AUO1 Chap 7

Ace your homework & exams now with Quizwiz!

Tests of controls address

(a) how controls were applied, (b) the consistency with which controls were applied, and (c) by whom or by what means the controls were applied.

Consider during risk assessment

(a) what can go wrong at the relevant assertion level, (b) whether the risks are of a magnitude that could result in a material misstatement, and (c) the likelihood that the risk could result in a material misstatement.

Corrective control

A control established to remedy control problems (e.g., misstatements) that are discovered through detective controls.

Compensating control

A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective (e.g., avoiding misstatements). They are ordinarily controls performed to detect, rather than prevent, the original misstatement from occurring.

Material weakness

A deficiency in internal control over financial reporting (or a combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis.

Significant deficiency

A deficiency in internal control over financial reporting (or combination of deficiencies) that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.

Fidelity bonds

A form of insurance in which a bonding company agrees to reimburse an employer for losses attributable to theft or embezzlement by bonded employees

Walk-through

A procedure in which an auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records, using the same documents and information technology that company personnel use. These procedures usually include a combination of inquiry, observation, inspection of relevant documentation, and reperformance of controls.

Internal control

A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of (1) effectiveness and efficiency of operations, (2) reliability of financial reporting, and (3) compliance with applicable laws and regulations.

Management letter

A report to management containing the auditors' recommendations for correcting any deficiencies disclosed by the auditors' consideration of internal control. In addition to providing management with useful information, it may also help limit the auditors' liability in the event a control weakness subsequently results in a loss by the client.

Deficiency in internal control

A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis. Includes deficiencies in design and operation.

Audit decision aid

A standard checklist, form, or computer program that assists auditors in making audit decisions by ensuring they consider all relevant information or that aids them in weighing and combining information to make a decision.

Written narrative of internal control

A written summary of internal control for inclusion in audit working papers. They are more flexible than questionnaires, but by themselves are practical only for describing relatively small, simple systems.

Integrated audit

An audit where auditors, in addition to an opinion on the financial statements, express an opinion on the effectiveness of a company's internal control over financial reporting, in accordance with PCAOB Auditing Standard No. 5. Public companies with a market capitalization of $75,000,000 or more are required to undergo these audits.

Relevant assertions

Assertions that have a meaningful bearing on whether an account balance, class of transaction, or disclosure is fairly stated. For example, valuation may not be relevant to the cash account unless currency translation is involved; however, existence and completeness are always relevant.

Incompatible duties

Assigned duties that place an individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance.

Risk assessment procedures

Audit procedures performed to obtain an understanding of the client and its environment, including its internal control. Some of the information obtained by performing these procedures may be used by the auditor as audit evidence to support assessments of the risks of material misstatement. They include (a) inquiries of management and others within the entity, (b) analytical procedures, and (c) observation and other procedures, including inquiries of others outside the entity.

Detective controls

Controls designed to discover control problems soon after they occur.

Preventive controls

Controls that deter control problems before they occur.

Complementary controls

Controls that function together to achieve the same control objective.

Internal auditors

Corporation employees who design and execute audit programs to test the effectiveness and efficiency of all aspects of internal control. The primary objective is to evaluate and improve the effectiveness and efficiency of the various operating units of an organization rather than to express an opinion as to the fairness of financial statements.

Redundant controls

Duplicate controls that achieve a control objective.

Foreign Corrupt Practices Act

Federal legislation prohibiting payments to foreign officials for the purpose of securing business. The act also requires all companies under SEC jurisdiction to maintain a system of internal control providing reasonable assurance that transactions are executed only with the knowledge and authorization of management.

Sox and PCAOB require

Large public companies have an integrated audit

Internal control questionnaire

One of several methods of describing internal control in audit working papers. They are usually designed so that "no" answers prominently identify weaknesses in internal control.

Substantive procedures (tests)

Procedures performed by the auditor to detect material misstatements in account balances, classes of transactions, and disclosures.

Tests of controls

Procedures performed by the auditor to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level. These tests are performed when the auditor's risk assessment includes an expectation of the operating effectiveness of controls, including circumstances in which planned substantive procedures alone do not provide sufficient appropriate audit evidence.

Further audit procedures

Substantive procedures for all relevant assertions and tests of controls when the auditors' risk assessment includes an expectation that controls are operating effectively.

Organizational structure

The division of authority, responsibility, and duties among members of an organization.

Planned assessed level of control risk

The level of control risk the auditors assume in designing further audit procedures, which include an appropriate combination of tests of controls and substantive procedures.

Control risk

The possibility that a material misstatement due to error or fraud in a financial statement assertion will not be prevented or detected by the client's internal control.

Perform tests of controls when

The risk assessment includes (1) substantive procedures alone do not provide sufficient appropriate audit evidence, or (2) auditors wish to reduce the scope of substantive procedures through performance of tests of controls.

Inherent risk

The risk of material misstatement of a financial statement assertion, assuming there are no related controls.

Transaction cycle

The sequence of procedures applied by the client in processing a particular type of recurring transaction. The auditors' working paper description of internal control often is organized around these.

Internal control

a process to provide reasonable assurance of (a) effectiveness and efficiency of operations, (b) reliability of financial reporting, and (c) compliance with applicable laws and regulations.

2 Integrated audit types

an audit of internal control and an audit of the financial statements

Internal control relevant to auditors

entity's ability to prepare reliable financial statements

A deficiency in operation

exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.

A deficiency in design

exists when either a control necessary to meet a control objective is missing or the existing control is not designed to operate effectively.

Audit report on internal control

includes both an opinion on management's assessment of internal control and the auditors' own assessment of internal control.

Tests of controls include

inquiries of appropriate client personnel, inspection of documents and reports, observation of the application of controls, and reperformance of controls.

Auditors responsibility

obtain an understanding of internal control, assess the risks of misstatement, and design further audit procedures (tests of controls)

Risk assessment procedures

performed to obtain an understanding of the client and its environment, including internal control. Auditors then determine the appropriate further audit procedures.

Suitable criteria

standards or benchmarks used to measure and present the subject matter and against which the CPA evaluates the subject matter. They are established or developed by groups composed of experts that follow due process procedures, including exposure of the proposed criteria for public comment. They must have each of the following attributes: objectivity, measurability, completeness, and relevance.

Systems flowchart

symbolic representation of a system or series of procedures with each procedure shown in sequence. method of describing internal control in audit working papers.

5 Internal Control Components

the control environment, risk assessment, control activities, the accounting information and communication system, and monitoring

As of date

the final day of the reporting period

Assessed level of control risk

used by the auditors in determining the acceptable detection risk for a financial statement assertion and in deciding on the nature, timing, and extent of substantive procedures.


Related study sets

Physics flashcards for exam 2- examples and steps

View Set

Microeconomics Final Study Guide

View Set

CH 24: Assessing Musculoskeletal System

View Set

Fluid & Electrolytes PrepU Pellico

View Set

Enterprise Networking, Security, and Automation chapters 9-12

View Set

Decision Support & Computer Applications

View Set