Upgrade to remove ads
Only $2.99/month

Audit Chapter 5

Terms in this set (74)

Internal control
process effected by an entitys board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three catagrories
-reliability of financial reporting
-effectiveness and efficiency of operations
-compliance with applicable laws and regulations
Limitations of internal control
-human error
-collusion
-management override
-cost/benefit analysis
commitee of sponsoring organizations
COSO
COSO internal control components
-control environment
-risk assessment
-control activities
-monitoring
-information and communication
Control environment
-Tone at the top set by management influencing the control consciousness of its people
-foundation for all other components
-as a result auditor must obtain a detailed understanding of this and document that understanding
Risk assessment for management
-Managements identification and analysis of relevant risks to achievement of its objectives
-often use ERM model
Risk assessment for auditor
-should examine managements process for assessing risks relevant to financial reporting objectives
-assessing the likelihood and significance of risks of misstatements due to fraud
-deciding about actions to address risk
Control activities
policies and procedures that help ensure management directives are carried out: physical control over security of assets, separation of duties, information processing, performance reviews
-preventative controls vs. detective control
Principles of control activities
-information technology
-level of integration with their risk assessment process
-selection and development of control activities
-policies and procedures
Monitoring
-managements process that assess the quality of the internal controls performance over time
Ex: periodic evaluation by internal auditing, supervisory review of control, follow up of reporting errors, follow up of customer complaints, audit committee inquiries
Internal control evaluation
phase 1: understand and document
phase 2:asses control risk
phase 3: identify controls to test and perform test of controls
design effectiveness
determine whether the controls over financial reporting, if operating effectively, would be expected to prevent or detect errors or fraud that could result in material misstatement in the financial statements
operating effectiveness
whether the control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively.
Internal control deficiencies
exists when the design or operation f a control does not allow the entitys management or employees to detect or prevent misstatements in a timely fashion.
design defficiency
problem relating to either a necessary control that is missing or an existing control that is so poorly designed that it fails to satisfy the controls objective
operating deficiency
occurs when a properly designed control is either ignored or inappropriately applied
significant deficiency
conditions or combinations of conditions that could adverserly affect the organizations ability to initiate, record, process, and report financial data in the financial statements
-not material but must be brought to attention of those with governance
-ex: absence of separation of duties
Material weakness deficiency
deficiency or combo of deficiencies that's results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis
Adverse Opinion on Internal Control Over Financial Reporting
The opinion issues when the company has a material weakness and not maintained an effective internal control over financial reporting.
Audit Committee
A subcommittee of the board of directors that is generally composed of three to six "outside" members of the organization's board of directors.
Auditors' Report on internal Control Over Financial Reporting
A Report Required by the Sarbanes Oxley Act the provides an opinion on the effectiveness of the entity's internal control over financial reporting
Business Risks
Those factors, events, and conditions that could prevent the organization from achieving its business objectives.
Control Activities
The specific actions taken by a client's management and employees to help ensure that management directives are carried out.
Control Risk
The likelihood that internal controls would not prevent or detect material misstatement
Design Effectiveness
A condition expressing whether controls would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements.
Detective Controls
- The activities that detect misstatements after they occur
Disclaimer of Opinion on the Internal Control Over Financial Reporting
a report issued when auditors do not express an opinion on the fairness of the entity's financial statements.
Dual Purpose Test
an audit procedure used as both a test of controls and a substantive test
Entity-level Controls
The controls that are pervasive to the financial statements taken as a whole.
Flowchart
The audit document that provides a visual of the accounting system and control activities in an entity's internal control system
Information System
An entity's system, usually built on some type of technological platform that has been designed to produce the information necessary for the entity to operate and control its business operations.
Integrated Audit Process
The term used to describe an audit process that is designed to provide an opinion on both the financial statements and internal control system of an entity.
Internal Control
A process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the reliability of financial reporting, the effectiveness and efficiency of operations, and compliance with applicable laws and regulations.
Internal Control Deficiency
A condition that exists when the design or operation of a control does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion.
Internal Control Questionnaire
The audit documentation that uses a checklist on internal control-related questions to gain and document an understanding of the client's internal control.
Management's annual report on Internal Control Over Financial Reporting
A report that is required by the Sarbanes Oxley act that states that management is responsible for establishing and maintaining adequate internal control over financial reporting
Material Weakness
A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis
Narrative Description
Audit documentation that describes the environmental elements, the accounting system, and the control procedures in an entity's internal control
Operating Effectiveness
Description of a condition expressing whether a control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively.
Preventative Controls
Internal control activities that are designed to prevent the occurrence of errors and fraud
Reasonable Assurance
Concept that recognizes that the costs of control procedures should not exceed the benefits that are expected from the control procedures
Significant Deficiency
A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance.
Substantive procedures
Procedures performed by the auditor to detect material misstatements in account balances, classes of transactions, and disclosures.
Transaction-level Controls
The controls that relate to specific classes of transactions, account balances, and disclosures.
Unqualified Opinion on Internal Control over Financial Reporting
The report issued when no material weaknesses in internal control over financial reporting are identified and no scope limitations on the audit of internal control exist.
Walkthrough
The tracing of one or more transactions through the audit trail from initiation of the transaction to its inclusion in the financial statements
The most important fundamental component of an entity's internal control is
People who operate the control system
The primary purpose for obtaining an understanding of a nonpublic audit client's internal control is to
Determine the nature, timing, and extent of further audit tests to be performed
Effectiveness of audit procedures would be reduced by
Performing audit procedures during the interim period as opposed to at the fiscal year-end date
According to the PCAOB, during the audit of internal controls for an issuer, the ultimate objective of testing the design effectiveness of internal controls is to
Determine that the company's controls will satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed.
To test the operating effectiveness of a control, an audit team might use a combination of each of the following tests EXCEPT for:
Confirmation of balances - This is a substantive test, not a validity test
Which of the following is a preventive control?
a. Reconciliation of a bank account
b. Recalculation of a sample of payroll and personnel departments
c. Separation of duties between the payroll and personnel departments
d. Detailed fluctuation analysis completed by the CFO for revenue
C. Separation of duties between the payroll and personnel departments
In most audits of large entities, control risk assessment contributes to audit efficiency, which means that
Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs.
Which of the following is a device designed to help the audit team obtain evidence about the accounting and control activities of an audit client?
An internal control questionnaire
Tests of control in a GAAS audit are required for
Obtaining evidence about the operating effectiveness of client control activities.
A transaction-level internal control activity is best described as
An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company
When planning the audit of internal controls for an issuer, the audit team should
Identify significant accounts, locations, and assertions.
A material weakness is a situation in which
It is reasonably possible that a material misstatement would NOT be detected on a timely basis
When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on:
Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure

AND

The magnitude of the potential misstatement resulting from the deficiency or the deficiencies.
Which of the following does NOT accurately summarize auditors' requirements regarding internal control?
Test of controls is not required for nonpublic entities.
When completing the audit of internal controls for a public company, the PCAOB requires auditors to audit internal controls over
Financial Reporting
When completing the audit of internal controls for a public company, AS 5 requires auditors to report on
an audit of internal control, but NOT management's report on internal control
When completing the audit of internal controls for a public company, AS 5 requires auditors to test
Both operating and design effectiveness
Which of the following would probably NOT be considered an indication of a material weakness?
a. Evidence of a material misstatement
b. Ineffective oversight by the audit committee
c. Immaterial fraud committed by senior management
d. Overproduction by the manufacturing plant
d. Overproduction by the manufacturing plant
Which report would NOT be appropriate for a public accounting firm to provide on financial reporting controls?
Disclaimer of opinion - significant deficiencies exist
The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the
Human resources function from the controllership function
Which of the following statements is NOT true with respect to the auditors' report on internal control over financial reporting?
a. The report will be dated as of the date of the financial statements
b. The report will express an opinion on the effectiveness of internal control over financial reporting.
c. The auditor will issue an adverse opinion if one or more material weaknesses exist.
d. The report may be presented with the report on the entity's financial statements as a combined report.
a. The report will be dated as of the date of the financial statements
If the auditors encounter a significant scope limitation in evaluating a public company's internal control over financial reporting, which of the following types of opinions on the effectiveness of the company's internal control over financial reporting would be appropriate?
Disclaimer of opinion
Which of the following information would be included in the introductory paragraph of the auditor's report on ICOFR if the report is presented separately from the auditor's report on the entity's financial statements?
Statements identifying the responsibility of the auditors and management for IFOCR
If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must
Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance
When testing a control activity's operating effectiveness, procedures the auditor performs to test operating effectiveness would likely include
Inquiry of appropriate personnel

AND

Reperformance of the control activity
Matters that could affect the necessary extent of testing for a control activity as it related to the degree of auditor reliance on a control activity would NOT include the following:
The length of time that the auditor is planning to rely on the operating efficiency of the control activity
The auditor should assess control risk for each relevant assertion by evaluating the evidence obtained from all sources, including
The auditor's testing of controls for the audit of internal control on a public company

and

Misstatements detected during the financial statement audit

and

Any control deficiencies identified during the audit
Once the auditor detects a control deficiency, which of the following steps must he or she take first?
Evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion.
THIS SET IS OFTEN IN FOLDERS WITH...