Ch 5 - Risk Assessment Internal Control - Parts A and B

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

To achieve the specific objectives for each of the three categories of objectives, the COSO report defines five basic components of a properly designed internal control system. The five components are what?

(1) control environment, (2) risk assessment, (3) control activities, (4) monitoring, and (5) information and communication.

The standard unqualified report on internal control may be modified for what two reasons:

(1) the existence of material weaknesses in internal control over financial reporting and/or (2) the existence of a limitation in the scope of the engagement. These modifications, along with those for other factors, are discussed in the following subsections.

Internal control is a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in what three categories?

-Reliability of financial reporting. -Effectiveness and efficiency of operations. -Compliance with applicable laws and regulations.

AS 2201 emphasizes the use of a six-step audit process that is designed to evaluate the effectiveness of the internal control system over financial reporting. What are these six steps?

1) Planning the engagement. 2) Using a top-down approach 3) Testing controls 4) Evaluating identified deficiencies 5) Wrapping up 6) Reporting an internal control

What are three reasons an audit team has for evaluating an entity's system of internal controls?

1) Sarbanes-Oxley requires an audit of management's assessment of the effectiveness of internal control over financial reporting for public companies. 2)For each fraud risk identified during the planning stage, the audit team should evaluate whether the client has implemented control activities that are specifically designed to address the risk of fraud that has been identified. 3) The final reason for evaluating an entity's internal control is to assess preliminary risk of material misstatement (RMM) for each relevant assertion.

________ facilitate the assessment and mitigation of business risks that the entity faces.

Enterprise Risk Management (ERM) Framework

If the audit team identifies a material weakness in internal control, the firm expresses an ____________ on the effectiveness of the entity's internal control over financial reporting.

adverse opinion

In addition to certifying the entity's financial statements and disclosures under Section 302, Sarbanes-Oxley requires management to ______________

assess and report on the entity's internal control over financial reporting in Section 404.

The ________________________ is a subcommittee of the board of directors that is generally composed of three to six independent members (those not involved in the entity's day-to-day management) of the organization's board of directors. Each member must be financially literate, and one member must be a financial expert.

audit committee

AS 2201 encourages the audit team to use the work of internal auditors and others, but the audit team members must evaluate the internal auditors' __________________ and must perform some tests of their work.

competence and objectivity

_________________ are specific actions that a client's management and employees take to help ensure that management's directives are carried out.

control activities

The ________________________ sets the tone of the organization. It is the foundation for all other components of internal control. It provides discipline and structure to all participants and stakeholders. Factors include the integrity, ethical values, and competence of the entity's people

control environment

___________ is the probability that an entity's controls will fail to prevent or detect material misstatements due to errors or frauds that would otherwise have entered the system

control risk

The report issued when auditors cannot provide assurance on the effectiveness of internal control over financial reporting; issued when a significant scope limitation exists.

disclaimer of opinion on internal control over financial reporting

An audit procedure used as both a test of controls and a substantive test.

dual-purpose test

For all the relevant assertions for each significant account and disclosure, audit teams begin by examining _______________________, controls that are pervasive to the internal control system and the reliability of the financial statements taken as a whole.

entity-level controls

___________________ is designed to identify a violation of a particular control activity through the use of an automated test procedure designed to test all items in a population.

exception testing

Under Sarbanes-Oxley, an audit of the internal control system over _______________ is required.

financial reporting

The audit documentation that provides a visual display of the accounting system and control activities in an entity's internal control system.

flowchart

What are four limitations that exist with internal control systems?

human error, deliberate circumvention, management override, and collusion

_________________ are combinations of responsibilities that place a person alone in a position to create and conceal misstatements due to errors or frauds in her or his normal job.

incompatible responsibilities

Once the items have been selected for testing, the four methods of testing controls are:

inquiry, observation, document examination, and reperformance.

The internal control audit is conducted along with the financial statement audit as part of an overall _______________ that is completed at public companies.

integrated audit

An ______________ exists when either the design or the operation of the control under consideration does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion.

internal control deficiency

The audit documentation that uses a checklist of internal control-related questions to gain and document an understanding of the client's internal control.

internal control questionnaire

Recap, the three methods for documenting the auditors' understanding of accounting and control are?

internal control questionnaire, narrative description, flowcharts

Central among the provisions of SOX act is the emphasis that it places on the ________________ as an important means to prevent or detect material misstatements in the financial statements due to fraud.

internal control system

It is important to remember that a well-designed internal control system will clearly link __________ to _________

key internal control activities to the relevant financial statement assertions being supported.

The primary difference between a significant deficiency and a material weakness involves the _____ of the potential misstatement that could occur and would not be detected on a timely basis.

magnitude

In addition to expressing an opinion on the effectiveness of the entity's internal control over financial reporting, the audit team also should evaluate the completeness and presentation of _____________

management's annual report on internal control over financial reporting.

A _________ in internal control is defined as a deficiency, or combination of deficiencies, that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis.

material weakness

Under Section 302, management must also disclose any ______________________

material weaknesses in internal control.

The audit documentation that describes the environmental elements, the accounting system, and the control activities in an entity's internal control.

narrative description

An audit team's assessment of control risk will influence the _____________, ____________, and ___________ of substantive tests used by the team

nature, timing, and extent

______________________ refers to whether the control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively.

operating effectiveness

Ultimately, financial reporting control activities are imposed on the accounting system for the purpose of _______________,_____________, and_____________ errors and frauds that could enter and flow through to the financial statements.

preventing, detecting, and correcting

In the professional auditing standards, the concept of _______________________ recognizes that the costs of controls should not exceed the benefits that are expected from the controls. Hence, an entity can decide that certain controls are too costly considering the risk of loss that can occur.

reasonable assurance

_______________ are those that represent the possibility of a material misstatement.

relevant assertions

Recap, for an integrated audit at a public company, the auditor must test controls for all ___________ for each significant ______________________________

relevant assertions, account and disclosure

after understanding the design of controls, ______________ to provide evidence of operating effectiveness of controls

reperformance of critical controls along the transaction trail can take place at this time to

an account's __________- is based on its inherent risk

significance

A ______________ is a deficiency or a combination of deficiencies in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.

significant deficiency

According to GAAS, when auditing nonpublic entities, the audit team must obtain an understanding of internal controls to determine the nature, timing, and extent of further audit procedures to be performed. If the team members plan to rely on controls to reduce substantive procedures, they must ________________

test the controls for operating effectiveness.

external auditors are primarily concerned with a client's internal control system as it relates to which category?

the financial reporting category

Gaining an understanding of internal controls should be performed in a _________________ that first identifies significant accounts and disclosures and their relevant assertions.

top-down risk based manner

In addition to entity-level controls, the audit team also identifies _______________, controls that pertain to specific classes of transactions, account balances, and disclosures.

transaction-level controls

what are the three steps of internal control evaluation?

understand and document the client's internal control, assess the control risk (preliminary), identify controls to test and perform tests of controls


Set pelajaran terkait

Instrument Rating Knowledge Exam

View Set

Old Testament Exam 1 Springer Study Guide

View Set

Romantic Period and Restoration Period

View Set

Assignment: Exercise 3.1 (Practice)

View Set