Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

auditing > Unit 6 - Client's System of Internal Controls > Flashcards

Unit 6 - Client's System of Internal Controls Flashcards

1
Q

What is the most commonly accepted global framework?

A

Internal Control - Integrated Framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)

This framework enables organizations to effectively and efficiently develop systems of internal control. It also provides a common framework for users to understand audits of internal control over financial reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three dimensions of the COSO framework?

A

Objectives of internal control

Components of internal control

How these objectives and components fit into an organizational structure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the three objectives of internal control as defined in the COSO framework?

A

Operations objectives - these pertain to the effectiveness an efficiency of the entity’s operations, including operational and financial performance goals, and safeguarding assets against loss

Reporting objectives - these pertain to internal and external financial and nonfinancial reporting and may encompass reliability, timeliness, transparency, or other terms as set forth by regulators, recognized standard setters, or the entity’s polices

Compliance objectives - these pertain to adherence to laws and regulations to which the entity is subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the five integrated components of internal control as defined in the COSO framework?

A

Control environment
Risk assessment
Control activities
Information and communication
Monitoring activities

Auditors are expected to gain an understanding and document their understanding of each of these five components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define entity-level controls

A

The client’s control environment, risk assessment process, information system, control activities, and monitoring of controls that exist at the organizational level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define the control environment

A

The attitudes, awareness, and actions of management and those charged with governance concerning the entity’s internal control and its importance in the entity.

Policies and procedures to establish the overall control consciousness of the organization (the “tone at the top”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define an entity’s risk assessment process

A

The entity’s process for identifying and responding to risks that an organization will not achieve its objectives.

Policies and procedures to identify and analyze relevant risks & prioritize them so they can be effectively managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define control activities

A

Policies and procedures to provide reasonable assurance that management’s specific objectives will be achieved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the five points of emphasis with respect to control activities? (“SCARE”)

A

Segregation of duties (or separation of duties)

Controls (physical controls)

Authorization

Review (performance review)

EDP/IT (information processing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the three functions that must be separated - “segregation of duties”

A

Authorization/Execution

Access (Custody)

Accounting (Record-keeping)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define information & communication as one of the components of internal control.

A

Policies and procedures to identify, capture, & exchange relevant information in a form and time frame that enables personnel to meet their responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define monitoring as one of the components of internal control.

A

Policies and procedures to assess the effectiveness of internal controls over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the AICPA Professional Standards emphasize? (4)

A

Risk assessment procedures

Understanding the entity and its environment (including internal control)

Assessing the risks of material misstatement (and addressing “significant risks” at the F/S level & relevant assertion levels)

Documentation requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define risk assessment procedures as emphasized by the AICPA Professional Standards. Include the 5 types of procedures performed.

A

To obtain an understanding of the entity and its environment to assess RMM

  1. Inquiries of management and others
  2. Observation and inspection of documents, etc
  3. Analytical procedures performed in planning
  4. Review of information obtained in prior periods
  5. Discussion among audit team members about the risks of material misstatement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define significant risks as emphasized by the AICPA Professional Standards.

A

An identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit consideration.

Consider whether the matter is a fraud risk, results from the complexity of transactions, pertains to related parties, involves subjective measurements, transactions are “unusual”, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

As emphasized by the AICPA Professional Standards, understanding the entity and its environment consists of understanding the following: (5)

A
  1. Industry, regulatory, and other external factors
  2. Nature of the entity (operations, ownership, etc.)
  3. Objectives and strategies and related business risks that may cause material misstatements
  4. Measurement and review of the entity’s financial performance measures - these factors might increase the risks of material misstatement
  5. Internal controls relevant to the audit
17
Q

What are the documentation requirements emphasized by the AICPA Professional Standards? (4)

A
  1. Discussion among audit team about RMM and the applicable financial reporting framework [including any decisions reached, who participated, how and when the discussion(s) occurred]
  2. Key elements of the understanding obtained about the entity, its environment, and I/C (including risk assessment procedures performed)
  3. Assessment of the RMM (at F/S level and at relevant assertion level) and the basis for the assessment
  4. Identified significant risks and the related controls for which the auditor obtained an understanding
18
Q

What is the auditor required to communicate regarding internal control matters identified in an audit?

A

Basic responsibility - the auditor must communicate any identified

MATERIAL WEAKNESSES and SIGNIFICANT DEFICIENCIES

either in the design or operation of internal control

19
Q

What form of communication is required by the auditor for significant deficiencies and material weaknesses identified in internal controls in an audit?

A

Identified significant deficiencies and material weaknesses MUST BE COMMUNICATED IN WRITING to management and those charged with governance (including such matters communicated verbally earlier in the audit.

20
Q

What form of communication is required by the auditor for lesser matters identified in internal controls in an audit?

A

Lesser matters may be communicated EITHER IN WRITING OR VERBALLY.

(the auditor should document any such verbal communications)

21
Q

What are the timing requirements for communicating internal control matters identified in an audit?

A

No later than 60 days following the “report release date”

(sooner is preferred)

22
Q

Internal control is defined as:

A

a process designed to provide REASONABLE ASSURANCE regarding the achievement of the objectives related to OPERATIONS, REPORTING, AND COMPLIANCE.

23
Q

What are common categories of control activities? (5)

A

Authorization controls, performance reviews, information-processing controls, physical controls, and segregation of duties

24
Q

Upon consideration of a client’s system of internal control, when an auditor identifies areas with weaknesses, _______.

A

increased substantive testing in this area will be appropriate to reach the desired level of assurance

25
Q

Which process is established after an organization consults with select stakeholders to provide reasonable assurance regarding operation, reporting, and compliance objectives?

a) COSO framework

b) Risk assessment

c) Communications monitoring

d) Internal control

A

d) Internal control

The process of internal control is affected by an organization’s stakeholders, such as the board of directors or other employees. It provides reasonable assurance regarding operation, reporting, and compliance objectives.

auditing (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions