AUD CH 3 - Internal Control Flashcards Preview

CPA AUDIT > AUD CH 3 - Internal Control > Flashcards

Flashcards in AUD CH 3 - Internal Control Deck (75)
Loading flashcards...
1

Steps in an Audit

1. Prepare for the audit

2. Obtain understanding the entity & environment (+ I/C)

3. Assess RMM & Determine nature, timing, and extent of Further Procedures

4. Performed test of controls

5. Perform substantive procedures

6. Formulate an opinion

7. Issue audit report

2

Integrated audit

Required by PCAOB

- Audit for both internal control over financial reporting and of the financial statements

3

Non-issuer Test of controls

Draws a conclusion from the test controls as to whether or not the controls can be Relied upon on for the entire period for which Controls were tested

4

Issuer Test of controls

Opinion on ICFR As of a specific point in time, The date of the Financial statements

5

Why would control risk be set at Maximum (100%)?

1. Internal controls are not sufficiently reliable

OR

2. Cost of testing controls Exceeds the potential benefit

6

When is internal control considered ineffective?

If one or more material weaknesses exist (may Exist when the F/S are NOT Materially Misstated)

7

Which type of controls are more relevant to the financial statement Assertions?

Controls designed to produce accurate records And safeguarding Of assets

(*Controls for Adherence to laws and regulations & Promote efficiency are NOT relevant)

8

ACE

COSO Internal Control objectives

A – Accurate & Reliable Financial reporting (primary concern)

C - Compliance with laws and regulations (compliance auditing)

E - Effectiveness and efficiency of operations (operational auditing)

*we want reasonable assurance for these objectives that mgmt is responsible for (DIM)

9

CRIME

COSO Integrated Framework – Internal Control (5 Components)

C - Control activities (PIPS – ARCC)

R – Risk Assessment (external/internal factors)

I – Information & Communication

M – Monitoring

E - Control environment (CHOPPER)

10

CHOPPER

Control Environment (internal control)

C - Commitment to competence

H - Human resource policies/practices

O - Organizational structure

P - Participation of governance

P - Philosophy of management & Operating style

E - Ethical values & Integrity

R - Responsibility assignment

11

PIPS

Control activities

P - Performance reviews

I - Information processing (General vs Application Controls)

P - Physical controls

S – Segregation of Duties (ARCC)

12

ARCC

Part of PIPS (Control Activities – Segregation of Duties)

A – Authorization

R – Recording (Posting)

C - Custody of assets

C – Comparisons (Bank reconciliation)

13

UpDATeD

Steps to obtain understanding of internal control

1. Up - Understand the DESIGN of CRIME (form) (perform Risk Assessment Procedures – AIIO)

2. D - Document understanding (FIND) (form)

3. Assess RMM (CR) (form)

4. Test of controls (substance)

5. e – Reassess RMM to det. CR

6. D – Document Conclusions

14

AIIO

Risk assessment procedures

A - Analytical procedures

I – Inquiries (internal)

I – Inspections (docs)

O – Observation (Application of internal control)

15

What are the goals of risk assessment procedures?

To Identify those controls that might reduce (implemented? only) RMM (not evaluating)

1. Identify potential misstatements

2. Consider factors that affect the RMM

3. Design TOC and SUB Procedures

16

What techniques are available for the Auditor to gain information about the client's Internal control?

PIIO

P - Prior audits

I – Inquiry (Internal)

I – Inspection (auth forms/Procedure Manuals)

O – Observation

17

PIIO

Techniques available for the Auditor to gain information About the clients internal control Structure

P - Prior audits

I – Inquiry (Internal) (FORM)

I – Inspection (auth forms/Procedure Manuals) (FORM)

O – Observation (substance - ARCC)

18

What is the requirement for documenting the understanding of internal control?

Must document:

-key elements of the understanding (entity & enviro)

- five components I/C (CRIME)

- Sources of information

- Risk assessment seekers performed

(form is Influenced by the size and complexity of the entity)

19

FIND

Techniques that are commonly used for documenting the Auditor's Understanding of internal control structure (step 2)

F – Flowchart

I - Internal control Questionnaire (ICQ) (yes = strength, no = weakness)

N – Narrative or memorandum

D - Decision table/Tree

20

Substantive Approach

No reliance on internal control

- RMM assessed high

- Controls appear Inadequate / Ineffective / Week

- sub. Testing Is Cost-effective (Test of controls cost > benefit)

21

Combined approach

Reliance on internal control

- RMM assess low

- Controls appear effective

- Expectation of operating effectiveness of controls

- Test of controls Cost effective

- sub testing ALONE doesn't Provide enough sufficient audit evidence

22

How do you test substance of internal controls?

Test of controls

Which test the effectiveness of the design and operation of a control

23

What are the four procedures for testing controls?

Testing cycles for ARCC by doing RIIO

R – Re-performance

I – Inquiry

I – Inspection (documents)

O – Observation (MOST EFFECTIVE)

24

It controls have not changed since they were last tested, How often should the Auditor test the operating Effectiveness?

At least once every three years But the Auditor must determine there was no change through the performance of risk assessment procedures (AIIO)

25

During a test of controls what must the Auditor consider?

- How the control Was applied

- Consistency of application

- The individual Applied it

26

If the Auditor chooses not to rely on a control, How does that affect PCAOB and AICPA companies?

ISSUERS/PCAOB - Must still do tests of controls To evaluate internal control structure

NON ISSUERS/AICPA - Substantive Testing ONLY

27

Test of controls is concerned with what type of Sampling?

Attribute Sampling

-Frequency or Percentages (That it happened)

* $$ Does not matter (substantive testing will determine if AMOUNT is material – variable sampling)

28

What is The purpose for reassessing RMM?

- Must be done after test of controls To det. detection risk (Go back and verify your "Reliance on I/C" variable)

- If control operates as expected, no change to scope sub. Testing scope

- If Control does not operate as expected, scope of sub procedures Will increase (Decreasing DR)

29

What does detection risk tell you?

How much Substantive testing to do (inverse relationship)

- Adjust audit program for substantive tests

30

What does the auditor need to document At the end of understanding internal Control structure?

- Communicate significant deficiencies and material weaknesses to management and governance

- Basis for risk assessment

- Assessment of the RMM at F/S level and Relevant assertion levels

- Significant risks identified & Related controls Evaluated

- Risks identified that require TOC To obtain Sufficient audit evidence