adequate internal control structure & procedures for financial reporting
2) An assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company's fiscal year |
|
|
Management's assessment of internal control over financial reporting consists of two key aspects:
|
1) Management must evaluate the design of internal control over financial reporting
2) Management must test the operating effectiveness of those controls |
|
|
Transaction-related audit objectives:
|
1) Occurrence--recorded transactions exist
2) Completeness--existing transactions are recorded 3) Accuracy--recorded transactions are stated at the correct amounts 4) Posting & summarization--recorded transactions are correctly included in the master files & are correctly sumarized 5) Classification--transactions are correctly classified 6) Timing--transactions are recorded on the correct dates |
|
|
Auditor responsibilities for understanding internal control
|
1) For all clients, auditors must understand the IC system well enough to plan & perform the audit
2) For large public clients, auditors must audit the IC system & issue audit opinion about the effectiveness of ICs |
|
|
What controls must be tested in an audit of internal controls?
|
Internal Controls over Financial Reporting
|
|
|
What controls must be tested in an audit of financial statements?
|
Internal Controls used to Assess Control Risk below Maximum
|
|
|
5 Components of Internal Control (COSO)
|
1) Control environment
2) Risk assessment 3) Control activities 4) Information & communication 5) Monitoring |
|
|
Collusion
|
A cooperative effort among employees to steal assets or misstate records
|
|
|
Control environment
|
The actions, policies, & procedures that reflect the overall attitudes of top management, directors, & owners of an entity about internal control & its importance to the entity
|
|
|
Risk assessment
|
Management's identification & analysis of risks relevant to the preparation of financial statements in accordance w/ an applicable accounting framework
|
|
|
Control activities
|
Policies & procedure, in addition to those included in the other four components of internal control, that help to ensure that necessary actions are taken to address risks in the achievement of the entity's objectives.
|
|
|
Five specific control activities:
|
1) Adequate separation of duties
2) Proper authorization of transactions & activities 3) Adequate documents & records 4) Physical control over assets & records 5) Independent checks on performance |
|
|
Information & communication
|
The set of manual and/or computerized procedures that initiates, records, processes, & reports an entity's transactions & maintains accountability for the related assets
|
|
|
Monitoring
|
Management's ongoing & periodic assessment of the quality of internal control performance to determine that controls are operating as intended & are modified when needed
|
|
|
T/F: The auditor must issue an adverse opinion if there's even one material weakness?
|
TRUE!!
|
|
|
Control subcomponents:
|
1) Integrity & ethical values
2) Commitment to competence 3) BOD or audit committee participation 4) Management's philosophy & operating style 5) Organizational structure 6) Human resource policies & practices |
|
|
Separation of duties:
|
1) Separation of the custody of assets from accounting
2) Separation of the authorization of transactions from the custody of related assets 3) Separation of operational responsibility from record-keeping responsibility 4) Separation of IT duties from user departments |
|
|
To understand the design of the accounting information system, the auditor determines . . .
|
1) The major classes of transactions of the entity
2) How those transactions are initiated & recorded 3) What accounting records exist & their nature 4) How the system captures other events that are significant to the financial statements 5) The nature & details of the financial reporting process followed, including procedures to enter transactions & adjustments in the general ledger. |
|
|
Risk assessment processes:
|
1) Identify factors affecting risks
2) Assess significance of risks & likelihood of occurrence 3) Determine actions necessary to manage risks |
|
|
Categories of management assertions that must be satisfied:
|
1) Assertions about classes of transactions & other events
2) Assertions about account balances 3) Assertions about presentation & disclosure |
|
|
Process for understanding internal control & assessing control risk:
|
1) Obtain & document understanding of internal control design & operation
2) Assess control risk 3) Design, perform, & evaluate tests of controls 4) Decide planned detection risk & substantive tests |
|
|
Three commonly used methods of document the understanding of internal controls:
|
1) Narratives
2) Flowcharts 3) Internal control questionnaires |
|
|
Internal control questionnaire
|
A series of questions about the controls in each audit area used as a means of indicating to the auditor aspects of internal control that may be inadequate
|
|
|
The goal of assessing control risk is to determine whether IC design . . .
|
1) Will prevent misstatements from occurring?
2) Will detect & correct misstatements that have occurred? |
|
|
We assess control risk for . . .
|
each transaction-related audit objective for each major transaction in each cycle.
|
|
|
Process of assessing control risk:
|
1) Identify audit objectives
2) Identify existing controls 3) Associate controls w/ related audit objectives 4) Identify & evaluate control deficiencies, significant deficiencies, & material weaknesses. |
|
|
Control deficiency
|
A deficiency in the design or operation of controls that does not permit company personnel to prevent or detect misstatements on a timely basis.
|
|
|
Significant deficiency
|
One or more control deficiencies exist that is less severe than a material weakness, but important enough to merit attention by those responsible for oversight of the company's financial reporting.
|
|
|
Material weakness
|
A significant deficiency in internal control that, by itself, or in combination with other significant deficiencies, results in a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected.
|
|
|
The goal of testing controls is . . .
|
to determine whether controls are operating effectively.
|
|
|
Procedures to support the operating effectiveness of internal controls:
|
1) Perform a walkthrough
2) Make inquiries of appropriate client personnel 3) Examine documents, records, & reports 4) Observe control-related activities 5) Reperform client procedures |
|
|
Walkthrough
|
The tracing of selected transactions through the accounting system to determine that controls are in place.
|
|
|
If the assessed level of control risk equals the planned control risk, . . .
|
no change to substantive tests is necessary.
|
|
|
If the assessed level of control risk is greater than the planned control risk, . . .
|
then must increase substantive tests.
|
|
|
Outline of the audit process:
|
1) Review client background information
2) Perform preliminary analytical procedures 3) Obtain an understanding of the ICS 4) Perform preliminary audit planning (i.e., assess materiality, set AR, & consider the mix of tests) 5) Test controls & perform substantive TOT 6) Revised plan based on test of controls, if needed 7) Test ending balances 8) Render opinion |
|
|
Types of audit tests
|
1) Risk assessment procedures
2) Tests of controls 3) Substantive tests of transactions 4) Analytical procedures 5) Tests of details of balances |
|
|
Procedures to obtain an understanding of internal control
|
Procedures used by the auditor to gather evidence about the design & implementation of specific controls; used to create preliminary assessment of CR for each transaction-related objective.
|
|
|
Substantive tests of transactions
|
Audit procedures testing for monetary misstatements to determine whether the six transaction-related audit objectives have been satisfied for each class of transactions.
|
|
|
Tests of controls
|
Audit procedures to test the effectiveness of controls in support of a reduced assessed control risk.
|
|
|
Test of details of balances
|
Audit procedures testing for monetary misstatements to determine whether the eight balance-related audit objectives have been satisfied for each significant account balance.
|
|
|
Main procedures to obtain an understanding of IC:
|
1) Evaluate prior experience w/ client
2) Inquiry 3) Read policies & manuals 4) Examine documents & records 5) Observe activities & operations |
|
|
T/F: Exceptions discovered during TOCs indicate a FS misstatement?
|
FALSE!! (not necessarily)
|
|
|
Primary procedures for STOT:
|
1) Reperformance
2) Documentation |
|
|
Analytical procedures
|
Use of comparisons & relationships to assess whether account balances or other data appear reasonable.
|
|
|
Two of the most important purposes of analytical procedures in the audit of account balances are to:
|
1) Indicate possible misstatements in the financial statements.
2) Provide substantive evidence. |
|
|
T/F: Tests of details of balances can be done on B/S or I/S accounts.
|
TRUE!!
|
|
|
8 balance-related objectives:
|
1) Existence
2) Completeness 3) Accuracy 4) Classification 5) Cutoff 6) Detail tie-in 7) Realizable value 8) Rights & obligations |
|
|
Can tests of details of balances be eliminated?
|
NO!! Substantive tests of transactions can't help us w/ realizable value rights & obligations, or presentation/disclosure.
|
|
|
Revenues are . . .
|
inflows or other enhancements of assets of an entity or settlements of its liabilities (or a combination of both) from delivery of producing goods, rendering services, or other activities that constitute the entity's major or central operation.
|
|
|
Reveue is recognized when ________ & ______.
|
realized, earned
|
|
|
Realization
|
Product/service is exchange for cash, promise to pay, or other asset that's convertible to cash
|
|
|
Earned
|
Entity has substantially completed the earnings process (generally upon delivery of product or service provided).
|
|
|
When is revenue recognized?
|
WHEN SHIPPED!! (title transfers at shipping point)
|
|
|
Side agreements
|
Arrangements used to alter terms & conditions of recorded sales in order to entice customers to accept delivery of goods (EX: Netopia).
|
|
|
Channel stuffing
|
Inducements to distributors to buy substantially more inventory than they can promptly sell (EX: Coca-Cola).
|
|
|
Bill & hold
|
Inducements for customers to issue PO's in advance of needing goods; seller agrees to ship goods at later date (EX: Diebold).
|
|
|
Five classes of transactions in the sales & collections cycle:
|
1) Sales (cash & sales on account)
2) Cash receipts 3) Sales returns & allowances 4) Write-off of uncollectible accounts 5) Estimate of bad debt expense |
|
|
Major functions of revenue process
|
1) Order entry: acceptance of customer orders & entry into system in accordance w/ management criteria
2) Credit authorization: appropriate approval of customer orders for credit worthiness 3) Shipping: shipping of goods that have been authorized 4) Billing: issuance of sales invoice to customers for goods shipped/services provided; processing of billing adjustments for allowances, discounts, & returns. |
|
|
Major functions of cash receipts process
|
1) Cash receipts: processing of receipt of cash from customers
2) Accounts receivable: recording all sales invoices, collections, & credit memoranda in individual customer accounts 3) General ledger: proper accumulation, classification, & summarization of revenues, collections, & receivables in the F/S accounts |
|
|
Key separation of duties:
|
1) Credit funciton needs to be separate from sales (separation of authorization from custody)
2) Shipping function needs to be separate from billing (separation of custody from accounting) 3) Cash receipts need to be separate from A/R (separation of custody from accounting) |
|
|
Lapping of accounts receivable
|
The postponement of entries for the collection of receivables to conceal an existing cash shortage.
|
|
|
Three key authorizations:
|
1) Credit must be properly authorized before a sale takes place.
2) Goods should be shipped only after proper authorization. 3) Prices, including basic terms, freight, & discounts, must be authorized. |
|
|
Key controls:
|
1) Adequate documents & records (EX: duplicate copies retained as evidence)
2) Prenumbered documents & accounting for series--reduces chance of not billing or double billing 3) Monthly statements--encourages error reporting by customer for which they aren't given credit for their full amount |
|
|
Sales invoices exist but not bills of lading (existence/occurrence)
|
Start w/ a sample of sales invoices recorded in the sales journal & agree to BOL.
|
|
|
Bills of lading exist but not sales invoices (completeness)
|
Start w/ a sample of bills of lading & agree to sales invoices.
|
|
|
What steps are typically involved in a sales transaction?
|
1) Take customer order --> prepare sales order
2) Credit is approved --> approved sales order 3) Release goods from inventory & ship them --> BOL 4) Bill customer --> sales invoice & sales summary 5) Record the sale --> Updated A/R & sales in subledger & GL |
|
|
Sales summary
|
This is a computer-generated file that includes all sales transactions processed by the accounting system for a period, which could be a day, week, or month. It includes all information entered into the system & information for each transaction, such as customer name, date, amount, account classification(s), salesperson, & commission rate.
|
|
|
What controls are considered important? All sales are approved by the credit department.
|
1) For a sample of sales invoices recorded in the sales journal, we're going to trace to sales order & check for authorization by the credit department.
2) Inquire & observe the credit dept. authorizing sales. |
|
|
What controls are considered important? All shipments are authorized.
|
Inquire & observe shipping dept. checking for authorization before shipment.
|
|
|
What controls are considered important? Prices are authorized.
|
1) Examine authorized price list.
2) For a sample of sales invoices recorded in the sales journal, compare price billed to approved price. |
|
|
What controls are considered important? Prenumbered sales orders, BOL, & sales invoices are used & the series is accounted for periodically.
|
1) Examine prenumbered documents.
2) Inquire & observe about the accounting for the series. |
|
|
What controls are considered important? Monthly statements are sent to customers.
|
1) Examine the correspondence files related to the monthly statements.
2) Inquire & observe the appropriate person mailing & preparing the monthly statements. |
|
|
What controls are considered important? Independent verification of the quantities on invoice.
|
For a sample of invoices recorded in the sales journal, compare quantity shipped & ordered to the quantity billed.
|
|
|
What controls are considered important? Independent verification of the mathematical accuracy of the invoice.
|
For a sample of invoices recorded in the sales journal, recalculate the invoice.
|
|
|
What controls are considered important? Standard chart of accounts is used.
|
1) Examine the chart of accounts.
2) For a sample of invoices recorded in the sales journal, compare accounts used w/ the standard chart of accounts. |
|
|
What steps are typically involved in a collections transaction?
|
1) We receive cash receipt --> immediately restrictively endorse AND prepare prelisting/list of receipts
2) Prepare deposit slip --> deposit cash each day 3) Update cash receipts journal & A/R records |
|
|
Prelisting of cash receipts
|
This is a list prepared when cash is received by someone who has no responsibility for recording sales, A/R, or cash, and who has no access to accounting records. It is used to verify whether cash received was recorded & deposited at the correct amounts and on a timely basis.
|
|
|
What controls are considered important? Mail is opened by people outside of the accounting department.
|
1) Inquire & observe mailroom personnel to determine if they have any incompatible duties (recording duties).
|
|
|
What controls are considered important? Checks are immediatey restrictively endorsed.
|
Inquire & observe the mailroom personnel restrictively endorsing the checks.
|
|
|
What controls are considered important? Cash receipts are prelisted/summarized.
|
1) Inquire & observe mailroom personnel prepare the prelisting/summary.
2) For a sample of cash receipts recorded in the cash receipts journal, trace back to prelisting. |
|
|
What controls are considered important? Cash is deposited daily in the bank.
|
1) Inquire & observe cash receipts personnel preparing the deposit slip & deposit the checks.
2) Compare the validated deposit slips (date & amt) to the cash summary. |
|
|
What controls are considered important? The appropriate personnel reconciles the bank statement (no custody or recording responsibilities).
|
1) Inquire & observe the person preparing the bank reconciliation (proper person, done on a timely basis--i.e., every month).
2) Examine a sample of the monthly bank reconciliations. 3) Reperform a bank rec. |
|
|
Sampling
|
To apply an audit procedure to less than 100% of the items making up an account balance.
|
|
|
Attributes sampling:
|
A statistical, probablistic method of sample evaluation that results in an estimate of the proportion of items in a population containing a characteristic or attribute of interest.
|
|
|
Sampling of balances:
|
used to estimate AMOUNT of misstatement present in account balance.
|
|
|
Representative sample
|
A sample w/ characteristics the same as those of the population.
|
|
|
Risks involved in sampling:
|
1) Sampling risk
2) Non-sampling risk |
|
|
Sampling risk
|
Risk of reaching an incorrect conclusion inherent in tests of less than the entire population because the sample is not representative of the population.
|
|
|
How can sampling risk be reduced?
|
By using an increased sample size & an appropriate method of selecting sample items from the population.
|
|
|
Non-sampling risk
|
The risk that the auditor fails to identify existing exceptions in the sample; nonsampling risk is caused by failure to recognize exceptions and by inappropriate or ineffective audit procedures.
|
|
|
To minimize non-sampling risk:
|
1) Design good tests
2) Use experienced auditors 3) Avoid boredom & exhaustion |
|
|
Statistical sampling
|
The use of mathematical measurement techniques to calculate formal statistical results & quantify sampling risk. Requires random sample.
|
|
|
Nonstatistical (judgemental) sampling
|
The auditor's use of professional judgement to select sample items, estimate the population values, & estimate sampling risk.
|
|
|
Steps in sampling:
|
1) Plan the sample
2) Select the sample & perform the tests 3) Evaluate the results |
|
|
Plan the sample:
|
1) State the objectives of the audit test.
2) Decide whether audit sampling applies. 3) Define attributes & exception conditions. 4) Define the population. 5) Define the sampling unit. 6) Specify the tolerable exception rate. 7) Specify acceptable risk of assessing control risk too low. 8) Estimate the population exception rate. 9) Determine the initial sample size. |
|
|
Evaluate the results:
|
1) Generalize from the sample to the population.
2) Analyze exceptions. 3) Decide the acceptability of the population. |
|
|
Nonprobabilistic (judgemental) sample selection methods:
|
1) Directed sample selection
2) Block sample selection 3) Haphazard sample selection |
|
|
Probabilistic sample selection methods:
|
1) Simple random sample selection
2) Systematic sample selection 3) Probability proportional to size sample selection 4) Stratified sample selection |
|
|
Directed sample selection
|
A nonprobabilistic method of sample selection in which each item in the sample is selected based on some judgmental criteria established by the auditor (EX: larger accounts or those more likely to contain errors).
|
|
|
Block sample selection
|
A nonprobabilistic method of sample selection in which items are selected in measured sequences.
|
|
|
Haphazard sample selection
|
A nonprobabilistic method of sample selection in which items are chosen without regard to their size, source, or other distinguishing characteristics.
|
|
|
Random sample
|
A sample in which every possible combination of elements in the population has an equal chance of constituting the sample.
|
|
|
Systematic sample selection
|
A probabilistic method of sampling in which the auditor calculates an interval (the population size divided by the number of sample items desired) & selects the items for the sample based on the size of the interval & a randomly selected starting point between zero & the length of the interval.
|
|
|
Probability proportional to size
|
Each DOLLAR has an equal chance of being included in the sample.
|
|
|
Stratified sample selection
|
Separate population into subpopulations based on size & choose samples for each subpopulation/strata.
|
|
|
Characteristics of interest in attribute sampling:
|
1) Control deviation rate (for tests of controls)
2) Monetary misstatements in transactions (for substantive tests of transactions) |
|
|
Attribute sampling is used to . . .
|
1) Estimate proportion of a population containing a certain characteristic.
2) Evaluate whether controls are working well enough to support the initial control risk assessment or transactions are being recorded correctly enough. |
|
|
Tolerable Exception Rate (TER)
|
The exception rate that the auditor will permit in the population & still be willing to conclude the control is operating effectively and/or the amount of monetary misstatements in the transactions established during planning is acceptable.
|
|
|
The TER is a . . . & depends on . . .
|
matter of auditor judgment, assessed materiality & importance of attribute
|
|
|
EX: If we need a control to work 96% of the time, what is the TER?
|
4%
|
|
|
Big materiality --> ____ TER & high importance --> ___ TER
|
high, low
|
|
|
The _____ the TER, the _______ the sample.
|
lower, smaller
|
|
|
Acceptable risk of assessing control risk too low (ARACR)
|
The risk that the auditor is willing to take of accepting a control as effective or a rate of monetary misstatements as tolerable when the true population exception rate is greater than the tolerable exception rate.
|
|
|
The ARACAR is a . . . & depends on . . .
|
auditor judgment, assessed CR
|
|
|
Estimated population exception rate (EPER)
|
Exception rate the auditor expects to find in the population before testing begins (based on work done in the prior year or information from management)
|
|
|
Sample exception rate (SER)
|
Number of exceptions in the sample divided by the sample size
|
|
|
Computed upper excepted rate (CUER)
|
The upper limit of the probable population exception rate; the highest exception rate in the population at a given ARACR.
|
|
|
CUER =
|
SER + allowance for sampling error
|
|
|
T/F: Larger samples are more precise.
|
TRUE!!
|
|
|
Higher ARO allows more risk so _______ sample.
|
smaller
|
|
|
Bigger difference between TER & EPER requires less precision so _______ sample.
|
smaller
|
|
|
The worst we expect the population to perform, the ______ the sample size.
|
larger
|
|
|
If TER is greater than or equal to the CUER:
|
Control works well enough to rely on it ("Risk is less than ARO that control fails more than TER")
|
|
|
If TER is less than CUER:
|
Control's not working well enough ("Risk is more than ARO that control fails more than TER").
|
|
|
T/F: When the sample results don't seem to support the assessed CR, you revise TER or ARO.
|
FALSE!! These are set before results are known.
|
|
|
What do you do when the sample results don't seem to support assessed CR?
|
1) Expand sample (costly)
2) Revise CR & add more substantive testing |
