Chapter 6 Flashcards
Auditors obtain an understanding of nonpublic entity’s internal control for the primary purpose of…
Determining the nature, extent, and timing of audit procedures to be performed
Internal controls are designed to achieve company objectives in what areas?
- Safeguarding of Assets
- Reliability of Financial Reporting
- Compliance with Laws and Regultions
The five major components of internal control (COSO framework)
- Control Environment
- Risk Assessment
- Control Activities
- Information & Communication
- Monitoring
What is a proper reason for NOT conducting tests of controls for nonpublic companies?
The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.
For nonpublic companies with preliminary control risk assessments set at high, auditors are likely to…
Complete little or no tests of controls.
What is the proper sequence of audit steps that come after an understanding and documenting the entity’s internal control
- Assess Control Risk
- Test of Controls
- Reassess Control Risk
- Determine Extent of Substantive Testing
What form is document is required to document internal controls?
No one particular form of documentation is necessary, and the extent of documentation may vary.
An report from a service auditor should include what?
An opinion
The auditor should report what about internal controls to the audit committee or others charged with governance?
Significant deficiencies
Material Weaknesses
List 3 general controls
- Backup and disaster recovery controls
- Password protection on the central server
- Requiring change authorization forms on all program software
A reliance strategy is chosen when the auditor…
- Plans on conducting test of controls
2. Has set the control risk at a lower level
Understanding each of the components of internal control provides knowledge about…
The design of Internal Controls
Factors that affect the risk of material misstatement
The effectiveness of internal control is reduced by…
Human errors or mistakes
In order to be able to set controls risk at a lower level, the auditor must do all of the following…
- Identify specific controls that will be relied upon
- Perform test of controls
- Conclude on the achieved level of control risk
The auditor may document the achieved level of control risk using the following…
- Structured working papers
- Internal Control Questionnaire
- A Memorandum
Four categories of Control Activities
- Performance Reviews
- Information Processing Controls
- Physical Controls
- Segregation of Duties
What audit procedure does an auditor typically use to develop an understanding of control activities?
Walkthroughs
What forms can an auditor use to document an understanding of internal controls?
- Procedure Manuals/Organization Chart
- Internal Control Questionnaires
- Flowcharts
- Narrative Description
A memo to document internal controls is typically used for what size or organization?
Smaller
How is a complex system of internal controls typically documented?
Internal Control Questionnaire
What are the top 3 reasons cited causes of fraud?
- Inadequate controls
- Management Override
- Inadequate oversight
Name 3 limitations to internal controls
- Management override
- Human Errors or Mistakes
- Collusion
Type 1 Service auditor report states what?
An opinion on management’s description and assertions on the design of the system and related controls
Type 2 Service auditor report states what?
Everything from a Type 1 report and opinion on the operating effectiveness of the controls.
