Chapter 7
The controls that are most relevant to an audit are those that pertain to the reliability of ___________ reporting.
financial
A good source of information about a client's internal control system can come from procedures manuals and ______________, which graphically describe the approved practices of the entity.
flowcharts
The Foreign Corrupt Practices Act requires organizations to maintain a system of internal control to provide reasonable assurance that transactions are executed with the ___________ and authorization of management.
knowledge
If the assessed level of control risk is high, the auditor should plan to perform more ______________ procedures.
substantive
Finance Department
- Handles cash receipts and makes cash disbursements - Custody of bank accounts and other liquid assets
The following internal control practices can help strengthen internal control in small companies.
- Record all cash receipts immediately - Issue checks only after matching approved invoices with purchase orders and receiving reports - Use pre-numbered checks
Rank the level of deficiencies based on severity from least severe to most severe:
1. Less than significant deficiency 2. Significant deficiency 3. Material weakness
Type 2 Report
A report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls.
Record Transaction
Accounting department uses copies of documentation to bill the customer.
Risk assessment is management's process for:
Analyzing risks Identifying risks
Auditors use their understanding of internal control to do all of the following except: Consider factors that affect risks of material misstatements Assess detection risk for use in the audit risk model Identify types of potential misstatements Design tests of controls and substantive procedures
Assess detection risk for use in the audit risk model
Transaction Processing Controls
Authorization of inventory purchases.
Reperformance
Compare the quantity from sales invoice to related shipping document, compare unit price to client's price list and verify extensions and footings.
Performance Review
Comparison of budget to actual cost of goods sold data.
The company has one control that requires reconciliations of bank statements and one control that requires all cash disbursements to be authorized. These controls are examples of:
Complementary Controls
Questionnaire
Contains standard questions for each major transaction cycle to interview clients and note weaknesses.
Corporate governance is primarily concerned with controlling management and providing incentives for appropriate management behavior. As a result, corporate governance has the greatest influence on this component of internal control.
Control environment
The difference between control objectives of internal control and management assertions is that:
Control objectives relate to operations, compliance, and financial reporting
Segregation of Duties
Credit department approves sale of inventory, shipping department has custody and accounting department records the sale.
Authorize Transaction
Credit department approves the sales transaction.
Match the party with it's responsibility: Bank
Custody of cash
A policy requiring the preparation of a monthly bank reconciliation is an example of a:
Detective Control
Flowchart
Diagram that is a symbolic representation of a system or series of procedures with each procedure shown in sequence.
T/F: If the auditors' assessment of the design of internal control reveals that it cannot be relied upon, the auditors are NOT required to prepare any documentation of internal control for their working papers
False
T/F: In a financial statement audit, CPAs are required to assess the operating effectiveness of most significant accounting oriented controls.
False
T/F: The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtain business.
False
T/F: The auditors' communication of internal control significant deficiencies should be addressed only to senior management of the company.
False
T/F: The relatively low number of types of transactions incurred by small firms makes the segregation of duties impossible.
False
T/F: Well-designed internal control will prevent all fraud by top management.
False
Auditors use their understanding of which internal control component to identify risks of material misstatement that relate directly to the recording of transactions such as the recording of routine transactions like revenue?
Information system
An important aspect of the monitoring component is this department that investigates and appraise internal control and report their findings to management and the audit committee.
Internal audit
Physical Controls
Locked door to warehouse that stores inventory.
Test of controls allow for:
Lower assessment of control risk
Match the party with it's responsibility: Cashier
Maintain records of cash receipts and disbursements
Written Narrative
Memos that describe the flow of transaction cycles, identify employees performing various tasks, documents prepared, records maintained and division of duties.
Match the party with it's responsibility: Controller
Performs periodic bank reconciliations
AICPA and Internal Auditing Standards
Require that test of controls be performed at least every third audit.
PCAOB
Requires that annually some evidence regarding operating effectiveness should be obtained.
Inspection
Select a sample of sales invoices and look for initials of a second person who reviewed the quantities, prices, extensions, and footing of each sales invoice.
Custody of Assets
Shipping department takes inventory from warehouse to ship to customer.
After assessing the risk of material misstatement, auditors should design further audit procedures such as:
Substantive procedures and tests of controls if planned assessed level of control risk is low.
Inquiry
Talk to client personnel about the control policy requiring a second person to review the quantities, prices, extensions, and footing of each sales invoice.
T/F: CPA firms may use written narratives to describe internal control in their audit working papers
True
T/F: Incompatible duties exist when an employee is in a position to perpetrate and conceal errors or fraud.
True
T/F: Internal control is concerned with the reliability of financial information.
True
Observation
Watch as a second person reviews the quantities, prices, extensions, and footing of each sales invoice.
A _______ of accounts is a classified listing of all accounts in use by the entity accompanied by a detailed description of the purpose and content of each.
chart
External auditors should assess the ___________ (proficiency and training based on education, experience, and professional certifications) and ___________ (ability to perform their duties free from conflicting responsibilities or constraints (of the internal audit function before relying on their work.
competency; objectivity
Transaction-level control activities can be broken into two categories: __________ control activities that apply to all or multiple types of transactions and __________ control activities that apply to the processing of a single type of transaction.
general; application
Tests of controls address the following:
- By whom and by what means the controls were applied - How controls are applied
When identifying the risk of material misstatement, auditors rely on
- Internal control implementation and expected effectiveness - Internal control design perceived effectiveness
Type 1 Report
A report on management's description of a service organization's system and the suitability of the design of controls.
general control activities
apply to all or multiple types of transactions
application control activities
apply to the processing of a single type of transaction.
The control environment is viewed as the _____________ of internal control.
foundation
Because of cost considerations, internal control is not designed to provide absolute assurance against fraud and waste but instead __________ assurance.
reasonable
When auditors assess risk at the __________ assertion level instead of the financial statement level, they consider both the design of the control and its implementation.
relevant
An understanding of the risk assessment component can assist auditors in identifying risks of material misstatement. Factors that may indicate increased financial reporting risk include:
- Changes in personnel - New business models
Risks at the financial statement level:
- Potentially affect many relevant assertions - Require considerable judgment for the auditor
The owner of a small company can have a significant impact on internal control by:
- Reading daily cash register totals - Signing all checks and canceling supporting documentation
Accounting Department
- Responsible for design and implementation of internal control - Records financial transactions
Accounting estimates are particularly difficult for management to control and often have a high risk of material misstatement because:
- Subjective nature of estimate - Complexity of estimate - Assumptions needed to make estimate