Chapter 5
What five things should be fulfilled for an auditor to assess control risk as moderate?
1. The company is a continuing client 2. past-year audit results did not yield any material misstatements in the financial statements 3. preliminary analysis of the system indicates no significant changes since last year 4. management has effective monitoring controls, and 5. the company is not issuing a report on internal control.
Internal Control
A process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) reliability of financial reporting, (2) compliance with applicable laws and regulations, (3) effectiveness and efficiency of operations, and (4) safeguarding of assets
What components of internal control should the auditor test?
All five componenets: Control Activities, Risk Assessment, Information and Communication, Monitoring, and control Environment
Assertions provide a framework for
Analyzing whether controls are adequate to acheive a particular objective and Determining how to test the controls and the accuracy of processing
What three duties are segregated?
Authorization, Recording, and Physical Custody
How should the auditor test controls?
By using the "Top Down" approach that beings with the financial statement level
What are the five parts of COSO's framework for internal control?
C-control activities, R-risk assessment, I-information & Communication, M-monitoring, E-control environment
Reportable Condition
Could be a material weakness or other things that the auditor wants to convey to the Board of Directors. Should be at least a significant deficiency
What should documentation clearly identify?
Each component of the internal control framework
What are the three control porcedures referred to as?
Input control, processing control, and output control
Which is more severe material weakness or significant deficiency?
Material Weakness
What do effective control systems rely heavily on?
Monitoring Example:Internal Auditing
An example of two duties that should be segregated
Processing and Custodial
Examples of Assertions
Recorded Transactions are valid, exist, and have occurred, all valid transcations are recorded and properly valued, transactions are properly presented and disclosed, transactions relate to rights or obligations of the entity
Which type of test is more time consuming?
SubstantiveTests
Control Activities involve what?
The design of the control and the operations of the control
Residual Risk
The probability that an account balance might be misstated after processing and the application of internal control
Does the audit report describe material weaknesses in internal control over finacial reporting or significant deficiencies in internal control over finacial reporting?
The reports must describe material weaknesses in internal controls over financial reporting
Significant deficiency in internal control
a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting
Material weakness in internal control
a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis
Substantive Tests
detailed tests of balances
Who establishes an organization's control environment?
management, owners, and the board of directors