Audit 1 Chapter 7

Ace your homework & exams now with Quizwiz!

market capitalization formula

# of shares issued * current price per share

steps to issuing a f/s audit

1) plan the audit 2) obtain an understanding of the client, its environment, and internal control 3) assess the risks of misstatement and design further audit procedures 4) perform further audit procedures 5) complete the audit 6) form an opinion and issue the report

Service Organization Controls (SOC)

SOC 1 - about controls over financial reporting SOC 2 - about data integrity, privacy, and security

two types of service auditor reports

Type 1 Type 2

fidelity bonds

a form of insurance where a bonding company agrees to reimburse an employer within limits for losses attributable to theft or embezzlement by bonded employees

general control

apply to all or multiple types of transactions

application control

apply to the processing of a single type of transaction

when they should speak to management:

as discovered but no later than 60 days following the report release date

incompatible duties

assigned duties that place an individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance. these violate the segregation of duties

if using work of internal auditors

communicated how the work will be used to those charged with governance

risk of misstatement

composed of inherent risk and control risk. helps define the nature, timing, and extent of further audit procedures

4: AIS

consists of the methods and records established to record, process, summarize, and report an entity's transactions and to maintain accountability for the related A/L/E. make sure all transactions are recorded and that you have a chart of accounts

material weakness

deficiency in i/c over financial reporting such that there is a reasonable possibility that a material misstatement of the company's f/s will not be prevented or detected on a timely basis. required to speak to management with management letter.

significant deficiency

deficiency in i/c over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting. required to speak to management with management letter.

3 classifications of issues in i/c

deficiency in internal control significant deficiency material weakness

redundant controls

duplicate controls that achieve a control objective (overlap)

deficiency in internal control

exists when the design or operation of a control does not allow management or employees in the normal course of performing their assigned functions to prevent or detect material misstatements on a timely basis. speak with management if it merits attention

if deviations are found...

expand the sample size

Enterprise Risk Management

focuses on how org can obtain maximum value for stakeholders by managing all risks and opportunities effectively. COSO issued a framework for it

transaction level risks

found within divisions, operating units, or functions of the organization

nature of tests of i/c

inquiries of appropriate client personnel, inspection of documents and reports, observation of the application of controls, and re-performance of the controls.

if relying on internal auditors

make sure you've evaluated their competency and objectivity, and that they're using a systematic and disciplined approach. examine their education, training, external audit experience, and who they report to (should be the audit committee)

general authorization

management establishes criteria for acceptance of a certain type of transaction

Type 2 report

management's description of a service org's system and the suitability of the design and operating effectiveness of controls

Type 1 report

management's description of a service org's system and the suitability of the design of controls

i/c written narrative

memoranda that describe the flow of transaction cycles, identify the employees performing various tasks, the documents prepared, the records maintained, and the division of duties. good because its very flexible. bad because it's hard to read

limitations of internal control

mistakes in the performance of controls can be due to misunderstanding instructions, mistakes of judgment, carelessness, distraction, or fatigue. also can be due to inappropriate management, cost restrictions, and human error.

i/c of a small company

more difficult than a larger company because it's harder to segregate duties.

if getting assistance from internal auditors

obtain written acknowledgement from management and those charged with governance that the internal auditors will be allowed to perform the work free from any interference.

transaction control activities

performed to check the accuracy, completeness, validity, and authorization of transactions. includes authorizations and approvals, verification, physical controls of assets and records, controls over standing data, reconciliations, and supervisory controls. other examples: following up, adhering to budgets, pre-numbered documents.

3: control activities

policies and procedures that help mitigate the risk that the org's objectives will not be met. includes performance reviews, transaction control activities, general controls and application controls, and segregation of duties

3 types of internal control

preventive, detective, and corrective

Section 404(b) of SOX

requires that the auditor attest to and report on internal control over financial reporting (have to do an integrated audit). only applies to public companies with a market capitalization of $75 million or more.

internal control allows us to:

safeguard assets, comply with laws/regs, operate efficiently and effectively, and record things properly

effective organizational structure

should separate responsibilities for authorization of transactions, record keeping for transactions, and custody of assets treasury- treasurer - authorization and custody of assets accounting function- controller - record keeping

corporate governance

the system by which companies are directed and controlled

walk through

tracing one or two transactions through each step of the transaction cycle. it's a way to see if i/c is being implemented. (not a way to document the controls)

specific authorization

transactions are authorized on an individual basis

ways you can use internal auditors

using their work as evidence (note that it's PBC) or getting assistance from them on the audit.

segregation of duties

1) no one person or department should have complete control of a transaction from beginning to end 2) if you have physical access to an asset, you should not have access to the accounting record or be allowed to authorize transactions for that asset ( separate authorizing transactions, recording transactions, and maintaining custody of assets)

internal control

a process, effected by the entity;s board of director, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of operations, reporting, and compliance

corrective controls

control established to remedy control problems that are discovered through detective controls. ex: maintaining backup copies of key transactions to correct entry errors, disciplinary actions

compensating controls

control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective. they're performed to detect (rather than prevent) the original misstatement from occurring. ex: short staffed so have manager review all entries to make up for lack of segregation

detective controls

controls designed to discover control problems soon after they occur. ex: policy requiring preparation of monthly bank statements, inventory counts

preventive controls

controls that deter control problems before they occur. avoiding occurrence of misstatements. ex: segregation of duties, requiring approval of period ending journal entries, passwords/locks

complementary controls

controls that function together to achieve the same control objective (work together)

Treadway Commission

created Committee of Sponsoring Organizations to study internal control. set definition and standards that transactions need to be timely, in the correct amount, accurately recorded, and properly disclosed.

i/c flowchart

diagram of procedures, division of responsibilities, sources and distribution of docs, and types and location of accounting records for each major transaction cycle. good for clear visual portrayal and effectiveness with little room for misunderstanding. bad because it doesn't flag weaknesses as obviously as does the questionnaire.

effects of FCPA of 1977

eliminated ignorance is bliss defense. assures all transactions are done with the knowledge of management. system of i/c is now required by federal law.

entity level risks

from external or internal factors, such as economic, regulatory, technology, or personnel factors

2: risk assessment process

have to determine risk tolerance (avoidance, reduction, sharing, or acceptance) and how risks could prohibit achieving objectives

integrated audit requirements

have to test all significant accounts up to the as of date. have to comply with COSO.

why test i/c?

have to test them if you rely on them (don't test them if they're bad because you won't rely on them). they help determining nature, timing, and extent of substantive testing.

info from gaining understanding of i/c will be used to:

identify types of potential misstatements, consider factors that affect the risks of material misstatements, and design tests of control and substantive procedures

when to test for i/c

if a process is changed, you have to test for i/c PCAOB- some evidence regarding operational effectiveness is required annually AICPA- testing required every third year if there hasn't been a change

procedures to assess risk within i/c

inquire personnel, observe controls, inspect documents, trace transactions

5: monitoring activities

process to assess the quality of internal control performance over time. internal audit function performs ongoing monitoring evaluations on a routine basis and

three ways to document understanding of i/c

questionnaire, written narrative, flowchart

Foreign Corrupt Practices Act of 1977

requires that under the jurisdiction of the SEC, to maintain a system of i/c that will provide reasonable assurance that: transactions are executed with the knowledge and authorization of management, transactions are recorded as necessary to permit the prep of f/s and accountability for assets, access to assets is limited to authorized individuals, and accounting records of assets are compared to existing assets t reasonable intervals and appropriate action is taken with respect to any differences.

five components of internal control

the control environment, the risk assessment process, control activities, the information system relevant to financial reporting and communication (AIS), and the monitoring activities

service organizations

provide processing services to companies (user entities) that decide to outsource a portion of their processing (payroll, etc). should go and ask to test their controls or use the service auditor's report.

Section 404(a) of SOX

requires each annual report filed with SEC to include a letter from management that states they acknowledge responsibility for establishing and maintaining adequate i/c over financial reporting. also provides assessment of internal control effectiveness with evidence as of the end of the most recent fiscal year.

1: control environment

the standards, processes, and structures that guide individuals in carrying out their duties that make up the foundation for i/c. includes commitment to integrity and ethical values, effective BOD, effective organizational structure, attracting/developing/retaining competent employees, and individual accountability

i/c questionaire

yes or no questions where no's are considered a weakness. good because weaknesses are easy to spot. bad because inflexible, prewritten, and it's not easy to document the compensating controls (what they're doing to combat the weaknesses)


Related study sets

11th Grade Louise Erdrich Short Story Links

View Set

Elements and Compounds - Unit 3 - Review Sheet

View Set

VGCA-175-A chapter 19: Professional Management and the Small Business

View Set

Anatomy > MD > Upper Limb (To finish)

View Set

Biology chapter 24 - multiple choice

View Set