chap 12 assess control risk Flashcards
(41 cards)
what is a design deficiency?
exists if a necessary control is missing, not properly designed, or not properly implemented
after obtaining an understanding of internal control , the auditors makes a what?
preliminary assessment of control risk
exists if a well designed control does not operate as designed or if the person performing the control is insuffienciently qualified or authorized
operation deficiency
what are 2 examples of entity level controls that have the potential to undermine controls for most of the transaction related audit objectives?
- an ineffective board of directors 2. managments failure to have any process to identify , assess, or manage key risk
exists if a significant deficiency , by itself or in combo with other significant deficiencies, results in a reasonable possibility that internal control will not prevent or detect material misstatements on a timely basis
material weakness
what is an example of a compensating control?
when a owner is actively involved in a small business
one elsewhere in the system that offsets the absence of a key control is what kind of control?
compensating
the likelihood of misstatements and their potential materiality are used to evaluate what?
if there are significant deficiencies or material weaknesses
what is the 2 reason for including only key controls?
- they will be sufficient to achieve the transaction related audit objectives 2. they provide audit efficiency
entity level controls have an overarching impact on what?
most major types of transactions in each transaction cycle
if there is more than a reasonalbe possibility (___) that a material misstatement (____) could result from the significant deficiency , then it is considered a what?
likelihood significance material weakness
auditors start with the assessment of what kind of controls before assessing transaction specific controls
entity level controls
what is a control deficiency?
exists if the design and implemenation or operation of controls doesnt permit company personnel to prevent or detect mistatments on a timely basis in the normal course of performing their assigned functions
the auditor should identify and include only those controls that are expected to have what?
the greatest effect on meeting the transaction related audit objectives
as part of evaluating control risk, auditors must evaluate whether key controls are ____ in the design of internal control
absent
what is a material weakness?
exists if a significant deficiency , by itself or in combo with other significant deficiencies, results in a reasonable possibility that internal control will not prevent or detect material misstatements on a timely basis
what are the 5 control activities that are also helpful as reminders of controls?
- separation of duties 2. proper authorization 3. adequate documents and records 4. physical control over assets and records 5. independent checks on performance
exists if a necessary control is missing, not properly designed, or not properly implemented
design deficienty
what is a significant deficiency?
exists if one or more control deficiencies exist that are less severe than a material weakness but are important enought to merit attention by those responsible for oversight of the companys financial reporting
when a compensating control exists, there is no longer a what?
significant deficiency or material weakness
the auditor uses the preliminary assessment of control risk to plan the audit for each what?
material class of transactions
what are the 3 levels of absence of internal controls?
- control deficiency 2. significant deficiency 3. material weakness
what is a operation deficiency?
exists if a well designed control does not operate as designed or if the person performing the control is insuffienciently qualified or authorized
what is a compensating control?
one elsewhere in the system that offsets the absence of a key control
