7 Systems and controls Flashcards Preview

F8 Audit and Assurance > 7 Systems and controls > Flashcards

Flashcards in 7 Systems and controls Deck (16):

What is internal controls?

The process designed and effected by the directors and others to enable the achievement of the entity objectives with regard to reliability of financial reporting.


What are the five components for internal control?

1. Control environment
2. Entities risk assessment process
3. Information system relevant to financial reporting
4. Control activities
5. Monitoring of controls


What is the control environment?

Includes the attitude and philosophy of management with regard to control (commitment to integrity and ethical values, a formal organisation structure and proper training of staff)


What is the entities risk assessment process?

A more robust risk assessment process will reduce the risk of misstatement


What is information system relating to financial reporting?

The auditor should obtain an understanding of the information system including the relate business processes relevant to financial reporting


What are the 5 types of control activity?

1. Authorisation
2. Performance reviews
3. Information processing
4. Physical controls
5. Segregation of duties


What does the auditor need to do for internal controls?

Ascertain the system, document the system and evaluate the system.


What does the auditor do to ascertain the system?

Examine previous work
Clients own documentation
Interview client staff
Walkthrough test
Observe procedures


What does the auditor do to document the system?

Narrative notes
Organisation chart
Complete an internal control questionnaire


What does the auditor do to evaluate the system?

Use an internal control evaluation questionnaire


What does ICQ do?

List all possible controls for each area of the accounts; the clients system is examined to see which control exists


What does an internal control evaluation do?

Does not attempt to recored all controls, for each control objective, it asks for the controls which achieve that objective.


What is the auditors duty for external controls?

Assess the effectiveness of internal controls and reporting deficiencies in internal controls to those charge with governance


What does a management letter contain?

Covering letter, appendix


What is included in the covering letter?

Only cover deficiencies identified during the audit work, sole use of the company, no disclosure to third parties and no responsibility assumed to any other parties


What is included in the appendix?

Lists: Deficiencies, consequences, recommendations and space for managements response.