Chapter 7 - Internal Control

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

COSO - the Committee of Sponsoring Organizations

In 2004, what organization issued Enterprise Risk Management- Integrated Framework?

serial numbers

_____ _____ provide control over the NUMBER of documents issued

AIS

an organization's _____ consists of the methods and records established to record, process, summarize, and report an entity's transactions and to maintain accountability for the related assets, liabilities, and equity.

specific authorization

authorization that occurs when transactions are authorized on an individual basis

control environent

defined by the standards, processes, and structures that guide individuals in carrying out their duties.

redundant controls

duplicate controls that achieve a control objective

1. audit evidence. 2. direct assistant on the external audit.

external auditors may use the internal auditors' work in two ways:

material weakness

is a deficiency in internal control over financial reporting (or combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis

transaction cycle

refers to the policies and the sequence of procedures for processing a particular type of transaction

_____

risk at the ____ level are those that relate to the overall financial statements and potentially affect many individual assertions

1. authorization. 2. recording. 3. custodianship. 4. executing.

separation of duties is between which four main aspects of a transaction?

finance

the _____ department is responsible for financial operations and custody of liquid assets

1. an opinion on management's assessment of internal control, and. 2. the auditors' own assessment of internal control.

the audit report on internal control includes both:

organizational structure

the division of authority, responsibility, and duties among members of an organization

operating

to test _____ effectiveness of controls, auditors determine whether the controls function as designed and whether the individuals performing the controls posses the necessary authority and qualifications

lack of flexibility

what is a disadvantage of an internal control questionnaire?

1. the control environment. 2. the risk assessment process. 3. control activities. 4. the information system relevant to financial reporting and communication. 5. monitoring activities.

5 components of internal control

written narratives of internal control

_____ are memoranda that describe the flow of transaction cycles, identifying the employees performing various tasks, the documents prepared, the records maintained, and the division of duties

separate evaluations

_____ are monitoring activities that are performed on a non-routine basis, such as a periodic audits by the internal auditors

risk assessment

_____ is management's process for identifying, analyzing, and responding to suck risks.

corrective controls

a control established to remedy control problems that are discovered through detective controls

walk-through

a procedure in which an auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records,

authorization

an important aspect of transaction processing controls (control activities) is proper _____

incompatible duties

assigned duties that place an individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance.

general authorization

authorization that occurs when management establishes criteria for acceptance of a certain type of transaction

design

before testing if an internal control has been implemented, auditors must first determine if the _____ is effective.

1. commitment to integrity and ethical values. 2. effective board of directors. 3. effective organizational structure. 4. attracting, developing, and retaining competent employees. 5. individual accountability.

components/principles of a control environment

1. plan the engagement. 2. use a top-down approach to identify controls to test. 3. test & evaluate design effectiveness of internal control. 4. test & evaluate operating effectiveness of internal control. 5. form an opinion on the effectiveness of internal control over financial reporting.

five stages to internal control

1. inquiring of entity personnel. 2. observing the application of specific controls. 3. inspecting documents and reports. 4. tracing transactions through the information system relevant to financial reporting.

how do auditors obtain an understanding of a client's internal control?

avoidance, reduction, sharing, and acceptance

risk responses fall in the following categories:

manual of accounting policies and procedures

states clearly in writing the methods of treating transactions

AICPA or international auditing standards - every 3 audits. PCAOB - annually

tests of controls should be performed when?

accounting

the _____ department is responsible for all accounting functions and, often, the design and implementation of internal control

operations (accounting) and custody of assets (finance)

the division of the responsibilities between the finance and accounting department illustrates the separation of the accounting function from _____ and ______

risk assessment

the results of ______ are used to design the nature, timing, and extent of further audit procedures

avoidance

this response involves exiting the activity that gives rise to the risk

design

to test _____ effectiveness of controls, the auditors identify the company's control objectives and risks in each financial reporting area and then identify relevant controls that satisfy each control objective

finance and accounting

two departments that are mostly involved in the financial affairs of a business enterprise

2

type _____ report is a report on a management's description of a service organization's system and the suitability of the design and operating effectiveness of controls

1. inquiries. 2. inspection. 3. observation. 4. reperformance.

what are the audit procedures that are used to test the effectiveness of internal control? (test of controls)

transaction level

_____ risks are found within divisions, operating units, or functions of the organization that are generally related directly to the financial statement assetsions

control activities

are policies and procedures that mitigate the risk that the organization's objectives are not met

risk assessment procedures

audit procedures performed to obtain an understanding of the client and its environment, including internal control. Include: inquiries of management, others within and outside of the entity, analytical procedures, and observations,

1. align risk tolerance and its strategy. 2. enhance risk response decisions. 3. reduce operational surprises and losses. 4. identity and manage multiple and cross-enterprise risks. 5. seizing opportunities. 6. improving the deployment of capital (increase profits)

What are the advantages of an enterprise risk management framework?

general

_____ control that apply to all or multiple types of transactions

supervisory

_____ controls are focused on high-risk transactions and assess whether other transaction control activities are operating properly

application

_____ controls that apply to the processing of a single type of transaction

Enterprise Risk Management

_____ extends beyond internal control to focus on how the organization can maximize value for stakeholders by effectively managing all risks and opportunities

fidelity bond

_____ form of insurance in which a bonding company agrees to reimburse an employer, within limits, for losses attributable to theft or embezzlement by bonded employees.

management letter

_____ helps auditors limit their liability in the event a control weakness subsequently results in a loss by the client

internal auditors

_____ investigate and appraise internal control and the efficiency with which the various units of the organization are performing their assigned functions, and they report their findings and recommendations to management and the audit committee

assessing risk

_____ involves evaluating likelihood of occurrence and potential impact and it also involves consideration of the velocity and speed of occurrence and duration of impact of the risk

audit decision aid

_____ is a checklist, standard form, or computer program that helps the auditors make a particular decision by ensuring that they consider all relevant information or by assisting them in combining the information to make the decision

monitoring of controls

_____ is a process to assess the quality of internal control performance over time

chart of accounts

_____ is classified listing of all accounts in use, accompanied by a detailed description of the purpose and content of each

audit committee

_____ is directly responsible for the appointment, compensation, and oversight of the work of the CPA firm (not management) (including resolution of any disagreements between management and the CPA firm)

corporate governance

_____ is somewhat broader than internal control, in that it is not only concerned with the effectiveness of financial reporting, but it also encompasses ethical treatment of all major stakeholders, compliance with laws, regulations, customary business practices, and effective risk management.

risk tolerance

_____ is the acceptable level of variation in performance relative to the achievement of objectives

master vendor list

_____ is the best internal control for accounts payable

control environment

_____ may be viewed as the foundation for the other internal control components

compensation committee

_____ oversees the policies and procedures for MANAGEMENT compensation to help ensure that it is aligned with the strategic objectives and risk appetite of the organization

corporate governance

_____ primarily concerned with controlling management and providing incentives for appropriate management behavior.

entity-level

_____ risks arise form external or internal factors, such as economic, regulatory, technology, and personnel factors

COSO

_____'s definition of internal control emphasizes that internal control is a process or a means to an end, and not an end in and of itself.

risk assessment

_____, auditors should obtain an understanding of the client's process for identifying and responding to business risks

control environment

_____, auditors should obtain sufficient knowledge to understand management's attitudes, awareness, and actions concerning the control environment

ongoing monitoring evaluations

______ include regularly performed supervisory and management activities, such as continuous monitoring of customer complaints, or reviewing the reasonableness of management reports

corporate governance

______ is the system by which companies are directed and controlled, that also includes the policies, procedures, and mechanism that are established to ensure that the company operates in the best interests of its major stakeholders.

compensating controls

a control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective. They are ordinarily controls performed to detect rather than prevent, the original misstatement from occuring

operations

a deficiency in _____ exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.

design

a deficiency in _____ exists when either a control necessary to meet a control objective is missing or the existing control is not designed to operate properly

significant deficiency

a deficiency in internal control over financial reporting (or combination of deficiencies) that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.

internal control

a process effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of (1) operations, (2) reporting, and (3) compliance.

management letter

a report to management containing the auditor's recommendations for correcting any deficiencies disclosed by the auditors' consideration of internal control.

control deficiency

a situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis

systems flowchart

a symbolic representation of a system or series of procedures with each procedure shown in sequence. widely used method of describing internal control in audit working papers.

detective controls

controls designed to discover control problems soon after they occur

preventive controls

controls that deter control problems before they occur

complementary controls

controls that function together to achieve the same control objective

foreign corrupt practices act

required by all companies under SEC jurisdiction. 1. federal legislation prohibiting PAYMENTS to foreign officials for the purpose of securing business. 2. requires companies to maintain a system of internal control providing reasonable assurance that transactions are executed only with the knowledge and authorization of management

a. inquiries of management and others within the entity. b. analytical procedures. c. observation and other procedures, including inquiries of others outside the entity

risk assessment procedures include

1. internal environment. 2. objective setting. 3. event identification. 4. risk assessment. 5. risk response. 6. control activities. 7. information and communication. 8. monitoring.

similar to COSO's internal control framework, the enterprise risk management (ERM) framework has what 8 components?

integrity and ethical values

the effectiveness of internal control depends directly upon _____ and _____

planned assessed level of control risk

the level of control risk that auditors assume in designing further audit procedures, which include an appropriate combination of tests of controls and substantive procedures

assessed level of control risk

the level of control risk used by the auditors in determining the acceptable detection risk for a financial statement assertion and, accordingly, in deciding on the nature, timing, and extent of substantive procedures

sharing

this response involves reducing risk likelihood and impact by transferring or sharing a portion of the risk

reduction

this response involves taking action to reduce risk likelihood or impact, or both.

acceptance

this response involves taking no action because the risk is consistent with the risk tolerance of the organization

reporting, objetives, and compliance.

three areas of internal control (different from components of internal control)

1

type _____ report is a report on a management's description of a service organization's system and the suitability of the design of controls

1. complexity of calculations involved. 2. risk of fraud. 3. selection and application of accounting policies. 4. internal and external circumstances giving risk to business risks. 5. recent developments in the industry and economy.

when determining whether an identified risk of misstatement requires special audit consideration, the auditors consider factors such as:

2; appropriate tests of controls

when the user auditors' risk assessment includes an expectation that controls at the service organization operate effectively, the user auditors should obtain a type _____ report, or perform _____


Set pelajaran terkait

CYBR2.Quizlet 2.2 Virtual Machines and Cloud Concepts (SYO-601) (43)

View Set

Nutrition and skin integrity (N-510 Exam 2)

View Set

Chapter 7 Lesson 7.1 Reading Guide Quizlet

View Set

nursing 6 unit 3 Brunner med surg Chapter 69: Management of Patients With Neurologic Infections, Autoimmune Disorders, and Neuropathies

View Set

F6: M3 Derivatives and Hedge Accounting

View Set

Holt, Electricians Exam Prep Unit 1

View Set