Internal Control Ivory Book Tidrick

Question 1

What is internal control?

Answer 1

A process- effected by an entity’s board of directors, management, and other personnel- designed to provide reasonable assurance regarding the achievement of objectives in the following categories

1. reliability of financial reporting
2. Effectiveness and efficiency of operations
3. compliance with applicable laws and regulations.

Question 2

Who is responsible for the design, implementation and maintenance of internal controls?

Answer 2

management

Question 3

What is the auditor’s responsibility in regards to internal control?

Answer 3

the auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the FSs whether due to fraud or error, and to design the nature, timing and extent of further audit procedures.

Question 4

The auditor should obtain an initial understanding of the ICs relevant to the entity’s financial statements, that’s primarily done through:

Answer 4

Inquiry of management
Observation of the entity’s accounting related activities
Review of documentation.

Question 5

How is documenting the auditor’s understanding of internal controls done?

Answer 5

Preparing flowcharts of major transaction cycles
Interviewing the entity’s personnel using standardized internal control questionnaires
Preparing narrative write ups regarding internal control

Question 6

does the extensiveness of the auditor’s review on Internal controls vary?

Answer 6

The extensiveness of the auditor’s review and documentation varies with the circumstances. For example, the emphasis on understanding internal controls increases if reliance on internal control is planned.

Question 7

What are flowcharts?

Answer 7

A graphical depiction of the client’s accounting systems for major categories of transactions.

Question 8

What are internal control questionnaires?

Answer 8

Questionnaires consisting of a list of questions about an entity’s control procedures and activities. A “no” answer is usually designed to indicate a control deficiency.

Question 9

What are narrative write ups?

Answer 9

A written memo describing the important control related activities in the transaction cycles under consideration.

Question 10

There are 2 reasons why the auditor might “assess control risk at the max level”, which means the same thing as adopting a wholly substantive audit approach with no reliance on IC:

Answer 10

the auditor may perceive the relevant ICs to be ineffective or
Even if the controls are viewed as effective, a reliance audit approach may be less efficient than a wholly substantive audit approach. Test of control would not be performed when the auditor has chosen a wholly substantive audit approach.

Question 11

What is the required documentation of internal control?

Answer 11

The auditor should document the basis for the auditor’s conclusions about internal control either way, whether IC is received to be effective or ineffective.

Question 12

The auditor should perform tests of controls to evaluate the operating effectiveness of relevant controls under either of two circumstances:

Answer 12

When the assessment of risks of material misstatement at the relevant assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls.
When the auditor’s substantive procedures alone cannot provide sufficient appropriate audit evidence at the relevant assertion level.

Question 13

The purpose of performing tests of control is to verity that:

Answer 13

the controls that looked good on paper, known as design effectiveness, were actually working as intended through the period, known as operating effectiveness.

Question 14

Re-evaluation phase, after performing the tests of controls, the auditor should decide whether the results of the tests of controls are:

Answer 14

consistent with the planned reliance on Internal controls. Sometimes ICs that look good on paper may not actually be working as intended. In such a case, the auditor should reconsider whether a reliance audit approach is appropriate.

Question 15

Design audit plan phase:

Answer 15

The auditor should prepare a required written audit plan (also referred to as an audit “program”) that specifies the nature, timing, and extent of “further audit procedures” to be performed.

Question 16

What are the 3 categories of audit procedures?

Answer 16

Risk assessment procedures
Tests of controls
Substantive procedures

Question 17

What does a wholly substantive audit approach mean?

Answer 17

no reliance on IC (same as assessing control risk at the max level). in other words, the auditor plans to meet the audit risk objectives by performing only substantive audit procedures without any expectation about the operating effectiveness of IC. In this case, tests of control would not be performed.

Question 18

True or False: the cost of ICs should not outweigh the benefits attributable to those controls.

Answer 18

True

Question 19

What is collusion

Answer 19

A conspiracy among employees or management to circumvent internal controls.

Question 20

Segregation of duties may break down due to:

Answer 20

collusion or

management’s override of controls.

Question 21

What are the auditors risk assessment procedures?

Answer 21

Inquiries of management and other
Observation and inspection
Analytical procedures
Review information 
Discussion among audit team members

Question 22

the auditor’s responsibility to obtain an understanding of the entity and its environment focuses on understanding the following:

Answer 22

Industry, regulatory, and other external factors,
Nature of the entity
Objectives and strategies and related business risks that may cause misstatement of the financial statements.
Measurement and review of the entity’s financial performance
Internal control

Question 23

What are the 5 interrelated components of internal control?
CRIME

Answer 23

Control activities
Risk assessment
Information and communication systems 
Monitoring
Control Environment

Question 24

What is control environment consisted of? (The tone at the top) CHOPPER

Answer 24

Commitment to competence
Human resource policies and practices
Organizational structure
Participation of those charged with governance
Philosophy of management and operating style
Ethical values and integrity
Responsibility assesment

Question 25

What is the Risk assessment component?

Answer 25

The policies and procedures involving the identification, prioritization, and analysis of relevant risks as a basis for managing those risks.Factors such as:
Changes in operating environment
New personnel
New or revamped info systems
Rapid growth
New technology 
New lines of business, products or activities
Corporate restructurings
Foreign operations
Accounting pronouncements.

Question 26

What is Control activities?

PIPS ARCC

Answer 26

Policies and procedures that help ensure that management directives are carried out: 
Performance review 
Information processing
Physical controls
Segregation of duties which consists of 
Authorization of transactions
Recording (posting) of transactions
Custody of assets 
Comparisons

Question 27

What is Information and communication?

Answer 27

Refers to the ID, retention, and transfer of info in a timely manner allowing personnel to perform their responsibilities.
Info system: consists of the methods and records used to record, process, summarize and report Co.’s transactions and to maintain accountability for the related accounts.
Communication: Involves establishing individual duties and responsibilities relating to internal control and making them known to involved personnel.

Question 28

What is monitoring?

Answer 28

An important management responsibility is to establish and maintain internal control. Management monitors controls to consider whether they are operating as intended and that they are modified as appropriate for changes in conditions. Monitoring is a process that assesses the quality of internal control performance over time.

Question 29

At what levels should the auditor identify and assess the risks of material misstatement?

Answer 29

At the overall financial statement lever and

At the relevant assertion level related to classes of transactions, account balances, and disclosures.

Question 30

How frequently must an auditor test operating effectiveness of controls that appear to function as they have in past years and on which the auditor wishes to rely in the current year?

Answer 30

At least every third audit.

Question 31

What is auditor’s objective in regards to communication IC?

Answer 31

The auditor’s objective is to appropriately communicate to those charged with governance and management deficiencies in IC that the auditor has identified that are important enough to warrant attention.

Question 32

What is a significant deficiency?

Answer 32

A deficiency (or combination of deficiencies) in internal control that is less severe than a material weakness, yet important enough to merit attention to those charged with governance.

Question 33

What is material weakness?

Answer 33

A deficiency (a combination of deficiencies) in internal control such that there is a reasonable possibility that a material misstatement of the entity’s FSs will not be prevented or detected and corrected on a timely basis.

Question 34

What are specific indicators of material weaknesses?

Answer 34

Identification of any fraud involving senior management (whether or not material)
Restatement of previously issued FSs to correct a material misstatement due to error or fraud
Identification of a material misstatement in the FSs by the auditor that would not have been identified by the entity’s IC
Ineffective oversight of the entity’s financial reporting and IC by those charged with governance.

Question 35

Communicating identified control deficiencies- the auditor should appropriately communicate any significant deficiencies and material weakness identified in the audit to:

Answer 35

management and those charged with governance IN WRITING

Question 36

By what date should the auditor communicate the material weaknesses and significant deficiencies?

Answer 36

The required communication is best made by the “report release date” and should be made no later than the “documentation completion date” . AICPA defines the documentation completion date as 60 days following the report release date.

Question 37

Are all material weaknesses a significant deficiencies?

Answer 37

YES, All material weaknesses are significant deficiencies.

Question 38

What is an internal audit function?

Answer 38

A function of an entity that performs assurance and consulting activities designed to evaluate and improve the effectiveness of the entity’s governance, risk management, and internal control.

Question 39

What are the 2 ways that the external auditor may use the work of an internal audit function>?

Answer 39

1) obtain audit evidence that modifies the nature, timing, or extent of audit procedures to be performed by the external auditor
2) provide direct assistance to the external auditor under the external auditor’s direction, supervision, and review.

Question 40

What are the 3 necessary conditions before the external auditor may use the internal audit function to obtain audit evidence?

Answer 40

Competence
Objectivity
Systematic and disciplined approach

Question 41

What is competence?

Answer 41

Competence- The internal auditors must be competent (related to their education, experience, certification) to perform reliable work.

Question 42

What is objectivity?

Answer 42

Objectivity-the internal audit function’s organizational status and relevant policies and procedures must support the objectivity of the internal auditors.

Question 43

What is systematic and disciplined approach?

Answer 43

Systematic and disciplined approach-The internal audit function must apply a “systematic and disciplined approach, including quality control.” The external auditor should not rely on “internal audit-like” work that is conducted in an informal, unstructured, or ad hoc way. however the degree of formality and structure may vary with the nature, size, and complexity of the entity involved.

Question 44

When the external auditor plans to use the work of the internal audit function, he must?

Answer 44

Communicate that with those charged with governance.

Question 45

When the internal auditor provides direct assistance to the external auditor, the internal auditor is under external auditor’s:

Answer 45

Direction, supervision, and review.

Question 46

What is the auditor’s responsibility when an audit entity has outsourced some of their transaction processing to an outside service organization?

Answer 46

The auditor is responsible for obtaining an understanding of ICs relevant to the entity’s FSs for purposes of assessing the risks of material misstatement whether those controls are located within the client entity ro within the service organization. Accordingly, the auditor may need to visit the service organization to interview personnel there for the purpose of obtaining the required understanding. Alternatively, the auditor may be able to obtain that required understanding of those relevant controls by reading a service auditor’s report on IC at the service organization.

Question 47

The standard states that the user auditor’s objectives, when the user entity uses the services of a service organization are to

Answer 47

Obtain an understanding of the nature and significance of the services provided and their effect on the user entity’s IC relevant to the audit sufficient to assess the risks of material misstatement
Design and perform audit procedures that are responsive to those risks.

Question 48

What is a user auditor and service auditor?

Answer 48

User auditor-an auditor who audits and report on the FSs of a user entity.
Service auditor- a practitioner who reports on controls at a service organization.

Question 49

What is Service organization and user entity?

Answer 49

Service organization- An organization or segment of an organization that provides services to user entities that are relevant to those user entities’ IC over financial reporting.
User entity- An entity that uses a service organization and whose FSs are being audited.

Question 50

If the user auditor is unable to obtain a sufficient understanding from the user entity- the user auditor should obtain that understanding by one of the following:

Answer 50

Type1 report- report on management’s description of a service organization’s system and the suitability of the DESIGN of controls.
Type 2 report- Report on management’s description of a service organization’s system and the suitability of the DESIGN and OPERATING effectiveness of controls.

Question 51

What is an integrated audit?

Answer 51

Integrated audit is an audit of Internal control and financial statements

Question 52

What are the elements of SCARE that are used in the transaction cycles?

Answer 52

Segregation of duties- avoid incompatible functions
Controls (physical controls)-safeguarding assets and documents
Authorization-transactions should be executed as authorized by mgmt
Review (Performance Reviews)-appropriate comparisons should be made
EDP/IT (Info processing)-

Question 53

In the payroll department, the followign activities should be performed by different personnel when circumstances permit:

Answer 53

Establishing and maintaining employee files in the personnel department
Timekeeping
Payroll preparation
Check distribution
Reconciling the payroll bank account with the general ledge.

Question 54

Who shoudl sign the payroll checks?

Answer 54

The treasurer.

Question 55

What should be done with unclaimed checks?

Answer 55

Checks should be returned to treasury, secured, and eventually destroyed if not claimed within an appropriate time.