RISK ASSESSMENT AND INTERNAL CONTROL (VOCABULARY FLASHCARDS)

A set of vocabulary flashcards covering key terms and definitions from the Risk Assessment and Internal Control lecture notes.

Audit risk

The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated; a function of the risks of material misstatement and detection risk.

Inherent risk

The susceptibility of an assertion about a class of transactions, account balance, or disclosure to be misstated before considering internal controls.

Control risk

The risk that a misstatement will not be prevented, detected, or corrected on a timely basis by the entity’s internal controls.

Detection risk

The risk that the procedures performed by the auditor to reduce audit risk will not detect a material misstatement.

Risks of material misstatement

The risk that the financial statements are misstated before audit, comprising inherent risk and control risk; detection risk relates to audit procedures.

Risk assessment procedures

Audit procedures (inquiries, analytical procedures, observation, inspection) used to identify and assess risks of material misstatement and to obtain an understanding of the entity and its environment.

Materiality

Misstatements or omissions that, individually or in aggregate, could reasonably be expected to influence the economic decisions of users.

Materiality in planning and performing an audit

Applying materiality in planning and performing the audit to identify significant risks, determine the nature/timing/extent of procedures, and evaluate uncorrected misstatements.

Performance materiality

An amount set below overall materiality to reduce the chance that undetected misstatements exceed materiality for the financial statements as a whole.

Benchmark (materiality benchmark)

A chosen financial metric (e.g., profit before tax, revenue) used as the starting point to determine materiality.

Understanding the entity and its environment (SA 315)

Gaining knowledge of the entity’s industry, regulatory factors, operations, governance, accounting policies, and objectives to identify risks.

Internal control

A process designed, implemented and maintained to provide reasonable assurance about achievement of objectives related to reliability of financial reporting, efficiency/effectiveness of operations, compliance, and safeguarding of assets.

Control environment

The tone at the top: governance/management’s attitude, integrity, competence, and actions that influence control consciousness.

Five components of internal control

Control environment; risk assessment; information system and communication; control activities; monitoring of controls.

Risk assessment process (internal control)

Process of identifying business risks relevant to financial reporting, estimating significance, assessing likelihood, and deciding on actions.

Information system and communication

The classes of transactions significant to the financial statements, processing, records, accounting information, and communication of responsibilities.

Control activities

Policies and procedures that help ensure management directives are carried out (e.g., performance reviews, information processing, physical controls, segregation of duties).

Monitoring of controls

Ongoing activities and separate evaluations to assess the effectiveness of internal control over time.

Limitations of internal control

Even strong controls provide only reasonable assurance; human error, collusion, override, and changes in circumstances can reduce effectiveness.

IT risks in automated environments

Risks arising from the use of IT systems such as data inaccuracy, unauthorized access, data loss, improper changes, and lack of segregation of duties.

General IT controls

Pervasive IT controls over data center operations, program changes, access security, and system development/maintenance.

Application controls

Controls embedded in software applications to ensure data completeness, accuracy and integrity (e.g., edit checks, validations, sequence checks).

IT-dependent controls

Manual controls that rely on IT-generated data or outputs; their effectiveness depends on the reliability of the source data.

Data analytics in audit

Use of data analysis tools (CAATs) to check completeness, sample data, re-perform calculations, analyze journal entries, and support audit conclusions.

Automated environment complexity

A highly automated environment (often with ERP systems) tends to be more complex and requires more extensive audit procedures.

Internal Financial Controls (IFC) per regulatory requirements

Regulatory expectations (e.g., Companies Act 2013) requiring adequate internal controls for reliability of financial reporting, efficiency, compliance, safeguarding, and fraud prevention; includes directors’ and auditors’ responsibilities.