Chapter 7
As of date
A concept applied to internal control reporting by the Sarbanes-Oxley Act of 2002 and PCAOB Standard No. 5.
corrective control
A control established to remedy control problems (e.g., misstatements) that are discovered through detective controls.
compensating control
A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective
material weakness
A deficiency in internal control over financial reporting (or a combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis.
significant deficiency
A deficiency in internal control over financial reporting (or combination of deficiencies) that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
fidelity bonds
A form of insurance in which a bonding company agrees to reimburse an employer for losses attributable to theft or embezzlement by bonded employees.
service auditor
A practitioner that reports on the internal controls at a service organization.
walk-through
A procedure in which an auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records, using the same documents and information technology that company personnel use.
management letter
A report to management containing the auditors' recommendations for correcting any deficiencies disclosed by the auditors' consideration of internal control.
Deficiency in internal control
A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis.
Audit decision aid
A standard checklist, form, or computer program that assists auditors in making audit decisions by ensuring that they consider all relevant information or that aids them in weighting and combining the information to make a decision.
system flowchart
A symbolic representation of a system or series of procedures with each procedure shown in sequence.
written narrative of internal control
A written summary of internal control for inclusion in audit working papers.
user auditor
An auditor that audits and reports on the financial statements of a user entity.
user entity
An entity that uses the services of a service organization and whose financial statements are being audited.
service organization
An organization or segment of an organization that provides services to user entities that are relevant to the user entities' internal control over financial reporting.
Incompatible Duties
Assigned duties that place an individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance.
preventive controls
Controls that deter control problems before they occur.
complementary control
Controls that function together to achieve the same control objective.
Internal Auditors
Corporation employees who design and execute audit programs to test the effectiveness and efficiency of all aspects of internal control.
redundant controls
Duplicate controls that achieve a control objective.
Foreign Corrupt Practices Act
Federal legislation prohibiting payments to foreign officials for the purpose of securing business. The act also requires all companies under SEC jurisdiction to maintain a system of internal control providing reasonable assurance that transactions are executed only with the knowledge and authorization of management.
Internal control questionarre
One of several methods of describing internal control in audit working papers, usually designed so that "no" answers prominently identify weaknesses in internal control.
organizational structure
The division of authority, responsibility, and duties among members of an organization.
planned assessed level of control risk
The level of control risk the auditors assume in designing further audit procedures, which include an appropriate combination of tests of controls and substantive procedures.
Assessed level of control
The level of control risk used by the auditors in determining the acceptable detection risk for a financial statement assertion and, accordingly, in deciding on the nature, timing, and extent of substantive procedures.