Assessing Control Risk under AIPCA Standards

Question 1

Internal control consists of 5 interrelated components, what are they? COSO Cube

Answer 1

1) Control environment
2) Risk assessment
3) Information and communication systems
4) Control Activities
5) Monitoring

Question 2

What is the control environment?

Answer 2

Policies and procedures to establish the overall control consciousness of the organization (the tone at the top)

Question 3

What are the 7 specific elements for the control environment component?

Answer 3

1) Communication/enforcement of ethical values
2) Commitment to competence
3) Participation by those charged with governance
4) Management’s philosophy and operating style
5) Organization structure
6) Assignment of authority & responsibility
7) Human resource policies and practices

Question 4

What is risk assessment?

Answer 4

policies and procedures to identify and analyze relevant risks & prioritize them so they can be effectively managed

Question 5

What are control actives?

Answer 5

policies and procedures to provide reasonable assurance that managements specific objectives will be achieved

Question 6

Memory aid “SCARE”- for control activities:

Answer 6

S:  Segregation of duties 
C: Controls (for physical controls) 
A: Authorization (specific authorization of transactions) 
R: Review (performance review) 
E: EDP/IT (for information processing)

Question 7

What is segregation of duties? What are the three components?

Answer 7

Authorization (execution)
Access (Custody)
Accounting (Record-keeping)

Question 8

Define: Information and Communication component of internal controls:

Answer 8

Policies and procedures to identify, capture, and exchange relevant information in a form and time frame that enables personnel to meet their responsibilities

Question 9

Define mentoring:

Answer 9

I/C is not a one-time activity. Policies should be looked at over time to make sure they are still effective.

Question 10

What are risk assessment procedures that can be followed to to obtain an understanding of the entity and its environment (including internal controls)

Answer 10

Procedures:

1) Inquiries of management
2) observation and inspection of documentation
3) Analytical procedures performed in planning
4) Review of information obtained in prior periods
5) Discussion amount key audit team members about risk of material misstatements including material fraud.

Question 11

When you find a significant risk what should you do?

Answer 11

obtain an understanding of relevant controls and if the control mitigates any risk

Question 12

What are you required to document?

Answer 12

1) Discussion among audit team members and applicable financial reporting framework. Any decisions, who participated.
2) Key elements of the understanding obtained about the entity, it’s environment, and I/C
3) Assessment of the RMM
4) Identified significant risks and related controls for which the auditor obtained an understanding