Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
31 Cards in this Set
- Front
- Back
|
ICFR Definition |
ICFR is defined as a process designed to provide reasonable Assurance regarding the reliability of financial reporting and the preparation of financial statements in accordance with GAAP |
|
|
ICFR include procedures that: |
1. Pertain to the maintenance of records that accurately and fairly reflect the transactions dispositions of the assets of the company. 2. Provide reasonable assurance that transactions are properly authorized and recorded in accordance with GAAP. 3. Provide reasonable Assurance regarding the prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets. |
|
|
Under SOX section 404/ PCAOB AS 2201
What is managements responsibility? |
To issue a report that accepts the responsibility for establishing and maintaining adequate ICFR, and to assert whether ICFR is effective as of the end of the fiscal year. Therefore management of the firm must a) accept the responsibility for the effectiveness, b) evaluate the effectiveness using suitable control criteria, c) support the evaluation with evidence, documentation, and d) provide a written assessment. |
|
|
Under SOX Section 404 What is the auditors responsibility? |
Requires the auditor to audit management's assertion about the effectiveness of ICFR. The auditor must obtain reasonable assurance about whether the entity maintained, and all material respects, effective internal control as of the date specified in Managements assement, in order to express an opinion on the effectiveness of ICFR |
|
|
Audit ICFR objective |
To express an opinion on that fact of Miss of the company's internal control over financial reporting. |
|
|
Financial statement audit objective: |
To express an opinion on whether the financial statements are fairly stated in accordance with generally accepted accounting principles |
|
|
Management must comply with the following requirements in order for the external auditor to complete an audit of ICFR |
1. Accept the responsibility for the effectiveness of the entity's ICFR 2. Evaluate the effectiveness of ICFR using suitable control criteria, (COSO) 3. Support the evaluation with evidence, documentation. 4. Present a written assessment regarding the effectiveness of the entities ICFR as of the end of the entities most recent fiscal year. |
|
|
PCAOB AS 2201 (AS5) - The auditor must: |
A) express an opinion on the effectiveness of ICFR B) must conduct an integrated audit of icfr and the financial statement using a top down risk-based approach C) must identify significant accounts and test controls are related to relevant assertions. |
|
|
Identifying significant accounts involves: |
A) Size and composition of the account. B) Susceptibility to misstatement due to errors or fraud. C) Volume of activity, complexity, and homogeneity of the individual transactions processed through the account or reflected in the disclosure D) Nature of the account or disclosure. E) Accounting and Reporting complexities associated with the account or disclosure. |
|
|
Identifying significant axcounts pt 2 |
A) exposure to losses in the account B) possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure C) existence of related-party transactions in the account D) changes from the prior period in account or disclosure characteristics |
|
|
Identify relevant assertions |
Internal controls are relevant to certain assertions. Since we plan the nature timing and extent of substantive audit test at the relevant assertion level, we should identify and test controls at this level too. DR = AR / (IR X CR) |
|
|
Identifying controls to test involves |
A) understanding the flow of transactions related to the relevant assertions. B) identifying the points within the entities processes at which a misstatement could arise that would be material (WCGW). C) identify the controls that management has implemented to prevent these potential material misstatements. D) these are the controls that we want to test |
|
|
When testing controls consider: |
A) Nature: testing of manual versus automatic controls. Consider the type of test. B) Timing: opinion on ICFR is as of the balance sheet date. Test at interim in order to allow for time to correct problems. C) Extent: frequency and importance impact amount of testing |
|
|
When testing controls the auditor can also consider: |
- any changes from the prior years Work performed by: - internal audit - company management - the audit committee - consultant hired by management The auditor is responsible for the work of others, therefore the auditor must be comfortable with the competence and objectivity and test work of others |
|
|
Control deficiency |
A control deficiency exist when the design or operation of a control does not prevent or detect on a timely basis. Always report to managment. |
|
|
Significant deficiency |
A significant deficiency is a control deficiency or combination of deficiencies in the ICFR that is less severe than a material weakness, but should be reported to management and audit committee. |
|
|
A control deficiency can be: |
A control deficiency may be serious enough to be both considered a significant deficiency and a material weakness in the system of internal control |
|
|
Material weakness |
Material weakness is a deficiency, or a combination of deficiencies l in the ICFR, such that there is a reasonable possibility of a material misstatement in the financial statements that will not be prevented or detected on a timely basis. Report to everyone and issue adverse opinion on ICFR. |
|
|
The auditor must consider two dimensions of a control deficiency |
Likelihood ( reasonably possible) = >1% Magnitude (material, significant, or insignificant |
|
|
Magnitude and likelihood axis |
Are used to determine whether the deficiency is not Material or significant, not material but significant, or material. |
|
|
Compensating controls |
Before concluding that a control deficiency is indicative of a significant or material weakness, the auditor should consider the effectiveness of any compensating controls. Are there any backup controls that sufficiently support the lack of other controls? |
|
|
Risk factors that affect the likelihood that a control deficiency will result in a misstatement of an account balance or disclosure: |
- the nature of the financial statement accounts, disclosures, assertions involved. - acceptability of the related asset or liability to loss or fraud. - the subjectivity, complexity, or extent of judgement required to determine the amount involved. - the interaction or relationship of the control with other controls, including whether they are interdependent or redundant. - the interaction of the deficiencies. - the possible future consequences of the deficiency. |
|
|
Indicators of material weakness: |
- a deficiency or combination thereof prevents the auditor from having reasonable assurance that. transactions are properly recorded - identification of fraud, whether or not Material, committed by Senior Management. - restatement of previous financial statements to reflect the correction of a material misstatement. - identification by the auditor of a material misstatement of financial statements in the current. In circumstances that indicate that the mistake meant would not have been detected by the companies ICFR. - ineffective oversight of the company's external financial reporting and ICFR by the company's audit committee. |
|
|
Importance of management documenting their evaluation of internal controls. |
If management is not documenting their own evaluation of internal controls then right there is a significant deficiency. |
|
|
Internal control opinions |
1. Unqualified: the company maintained, and all material respects, effective internal control over financial reporting. No material weaknesses as of the balance sheet date. 2. Adverse: the company has not maintained effective internal control over financial reporting because at least one material weakness exist as of the balance sheet date. 3. Disclaimer: do not express an opinion due to a severe scope limitation. |
|
|
Auditor expresses to audit opinions |
1. On internal controls over financial reporting. 2. On the financial statements reliability. |
|
|
An integrated audit is composed of: |
The audits of internal control and the financial statements. The control testing impacts the planned substantive procedures. Also, the results of substantive procedures are considered in the evaluation of internal control. |
|
|
What effect does the audit of internal control have on the financial statement audit? |
When performing an integrated audit, the auditor has access to a large amount of info about the clients controls. This info makes the financial statement audit more efficient and results in reduced substantive procedures. |
|
|
Regardless of the level of control risk in connection to the financial statement audit, auditing standards require: |
at least some substantive procedures for all significant accounts and disclosures |
|
|
Effects of the financial statement audit on the audit of internal control |
Issues found while auditing the financial statements can inform the auditor about the operating effectiveness of internal controls. |
|
|
When performing a financial statement audit in connection with the internal control audit, consider: |
1. Miss statements detected. 2. The Auditors risk evaluations in connection with the selection and application of substantive procedures, especially those related to fraud. 3. Findings with respect to Illegal acts and related-party transactions. 4. Indications of management bias in making accounting estimates and in the selecting accounting principles. |
