C6 Internal Control Flashcards
Who is required to implement quality control?
Engagement Partner ( Audit Firms)
Components of Internal Control
CCRIM
✔ Control Environment
✔ Control Activities
✔ Risk Assessment
Information and Communications Systems
✔ Monitoring
Internal Control
Process designed and effected by those charged with governance, mgmt, and other personnel TO PROVIDE REASONABLE ASSURANCE about the achievement of the entity’s objectives with regard to
- Reliability of FR (FR Objective)
- Effective and efficient ops (Operational Obj)
- Compliance objective
4 essential concepts in the definition of IC
✔ Process
✔ Effected by those charged with governance, mgmt
✔ IC can be expected to provide REASONABLE assurance of achieving the Obj
✔ Designed to help achieve the obj
Examples of Inherent Limitations to IC’s effectiveness
✔ Cost benefit principle
✔ directed at routine transactions
✔ potential for human errors (mistakes of judgment, careless, etc)
✔ circumvention through collusion
✔ overriding of mgmt
✔ Inadequate procedures due to CHANGES IN CONDITIONS
Operational and compliance objectives may be relevant to the audit?
Yes, as long as it relates to the data the auditor evaluates
Responsibility of MGMT and Those charged with governance
MGMT - to establish a control environment and maintain policies and procedures to assist in achieving the objs.
Those charged with governance - ensure the integrity of fr systems through OVERSIGHT of mgmt.
Attitudes, awareness, and actions of mgmt. It sets the tone of an organization; the foundation providing discipline and structure.
Control Environment
A factor of Control Environment that discourages employees from engaging in dishonest, illegal, and unethical acts that could materially affect the FS.
Integrity and ethical values
Who is responsible for overseeing the financial reporting policies and practices of the entity?
The audit committee
A control environment factor that assesses mgmt attitude towards FR; their emphasis on meeting projected profit gosls
Mgmt philosophy and operating style
What CE factor requires an entity to have an audit committee?
Active participation of those charged with governance
A CE factor that provides a framework for planning, directing, and controlling the operations
To avoid incompatible functions
Organizational structure / assignment of responsibility
The risk that the business objectices will not be attained due to internal and external factors
Business risk
Policies and procedures that help ensure that mgmt directives are carried out
Control activities
Control activities:
PIPS
✔ performance reviews
✔ information processing
✔ physical controls
✔ segregation of duties
Assessing the quality of IC over time and on a timely basis taking corrective actions
Monitoring
Monitoring activities performed on a non-routine basis (by internal auditors)
Separate evaluations
Monitoring activities built into the normal recurring activities (ex. Bank recon)
Ongoing monitoring activities
IC in small businesses tend to be weak compared to larger entities
True
Weakness of IC in small business can be compensated by how?
If the owner/manager actively participates in the business operations
Are auditors responsible for establishing and maintaining accounting and IC systems?
No. Only give an adequate consideration because the ICS can have a SIGNIFICANT impact on the audit
5 steps in Considering the Internal Control
- Obtaining understanding of the internal control
- Documenting the understanding of accounting and internal control systems
- Assessimg the level of control risk
- Performing tests of control
- Documenting the assessed level of control risks
- Obtaining an understanding of IC involves: (objectives)
✔ Evaluating the design of a control
✔ determining whether it has been implemented
