Chapter 7
Organizational structure
the division of authority, responsibility, and duties among members of an organization
Planned assessed level of control risk
the level of risk that auditors assume in designing further audit procedures, which include appropriate combination of tests of control and substantive procedures
Inherent risk
the risk of material misstatement of a financial statement assertion, assuming there are not related controls.
Transaction Cycle
the sequence of procedures applied by the client in processing a particular type of recurring transaction. the auditors' working paper description of internal control often is organized by the clients major ___________
Suitable Criteria
1) Objectivity 2) Measurability 3) Completeness 4) Relevance
As of Date
A concept applied to internal control reporting by Sarbanes-Oxley act of 2002 and PCAOB standard no. 5. the internal control reports of both management and the auditors are as of the final date of the reporting period.
Corrective Control
A control established to remedy control problems that are discovered through detective controls
Compensating control
A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective. These are ordinarily controls performed to detect, rather than prevent, the original misstatement from occurring.
Material Weakness
A deficiency in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis.
Fidelity Bonds
A form of insurance in which a bonding company agrees to reimburse and employer for losses attributed to theft or embezzlement by bonded employees.
Service Auditor
A practitioner that reports on the internal controls at a service organization.
Internal Control
A process, effective by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives.
Deficiency in Internal Control
A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their functions to prevent or detect misstatements or a timely basis.
Audit decision aid
A standard checklist, form, or computer program that assists auditors in making audit decisions by ensuring that they consider all relevant information or that aids them in weighting and combing the information to make a decision
Systems Flowchart
A symbolic representation of system or series of procedures with each procedure shown in sequence.
Integrated Audit
An audit where auditors, in addition to an opinion on the financial statements, express an opinion on the effectiveness of a company's internal control over financial reporting, in accordance with PCAOB audit standard no. 5.
Service Organization
An organization or segment of an organization that provides services to the user entities that are relevant to the user entities' internal control over financial reporting.
Suitable Criteria
Are the standards or benchmarks used to measure and present the subject matter against which the CPA evaluates the subject matter.
Relevant Assertions
Assertions that have meaningful bearing on whether an account balance, class of transaction, or disclosure is fairly stated. Example valuation may not be relevant to the cash account unless currency translation is involved; however, existence and completeness are always relevant.
What can go wrong at the relevant assertion level. Whether the risks are of magnitude that could result in a material misstatement. The likelihood that the risk could result in a material misstatement.
Assessing the right of material misstatement the auditors must consider:
Risk assessment procedures (DEF)
Audit Procedures performed to obtain an understanding of the client and its environment, including its internal control. Some of the information obtained by performing these __________ maybe used by the auditor as audit evidence to support assessments of the risks of material misstatement.
Obtaining an understanding of internal control, including knowledge about the design of relevant controls and whether They have been implemented by the client. Assessing the risks of misstatement Designing further audit procedures
Auditor responsibility with respect to internal control
Control environment, Risk assessment, Control activities, the accounting information and communication system, Monitoring
Components of internal control
Detective controls
Controls designed to discover control problems soon after they occur.
Preventive control
Controls that deter control problems before they occur.
Complementary controls
Controls that function together to achieve the same control objective
Internal Auditors
Corporation employees who design and execute audit programs to test the effectiveness and efficiency of all aspects of internal control. The primary objective of ____________is to evaluate and improve the effectiveness and efficiency of the various operating units of an organization rather than to express and opinion as to the fairness of financial statements.
Redundant Controls
Duplicate controls that achieve a control objective
Operating deficiency
Exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.
Design Deficiency
Exists when either a control necessary to meet a control objective is missing or the existing control is not designed to operate effectively.
Foreign Corrupt Practice Act
Federal Legislation prohibiting payments to foreign officials for the purpose of securing business.
Control environment, Risk assessment Control activities,The accounting information and communication system, Monitoring
Five components of internal control
Effectiveness and efficiency of operations Reliability of financial reporting Compliances with applicable laws and regulations
Internal Control objectives
internal control questionnaire
One of several methods of describing internal control in audit working papers. ___________designed so that "no" answers prominently identify weakness in internal control
Substantive Procedures
Procedures performed by the auditor to detect material misstatement in account balances, classes of transactions, and disclosures
Test of controls
Procedures performed by the auditor to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level.
Integrated Audit
Public companies with a market capitalization of 75,000,000 or more are required to undergo __________________
inquires of management and others within the entity analytical procedures observation and other procedures including inquires of others outside the entity
Risk assessment procures include
Further Audit procedures
Substantive procedures for all relevant assertions and tests of controls when the auditors' risk assessment includes and expectation that controls are operating affectively.
Objectivity, Measurability, Completeness and Relevance,
Suitable Criteria (attributes)
Assessed level of control risk
The Level of control risk used by the auditors in determining the acceptable detection risk for financial statement assertion, and accordingly, in deciding on the nature, timing, and extent of substantive procedures.
Further Audit procedures
The auditors perform risk assessment procedures to obtain an understanding of the client and its environment , including internal control. they then conduct risk assessment and determine the appropriate __________________
Control Risk
The possibility that a material misstatement due to error or fraud in a financial statement assertion will not be prevented or detected by the client's internal control
Test of controls
These tests are performed when the auditors risk assessment includes an expectation of the operating effectiveness of controls, including circumstances in which planned substantive procedures alone do not provide sufficient appropriate audit evidence.
Foreign Corrupt Practice Act
This requires all companies under SEC jurisdiction to maintain a system of internal control providing reasonable assurance that transactions are executed only with the knowledge and authorization of management
Significant deficiency
______ in internal control over financial reporting (or combination of ) that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
Suitable Criteria
____________are established or developed by groups, composed of experts that follow due process procedures, including exposure of the proposed criteria for public comment.
Systems Flowchart
___________are a widely used method of describing internal control in audit work papers.
Walk-through
a procedure in which an auditor follows a transition from origination through the company's process, including information systems, until it is reflected in the company's financial records, using the same documents and information technology that company personnel use. Usually include observation, inspection of relevant documentation, and reperformance of controls
Management letter
a report to management contacting the auditors recommendations for correcting any deficiencies disclosed by auditors' considerations of internal controls. This will also help limit the auditors liability in the even a control weakness subsequently results in a loss by the client.
Written narrative of internal control
a written summary of internal control for inclusion in audit work papers. ___________are more flexible than questionnaires, but by themselves are practical only for describing relatively simply systems.
User Auditor
an _______ that audits and reports on financial statement of a user entity.
User entity
an __________ that uses the services of a service organization and whose financial statements are being audited
Incompatible duties
assigned duties that place and individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance.