AUD 3 - Internal Control Flashcards Preview

CPA AUDIT > AUD 3 - Internal Control > Flashcards

Flashcards in AUD 3 - Internal Control Deck (38):
1

The Steps in an Audit (7)

  1. Prepare for an audit
  2. Obtain understanding of client, its environment, & its internal controls (must always be documented)
  3. Asses risk of marterial misstatement & determine nature, timing, & extent of further procedures
  4. Perform test of controls
  5. Perform substantive procedures
  6. Formulate an opinion
  7. Issue audit report

2

What is Internal Control & what are the objectives?

(ACE)

An entity's systems & policies designed to enable management to meet its objecteds related to ACE. We want reasonable assurance that I/C are achieving certain objectives:

  • Accurate & reliable financial reporting
  • Compliance with laws & regulations
  • Effectiveness & efficiency of operations

3

What are the 5 elements of Internal Control?

(CRIME)

  1. Control Environment
  2. Risk Assesment
  3. Control Activities
  4. Information & Communication
  5. Monitoring

4

Control Environment

(CHOPPER)

Control Environment - sets the tone of an organization, influencing the control consciousness of its people. It is the foundation of all other components of internal control, providing discipline & structure.

Includes the following (CHOPPER):

  • Commitment to competence - effective ctrl requires sincere interest on part of the employees in performing good work
  • Human resource policies & practices - sound hiring & training policies for employees
  • Organizational structure - a company that operates all over the world has different I/C problems that one operating entirely within a single building
  • Participation of those charged w/ Governance
  • Philosophy of mgmt & operating style
  • Ethical values & integrity
  • Responsibility assignment - the manner in which authority, responsibility & accountability is assigned to different employees determines the controls that will be needed.

5

Risk Assesment

(AIIO)

Risk Assesment - Identification, analysis, & mgmt of risks relevant to the preparation of FS that are fairly presented in conformity w/ GAAP. Risk Assessment includes risks that may affect an entity's ability to properly record, process, summarize, & report financial data. 

 

Risk Assessment procedures includes:

  • Analytical Procedures
  • Inquiries
  • Inspection
  • Observation

6

Control Activities

(PIPS)

(ARCC-S)

Control Activities - Policies & procedures that help insure that management directives are carried out.

  • Performance Reviews (Indicators) - Actual vs. budget FS, P/Y, financial to non-financial
  • Information Processing Ctrls - General vs Application Ctrls
  • Physical Controls - Access to assets
  • Segregation of Duties (ARCC-S)
    • Authorization of transactions
    • Recoding (posting) of transactions
    • Custody of assets (who has access)
    • Comparisons (reported vs. recorded)

7

Information & Communication

The component of I/C that makes certain that mgmt's instructions are communicated & that there is a flow of information in all directions within the entity to enhance the efficiency & effectiveness of operations & ensure the transperency & fairness of financial reporting.

 

Refers to the I.D, retention, & transfer of info in a timely manner allowing personnel to perform their responsibilities.

  • Info System - consists of the methods & records used to record, process, summarize & report a company's transactions & to maintain accountability for the related accounts.
  • Communication - involves establishing idividual duties & responsibilities relating to internal control & making them known to personnel. 

8

Monitoring

The ongoing evaluation of internal controls to make certain that they are effective, functioning as intended, & that they remain relevant.

9

Understanding the Internal Control

(UPDATED)

6 Steps

  1. Obtain an Understanding of the Design of Internal Control by performing Risk Assessment Procedures (CRIME)
    • AIIO
  2. Ducument the understanding of Internal Control
    • FIND
  3. Asses RMM
    • Rely, CR, DR, Sub Testing
  4. Perform Test of Controls (4 Cycles)
    • RIIO
  5. REassess RMM & evaluate Results
  6. Document conclusions & determine the effect on the planned substantive procedures

10

Understanding the Internal Control Structure

Step 1 - Obtain an Understanding the DESIGN of Internal Ctrl

(AIIO)

An auditor obtains an understanding of the Entity & its Environment, and Internal Control through by performing Risk Assessment Procedures which includes: (AIIO)

  • Analytical Procedures
    • Reviewing audit documentations that document the internal control structure of the client in prior years
  • Inquiries (info on design)
    • Asking mgmt to describe the internal controls currently in place
  • Inspection​ (info on design)
    • Examining documents that are used in internal control, such as authorization forms & procedures manual
  • Observation (info on implementation)
    • Watching employees perform their jobs

 

NOTE: The auditor is only trying to determine what controls have been Implemented, and is NOT determining whether the controls have been operating effectively. The latter is only necessary in a FS audit IF the auditor plans to rely on the controls. 

11

Understanding the Internal Control Structure

Step 2 - Document the understanding of I/C

(FIND)

The auditor is REQUIRED to document its understanding of the entity, environment, & internal control

 

The 4 common techniques of documenting the understanding of I/C: (FIND)

  • Flow Charts - Visual depiction of the process
  • Internal Control Questionaire (ICQ) - Yes/No Qs
  • Narrative or Memorandum - Written description of the I/C structure
  • Decision Tables/Trees

 

*Not really tested, just for understanding material***

12

Understanding the Internal Control Structure

Step 3 - Assess RMM (Control Risk)

Intend to Rely?

 

No = RMM (High) > Substantive Approach Audit

 

Yes = RMM (Low) > *Combined Approach Audit

 

*Combined Approach - Test of Controls & Substantive

13

Understanding the Internal Control Structure

Step 4 - Perform Test of Controls (RIIO)

Test of Controls - to test the effectiveness of the I/C design & operation of a control. The auditor should test the operating effectiveness of such controls at least once in every 3 years.

  • Testing the Cycles for ARCCs by doing RIIO

 

​4 Procedures for Testing Controls (RIIO)

  1. Reperformance - Applies ctrl of client
  2. Inspection - Examines ctrl
  3. Inquiry - Asks about ctrl
  4. Observation - Watches client do ctrl (most effective)

14

Understanding the Internal Control Structure

Step 6 - Document Conclusions

 

What 4 things must the Auditor document?

The auditor is REQUIRED to communicate significant deficiencies & material weaknesses to mgmt & those charged w/ governance. The basis for risk assessment must ALWAYS be documented.

 

Auditor needs to document:

  • The assessement of the risk of material misstatement at the FS & relevant assertion levels
  • The basis for that assessment
  • Significant risks identified & related controls evaluated
  • Risk identified & related controls evaluated that requires test of controls to obtain SAAE

15

Inherent Limitations in an Internal Control Environment

(COCO)

  • Collusion (fraud)
  • Override by Management (fraud)
  • Competence - Human error (error)
  • Obsolescence - Cost/Benefit (error)

16

U-PERCV

U-PERCV is management's assertions which are representations made by management in the FS being audited. 

  • Understandability & Classification
  • Presentation & Disclosure
  • Existence or Occurance (Vouching)
    • Records to Source
  • Rights & Obligations
  • Completeness & Cutoff (Tracing)
    • Source to Records
  • Valuation, Allocation & Accuracy

 

**U-PERCV is basically what management is saying that they have in their FS regarding the numbers. 

17

OPERATING CYCLES

Revenue Cycle

Spending Cycle

Personnel & Payroll Cycle

Investing & Financing Cycle

Production & Conversion Cycle

The main point regarding these cycles is the segregation of duties regarding (ARCC) of the business functions & employees.

 

Revenue Cycle (Sales Revenue/ A.R. / Cash Receipts) - A set of procedures that are followed by a business entity in generating sales, earning revenues, billing customers, and collecting & depositing cash receipts.

Spending Cycle (Purchases / A.P. / Cash Disbursement) - Deals with ordering, receiving, & paying for goods & services including purchases of inventory on account & cash disbursements.

Personnel & Payroll Cycle - Deals with the hiring/termination of employees, paying, & administering change in pay rates.

Investing & Financial Cycle - Deals with transactions involving aquisition & disposal of assets other than inventory & transactions with creditors & shareholders.

Production & Conversion Cycle - Deals with manufacturing operations & converting raw materials into finished goods.

18

Revenue Cycle - Specific Employees

Sales Clerk

Credit Manager

Warehouse Clerk

Shipping Clerk

Billing Clerk

Receivables Clerk

General Ledger Bookkeeper

Mail Room Clerk / Receptionist

Cashier

Cash Receipts Clerk

Receiving Clerk

Treasurer

Controller / Internal Auditor

Sales Clerk - accepts orders/PO from customers & prepapares a written sales order (Recording)

Credit Manager - approves customer credit on orders (Authorization)

Warehouse Clerk - holds goods in inventory awaiting requests for shipment (Custody)

Shipping Clerk - Removes items from inventory to ship to customers (Custody)

Billing Clerk - prepares sales invoices to send to customer (Recording)

Receivables Clerk - posts sales & collections to individual customer accounts based on sales invoices & remittances [posts A/R balance] (Recording)

General Ledger Bookkeeper - posts journal entries for sales & collections (Recording)

Mail Room Clerk / Receptionist - opens mail, prepapres remittance listing of checks, directs to appropriate places (Custody)

Cashier - receives checks, prepares deposit slip, & deposits funds at the bank (Custody)

Cash Receipts Clerk - receives remittance listing & posts to cash receipts journal [posts credit to A/R balance] (Recording)

Receiving Clerk - receives all goods that are being returned and returns them to inventory (Custody)

Treasurer - approves credit memos for returns & write-offs of uncollectible accounts (Authorization)

Controller / Internal Auditor - prepares bank reconciliations & analyses of past-due accounts (Comparison)

19

Revenue Cycle - Key Documents

Sales Order

Bill of Lading

Sales Invoice

Sales Register (Journal)

Subsidiary Receivables Ledger

Remittance Advice

Remittance Listing

Cash Receipts Journal

Deposit Slip

Bank Reconciliation

Sales Order - the list of the goods ordered by the customer (created by the sales clerk from a customer's PO) along with the prices to be charged. Usually pre-numbered.

Bill of Lading - the shipping document that is signed by the carrier (usually a trucker) accepting goods from the shipping clerk (prepared by the shipping dept).

Sales Invoice - bill prepared that is sent to the customer after shipment. Before doing so, billing clerk should compare sales order & bill of lading.

Sales Register (Journal) - a book in which sales invoice information is posted.

Subsidiary Receivables Ledger - lists of outstanding A/R with a separate record for each customer.

Remittance Advice - the document included in an envelope with the check to indicate the purpose of the check.

Remittance Listing - a summary of the money received that day. Prepared by the employee first receiving the cash, usually the mail room clerk.

Cash Receipts Journal - a book in which remittance listings are posted.

Deposit Slip - the document signed or stamped by the bank to acknowledge receipt/deposit of checks.

Bank Reconciliation - comparison of book to physical.

20

Revenue Cycle

U-PERCV

  • Understandability & Classification - transactions & events have been recorded in the proper accounts & information is presented & described clearly.
  • Presentation & Disclosure - mgmt asserts that all sales to employees have been properly identified in the statements & notes as related party transactions. The auditor may review sales invoices for specific sales to employees & then trace these invoices to GL to see if they are posted to the "due from employees" account. 
  • Existence or Occurance (Vouching) - mgmt asserts that all sales have been recorded. Auditor may select a sales invoice & vouch from the sales invoice to the bill of lading in order to ensure that items billed to customers were based on actual shipments. 
  • Rights & Obligations - mgmt asserts that the right to collect receivables. An auditor can vouch from posings in the subsidiary receivables ledger for a specific client back to the sales order, bill of lading, & sales invoice, in order to establish that the goods were ordered, shipped & billed, giving the company the right to collect.
  • Completeness (Tracing) & Cutoff - mgmt asserts that it has recorded all sales that have taken place. The auditor may select a bill of lading & then trace from the bill of lading to the sales invoice to ensure that all shipped goods have been billed go customers. 
  • Valuation, Allocation & Accuracy - mgmt asserts that receivables are likely to be collected. The auditor can test the process of credit approval before shipment in order to determine that the company is only shipping to customers likely to pay.

21

Spending Cycle - Specific Employees

Purchasing Manager

Purchasing Clerk

Receiving Clerk

Payables Clerk

Payables Manager

Treasurer

Shipping Department

Purchasing Manager - approves purchase requests before they are processed & negotiates terms with vendors (A)

Purchasing Clerk - places orders with vendors [sends PO to vendors] (R)

Receiving Clerk - receives delivery of goods from vendors (C)

Payables Clerk - prepares payment voucher & gives to treasurer for approval which is the basis for authorizing the issuance of a check to the vendor after verifying the accuracy of the vendor invoice & supporing documents (A) 

Payables Manager - oversees the Posting of vouchers to appropriate purchase records [posts to A/P accts] (R)

Treasurer - Signs check for payment & mails it (C)

Shipping Department - sends goods back to vendors when goods are nonconforming (C)

22

Spending Cycle - Key Documents

Purchase Requisition

Purchase Order

Receiving Report

Purchase (vendor) Invoice

Invoice Register

Payment Voucher

Purchase Journal

Debit Memo

Purchase Requisition - the internal request by the department in need for goods to be ordered by the purchasing department

Purchase Order - the external form mailed to the vendor to request goods to be delivered to the company

Receiving Report - the document prepared in the receiving department signed by the carrier to acknowledge the goods that have been delivered to the company

Purchase (vendor) Invoice - basically its the sales invoice

Invoice Register - a book listing invoices received from vendors

Payment Voucher - document prepared by payables clerk to request that a check be issued for payment to a vendor. Passed on to the treasurer for signature.

Purchase Journal/Voucher Register - a book listing all of the payment vouchers generated by the company 

Debit Memo - a document sent to the accounting department to indicate that nonfoncoming goods have been returned

23

Personnel/Payroll Cycle - Specific Employees (4)

Personnel cycle of a business is normally segregated between these different departments:

  • Personnel (Authorize) - H/R, hire, fire, salary rate adj
  • Payroll (Recording) - Calculates pay of employees, preps the check for signature of treasurer.
  • Treasurer (Custody) - Signs & distribute the checks, custody of check.
  • Controller (Comparison) - Bank reconciliation

24

Investing & Financial Cycle

U-PERCV

Investing & Financial Cycle - deals w/ transactions involving aquisition & disposal of assets other than inventory & transactions w/ creditors/shareholders.

  • Presentation & Disclosure - controller determines that securities are classified in the records correctly as trading, afs securities, htm securities, etc. 
  • Existence or Occurance (Vouching) - treasurer vouces the agreement of broker advices on purchases w/ cancelled checks.
  • Rights & Obligations - securities on hand are examined by senior mgmt to ensure that they are registered in the name of the company.
  • Completeness (Tracing) & Cutoff - internal auditor makes a list of securities in the bank safe deposit boxes & compares them w/ securities listed in the records.
  • Valuation, Allocation & Accuracy - controller compares current market prices w/ the listed values of securities

25

Documentation of Internal Control Structure

(PRAISE)

Must always document the understanding of the Internal Control Structure, PRAISE should be considered when doing ICQ:

  • Physical Control
    • Is proper security maintained over valuable assets?
    • Are there adequate safeguards over unused documents?
  • Recording
    • Are the transactions documented as to all relevant terms & descriptions?
    • Are documents prenumbered & periodically accounted for?
  • Authorization
    • Are transactions authorized by personnel at least one level above the request level?
    • Are the third parties involved in transactions approved in advance?
  • Independent Checks
    • Are documents compared to verify their agreeemnt before transactions are executed?
    • Are records periodically reconciled to related documents?
  • Segregation of Duties
    • Is the segregation of ARCCs being applied?
  • Evaluate Performance
    • Are there written department policies & procedures?
    • Are unusual or uncompleted transactions periodically investigated?

26

What is a Deficiency?

 

What are the three types of Deficiencies in Internal Control?

Deficiency - exists in internal control when the design OR operation of a control does NOT allow mgmt or employees, in the normal course of performing their assigned functions, to prevent/detect/correct misstatements on a timely basis. 

 

The objective of the auditor is to communicate to those charged with governance & mgmt deficiencies in internal control that, in the auditor's judgement, are sufficiently important to merit their attention. The three types are:

  1. Control Deficiency
  2. Significant Deficiency
  3. Material Weakness

27

What is a Control Deficiency?

 

Communicated to whom?

Control Deficiency - When the design or operation of an Internal Control does NOT prevent, detect,  or correct misstatements on a timely basis in the normal course of employee functions. 

  • Communicated to management, but NOT those charged with governance. 

28

Significant Deficiency

 

Communicated to whom?

Significant Deficiency - a control deficiency, or combination of deficiencies, less severe than a material weakness, but in the auditor's judgement.

  • Communicated to management & those charged with governance.

29

What is a Material Weakness?

 

Whom is it communicated to?

Are indicated by? (4)

Material Weakness - a control deficiency, or combination of deficiencies, in internal control that there is a reasonable possiblity that a material misstatement in the FS will not be prevented or detected/corrected on a timely basis. Required to be communicated to management & those charged with governance. 

 

Material weaknesses are indicated by:

  1. Ineffective oversight by those charged with governance
  2. Restatements of FS due to material misstatements or fraud
  3. Material misstatements identified by the auditor, but not the company's internal control
  4. Fraud by senior management

30

Internal Control Reports & Communication

 

(GAAS,Attestation,PCAOB)

Auditors have a responsibility to communicate w/ mgmt & those charged w/ governance regarding certain I/C matters. Those responsibilities vary depending on the nature of the engagement:

  • Under GAAS (non-public), an auditor of non-issuers is req'd to communicate identified weaknesses in internal control
  • Under Attestation Standards (non-public), an auditor may be engaged to perform an examination of I/C as of a specified date or for a period of time.
    • The auditor may issue a report on the effectiveness of the entity's I/C.
    • The auditor may issue a report on mgmt's assertions regarding the effectiveness of I/C.
  • Under PCAOB (public) requirements, an auditor of issuers is req'd to report on mgmt's assertions regarding the effectiveness of I/C as of a specified date.

31

Internal Control Reports & Communication

 

Financial Statement Audit (GAAS)

 

(Engmt Type,Frmwrk,Test of Ctrls,Opinion,Written Comm,Distrb,Comm of Deficiency)

Under a Financial Statement Audit Engagement (GAAS), an auditor of non-issuers is required to communicate (in writing-LOR) identified weaknesses (deficiencies & material weaknessess) in Internal Control. 

 

Engagement Type: Financial Statement Audit

Framework: GAAS

Test of Controls: Only those "Relying On"

Opinion on: NONE but must issue a disclaimer that none gvn

Written Communication: Letter of Recommendation (req'd)

  • Letter of Recommendation (LOR) includes:
    • Purpose of an Audit - Opinion on the FS, but NOT the Internal Controls
    • A statement that the auditor's consideration (limited scope) of Internal Control was not designed to identify all significant deficiencies or material weaknesses
    • Definition of significant deficiencies & material weaknesses
    • Identify which matters are considered significant deficiencies & material weaknesses
    • State that the communication is a Limited Use Stmt

Distributed To: Management, those w/ governance (Limited)

Written Communication Req'd (during or no later 60 days): 

  • To Management
    • Control Deficiency = YES
    • Significan Deficiency = YES
    • Material Weakness = YES
  • To those w/ Governance
    • Control Deficiency = NO
    • Significan Deficiency = YES
    • Material Weakness = YES

 

NOTE: A written report indicating that NO Material Weaknesses identified may be issued, but a report indicating NO Significant Deficiencies identified may NOT be issued

32

Internal Control Reports & Communications

 

Attestation Engagement

"Examined"

 

(Engmt Type,Frmwrk,Test of Ctrls,Opinion,Written Comm,Distrb,Comm of Deficiency)

Under an Attestation Engagement "Examination", an auditor of non-issuers may be engaged to perform an examination of Internal Ctrl as of a specific date or for a period of time. 

  • Auditor may issue a report on the effectiveness of the entity's Internal Control or,
  • Auditor may issue a report on mgmt's assertion regarding the effectiviness of Internal Control

 

Engagement Type: Attestation Engagement "Examination"

Framework: AICPA (SSAE 15)(AT 501)

Test of Controls: ALL Controls

Opinion on: Mgmt's Assertions are fairly stated

Written Communication: A Report on Internal Control

  • A Report on Internal Control Includes:
    • A Title that includes "Independent"
    • Introductory Paragraph
      • Mgmt's Responsibilities
      • Auditor's Responsibilities
    • Scope Paragraph
      • States that the exam was in accordance with AICPA attestation standards (SSAE)
    • Definition Paragraph
      • A definition of what Internal Control is
    • Inheret Limitations Paragraph
      • That I/C may not prevent/detect misstatements
    • Auditor's Opinion
    • Auditor's Signature & Date

Distributed To: "For General Distribution"

Written Communication Required (by report release date):

  • To Management
    • Control Deficiency = YES
    • Significan Deficiency = YES
    • Material Weakness = YES
  • To those w/ Governance
    • Control Deficiency = NO
    • Significan Deficiency = YES
    • Material Weakness = YES

33

Internal Control Reports & Communications

 

PCAOB Audit

 

(Engmt Type,Frmwrk,Test of Ctrls,Opinion,Written Comm,Distrb,Comm of Deficiency)

PCAOB Audit - an auditor of issuers is required to report on mgmt's assertions regarding the effectiveness of Internal Control. 

 

Framework: PCAOB 5 (SSAE #10)

Test of Controls: ALL Controls

Opinion on: Mgmt maintained effective Internal Control over financial reporting

Written Communication: Integrated Audit Report

  • Integrated Audit Report Includes
    • Title which includes "Independent"
    • Intro
    • Scope paragraph
    • Definition paragraph
    • Inherent Limitations paragraph
    • Opinion paragraph

Distributed To: "For General Distribution"

Written Communication Required (by report release date):

  • To Management
    • Control Deficiency = YES
    • Significan Deficiency = YES
    • Material Weakness = YES
  • To those w/ Governance
    • Control Deficiency = NO
    • Significan Deficiency = YES
    • Material Weakness = YES

 

NOTE: Correct! A report on the internal control of an issuer is integrated with an audit of the financial statements and, as a result, the auditor evaluates internal control for the period covered by the financial statements up through the date of the financial statements.

34

What are the elements of a Report on Internal Include under an Attestation Engagement? (5)

 

(Same for PCAOB Audit if not a combined Audit Report)

A Report on Internal Control Includes:

  • A Title that includes "Independent"
  • Introductory Paragraph
    • Mgmt's Responsibilities
    • Auditor's Responsibilities
  • Scope Paragraph
    • States that the exam was in accordance with AICPA attestation standards (SSAE)
  • Definition Paragraph
    • A definition of what Internal Control is
  • Inheret Limitations Paragraph
    • That I/C may not prevent/detect misstatements
  • Auditor's Opinion
    • "In our opinion, Company X maintained, in all material respects, effective internal control over financial reporting as of date December 31, xxxx."
  • Auditor's Signature & Date

35

Internal Control Reports & Communication

Financial Statement Audit (GAAS)

 

What are the components of an LOR? (5)

Under a Financial Statement Audit Engagement (GAAS), an auditor of non-issuers is required to communicate (in writing-LOR) identified weaknesses (deficiencies & material weaknessess) in Internal Control. 

 

Letter of Recommendation (LOR) includes:

  1. Purpose of an Audit - Opinion on the FS, but NOT the Internal Controls
  2. A statement that the auditor's consideration (Limited Scope) of Internal Control was NOT designed to identify all significant deficiencies or material weaknesses
  3. Definition of significant deficiencies & material weaknesses
  4. Identify which matters are considered significant deficiencies & material weaknesses
  5. State that the communication is a Limited Use Stmt

36

Which of the following controls would a company most likely use to safeguard marketable securities when an independent trust agent is not employed?

a. The investment committee of the board of directors periodically reviews the investment decisions delegated to the treasurer.

b. Two company officials have joint control of marketable securities which are kept in a bank safe-deposit box.

c. The internal auditor and the controller independently trace all purchases and sales of marketable securities from the subsidiary ledgers to the general ledger.

d. The chairman of the board verifies the marketable securities, which are kept in a bank safe-deposit box, each year on the balance sheet date.

You answered correctly

Correct! Requiring two company officials to access the securities will contribute to safeguarding the securities as no single individual would be able to misappropriate them without collusion with the other. A review of investment decisions by a committee of the board of directors will only ensure that decisions are authorized but not that they are being safeguarded. Tracing purchases and sales to the general ledger will only ensure that transactions have been properly recorded but not that they are being safeguarded. Annually verifying marketable securities held in a safe-deposit box may contribute to detecting a misappropriation but will not help in safeguarding the securities from misappropriation.

37

The auditor’s opinion of an issuer’s internal control applies as of which date?

a. The date of the auditor's report.

b. The date of issurance of the financial statement.

c. The date specified in the body of the CEO’s signed statement on internal control.

d. The date of the financial statements.

You answered incorrectly

Incorrect. A report on the internal control of an issuer is integrated with an audit of the financial statements and, as a result, the auditor evaluates internal control for the period covered by the financial statements up through the date of the financial statements.

38

In obtaining an understanding of an entity’s internal control in a financial statement audit, an auditor is required to obtain knowledge about the

a. Operating effectiveness and implementation of controls.

b. Implementation of controls.

c. Operating effectiveness of controls.

d. Neither the operating effectiveness nor implementation of controls.

You answered incorrectly, Correct Answer = B

Incorrect!  The auditor obtains an understanding of internal controls by performing risk assessment procedures that include inquiry, analytical procedures, observation, review of documents, and various other procedures.  They are designed to enable the auditor to identify deficiencies in design or in operation, including whether or not controls have been implemented.  Tests of controls, which are designed to evaluate the operating effectiveness of controls, are performed only for those controls on which the auditor intends to rely.