ch.07
Limit tests
(analytical procedures) paid upon a certain amount should signal a red flag
As long as the financial statements reflect the cost of the materials used, the auditors are not directly concerned with the inefficiencies of production
...
For Example, controls to prevent the excess use of materials in production generally are not
...
For example, controls that limit access to the company's inventories may be relevant to a financial statement audit
...
Violations of the foreign corrupt practice act can result in fines up to
1 M and imprisonment of the members of management who are responsible
Au is probogated by who
AICPA
4 test of controls
IIOR
Internal control (COSO)
a process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories; reliability of financial reporting, effectiveness and efficiency of operations & compliance with applicable laws and regulations
What is an example of a compensating control
a small business may not have enough personnel to allow for segregation of duties, but the owner-manager of the business may carefully review accounting records and reports to compensate for the weakness
When management decision making is centralized and dominated by one individual, that individual's
abilities and moral character are extremely important to the auditors
The accounting department is responsible for all
accounting functions and, often, the design and implementation of internal controls
Periodic comparisons should be made be between
accounting records and the physical assets on hand
Controls designed to safeguard the organization's assets are relevant to an audit if they
affect the reliability of financial reporting
Ultimately, the effectiveness of internal control is
affected by the characteristics of the organization's personnel
Ex of control over information processing
after processing a credit sales transaction, the accounting department receives copies of internal documents prepared by the sales, credit, and shipping departments to properly record the transaction (the documents inform the accounting department that the sale was authorized and approved and goods were shipped to the customer
At the very detailed level, the overall objective as applied to A/R
all goods shipped are accurately billed in the proper period
The risk appetite of management has
an impact on the overall reliability of the financial statements
Fidelity bonds
are a form of insurance in which a bonding company agrees to reimburse an employer, within limits, for losses attributable to theft or embezzlement by bonded employees
Control activities
are policies and procedures that help ensure that management's directives are carried out
Treadway commission
as a result of a number of instances of fraudulent financial reporting in the 1970's and early 1980's, to study the casual factors that are associated with fraudulent reporting and make recommendations to reduce the incidence of fraudulent reporting
Where do preventative controls often operate
at the individual transaction level
Where do detective controls operate
at the transaction level or at a higher level
What are the 3 types of substantive tests
balances, transactions & analytical procedures
General awareness of what fact is a deterrent against dishonesty on part of bonded employees
bonding companies are much more likely to prosecute fraud cases vigourously
A client's antifraud programs and controls include both
broad programs designed to prevents, deter, and detect fraud, and specific controls designed to mitigate specific risks of fraud
The control environment of an organization is significantly influenced
by the effectiveness of its board of directors or its audit committee
Ex of complementary controls
cash disbursements to be authorized along with the complement control of requiring reconciliations of bank statements
What documents can be controlled by the use of serial numbers
checks, tickets, sales invoices, purchase orders and stock certificates
Internal controls definition
compliance with rules, regulations & laws, effectiveness of operations & reliability
Coso framework components
control environment, risk assetement, information & communication, control activities, monitoring
The accounting department, under the authority of _______ is responsible for all accounting functions and, often, the design and implementation of internal control
controller
An example of controls being relevant if they affect the reliability of data that the auditors use to perform auditing procedures
controls applicable to nonfinancial data (e.g. production stats) that the auditors use in performing analytical procedures may be relevant to an audit
Organizational structure
divides authority, responsibilities, and duties among members of an organization
Analytical procedures are performed when
during both planning and completion of the audit
Effective corporate governance involves
establishing incentives and monitoring devices to prevent inappropriate behavior on the part of management of an organization
With respect to incentives, it is important for the board of directors to establish an
executive compensation system that aligns management's behavior with the objectives of the shareholders of the firm
What are the six audit transaction related control objectives
existence, completeness, accuracy, classification, timing, posting & summarization
External monitoring devices
external auditors, the SEC, stock exchanges, creditors, rating agencies, investment bankers & security analysts
Improper access to assets, generally accomplished by
falsifying financial records
What are the three areas of internal control according to COSO
financial reporting, operations and compliance
What is danger in using analytical procedures
fixating on quantities, looking for reasonable relationships among details, so it is better to use date not directly related to financial statements
What are the two broad categories of information processing controls
general control activities & application control activities
Authorization may be ______ or _______
general or specific
Which controls are move relevant to the audit of financial statements
generally, the controls that are relevant to an audit are those that pertain to the reliability of financial reporting (affect the preparation of financial information for external reporting purposes)
The audit committee should have one or more members who
have financial reporting expertise
Centralized structure of mgmt override of control is
huge risk
Redundant controls
if they address the same financial statement assertion or control objective
Informal organization control
implemented by face to face contact between employees and management
Physical controls
include those that provide physical security over both records and otherassets
The control environment sets the tone of an organization by
influencing the control consciousness of people
What controls get at accuracy, completeness, and authorization of transactions
information processing controls
Control environment factors include
integrity and ethical values, commitment to competence, board of directors, or audit committee, management's philosophy & operating style, organizational structure, assignment of authority and responsibility, and human resource policies and practices
_________________- is a primary internal corporate monitoring device
internal control
COSO says that supporting the control objectives
is a series of assertions that underlie the financial statements
Ex of corrective control
maintaining backup copies of key transactions and master files to allow the correction of data entry errors
Activities that safeguard assets may include
maintaining control at all times over unissued prenumbered documents, journal, ledgers and restricting access to computer programs and data files
What departmental segregation of duties is utilized
management may have generally authorized the sale of merchandise at specific terms, credit department approves the transaction, shipping executes the transaction by obtaining custody of the merchandise from inventory and ships to customer, the accounting department uses copies of the documentation created by the sales, credit, and shipping department as a basis for recording the transaction and billing the customer
Risk assessment is
management's process for identifying, analyzing, and responding to such risks
Effective human resource policies often can
mitigate other weaknesses in the control environment
How do we check serial numbered documents
monthly or weekly inspection or by computing the total value of tickets issues during the day
Does a party in segregation of duties have to be a person
no, A is person, B might be cash register (custody) & C would be the supervisor
General authorization
occurs when mgmt establishes criteria for acceptance of a certain type of transaction
Specific authorization
occurs when transactions are authorized on an individual basis
Controls over payroll help to ensure
only aurhorized payroll transactions are processed, and authorized payroll transactions are processed completely and accurately
The reconciliation function is performed by the _______ or _______
operations control group or some other sub-department within accounting
The board of directors and audit committee are responsible for
overseeing the actions of management
Foreign corrupt practices Act of 1977
payments to foreign officials for the purpose of securing business are specifically prohibited for all American businesses by the anti-bribery provisions of the act
What are the 4 types of control activities that are relevant to an audit of the organization's financial statements
performance reviews, information processing controls, physical controls & segregation of duties
Nonroutine monitoring example
periodic audits by the internal auditors
Ex of Detective controls
preparation of monthly bank reconciliations
At the top level, the overall objective is to
prepare and issue reliable financial information
COSO's definition of internal control emphasized that internal control is a
process, or a means to an end, and not an end in and of itself
Performance reviews
provide management with an overall indication of whether personnel at various levels are effectively pursuing the objectives of the organization
An organization's accounting information system consists of the methods and records established to
record, process, summarize, and report an entity's transactions and to maintain accountability for the related assets, liabilities, and equity
Compensating control
reduces the risk that an existing or potential control weakness will result in a misstatement
Ongoing monitoring activities include
regularly performed supervisory and management activities, such as continuous monitoring of customer complaints
Performance reviews
relate different sets of data to one another
The controls over payroll would only effect the ______ of payroll processing
reliability
5 transactions cycles
revenue cycle, payroll (hr), expenditures, production (conversion), finance, investing
Examples of preventative controls
segregation of duties 7 requiring approval of period-ending journal entries
A control of wide applicability is the use of
serial numbers on documents
SAS are applicable unless
suberceeded by PCAOB standards
A fundamental concept of internal controls is
that no on department or person should handle all aspects of a transaction from beginning to end
Incompatible duties
that would allow him or her to both perpetrate and conceal errors or fraud in the normal course of his or her duties
The division of responsibilities between accounting and finance illustrates the separation of
the accounting function from operations and also from custody of assets
How is the auditors' risk assessment related to the organization's risk assessment?
the auditor's risk assessment is primarily concerned with evaluating the likelihood of material misstatements in the financial statement & can encompass both operations and compliance with laws
What is the one major difference between control objectives and assertions
the control objective are broader in that they relate not only to financial reporting, but also to operations and compliance
By COSO including the concept of reasonable assurance
the definition recognized that internal control cannot realistically provide absolute assurance that an organization's objectives will be achieved
The finance department conducts
the financial activities (custody of cash)
Complementary controls
they function together to achieve the same control objective
The top executives of the major departments should be of equal rank and should report directly
to the president or to an executive vice president
Ex of general authorization
top management may establish general price list and credit policies for customers
Under the direction of the _______, the finance department is responsible for financial operations and custody of liquid assets
treasurer
Before issuing fidelity bonds
underwriters; investigate thoroughly the past records of the employees to be bonded
Application control activities
which apply only to one particular activity
General control activities
which apply to all information processing procedures
What is an example of general control activity
would include those that help ensure the reliability of all information processing activities
A more formal organization will establish
written policies, performance reports, and exception reports to control its various activities