• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

19 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)
What are the responsibilities of Auditors and Management in Internal Control?
A process, effected by an entity's Board of Directors, Management, and Other personnel, designed to provide REASONABLE ASSURANCE regarding the achievement of 3 objectives.
ch. 6
What are the objectives of Internal Control?
1. Reliability of Financial Reporting
2. Effectiveness and Efficiency of Operations
3. Compliance with applicable laws and regulations
ch. 6
Which Internal Control objectives are relevant to Auditors?
1. Reliability of financial reporting
(the other two have to do with Management, BOD, government and Investors)
ch. 6
List the components of Internal Control.
1. Control Environment
2. Entity's Risk Assessment process
3. Information System and related business processes relevant to financial reporting and communication
4. Control Activities
5. Monitoring of Controls
ch. 6
What are the factors affecting the Control Environment?
1. Management's philosophy, operating style, Integrity, Ethics
2. Existence / Implementation of an entity code of ethics
3. Management's financial reporting attitudes
4. Organizational structure
5. Membership and operation of the board's AUDIT COMMITTEE
6. Presence/Performance of an Internal Audit function
ch. 6
What is Risk Assessment in Internal Control?
The entity's identification and analysis of relevant risks to help ensure achievement of its objectives.
ch. 6
What is the COSO framework for the design of Internal Control Systems?
ERM (Enterprise Risk Management) -
This risk assessment process should consider EXTERNAL and INTERNAL events and circumstances that may arise and adversely affect the entity's ability to initiate, record, process, and report financial data consistent with the assertions of management in the financial statements.
ch. 6
What are the types of Control Activities in Internal control?
1. Performance Reviews
2. Segregation of Duties
3. Physical controls over the security of assets
4. Information Processing (data verification, new system development, System access restriction)
ch. 6
Describe Control Activities in Internal Control?
Policies and Procedures that help ensure that management's directives are carried out and are implemented to address risks identified in the risk assessment process.
ch. 6
What is the importance of monitoring mechanisms in Internal control?
Management should assess the quality of control performance on a TIMELY BASIS and TAKE NECESSARY CORRECTIVE ACTION. (need this so that they can respond to problems in a timely basis)
ch. 6
What are the limitations of Internal Controls?
1. Human error
2. Collusion
3. Management override
4. Cost/Benefit Analysis
*** There is often a trade-off between the cost and the effectiveness of Internal Controls.
*** The concept of REASONABLE ASSURANCE recognizes that the cost of an entity's internal control should not exceed the benefits that are expected to be derived.
ch. 6
What is the difference in testing procedures for Public versus NonPublic companies in Internal Controls?
Public clients and Non-Public clients:
1. Understand the client's internal control (top-down approach -- effective way is to do a walk-through)
** Document the understanding of internal control by doing a QUESTIONNAIRE, NARRATIVE, and/or an ACCOUNTING AND CONTROL SYSTEM FLOWCHART.
Process for Non-Public clients can stop at this point, because:
1. Controls are found to be ineffective
2. Testing of controls is not efficient.
ch. 6
What are the General Phases of Internal Control for Public clients?
1. Understand and Document client's internal controls
2. Assess control risk (Preliminary)
3. Perform Tests of Controls and Reassess (identify specific controls that will be relied upon, Perform tests of controls, Conclude on the achieved level of control risk)
ch. 6
What is the purpose of the auditor's control risk assessment in Internal control evaluation?
To Gain understanding of the client's internal controls and document the understanding.
ch. 6
What is the relationship between the Control Risk assessment and Substantive Testing procedures?
The Substantive procedure is OPTIONAL. This is done AFTER understanding the Internal control. The control risk is SET AT THE MAXIMUM LEVEL for some or all assertions because of one or all of the following factors:
1. Controls are assessed as ineffective
2. Testing the effectiveness of controls is inefficient
ch. 6
What's the difference between a Reliance Strategy and a Substantive Strategy?
A Substantive strategy means that the auditor will NOT rely on the entity's controls and will use substantive procedures as the main source of evidence about the assertions in the financial statements.
A Reliance Strategy means that the auditor intends to rely on the entity's controls.
ch. 6
When is the Reliance Strategy and Substantive Strategy acceptable?
SUBSTANTIVE STRATEGY - when controls are assessed as INEFFECTIVE and
Testing the Effectiveness of controls is INEFFICIENT
RELIANCE STRATEGY - when the auditor has a more detailed understanding of internal control, so he relies on the entity's controls.
SUBSTANTIVE STRATEGY - when controls are assessed as INEFFECTIVE and Testing the effectiveness of controls is INEFFICIENT.
ch. 6
Explain Reliance Strategy.
A Reliance Strategy means that the auditor intends to rely on the CLIENT'S CONTROLS!
After obtaining an understanding of Internal Controls, an auditor may choose to follow the Reliance Strategy by setting control risk BELOW THE MAXIMUM (Set CR at Moderate or Low) for some of all assertions.
It requires these:
1. Identify specific controls that will be relied upon
2. Perform tests of controls
3. Conclude on the achieved level of control risk
ch. 6
Given the information about the strategy selected, what does this tell you about control risk (and the nature of the tests that will be performed)?
The auditor uses the achieved level of Control Risk and the Assessed Level of Inherent Risk to assess the risk of material misstatement and to then determine the level of Detection Risk needed to bring Audit Risk to an acceptable LOW LEVEL. The level of Detection Risk is used to determine the nature, timing, and extent of SUBSTANTIVE TESTS.
** If the Tests of Control are consistent with the auditor's planned assessment of CR, then no extra tests of substantive procedure need be done.
** If, however, the Tests of Controls show that the controls are not working as assessed, then the CR low-level has not been reached and there needs to be more substantive procedures done.
ch. 6