Chapter 7

Ace your homework & exams now with Quizwiz!

The more frequently a control operates, the _____ it should be tested, and controls that are more critical should be tested ______.

1. More often 2. More extensively

A company's commitment to integrity and ethical values are communicated through ____ and emphasized through ____

1. The organization's standards of conduct 2. Directives, actions, and behavior

Fidelity Bonds

A form of insurance in which a bonding company agrees to reimburse an employer, within limits, for losses attributable to theft or embezzlement by bonded employees

Monitoring controls

A process to assess the quality of internal control performance over time

Systems Flowchart

A symbolic representation of a system or a series of procedures with each procedure shown in sequence

Corporate governance is primarily concerned with

Controlling management and providing incentives for appropriate management behavior

Redundant Controls

Controls that address the same financial statement assertion or control objective

Transaction-level risks

Found within divisions, operating units, or functions of the organization

Payroll Cycle

Hiring, terminating and determining pay rates; timekeeping; computing gross payroll, payroll taxes, and amounts withheld from gross pay; maintaining payroll records; and preparing and distributing paychecks

Disadvantage of flowcharts

Internal control weaknesses are not identified as prominently as in questionnaires

Examples of work that should not be assigned to internal auditors

Making inquires of management related to the identification of fraud risks and determining the procedures to respond to such risks

Written narratives of internal control

Memoranda that describe the flow of transaction cycles, identifying the employees performing various tasks, the documents prepared, the records maintained, and the division of duties

Revenue Cycle

Obtaining orders from customers, approving credit, shipping merchandise, preparing sales invoices, recording revenue and accounts receivable, and handling and recording cash

The Foreign Corrupt Practices Act prohibits what?

Payments to foreign officials for the purpose of securing business

Control activities

Policies and procedures that help mitigate the risk that the organization's objectives are not met

Avoidance

Response involves exiting the activity that gives rise to the risk

Sharing

Response involves reducing risk likelihood or impact by transferring or sharing a portion of the risk. Techniques include: insurance, hedging, and outsourcing

Management should establish, with the board of director oversight, an effective organizational structure to properly

Separate authority, reporting lines, and responsibilities of the various positions within the organization

Conversion Cycle

Storing materials, placing materials into production, assigning production costs to inventories, and accounting for the cost of goods sold

For assertions with a high risk of material misstatement, the auditors will plan _______ procedures.

Substantial substantive

Timing of the performance of tests of controls depends on

The auditor's objectives

Who should hold the CEO accountable regarding a company's internal control policies and achievements

The board of directors

Tests of controls focus on

the operation of controls rather than on the accuracy of financial statement amounts

In performing effective risk assessment, organizations should

1. Clearly specify objectives to allow the identification and assessment of risks related to those objectives 2. Identify and analyze risks to the achievement of its objectives to determine how they may be managed 3. Consider potential fraud relating to the achievement of objectives 4. Identify and assess changes that could impact internal control

Finance Department

1. Under the direction of the treasurer 2. Responsible for financial operations and custody of liquid assets 3. Activities include: planning future cash requirements, establishing customer credit policies, and arranging to meet the short and long term financing needs of the business 4. Has custody of bank accounts and other liquid assets, invests idle cash, handles cash receipts, and makes cash disbursements

Investing Cycle

Authorizing, executing, and recording transactions involving investments in fixed assets and securities

Auditor's risk assessment is primarily concerned with

Evaluating the likelihood of material misstatements in the financial statements

Acceptance

Response involves taking no action because the risk is consistent with the risk tolerance of the organization

Types of reports that service auditors may provide

1. A report on a management's description of a service organization's systems and the suitability of the design of controls 2. A report on a management's description of a service organization's system and the suitability of the design AND operating effectiveness of controls

Preventive Controls

1. Aimed at avoiding the occurrence of misstatements in the financial statements 2. Ex: Segregation of duties and requiring approval of period-ending journal entries

Potential benefits of an Enterprise Risk Management System include

1. Aligning the organization's risk tolerance, strategy, and its operations 2. Identifying and managing both single and multiple risks, entity-wide and lower level risks 3. Reducing operational surprises and losses 4. Reducing performance variability 5. Identifying opportunities 6. Improving the deployment of capital

Control objectives, regarding sales transactions, established by COSO

1. All sales transactions that occur are recorded on a timely basis 2. Sales transactions are recorded at correct amounts in the right accounts 3. Sales transactions are accurately and completely summarized in the company's books and records 4. Presentation and disclosures relating to sales are properly described, sorted, and classified

If external auditors decide the work of the internal auditors' is relevant and that it would be efficient to use they should

1. Assess the competence and objectivity of the internal audit function 2. Determine whether the internal auditors apply a systematic and disciplined approach to performing the work

Responses to financial statement risks

1. Assigning more experienced staff or those with specialized skills 2. Providing more supervision and emphasizing the need to maintain professional skepticism 3. Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed 4. Increasing the overall scope of audit procedures, including their nature, timing, or extent

The organizational structure of an entity should separate the responsibilities for

1. Authorization of transactions 2. Record keeping for transactions 3. Custody of assets

Risk responses include

1. Avoidance 2. Reduction 3. Sharing 4. Acceptance

Factors indicative of increased financial reporting risk

1. Changes in the organization's regulatory or operating environment 2. Changes in personnel 3. New or revamped information systems 4. Rapid growth of the organization 5. Changes in technology affecting production processes or information systems 6. New business models, products, or activities 7. Corporate restructurings 8. Expansion or acquisition of foreign operations 9. Adoption of new accounting principles or changing accounting principles

Basic principles of the control environment

1. Commitment to integrity and ethical values 2. Board of directors that demonstrates independence from management and exercises effective oversight of internal control 3. Establishment of effective structure, including reporting lines, and appropriate authorities and responsibilities 4. Commitment to attract, develop, and retain competent employees 5. Holding employees accountable for internal control responsibilities

When determining whether an identified risk of misstatement is significant, requiring special audit consideration, the auditors consider factors such as

1. Complexity of calculations involved 2. Risk of fraud 3. Selection and application of accounting policies 4. Internal and external circumstances giving rise to business risks 5. Recent developments in the industry and economy

If auditors are unable to obtain a sufficient understanding from the user entity regarding the services provided by a service organization, they should

1. Contact the service organization to obtain specific information 2. Visit the service organization and perform necessary procedures about the relevant controls at the service organization 3. Obtain and consider the report of a service auditor on the service organization's controls

Detective Controls

1. Designed to discover misstatements after they have occurred 2. Ex: requiring the preparation of monthly bank reconciliations

The Enterprise Risk Management Framework has what five components?

1. Governance and Culture 2. Strategy and Objective-Setting 3. Performance 4. Review and Revision 5. Information, Communication, and Reporting

What do tests of controls address?

1. How controls were applied 2. The consistency with which controls were applied 3. By whom or by what means the controls were applied

An accounting information system should

1. Identify and record all valid transactions 2. Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting 3. Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements 4. Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period 5. Present properly the transactions and related disclosures in the financial statements

Audit procedures used to test the effectiveness of internal control include

1. Inquiries of appropriate client personnel 2. Inspection of documents and reports 3. Observation of the application of controls 4. Re-performance of the controls

External auditors may use the work of internal auditors in what ways?

1. Obtaining audit evidence by using the internal auditors' work performed as a part of their normal responsibilities 2. Using internal auditors to provide direct assistance on the external audit

Stages of an internal control audit

1. Plan the engagement 2. Use a top-down approach to identify controls to test 3. Test and evaluate design effectiveness of internal control 4. Test and evaluate operating effectiveness of internal control 5. Form an opinion on the effectiveness of internal control over financial reporting

Risks at the financial statement level

1. Preparation of the financial statements, including the development of significant accounting estimates and the preparation of the notes 2. Selection and application of significant accounting policies 3. IT general controls 4. The control environment

Service Organizations

1. Provide processing services to companies that decide to outsource a portion of their processing 2. Ex: A company that outsources their payroll function

Examples of internal control practices that are almost always capable of use in small businesses

1. Record all cash receipts immediately 2. Deposit all cash receipts intact daily 3. Make all payments by serially numbered checks 4. Reconcile bank accounts monthly and retain copies of the reconciliations in the files 5. Use serially numbered sales invoices, purchase orders, and receiving reports 6. Issue checks to vendors only in payment of approved invoices that have been matched with purchase orders and receiving reports 7. Balance subsidiary ledger with control accounts at regular intervals and prepare and mail customers' statements monthly 8. Prepare comparative financial statements monthly in sufficient detail to disclose significant variations in any category of revenue or expense

Basic principles of control activities are that management should

1. Select and develop control activities that mitigate risks of the achievement of organization objectives to acceptable levels 2. Select and develop general control activities over technology to support organization objectives 3. Deploy control activities through policies that establish what is expected and in procedures that put policies into action

Basic principles of monitoring controls

1. Select, develop, and perform ongoing and separate monitoring evaluations to determine that the components of internal control are present and functioning 2. Evaluate and communicate internal control deficiencies in a timely manner to those responsible for taking corrective action

Five components of the internal control of an organization

1. The control environment 2. The risk assessment process 3. Control activities 4. The information system relevant to financial reporting and communication (the accounting information system) 5. The monitoring activities

In addition to documenting their overall understanding of internal control, the auditors should document

1. The overall responses to address the assessed risks of material misstatement at the financial statement level 2. The nature, timing, and extent of the further audit procedures 3. The linkage of those procedures with the assessed risks at the relevant assertion level 4. The results of the audit procedures 5. The conclusions reached with regard to the use of the current audit evidence about the operating effectiveness of controls that were obtained in a prior audit

The SEC requires that all corporations under their jurisdiction maintain a system of internal control that will provide reasonable assurance that

1. Transactions are executed with the knowledge and authorization of management 2. Transactions are recorded as necessary to permit the preparation of reliable financial statements and maintain accountability for assets 3. Access to assets is limited to authorized individuals 4. Accounting records of assets are compared to existing assets at reasonable intervals and appropriate action is taken with respect to any differences

Accounting Department

1. Under the direction of the controller 2. Responsible for all accounting functions and often, the design and implementation of internal control

Corrective Control

1. Used to remedy a situation when detective controls discover a misstatement 2. Ex: maintaining backup copies of key transactions and master files to allow the correction of date entry errors

Audit Decision Aid

A checklist, standard form, or computer program that helps the auditors make a particular decision by ensuring that they consider all relevant information or by assisting them in combining the information to make the decision

Material Weakness

A deficiency in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis

Significant Deficiency

A deficiency in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting

The Committee of Sponsoring Organizations (COSO) defines internal control as

A process, effected by the entity's board of director, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance

Entity-level risks

Arise from external or internal factors such as economic, regulatory, technology, and personnel factors

Supervisory Controls

Assess whether other transaction control activities are operating properly. Typically aimed at high-risk transactions

Financing Cycle

Authorizing, executing, and recording transactions involving bank loans, leases, bonds payable, and capital stock

Difference between control objectives and assertions

Control objectives are broader in that they relate not only to financial reporting but also to operations and compliance

Section 404(a) of SOX requires

Each annual report filed with the SEC include a report in which management 1. Acknowledges its responsibility for establishing and maintaining adequate internal control over financial reporting 2. Provides an assessment of internal control effectiveness as of the end of the most recent fiscal year

Acquisition Cycle

Initiating purchases of inventory, other assets, and services; placing purchase orders, inspecting good upon receipt, and preparing receiving reports; recording liabilities to vendors; authorizing payment; and making and recording cash disbursements

Internal auditors investigate and appraise

Internal control and the efficiency with which the various units of the organization are performing their assigned functions, and they report their findings and recommendations to management and the audit committee

Major instruments of corporate governance

Management compensation systems, board of directors, external auditors, internal auditors, attorneys, regulators, creditors, securities analysts, and internal control systems

Separate evaluations

Monitoring activities that are performed on a non-routine basis, such as periodical audits by the internal auditors

Internal controls vary from organization to organization based on factors like

Organization size, nature of operations, and objectives

Compensating Control

Reduces the risk that an existing or potential control weakness will result in a misstatement

Ongoing monitoring evaluations include

Regularly performed supervisory and management activities, such as continuous monitoring of customer complaints, or reviewing the reasonableness of management reports

Reduction

Response involves taking action to reduce risk likelihood or impact or both. May involve managing the risk or adding additional controls to process

For assertions with a low risk of material misstatement, the auditors will _____ for that assertion.

Restrict or possibly eliminate substantive procedures

The cost of an organization's internal control __________ exceed the benefits expected to be obtained

Should not

Risk Tolerance

The acceptable level of variation in performance relative to the achievement of objectives

Management's risk assessment is primarily concerned with

The areas of operations and compliance and internal reporting

Section 404(b) of SOX requires

The company's auditors to attest to, and report on, internal control over financial reporting

Auditors' understanding of internal control should encompass

The control environment, risk assessment, control activities, the accounting information and communication system, and monitoring

Transaction Cycle

The policies and the sequences of procedures for processing a particular type of transaction

Planned assessed level of control risk

The preliminary assessments of control risk

Corporate Governance

The set of rules, processes, and laws by which businesses are operated, regulated, and controlled

The old definition of internal control

The steps taken by a business to prevent fraud - both the misappropriation of assets and fraudulent financial reporting

How must auditors respond when a client uses the service of a service organization?

They must obtain an understanding of how the entity uses the services of the service organization, including the nature and significance of the services and the effect on internal control

If internal auditors provide direct assistance to external auditors, how should the external auditors respond?

They should direct, supervise, review, and test the work that they perform

Management review controls

Those that operate through management review of information for evidence of errors, fraud, or breakdowns in other controls

Walk-through

Tracing one or two transactions through each step in the cycle

Risk Assessment Procedures

Used to obtain an understanding of internal control and to design the nature, timing, and extent of further audit procedures

General authorization

When management establishes criteria for acceptance of a certain type of transaction

Deficiency in Internal Control

When the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect material misstatements on a timely basis

Specific authorization

When transactions are authorized on an individual basis

Internal auditors are interested in determining

Whether each branch or department has a clear understanding of its assignment; is adequately staffed; maintains good records; properly safeguards cash, inventories, and other assets; and cooperates harmoniously with other departments


Related study sets

Intro to Humanitarian Action Quiz

View Set

Гинекология Экзамен

View Set

Chapter 12: European Expansion (1450-1700 C.E.)

View Set

Med Surg II: Chapter 39 (The Brain), 40 (spinal cord), 41 (Neurologic Emergencies)

View Set

Exam 2 Adult Health 1 (Respiratory, Cellular Regulation, Cardiovascular, Clotting)

View Set