Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
32 Cards in this Set
- Front
- Back
What are the client's 3 internal control objectives
|
1) Reliability of financial reporting
2) Efficiency and effectiveness of operations 3) Compliance with applicable laws and regulations |
|
What does efficiency relate to
|
The time it takes to complete a task
|
|
What does effectiveness relate to
|
The quality of work
|
|
Efficiency and effectiveness
|
Safeguarding of assets
Accurate information for decision making |
|
What are managements responsibilities related to internal control
|
Establish and maintain system of internal controls (reasonable assurance, Inherent limitations)
Section 404 reporting responsibilities (design of internal control, Operating effectiveness of internal controls) |
|
What are the auditors responsibilities related to internal control
|
Understand internal controls to assess control risk in the audit (reliability of financial reporting, Classes of transactions)
Section 404 reporting responsibilities (testing internal control, Issue a report on internal controls) |
|
Who should approve the audit firms services
|
Audit committee
|
|
What are the 5 components of internal control
|
Control environment
Risk assessment Control activities Monitoring Information and communication |
|
What are the 5 specific control activities
|
1) adequate seperation of duties
2) Proper authorization of transactions and activities 3) adequate documents and records 4) physical controls over assets and records 5) Independent checks on performance |
|
What are 4 control activities for adequate documents and records
|
Prenumbered consecutively
Prepared at the time of transaction Designed for multiple use Constructed to encourage correct preparation |
|
What is the most important type of protective measure for safeguarding assets and records
|
The use of Physical Precautions
|
|
Why does the need for independent checks arise
|
Because internal control tends to change over time unless there is a mechanism for frequent review
|
|
What is the purpose of an accounting information and communication system
|
To initiate, record, process, and report the entity's transactions and to maintain accountability for the related assets
|
|
The level of understanding internal control and extent of testing required for the audit of internal controls exceeds what is required for only....
|
An audit of financial statements
|
|
What does SAS 109 and PCAOB standard 2 both require
|
Auditors to obtain an understanding of internal control for every audit and document their understanding
|
|
What are the procedures to obtain an understanding of internal control
|
Gather evidence regarding the design of controls
Determine whether the controls are in operation Uses the information as a basis for the integrated audit of the financial statements |
|
What are 3 internal control documentation methods
|
Narrative
Flowchart Internal Control Questionnaire |
|
How does an auditor evaluate internal control
|
Performing walkthroughs
Inquiries of client personnel Evaluate auditors previous experiences with entity Examine documents and records |
|
How does an auditor assess whether the financial statements are auditable
|
Evaluate the integrity of management
Evaluate the adequacy of the accounting records |
|
The auditor must communicate
significant deficiencies and material weaknesses HOW, and to WHO |
Must be in writing and To those charged with governance (as soon as the auditor becomes aware of their existence, Latest date is 60 days after audit report)
|
|
What are the procedures for tests of controls
|
Make inquiries of client personnel
Examine documents, records, and reports Observe control-related activities Reperform client procedures |
|
The extent to which tests of controls are applied depends on what
|
The preliminary assessed control risk
|
|
SAS 110 requires tests of specific controls when
|
At least every third year and some controls in the area must be tested every year
|
|
When do significant risks require testing
|
Every year if the auditors want a control risk assessment below 100%
|
|
Testing less than the entire audit period
|
Interim period testing of controls is common
|
|
How are the planned detection risk and related substantive tests determined
|
The auditor uses the results of the control risk assessment process and tests of controls to determine these
|
|
Section 404 Reporting on internal control
|
The auditor's opinion on whether the company maintained, in all material respects, effective internal control over financial reporting as of the specified date
|
|
Unqualified opinion on internal control
|
There are no identified material weaknesses and no restrictions on the scope of the auditors work
|
|
Adverse opinion on internal control
|
Issued if a material weakness exists
Most common cause is when management identified a material weakness in its report |
|
Qualified or disclaimer opinion on internal control
|
Required when there is a scope limitation
Could occur when auditor cannot reach an opinion for other reasons besides a scope limitation |
|
Reporting requirements for nonpublic companies
|
No requirement for an audit of internal control over financial reporting
SAS 112: auditor is required to issue a written report on significant deficiencies and material weaknesses to those charged with governance |
|
Extent of required internal controls for public companies
|
Management is required to have the controls just like in public companies
|