ch.07

Limit tests

(analytical procedures) paid upon a certain amount should signal a red flag

As long as the financial statements reflect the cost of the materials used, the auditors are not directly concerned with the inefficiencies of production

...

For Example, controls to prevent the excess use of materials in production generally are not

...

For example, controls that limit access to the company's inventories may be relevant to a financial statement audit

...

Violations of the foreign corrupt practice act can result in fines up to

1 M and imprisonment of the members of management who are responsible

Au is probogated by who

AICPA

4 test of controls

IIOR

Internal control (COSO)

a process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories; reliability of financial reporting, effectiveness and efficiency of operations & compliance with applicable laws and regulations

What is an example of a compensating control

a small business may not have enough personnel to allow for segregation of duties, but the owner-manager of the business may carefully review accounting records and reports to compensate for the weakness

When management decision making is centralized and dominated by one individual, that individual's

abilities and moral character are extremely important to the auditors

The accounting department is responsible for all

accounting functions and, often, the design and implementation of internal controls

Periodic comparisons should be made be between

accounting records and the physical assets on hand

Controls designed to safeguard the organization's assets are relevant to an audit if they

affect the reliability of financial reporting

Ultimately, the effectiveness of internal control is

affected by the characteristics of the organization's personnel

Ex of control over information processing

after processing a credit sales transaction, the accounting department receives copies of internal documents prepared by the sales, credit, and shipping departments to properly record the transaction (the documents inform the accounting department that the sale was authorized and approved and goods were shipped to the customer

At the very detailed level, the overall objective as applied to A/R

all goods shipped are accurately billed in the proper period

The risk appetite of management has

an impact on the overall reliability of the financial statements

Fidelity bonds

are a form of insurance in which a bonding company agrees to reimburse an employer, within limits, for losses attributable to theft or embezzlement by bonded employees

Control activities

are policies and procedures that help ensure that management's directives are carried out

Treadway commission

as a result of a number of instances of fraudulent financial reporting in the 1970's and early 1980's, to study the casual factors that are associated with fraudulent reporting and make recommendations to reduce the incidence of fraudulent reporting

Where do preventative controls often operate

at the individual transaction level

Where do detective controls operate

at the transaction level or at a higher level

What are the 3 types of substantive tests

balances, transactions & analytical procedures

General awareness of what fact is a deterrent against dishonesty on part of bonded employees

bonding companies are much more likely to prosecute fraud cases vigourously

A client's antifraud programs and controls include both

broad programs designed to prevents, deter, and detect fraud, and specific controls designed to mitigate specific risks of fraud

The control environment of an organization is significantly influenced

by the effectiveness of its board of directors or its audit committee

Ex of complementary controls

cash disbursements to be authorized along with the complement control of requiring reconciliations of bank statements

What documents can be controlled by the use of serial numbers

checks, tickets, sales invoices, purchase orders and stock certificates

Internal controls definition

compliance with rules, regulations & laws, effectiveness of operations & reliability

Coso framework components

control environment, risk assetement, information & communication, control activities, monitoring

The accounting department, under the authority of _______ is responsible for all accounting functions and, often, the design and implementation of internal control

controller

An example of controls being relevant if they affect the reliability of data that the auditors use to perform auditing procedures

controls applicable to nonfinancial data (e.g. production stats) that the auditors use in performing analytical procedures may be relevant to an audit

Organizational structure

divides authority, responsibilities, and duties among members of an organization

Analytical procedures are performed when

during both planning and completion of the audit

Effective corporate governance involves

establishing incentives and monitoring devices to prevent inappropriate behavior on the part of management of an organization

With respect to incentives, it is important for the board of directors to establish an

executive compensation system that aligns management's behavior with the objectives of the shareholders of the firm

What are the six audit transaction related control objectives

existence, completeness, accuracy, classification, timing, posting & summarization

External monitoring devices

external auditors, the SEC, stock exchanges, creditors, rating agencies, investment bankers & security analysts

Improper access to assets, generally accomplished by

falsifying financial records

What are the three areas of internal control according to COSO

financial reporting, operations and compliance

What is danger in using analytical procedures

fixating on quantities, looking for reasonable relationships among details, so it is better to use date not directly related to financial statements

What are the two broad categories of information processing controls

general control activities & application control activities

Authorization may be ______ or _______

general or specific

Which controls are move relevant to the audit of financial statements

generally, the controls that are relevant to an audit are those that pertain to the reliability of financial reporting (affect the preparation of financial information for external reporting purposes)

The audit committee should have one or more members who

have financial reporting expertise

Centralized structure of mgmt override of control is

huge risk

Redundant controls

if they address the same financial statement assertion or control objective

Informal organization control

implemented by face to face contact between employees and management

Physical controls

include those that provide physical security over both records and otherassets

The control environment sets the tone of an organization by

influencing the control consciousness of people

What controls get at accuracy, completeness, and authorization of transactions

information processing controls

Control environment factors include

integrity and ethical values, commitment to competence, board of directors, or audit committee, management's philosophy & operating style, organizational structure, assignment of authority and responsibility, and human resource policies and practices

_________________- is a primary internal corporate monitoring device

internal control

COSO says that supporting the control objectives

is a series of assertions that underlie the financial statements

Ex of corrective control

maintaining backup copies of key transactions and master files to allow the correction of data entry errors

Activities that safeguard assets may include

maintaining control at all times over unissued prenumbered documents, journal, ledgers and restricting access to computer programs and data files

What departmental segregation of duties is utilized

management may have generally authorized the sale of merchandise at specific terms, credit department approves the transaction, shipping executes the transaction by obtaining custody of the merchandise from inventory and ships to customer, the accounting department uses copies of the documentation created by the sales, credit, and shipping department as a basis for recording the transaction and billing the customer

Risk assessment is

management's process for identifying, analyzing, and responding to such risks

Effective human resource policies often can

mitigate other weaknesses in the control environment

How do we check serial numbered documents

monthly or weekly inspection or by computing the total value of tickets issues during the day

Does a party in segregation of duties have to be a person

no, A is person, B might be cash register (custody) & C would be the supervisor

General authorization

occurs when mgmt establishes criteria for acceptance of a certain type of transaction

Specific authorization

occurs when transactions are authorized on an individual basis

Controls over payroll help to ensure

only aurhorized payroll transactions are processed, and authorized payroll transactions are processed completely and accurately

The reconciliation function is performed by the _______ or _______

operations control group or some other sub-department within accounting

The board of directors and audit committee are responsible for

overseeing the actions of management

Foreign corrupt practices Act of 1977

payments to foreign officials for the purpose of securing business are specifically prohibited for all American businesses by the anti-bribery provisions of the act

What are the 4 types of control activities that are relevant to an audit of the organization's financial statements

performance reviews, information processing controls, physical controls & segregation of duties

Nonroutine monitoring example

periodic audits by the internal auditors

Ex of Detective controls

preparation of monthly bank reconciliations

At the top level, the overall objective is to

prepare and issue reliable financial information

COSO's definition of internal control emphasized that internal control is a

process, or a means to an end, and not an end in and of itself

Performance reviews

provide management with an overall indication of whether personnel at various levels are effectively pursuing the objectives of the organization

An organization's accounting information system consists of the methods and records established to

record, process, summarize, and report an entity's transactions and to maintain accountability for the related assets, liabilities, and equity

Compensating control

reduces the risk that an existing or potential control weakness will result in a misstatement

Ongoing monitoring activities include

regularly performed supervisory and management activities, such as continuous monitoring of customer complaints

Performance reviews

relate different sets of data to one another

The controls over payroll would only effect the ______ of payroll processing

reliability

5 transactions cycles

revenue cycle, payroll (hr), expenditures, production (conversion), finance, investing

Examples of preventative controls

segregation of duties 7 requiring approval of period-ending journal entries

A control of wide applicability is the use of

serial numbers on documents

SAS are applicable unless

suberceeded by PCAOB standards

A fundamental concept of internal controls is

that no on department or person should handle all aspects of a transaction from beginning to end

Incompatible duties

that would allow him or her to both perpetrate and conceal errors or fraud in the normal course of his or her duties

The division of responsibilities between accounting and finance illustrates the separation of

the accounting function from operations and also from custody of assets

How is the auditors' risk assessment related to the organization's risk assessment?

the auditor's risk assessment is primarily concerned with evaluating the likelihood of material misstatements in the financial statement & can encompass both operations and compliance with laws

What is the one major difference between control objectives and assertions

the control objective are broader in that they relate not only to financial reporting, but also to operations and compliance

By COSO including the concept of reasonable assurance

the definition recognized that internal control cannot realistically provide absolute assurance that an organization's objectives will be achieved

The finance department conducts

the financial activities (custody of cash)

Complementary controls

they function together to achieve the same control objective

The top executives of the major departments should be of equal rank and should report directly

to the president or to an executive vice president

Ex of general authorization

top management may establish general price list and credit policies for customers

Under the direction of the _______, the finance department is responsible for financial operations and custody of liquid assets

treasurer

Before issuing fidelity bonds

underwriters; investigate thoroughly the past records of the employees to be bonded

Application control activities

which apply only to one particular activity

General control activities

which apply to all information processing procedures

What is an example of general control activity

would include those that help ensure the reliability of all information processing activities

A more formal organization will establish

written policies, performance reports, and exception reports to control its various activities