Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
|
Internal control definition |
A process,effected by the entity’sboard of directors, management, and other personnel, designed to providereasonable assurance regarding, achievement of (the entity’s)objectives relating to:
-Operations -Reporting -Compliance |
|
|
Internal control objectives |
-in each area of internal control, objectives and sub-objectives must exist |
|
|
Foreign Corrupt Practices Act |
Passedin 1977 in response to American corporation practice of paying bribes andkickbacks to officials in foreign countries to obtain business --TheAct:
-Requiresan effective system of internal control -Makesillegal payment of bribes to foreign officials |
|
|
Controls over financial reporting include: |
-preventative -corrective -detective -controls overlap |
|
|
Preventative controls |
Aimedat avoiding the occurrence of misstatements in the financial statements
-Example: Segregation of duties |
|
|
Corrective controls |
Neededto remedy the situation uncovered by detective controls
-Example: Backups of master file |
|
|
Detective controls |
Designedto discover misstatements after they have occurred
-Example: Monthly bank reconciliations |
|
|
Types of controls overlap: |
-Complementary– function together
-Redundant– address same assertion or control objective -Compensating– reduces risk existing weakness will result in misstatement |
|
|
Components of Internal Control |
-TheControl Environment
-RiskAssessment -ControlActivities -InformationSystem Relevant to Financial Reporting and Communication -MonitoringActivities |
|
|
Control environment factors: |
-Commitmentto integrity and ethical values
-Boardof directors demonstrates independence from management and exercises oversightof internal control -Establishmentof effective structure, including reporting lines, and appropriate authoritiesand responsibilities -Commitmentto attract, develop, and retain competent employees -Holdingemployees accountable for internal control responsibilities |
|
|
Criteria for risk assessment |
-Clearlyspecify objectives to allow the identification and assessment of risks relatedto those objectives
-Identifyand analyze risks to the achievement of its objectives to determine how theymay be managed -Considerpotential fraud relating to the achievement of objectives -Identifyand assess changes that could impact internal control |
|
|
Control activities |
-Performancereviews
-Transactioncontrol activities -Physicalcontrols -Segregationof duties -Segregateauthorization, recording and custody of assets |
|
|
Monitoring |
Ongoingmonitoring activities include:
-Regularlyperformed supervisory and management activities Example: Continuous monitoring of customer complaints |
|
|
Enterprise risk management (ERM) |
-COSO issued a new internal controlframework in 2004 on enterprise risk management. It does not replace the original COSOinternal control framework
-Theauditing standards are still structured around the original COSO internalcontrol framework |
|
|
Steps of overall approach with internal control include: |
1.Planthe audit
2.Obtain an understanding of the client and its environment, including internalcontrol 3.Assess the risks of material misstatement and design further audit procedures 4.Perform further audit procedures 5.Complete the audit 6.Form an opinion and issue the audit report |
|
|
Step 2: obtaining an understanding of the client and environment |
Theunderstanding of internal control is used to help the auditor to:
-Identifytypes of potential misstatements -Considerfactors that affect the risks of material misstatement -Designtests of controls (when applicable) and substantive procedures. |
|
|
Obtaining the understanding procedures: |
-Inquiringof entity personnel
-Observingthe application of specific controls -Inspectingdocuments and reports -Tracingtransactions through the information system relevant to financial reporting |
|
|
How is the understanding of internal control documented? |
-questionnaires -written narratives -flowcharts -walk-throughs |
|
|
Step 3- assess the risks of material misstatements general approach |
-Identifyrisks while obtaining an understanding of the client and its environment,including its internal control
-Relatethe identified risks to what can go wrong at the relevant assertion level -Considerwhether the risks are of a magnitude that could result in a materialmisstatement -Considerthe likelihood that the risks could result in a material misstatement |
|
|
3 types of nature of transactions |
-Routinetransactions—e.g., revenue, purchases, and cash receipts and disbursements
-Non-routinetransactions—e.g., taking of inventory, calculating depreciation expense -Estimationtransactions—e.g., determining the allowance for doubtful accounts |
|
|
Responses to high risks of assessing financial statements |
-Assigningmore experience staff or those with specialized skills
-Providingmore supervision and emphasizing the need to maintain professionalskepticism -Incorporatingadditional elements of unpredictability in the selection of further auditprocedures to be performed -Increasingthe overall scope of audit procedures, including the nature, timing or extent |
|
|
Step 4- preform further audit procedures: approach |
-Identifycontrols likely to prevent or detect material misstatements
-Performtests of controls to determine whether they are operating effectively |
|
|
What do tests of controls address? |
-Howcontrols were applied
-Theconsistency with which controls were applied -Bywhom or by what means (e.g., electronically) the controls were applied |
|
|
What do tests of controls include? |
-Inquiries ofappropriate client personnel
-Inspectionofdocuments and reports -Observationofthe application of controls -Reperformanceofthe controls |
|
|
How is the work of internal auditors used? |
-Obtainingaudit evidence by using the internal auditors’ work performed as a part oftheir normal responsibilities
-Usinginternal auditors to provide direct assistance on the external audit. |
|
|
What do computer service organizations provide? |
processingservices to customers who decide not to invest in their own processing ofparticular data
-Examples: Outsource processing of payroll or Internetsales. |
|
|
Type 1 service auditor report |
Management’sdescription of the system and the suitability of the design of controls
|
|
|
Type 2 service auditor report |
Attributesof 1, plus assurance on the operating effectiveness of controls
-AType 2 report may provide the user auditor with a basis for assessing controlrisk below the maximum. |
|
|
3 different deficiencies in internal control |
-less than significant -significant deficiency -material weakness |
|
|
Management's report on internal control under Section 404a |
-Acknowledgmentof responsibility for internal control
-Anassessment of internal control effectiveness as of the last day of the company’sfiscal yearn using suitable criteria -Supportthe evaluation with sufficient evidence |
