Chapter 5, Part II Risk Assessment: Internal Control Evaluation

What are internal controls?

Procedures established by an entity to “get it right” when processing transactions, reports, and disclosures

An invoice for inventory purchased and received was not sent by the vendor. Consequently, a journal entry was not made to reflect this purchase. assertion?

Completeness

Your client holds inventory on consignment for another company. The consigned inventory is included in the client’s inventory balance. Assertion?

Rights 

Management doesn’t show a current portion of long-term debt on the financial statements, even though the amount is material.Assertion?

Presentation and disclosure

Management determines that several recorded accounts receivable will not be collected.Assertion?

Valuation

Inventory for sales occurring at the end of the year is moved to a separate part of the warehouse where inventory is stored waiting for shipment. The company recognizes sales revenue when the goods are moved. Assertion?

Occurrence

A competitor has introduced a new product that is half the price of one of your client’s products. Assertion?

Valuation (concerned about buying something)

The accounts receivable clerk mistakenly records a sale to one of the company’s customers as $21,000 instead of $12,000 assertion?

Existence and occurrence

The cost accountant undercalculated direct labor costs. Consequently, the manufactured inventory balance did not include enough direct labor costs. assertion?

Allocation

Who tests internal controls?

Auditors test internal controls to remain independent, but they cannot design them.

What does control testing encompass?

The entity’s control environment, IT architecture, people, and processes.

What are the two audit strategies for addressing internal controls?

Reliance strategy and substantive strategy.

Which audit strategy generally is the most efficient?

Reliance strategy.

What does the substantive strategy focus on?

Substantive testing such as analytical procedures and tests of details, without testing controls.

What are preventive controls?

Controls that prevent misstatements due to error or fraud from being processed or recorded.

What are detective and corrective controls?

Controls that identify misstatements after processing and require procedures to correct them.

What is an example of a preventive control?

Segregation of duties, such as requiring IT manager approval before ordering a computer.

What is an example of a detective control? (catches mistakes or fraud after they happen)

An accounting clerk performing monthly bank reconciliations.(cbfnj)

What are the three ways internal controls operate?

Manual, automated, and IT-dependent manual controls.

What are manual controls?

Controls performed entirely by people.

What are automated controls?

Controls performed by computer applications without human involvement.

What are IT-dependent manual controls?

Controls partially performed by computer applications but requiring user input.

What is an example of a manual control?

A credit manager establishing a credit limit for a customer.

What is an example of an automated control?

A system automatically performing a three-way match for purchases

What is an example of an IT-dependent manual control?

Management establishing reserves or budgets and reviewing them.

What is the top-down, risk-based audit approach?

An approach where auditors test the design and operating effectiveness of controls for significant accounts and disclosures.

What are the two steps in testing control design?

Determining whether controls are in place and then testing operating effectiveness.

What do auditors evaluate when understanding processes?

Classes of transactions and procedures used from origination to reporting.

What are the three types of transactions within processes?

Routine, nonroutine, and those requiring estimates.

What are examples of classes of transactions?

Sales transactions and purchase transactions.

What are the five stages in the sales process auditors must understand?

Initiated, authorized, processed, recorded, and reported.

What is a walk-through?

A procedure confirming the auditor’s understanding and documentation of internal controls.

When are walk-throughs performed?

At an interim date, before substantive testing begins.

What do walk-throughs confirm?

That processes are designed, implemented, and documented correctly.

What are the four procedures used to test controls?

Inquiry, observation, inspection, and reperformance.

Why is inquiry alone not sufficient for testing controls?

Because it does not provide enough audit evidence of effectiveness.

What factors influence the extent of control testing?

Importance of the control, risk mitigated, and frequency of the control.

(Extent depends on Importance, Risk, and Repeats.)

What type of tests are control tests considered?

Attribute tests, typically pass/fail evaluations.

What do the attributes of a control address?

Who, what, where, when, why, and how the control functions.