AUDTHEO: Internal Control Consideration

It is a process, effected by those charged with governance, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

* Effectiveness and efficiency of operations
* Reliability of financial reporting
* Compliance with applicable laws and regulations

Internal Control

Which of the following best describes an internal control system?

All the policies and procedures adopted by the management of an entity to assist in achieving management's objective of ensuring, as far as practicable, orderly and efficient conduct of its business, including adherence to management policies; safeguarding of assets; prevention and detection of fraud and error; accuracy and completeness of the accounting records; and timely preparation of reliable financial information.

This is **not** one of the essential concepts of internal controls

It can be expected to absolute assurance regarding that the achievement of the entity’s objectives

A reason to establish internal control is to:

Provide reasonable assurance that the objectives of the organization are achieved

Essential concepts of internal controls:

* It is a process
* It is effected by those charged with governance, management, and other personnel in an entity
* It is a means or tool used by management to achieve the entity’s objectives

A reason to establish internal control is to:

Provide reasonable assurance that the objectives of the organization are achieved

Internal controls are not designed to provide reasonable assurance that _____.

Irregularities will be eliminated

Internal control can only provide reasonable, not absolute, assurance of achieving entity control objectives. One of the factors limiting the likelihood of achieving those objectives is that:

The cost of internal control should not exceed its benefits.

An example of an inherent limitation in a client’s internal control system

In the performance of most control procedures, there are possibilities of errors arising from mistakes in judgment

An internal control system that is working effectively:

Reduces the need for management the review exception reports on a day-to-day basis

This internal component is the foundation for all other components. It set the tone of the organization, provides discipline and structure, and influences the control consciousness of employees.

Control environment

This best describes **“Control environment”**

This includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and its importance to the entity.

Control Environment elements:

* Commitment to competence
* Organizational Structure

An entity’s risk assessment process includes how management:

* Identifies risk
* Assesses significance and likelihood of occurrence of these identified risks
* Decides upon actions to manage these risks

Risks can arise or change due to circumstances such as the following, except:

The accounting and financial reporting framework has remained stable for the past five years, and no new pronouncements have been made.

Under PSA 315, monitoring of controls is an internal control component that involves a process of assessing the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions. Monitoring of controls is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two. An entity's ongoing monitoring activities often include

Reviewing the purchasing account

Control activities constitute one of the five **components of internal control**. Some are:

* Segregation of duties
* Performance reviews
* Authorization

This is not included in the **internal control component**:

An internal audit function

Which of the following is a management control method that __most likely__ could improve management's ability to supervise company activities effectively?

Establishing budgets and forecasts to identify variances from expectations.

PSA 315 requires the auditor to obtain an understanding of the client’s internal controls ____.

For every audit

In planning the audit, the auditor obtains a sufficient understanding of the existing internal control. Which one of the following is not among the auditor's primary objectives for obtaining such knowledge?

Make constructive suggestions to the client for improvement.

The primary purpose of the auditor’s consideration of internal control is to provide a basis for

Determining the nature, timing and extent of audit tests to be applied.

When obtaining knowledge about an entity's internal control, it is important for the auditor to consider the competence of its employees, because their competence bears directly and importantly upon the ____.

Achievement of the objectives of internal control

This statement best describes the phrase, **“evaluating the design of a control”**

Considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements.

When obtaining an understanding of the accounting and internal control system the auditor may trace a few transactions through the accounting system. This technique is:

Walk-through

When obtaining an understanding of an entity’s internal control, an auditor should concentrate on the substance of controls rather than their form because:

Management may establish appropriate controls but not act on them.

After obtaining an understanding of an entity’s internal control structure and assessing control risk, an auditor may next:

Consider whether evidential matter is available to support a further reduction in the assessed level of control risk.

After obtaining an understanding of internal control and assessing control risk, an auditor decided to perform tests of controls. The auditor most likely decided that

It would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.

Tests of controls are used to test whether controls are:

Operating effectively

This is the auditor’s purpose of **further testing internal control** procedures:

Provide a basis for reducing the assessed level of control risk below that which resulted from the auditor’s initial understanding of internal control.

Which of the following procedures __most likely__ would provide an auditor with evidence about whether an entity's internal control activities are suitably designed to prevent or detect material misstatements?

Observing the entity's personnel applying the activities.

In conducting an audit in accordance with PSAs, the auditor is required to identify and assess the risks of material misstatement at the financial statements level, and at the assertion level for classes of transactions, account balances, and disclosure. Some of these risks, in the auditor's judgment, require special audit consideration, such as those that involve fraud or complex transactions. Such risks are called ____

Significant risks

Evidence of the performance of control risk assessment procedures includes the following:

* Flowcharts
* Questionnaires
* Memoranda

Which of the following statements regarding auditor documentation of the client’s internal control structure is %%**correct**%%?

No one particular form of documentation is necessary, and the extent of documentation may vary.

\*When control risk is assessed at HIGH for all financial statements assertions, an auditor should document the auditor’s:

* Understanding of the entity’s internal control structure
* Conclusion that the control risk is **HIGH**

A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective is referred to as:

Compensating control

When a compensating control exists, a __weakness__ in the system:

Is no longer a concern because the potential for misstatement has been sufficiently reduced.

If no changes have occurred since the controls were last tested, a CPA should ___

Test the operating effectiveness of such controls at least once in every third audit