Audits of Internal Control and Control Risk Flashcards
(12 cards)
What is Internal Control?
An entity’s system of internal control consists of policies and procedures designed to provide management with reasonable assurance that the company achieves its objectives and goals, including reliability of financial reporting, compliance with applicable laws and regulations, and effectiveness and efficiency of operations.
What does Reasonable Assurance involve?
Reasonable assurance involves two considerations: 1. The cost of the entity’s internal control should not exceed the expected benefits. 2. Limitations exist in any entity’s internal control.
Examples: Code the missing cash to bad debts. Collusion can defeat internal controls.
What are the Section 404 Reporting Requirements for Management?
Section 404 of Sarbanes-Oxley requires the management of public companies to issue an internal control report that includes: a statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and an assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company’s fiscal year.
What are the Key Components of Management’s Assessment of Internal Control?
Management must evaluate the design of internal control over financial reporting and test the operating effectiveness of those controls.
What are the Auditor Responsibilities for Understanding Internal Control?
For public and private companies, a sufficient understanding of internal control is to be obtained to plan the audit and determine the nature, timing, and extent of tests to be performed. For public companies, Section 404 requires effort beyond that stated above so that the auditor can provide a report on internal controls containing two opinions: 1. Whether management’s assessment of the effectiveness of internal control over financial reporting as of the end of the fiscal period is fairly stated in all material respects. 2. Whether the company maintained, in all material respects, effective internal control over financial reporting as of the specified date.
What is the internal control framework for most U.S. companies?
The internal control framework for most U.S. companies is the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control—Integrated Framework, issued in 1992.
What is the Control Environment?
The control environment is concerned with the actions, policies, and procedures that reflect the overall attitude of the client’s top management, directors, and owners of an entity about internal control and its importance.
What are the elements of the Control Environment?
The elements include: 1. Integrity and ethical values 2. Commitment to competence 3. Board of directors and audit committee 4. Management’s philosophy and operating style 5. Organizational structure 6. Assignment of authority and responsibility 7. Human resource policies and practices.
What is Risk Assessment in Internal Control?
Client management’s identification and analysis of risks relevant to the preparation of the financial statements in accordance with GAAP.
What are Control Activities?
Policies and procedures that client management has established to meet its objectives for financial reporting.
What is the process for Understanding Internal Control and Assessing Control Risk?
The process includes: Phase 1: Obtain and Document Understanding of Internal Control; Phase 2: Assess Control Risk; Phase 3: Design, Perform, and Evaluate Tests of Controls; Phase 4: Decide Planned Detection Risk and Substantive Tests.
What must be communicated to the Audit Committee?
Significant deficiencies and material weaknesses must be communicated in writing to the audit committee as part of every audit. Less significant internal-control matters and recommendations for operational improvements may be communicated through a management letter.
