Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

92 Cards in this Set

  • Front
  • Back
Who has responsibility for internal controls?
audit comitee
Committee on sponsoring activities
3 things coso focuses on
effectivness/efficiency of operations; financial reporting; compliance with laws/regs
Five components of internal controls per COSO framework
Control evironment; entity risk assesment; control activities; information and communication; monitoring activiites
Control evironment
sets the tone at the top of the organization
Information processing controls: general
controls that appy to entirety of companies it area
information processing controls: application
controls that relate to specifc it applications
Effective of size on internal controls
small companies are more likely to catch somehting since there is less going on; managemetn has more hands on responsibility; you can still use controls approach but it is harder
Limitations of internal controls: ways controls can be beaten
override; collusion; human error
Documentiign understandign of internal controls (4)
Flowcharts; narrative description; internal control questionarres; Procedures manual
What happens if autidotr does not intend to rely on internal controls:
set control risk at maximum and use substantive procedure
As reliabiliyt of controls increases, substantive tests can _______
As risk and materiality increases, year end testing should ______
If we do testing early we ___ to the end of the year
roll it forward
Greater the risk, ____ the testing; however_____
later. It also makes sense to di it early to avoid any surprises
When to test: allowance for bad debts
high risk: do both early and late
when to test: cash
Should be tested later in the year because its fungible; its risky
When to test: depreciation
probably at the the beginnign because its less risky
Service berearus
third party provider; for example: they do payroll, fixed assets, bookeeping
Service organizaiton control report: type 1 teests
looked at controls and describes stystem; no opinion issued
Service organization type 2 tests
can also test controls
Our responsibiliity relatign to service beraus
if type 1 report or bad type 2 report, somebody has to go back in and do testing; If type 2 report the we can accept results of their audit; don’t have to reperform work done by service berueras
Communication of I/C issues to client (non public compnay): material weakness
Reasonable possibiliyt of material mistatement; has to be in writing to management and those charged with goveranance
Communication of I/C issues to client (non public compnay): significant deficiency
less severe than material weakness, but still merits consideration; has to be in writing to management and those charged with governance
Communication of I/C issues to client (non public company)
verbally communicate to management
Amount that qualifies smaller company as execmpt from external audit of interanl control over financial reporting
75 million
Managemetns responsbility under 404 (4)
1.accept responsibility for effectivenss of ICFR; 2. evaluate te effectivess of ICFR; 3:Support the evaluation with suffcient evidence; 4: present a written assesment regarding effectivenss of entitys ICFR as of the end of entitys most recent fiscal year
Auditors responsiility under 404 and AS5
1. must issue report on effectivenss as of end of the year; 2. must be done using an integrated audit approach; 3: must reach level of reasonable assurance
who is responsible for overal implementation of ICFR
Managemetn and board of directors
Who is responsible for reliability of ICFR
Control deficiency: design
control is missing or not designed well
control deficiency: operating
designed properly but not executed properly
3 categories of magnitued
material; not material but significant; not material or significatn
Likliehood and magnitude chart: material weakness
material and reasonably possible: report externally, to audit committee, and to management
Likliehood and magnitude chart: significatn deficiency
Not material but significant and reasonably possible: report to audit committee and management
Likliehood and magnitude chart: control deficiency
not material or significant and reasnably possible: report to management
Managemetns evaluation process for evalluating ICFR (3)
1.identify financial reporting risks and related controls; 2. consider which locations to include in the evaluation; 3. evaluate evidence about the operatign effectiveness of ICFR
Integrated audit
audit of ICFR and FS that does 3 things: planning of both are done together; has to be same audit firm; results of 1 are used to help with the other and vice versa
Steps in audit of ICFR (5)
1: planning; 2: idendity controls to test based on a top down risk based approacch; 3: test the design and effectiveness of selected controls; 4: evaluate identified control deficiencies; 5: form an opinion on the effectivness of ICFR
asses risk/fraud; scaling audit; using work of others
Top down, risk based approach (4)
identify entity level controls; identify signifcant accounts and disclosures and their relevant assertions; understand likely sources of mistatement; select controls to test (only test key controls)
Timing of testing for genral and application controls
must test general every year: test application controls in year 1, but don’t have to tests in future years as long as their has been no changes or problems
what are control deficiiencies based on
if a mistatemetn could occur, not if a mistatement did occur
management fixes the control deficiency in sufficient time so that management and auditors have time to test before end of year; key is not only that controll is fixed but it is tested to make sure it works
What happens if management refueses to give written representations
we have to issue a disclaimer of opinon - a scope of the audit issue
Why type of report to give if a control or significant deficiency
modificaiton based on type of defficiency: unqualified opinion
what type of report ot give if a material weakness
modification based on type of defficiency: adverse opinion
what type of report to give if a minor effect
modification based on scope limitation: unqualified
what type of report to give if more than minor effect
modification based on scope limitation: disclaim opinion or withdraw
can you have an adverse opinon on controls, but an unqualified opinon of financial statement:
sure, as long as you are abble to audit around weakness
acting in a manner consistent of what is expected from a CPA, lawyer, etc
Sources for private company audits
sources for public company audits
Principles of professional conduct
Ideal attitudes and behaviors; general and not enforceable
Rules of conduct
minimall acceptable standarsds; specifcally enforcabel
Interpretations and rulings
detailed interpreatations and awers to questions regarding rules of conduct; not specifically enforceable, but departures must be justified
Covered Member
a member that is on the engagement team; in a postion to influce the endgagement; a parter who rprives more than 10 hours of nonattest servicese; a partern in the office in which the lead engagement partner practices; the firm
Indirect fianncial interests
may be a problem if covered member owns more than 5% of mutual fund; If less than 5% its ok
Are blind trusts considered direct financial interst
4 circumsatncese in which loans arent considered direct financial interest
car loan/lease (collateralized by vehicle; CSV of insruance policly (collateralized by policy); cash deposit at lending institution (collateralized by deposit account); credit card (10,000) kept current at month end
are mortages allowed?
Rules: client emplyee moves to audit firm that does audit
cannon be on engagement team until the engagement doesn’t include any period of former employer; basically cant audit own work
Rules: CPA moves to client (non public company, key position)
must completely dissasocited self with firm
Rules: CPA moves to client (public company, key position)
must wait one year cooling off period; you can resign form firm and take year off, or tell firm your plans and ask to get taken off the engagement
rules: not going to key postion
just dissociate self
What is key position
any position where you have an impact on financial statement or oversight role
rules: considering leave
have to telll firm if your talking to client about a job
Non audit service that impair independece
never be in position to audit own work; never serve as advoacge for management; acutarial, lega, expert, management, internal audit
Independence rules for taxes
can do tax returns for audit clients; cannot do it for key indivduals or do tax shelter consulting
5 year rule
5 years on and 5 years off for partners
communication with audit committee
meet at least once every quarter; discuss all critical accountign policies
Rule 301
limit sicrumstances where you can disclose client info without client persmission: supoena or court order; comply with disciplanry; disclosure for GAAP; buying or sellign acccoutning practice
elevator rule
don’t talk about info in public places
same firm rule
If its not your client your not a covered member; you cant talkk about client with someone in you rfirm if you don’t have same client
quality control review non public company
once every 3 and ahalf yers
quality contorl review public companies:
if your firm does over 100 audits: once a year; if your firm does less than 100 audits: once every 3 years
2 categories of law auditors can be held liable under
common and staturory
elements of negligence
dutry to conform; breach; direct connection; client had to suffer damages
libaility to clients
breach of contract and negligence
liability to 3rd partys (typically investors)
Negligence; musst 1st prove standing
no liability unless there is a contract
near privity
contactj with auditor
Forseen 3rd party
followed by most states; peoples whos reliance is forseen; shareholders don’t qualify
reasonably forseen 3rd party
never followed
Fraud/ gross negligence - must prove 5 things
false representation; accoutnant knew it was false; knew thrid party would rely on it; 3rd party relied on it; 3rd party did relie on it
Joint and several
whoever is more at fault pays full damages
SEC act of 1933
realte to filing of new secrities; must prove they suffered a loss by investement; financial staemetns contain an error
SEC act of 1934
regulagees ongoing reporting of already registerred securities; client/firm can be held liabilie for making false staetmetns; can be held laiabile if material erro and plaintiff lied and damages based on lie and sceienter was present
Private securities litigation reform act of 1995
proportionate liabilityy; prohibit phising expeditions
securitieis litigation unifrom statnadars act of 1998
cannon make claims in federal court that belong in stae court
sox act 404
CEO, CFO, and auditors must annualy sign off on ICFR
RICo act
can be fined triple damages