Chapter 6-Internal Controls

Ace your homework & exams now with Quizwiz!

5 components of internal control

-Control enviroment -entity's risk assessment process -monitoring of controls -control activities -information systems & related business processes relevant to financial reporting & communication

factors affecting the control environment

-communication & enforcement of integrity/ethical values -commitment to competence -participation of Board of Directors/audit committee -management's philosophy & operating style -organizational structure -assignment of authority/responsibility -human resource policies/practices

Reasons why you should choose a substantive strategy

-controls do not pertain to an assertion -controls assessed are ineffective -testing the effectiveness of controls is inefficient (may occur if business is small or simple)

Performing tests of controls

-inquiry of appropriate personnel (interviewing people) -inspection of documents indicating the performance of control -observation of application of control -re-performance of application of control by auditor

limitations of internal controls

-override of internal control by management -human errors or mistakes -collusion

Types of control activities

-performance reviews (does management do performance reviews?) -authorization -reconciliation -physical control (i.e. vault at a bank) -segregation of duties (recording, custody, authorization) -info processing

Documenting the understanding of internal controls

-procedure manuals & organizational charts -internal control questionnaires -narrative description (i.e. interview people a/b how process works)

Objectives of internal control

-reliability of financial reporting -effectiveness and efficiency of operations -compliance with laws and regulations

record, authorize, custody

1) Person who has ability to _____ transactions should not be able to 2) ______ transactions, this person should not be able to 3) have _____ of assests

effective monitoring of controls

1) establishing foundation for control effectiveness 2) designing & executing monitoring procedures based on business risks 3)assessing and reporting results

Results of an effective accounting system

1) identify/record all valid transactions 2) describe the transaction in sufficient detail to allow proper classification in financial reporting 3) Measure value properly 4) proper time period 5) proper presentation

type 2 report

A ____ by a service organization is all of a type 1 report plus testing controls

audit risk model

AR=IR * CR * DR

what we achieved is more than we planned

After testing controls you must test to see if ________

below the maximum

After you obtain understanding of internal control and choose the reliance strategy, you are saying you plan to rely on internal control & assess risk control _________

Type 2

An auditor can reduce control risk below maximum only if the service auditor gives a _____ report

-ensure that assets and records are safeguarded -generate reliable information for decision making

An internal control system should:

interim, year end

Audit procedures can be done either during a ______ period or at _____

-identify types of potential misstatement -pinpoint factors that affect risk of material misstatement -design tests of controls & substantive procedures

Auditor must gain an understanding of internal controls in order to:

material weakness, significant deficiency

Both _____ and _______ deficiencies MUST be reported by auditor to management and Board of Directors

may be relevant

Control relating to the operations & compliance objectives _________ when they relate to data the auditor uses to apply auditing procedures

relevant to the audit

Controls relating to the the preparation of financial statements for external purposes are ___________

significant deficiency

Deficiency, or combination of deficiencies, in internal controls that is less severe than a material weakness, yet important enough to merit attention to management

Type 1 report

Describes the service organization's controls & if they are designed to achieve internal control objectives

MUST

Every problem with internal controls ______ be classified

Bad

Ex. of Control environment: Is it hard for a lower level employee to talk to management? Yes? =

no need to modify detection risk, proceed with substantive testing

If "achieved" supports "planned":

a maximum

If after assessing internal control the auditor chooses to follow a substantive strategy, control risk would be set at _________ for some or all assertions

override of internal control by management

If management says to do something bad, this is an example of which limitation of internal control

internal control system used at the service organization

If the client has some or all of its accounting transactions processed by an outside service organization, one concern of the auditor is the ________________________

substantive

If you can't rely on a companies internal control system you would select the ______ strategy

increases

If you don't testing things at year end, it ________ the risk of material misstatement

fewer audit procedures, collect less evidence

If you say you can rely on a companies internal controls (reliance strategy) auditor can end up doing ______ or _____

assessing control risk

In _____________ you must: 1) identify specific controls that will be relied upon 2) perform tests of controls 3)conclude on the achieved level of control risk

most severe, middle

Material weakness deficiency is the ______ and significant deficiency is the ______.

rely, type 2

Service organization typically get their own auditors and get one of two reports, we can only ____ on a ____ report

control environment

The _____ sets the foundation and culture of a company

reliance

The _______ strategy of internal controls means we believe we can rely on their controls

reliability of financial reporting

The __________ is the most important objective of internal control to an auditor

risk assessment process

The ________________ should consider internal & external events/circumstances that may arise & adversely affect the entity's ability to initiate, record, process and report financial data consistent w/ assertions of managment

internal control

The auditor's understanding of the _____ is a major factor in determining the overall audit strategy

good or bad control environment

The factors affecting the control environment determine what makes a _____________

internal auditors

The monitoring of controls process is often done by _____?

better

The more active & independent the Board of Directors is the _____ the control environment

There are ____ components to the COSO framework

substantive

There must always be some form of _______ testing

year end

Timing of audit procedures: audit procedures provide more evidence at ______

recording, custody, authorization

What are the 3 parts of segregation of duties?

collusion

When two or more people get together to steal from a company (much harder to find)

high

You would choose the substantive strategy if you saw control risk to be ____

interim tests of controls

You would perform _______________ when: 1) assertion being tested is not significant 2) control has been effective in prior audits 3) efficient use of staff time

assertions

______ can be used to figure out which controls should be in place. (i.e.: Occurrence= segregation of duties, prenumbered documents, daily or monthly reconciliation of subsidiary records)

Human errors or mistakes limitations

______ is the extent controls just rely on human performace

monitoring of controls

_______ is a process that assesses the quality of internal performance overtime

interim substantive procedures

_________ are performed when: 1) assertion probably has low control risk 2) may increase the risk of material misstatements 3) still requires year-end testing

internal control

an ______ system is used to make sure assets are protected etc

material weakness

deficiency, or combination of deficiencies, in internal controls where there is a reasonable possibility that a material misstatement of financial statements will not be prevented or detected & corrected

decreased detection risk, perform more substantive testing (test of details)

if "achieved" is greater than "planned"

Info system & related business processes relevant to fin. reporting & communication

involves control of accounting system within company, and communicating roles to others

control activities

more specific policies/procedures (i.e. we require two signatures for something)

entity's risk assessment process

process for identifying and responding to business risks; for financial reporting purposes these include: management identifies risks relevant to preparation of fin. statements, estimates significance, likelihood of occurrence, & how to manage them

monitoring of controls

process to assess the quality of internal control system overtime

control activities

the policies and procedures that help ensure that management's directives are carried out

three

there are _____ limitations of internal controls

See all study sets

Related study sets

Week 4 practice - ethical and legal thought

macro quizzes 17 18 and 3

ch 11 facial bones, orbits, nasal bones

Branches of Judaism

MGT 300 CH 10 VOCAB & Questions

Stats chapter 5 vocabulary

Chapter 38: Neurologic Disorder

Kinesiology of the musculoskeletal system: CH 1 : Getting started

Στερεά γεωμετρικά σχήματα

6. Freight Forwarders

FINA 4315 Exam Review

HESI Exit exam - Evolve questions

Combo with "BLAW 1 COMBO" and 1 other

Behavioral Health Concepts Nurse 3060 Mary Anne Boyd: Essentials of Psychiatric Nursing Unit 1 Section 3 Patient Rights and Legal Issues PrepU Questions