AUDTHEO 3

What are the benefits of effective internal controls?

more reliable information, reduces possibility of errors and fraud, less substantive procedures

What is the objective of understanding internal controls regarding misstatements?

To identify types of potential misstatements in the financial statements

What is the objective of understanding internal controls regarding risk?

To identify factors that affect the risk of material misstatement

What is the objective of understanding internal controls regarding audit procedures?

To design the nature, timing, and extent of audit procedures

What are internal controls?

Policies and procedures established to provide reasonable assurance that specific entity objectives will be achieved.

Who is responsible for internal controls?

design, implementation, and maintenance

What are policies and procedures considered as?

a process, a means to an end

What does reasonable assurance recognize?

inherent limitations exist

What are the three objectives of internal controls?

Reliability of financial reporting; Efficiency and effectiveness of operations; Compliance with laws and regulations

What does reliability of financial reporting require?

management has the legal and professional obligation to ensure that the information is fairly presented in accordance to GAAP/financial accounting standards

What is the main focus of auditors regarding controls?

controls over the completeness and accuracy of information

What type of control relates to safeguarding assets?

Internal control over the safeguard of assets

What does efficiency and effectiveness of operations mean?

effective and efficient use of company resources in the achievement of its goal

What does compliance with laws and regulations ensure?

Compliance with laws and regulations

What is management responsible for regarding misstatements?

To prevent, detect, and correct material misstatements in the financial statements

What is the proper sequence of transactions?

initiated, authorized, recorded, processed, and reported

Why are internal controls tested for operating effectiveness?

if operating as designed, and take necessary corrective actions

Why must auditors obtain an understanding of internal controls?

To obtain an understanding of internal controls

When may auditors test internal controls?

To test/evaluate internal controls over financial reporting (optional)

Why is emphasis placed on controls over classes of transactions?

because the accuracy of account balances depends on the accuracy of input and processing

What inherent limitation of internal control involves cost?

benefit received should be higher/more valuable than the cost

Why are controls directed at anticipated transactions?

Controls are directed at anticipated type of transactions and not on unusual transactions

What limitation of internal control involves employees working together?

Possibility of collusion among employees

What limitation of internal control involves management authority?

Possibility of management override of controls

What limitation of internal control involves changes over time?

Possibility of inadequacy of controls due to changes

What limitation of internal control involves mistakes?

Human error

What are the components of internal control (CRIME)?

Control Environment, Risk assessment process, Information system and communication, Monitoring of controls, Control activities

What is the control environment?

It is the foundation for all other components of internal control

What elements make up the control environment (CHAMPOI)?

Communication and enforcement of integrity and ethical values; Commitment to competence; Participation by those charged with governance; Management philosophy and operating style; Organizational structure; Assignment of authority and responsibilities; HR policies and practices

What does communication and enforcement of integrity and ethical values include?

includes management actions to remove or reduce incentives and temptations that might prompt personnel to engage in dishonest, illegal, or unethical acts

How are integrity and ethical values communicated through direction?

mission and vision

How are integrity and ethical values communicated formally?

code of conduct

How are integrity and ethical values communicated through actions?

dealings with employees, customer and suppliers; actions by management and those charged with governance

What shows commitment to competence?

through specific job description for each position or task

What is the responsibility of the board of directors?

responsible to make sure that management implements proper internal control and financial reporting process

Why must the board of directors be independent?

must be independent from management

How do active and objective board members affect controls?

active and objective BODs will reduce the likelihood of management override of controls

Who creates the audit committee?

created by BOD

What does the audit committee oversee?

oversees accounting and financial reporting policies

What does the audit committee facilitate regarding auditors?

effective communication between internal and external auditor

Why must the audit committee be independent?

Independent from management

What does management philosophy and operating style refer to?

management’s approach in taking and managing business risk and attitude towards financial reporting, information processing, and accounting function

What is an organizational structure?

framework for planning, executing, controlling, and monitoring the entity’s operation

What does assignment of authority and responsibilities describe?

How authority and responsibility for operating activities are assigned

What does assignment of reporting relationships involve?

How reporting relationships and authorization hierarchies are established

What do HR policies and practices cover?

method by which personnel are hired, evaluated, trained, promoted, compensated, and given remedial actions

Where do business risks arise from?

Business risk arises from internal and external sources

What changes may cause business risks?

change in operating environment, new personnel, additional products, expansion of operations

What is involved in assessing business risk?

Estimate the impact of risk

What is involved in assessing likelihood of risk?

Assess the likelihood of the risk reoccurring

How does management respond to business risk?

Development of specific actions to reduce risk to an acceptable level

What is an example of a risk management response?

Hedging transactions

What are the components of an information system?

People, Input or data, Infrastructure, Software, Output

What does the information system pertain to?

Pertains to the initiation, recording, processing, and reporting the entity’s transaction

What does communication refer to in internal control?

How the entity communicates the financial reporting roles and responsibilities

What are examples of communication methods?

policy manuals, memo, bulletin board posts

What is monitoring of controls?

Assessment of the quality of performance of internal controls

What is ongoing monitoring?

Routinary; automated mechanism that provide real time feedback to management

Who performs ongoing monitoring?

persons within the same line function

What is separate evaluation?

Periodic review of selected controls

Who performs separate evaluations?

internal auditors, audit committee, or external auditors

What is the relationship between ongoing monitoring and separate evaluation?

The more effective the ongoing monitoring, the less the need for separate evaluation

What are control activities?

Policies and procedures that ensure management directives are carried out

Why are performance reviews needed?

Needed since internal controls tend to change overtime

What is general authorization?

established policies for routine transactions

What is specific authorization?

applies to nonrecurring/unusual/infrequent transactions

What are physical controls?

Safeguarding of assets and records/documents

What are the functions involved in segregation of duties?

Custody, Authorization, Recording, Execution

What is the objective of information processing controls?

To check the accuracy, completeness and authorization of transactions

What are general IT controls?

Policies and procedures that relate to ALL areas of electronic Data Processing

What are application controls?

Policies and procedures that relate to SPECIFIC accounting applications

What is the purpose of obtaining an understanding of internal controls?

Perform a Preliminary Review

What are the modes of documenting internal controls?

Narrative, Internal Control Questionnaire, and Flowchart

What is a narrative description of internal control?

Simple system; Control is more understandable for the auditor

What are the disadvantages of narrative documentation?

Cannot be used for complex system; Time consuming

What is an internal control questionnaire (ICQ)?

Series of questions answerable by ‘yes’ or ‘no’

What are the advantages of using an ICQ?

Easy to accomplish; Weaknesses can easily be detected by a ‘no’ answer

What are the disadvantages of using an ICQ?

Answers may be given without further thinking; ‘N/A’ answer

What is a flowchart in internal control documentation?

A graphic display of transactions and events

What are the advantages of flowcharts?

Provides a concise overview of the system; Easily understandable

What are the disadvantages of flowcharts?

Time consuming

What is walkthrough testing?

Tracing of a process from initiation through the entire accounting process

When is control risk considered at maximum?

No reliance approach

When is control risk considered below maximum?

Reliance approach

What are tests of controls?

Inquiry, Observation, Inspection, Reperformance

What is substantive testing?

Gathering sufficient appropriate evidence as basis for opinion

What financial statements make up a complete set?

SFP, SCI, SCE, SCF, Notes

What is a misstatement?

Difference in the amount, classification, presentation or disclosure necessary for fair presentation

Why is fraud harder to detect than error?

because this is done intentionally

What are the three elements of the fraud triangle?

Incentive or Pressure to Commit Fraud; Perceived Opportunity; Rationalization/Justification

What is an error?

Unintentional

What document supports auditor independence?

Written oath of independence

What is independence of mind?

Able to make decision without being affected by external pressures or threats

What is independence in appearance?

Avoid circumstances that make it appear that the auditor is not independent

Who must be independent in an audit engagement?

Audit Team

What is an example of a local audit firm?

SGV

What is an example of a network firm?

Ernst and Young

What is professional skepticism?

With a questioning mind

What should auditors recognize regarding material misstatements?

Recognize circumstances that may exist that cause the FS to be materially misstated