Chapter 7 Flashcards Preview

Audit > Chapter 7 > Flashcards

Flashcards in Chapter 7 Deck (103):
1

What does COSO stand for?

Committee of Sponsoring Organizations. They make some rules of Internal Control

2

The three broad internal control objectives are

Compliance with laws and regulations

Reliability of financial reporting

Efficiency/effectiveness of operations

3

Internal Control is defined as

a process, effected by the entity's board of directors, management, and other personnel designed to provide reasonable assurance regarding achievement of objectives in the following categories:
- Reliability of financial reporting
- Effectiveness and efficiency of operations
- Compliance with applicable laws and regulations

4

Auditor's focus towards internal control is the on internal control over _____, or ICOFR

Internal Control Over Financial Reporting

5

This act, in addition to making bribes to foreign officials illegal, requires an effective system of internal control

Foreign Corrupt Practices Act of 1977

6

Define Segregation of Duties, a component

No one department or person shall handle all aspects of transaction from beginning to end to perpetrate and conceal errors/fraud.
• MUST segregate duties along the “arc” – must separate the authorizing of transactions, recording of transactions, and custody of related assets

7

Does management or the internal auditor establish internal controls?

Management does, along with preparation of financial statements.

8

Is reasonable or absolute assurance required?

Reasonable

9

Name the five components of internal control

The Control Environment

Risk Assessment Process

Control Activities

The Accounting Information and Communication system

Monitoring of Controls

10

Detailed employee responsibilities, open communication channels, and reporting exceptions/unusual items to management are also key in information and communication system. True or False?

True

11

Define Physical Controls, a component

providesw physical security over records and assets
 Physical Controls – provide physical security over records and assets
• Maintaining control over unissued pre-numbered documents
• Restricting access to computer programs and data
• Restricting physical access in safes, locks, fences, guards etc
• Accounting records should be maintained independent of custody-related assets, and company should periodically compare/reconcile accounting records to assert on hand (to detect loss, waste, or theft)

12

Define the Risk Assessment Process component

management’s process for identifying, analyzing, and responding to such risks.

• Financial Reporting Risks
 Changes in the regulatory or operating environment
 Changes in personnel
 Implementation of a new or modified information system
 Rapid growth of the organization
 Changes in technology affecting production processes or information systems
 Introduction of new lines of business, products, or processes

13

Define a Performance Review

provide management with an overall indication of employee effectiveness at meeting objectives. By investigating deviations¸ management takes timely action to change strategy or take and other appropriate action.

14

Control Activities, a component of internal control, can be defined as

policies and procedures that address and mitigate risks identified by risk assessment process.

15

Actions, policies, and procedures that reflect overall attitudes of top management, directors, and owners of an entity establish which component of Internal control?

The Control Environment.

• Commitment to integrity and ethical values
• Effective BOD and audit committee
• Effective organizational structure
• Commitment to attract, develop, and retain competent employees
• Individual accountability for internal control responsibilities

16

Describe the six limitations of Internal Control

Human Errors

Systematic Errors

Collusion circumventing segregation of Duties

Override of internal Control by Management

Cot considerations

Compliance deteriorating over time

17

Should management perform ongoing monitoring to determine if controls are present and functioning?

Yes

18

Describe The Accounting Information and Communication System

Information is needed throughout company to meet objectives. Therefore, management must obtain, use, and communicate relevant, quality information to support controls.

19

Monitoring activities assess the quality of internal control over time. True or False?

True

20

What does ERM stand for?

Enterprise Risk Management.

• COSO, but doesn’t replace internal control framework
• Goes beyond internal control to focus on how organizations may be able to maximize value for stakeholders most effectively by managing risks and opportunities
• More robust, or strong and stable, for companies to manage business risk

21

Define Corporate Governance

“the system by which companies are directed and controlled.” It includes the policies, procedures, and mechanism that are established to ensure that the company operates in the best interests of its major stakeholders - including owners, customers, suppliers, employees, and society as a whole.

For example, for a corporation, the major instruments of corporate governance include management compensation systems, the boards of directors (including major committees), external auditors, internal auditors, attorneys, regulators, creditors, securities analysts, and internal control systems.governance

22

Define how systematic errors may occur

in designing, maintaining, or monitoring automated controls

23

Once again - steps of audit in order

Plan Audit - Obtain Understanding - Assess Risks of Material Misstatement - Perform further audit procedures - Complete the Audit - Form an Opinion - Issue audit report

24

Corporate Governance Mechanisms include

 External auditors
 Regulators (such as the SEC)
 Creditors
 Securities analysts
 Major shareholders

25

revenue, purchases, and cash receipts and disbursements are names of what types of transactions?

routine transactions

26

Stage 2, obtaining understanding, regarding internal control:

 Identify types of potential misstatements and consider factors that affect risk
 Design tests of controls
 Auditors must first understand the internal control design, so the client can provide narratives here or flowcharts of controls
 Only test controls that work. No point in testing ineffective ones, because cant increase detection.

Also, Auditors must consider all five of the internal control components

27

Corporate Governance would be considered ____ (broader/smaller) than internal control

Broader, it also encompasses ethical treatment of all major stakeholders, compliance with laws, regulations, customary business practices, and effective risk management

28

Determining the allowance for doubtful accounts would be an example of which type of transaction?

Estimation

29

Test of controls include the following: (there are four)

Inquiries of appropriate client personnel

Inspection of documents and reports

Observation of the application

Reperformance of the controls

30

taking of inventory, calculating depreciation expense are examples of what type of transactions?

nonroutine

31

Results of ____ are often used to determine nature, extent, and timing of substantive proceudres

Tests of Controls

32

Which of the three types of transactions generally has the strongest control compared the other two?

Routine transactions

33

If controls have changed from prior year, new controls must be tested. True or false?

True

34

Advantages and disadvantages of Internal Control Questionnaires

A: Asks a series of questions about controls in each transaction cycle in order to identify deficiencies

D: 1. Inability to provide a system overview

2. Inapplicability of many questions for some audits, especially smaller ones

35

Define a Narrative

Written description of each transaction cycle in
an accounting system

36

If controls have not changed, can one rely on past tests of controls?

Sure, but in a limited fashion.

AICPA and International Auditing Standards – tests of control must be performed at least every third year

PCAOB – more stringent – tests of controls must be performed to some extent annually when controls are relied upon

37

The four procedures to obtain understanding of control design and implementation include (usually a combo of):

• Inquiring of entity personnel
• Observing the application of specific controls
• Inspecting documents and reports
• Tracing transactions through the information system relevant to financial reporting (walk-throughs)

38

If tests of control show numerous control deviations, is substantive testing expanded or reduced?

Expanded to test the assertions

39

• Auditing standards require auditors to obtain and document an understanding of internal control. True or False?

True, through

• Internal Control Questionnaires
• Narratives
• Flowcharts
• Walk-throughs

40

Is a walk-through the same as a tour of the audit property?

No

41

Define a significant deficiency

control deficiency that is important but less severe than material weakness

42

Describe considerations taken if the work of internal auditors must be used

• CPA may rely on work of internal audit to reduce amount of testing if found to be effective
• CPA must assess internal audit competence (education, experience, certifications) and objectivity (report directly to audit committee?) and quality of their work (examine working papers)
• If intent is to rely upon work of internal audit, must test that work

43

Define Flowcharts

Diagram of each cycle in an accounting system that
serves as a visual representation of the series of procedures that occur in each sequence of processing

44

Define an advantage of a Narrative

Kind of like writing out a walk-through. Advantage is that it gives a good understanding of what a transaction look like.

45

Which report documents the organization's suitability and effectiveness?

Type 2

46

Advantages of flowcharts?

Contains the same information as a narrative,
with the advantages of being:
1. Easier to read/visualize
2. Easier to update.

***Narratives/flowcharts to understand the system accompanied
by internal control questionnaires for checklist of potential
deficiencies = highly useful!

47

Define a walk-through

After documentation of internal controls, trace one or two transactions through cycle to ensure proper implementation

If auditor finds implementation of internal controls is different from description, modify working papers accordingly

48

Potential disadvantages of flowcharts are

that it's not as clearly identifying areas of weakness/omitted controls

49

An Unqualified opinion on Internal Control means that

No material weaknesses or scope restrictions

50

Can a CPA obtain direct assistance from internal auditors?

Sure, for certain procedures (nothing high risk or subjective), but CPA remains responsible for the audit

51

A type _ (1/2) report is Management’s description of the system and the suitability of the design of controls

Type 1

52

• Auditors may also assist in effective internal control and improving client effectiveness and efficiency by communicating the following in a management letter:

• Internal control deficiencies (even less significant ones)
• Explanation of potential effects
• Recommendations for corrective action

53

Audit standards require WRITTEN communication of _____ (significant deficiencies/material weaknesses) to management no later than 60 days after report release date

Both, actually

54

SOX Section 404a Establishes a form 10k each year. This is a report that includes the following affects on management:

Acknowledges responsibility for establishing and maintaining adequate internal control over financial reporting
 Assesses internal control effectiveness as of the last day of the company’s fiscal year using suitable criteria

55

Define a material weakness

control deficiency that creates a reasonable possibility of a material misstatement

56

An adverse opinion on Internal Control means that

there are one or more material weaknesses

57

A Qualified or Disclaimer opinion on Internal control means that

there is a Scope Limitation

58

Due to lack of employees, internal control is generally _____ (strong/weak) in small businesses

weak since, for example, adequate segregation of duties is not feasible. Auditors must rely much more on substantive procedures of account balances and transactions

59

Some key measures to ensure better control include

• Segregation of duties of cash handling and record keeping
• Active oversight and participation by the owner

60

Auditors selected by a service organization to assess systems are called

Service Auditors

61

Define a Service Organization

Organization that performs data processing/computer/or IT services, like payroll processing, for various clients

62

Preventive, Detective, or Corrective control? - Segregation of Duties

Preventive

63

Preventive, Detective, or Corrective control? - Requirement to prepare bank reconciliations

Detective

64

Preventive, Detective, or Corrective control? - Maintaining Backups of Data

Corrective

65

Preventive, Detective, or Corrective control? - Finding a misstatement that has already been made

Detective

66

Preventive, Detective, or Corrective control? - Finding a misstatement

Corrective

67

Preventive, Detective, or Corrective control? - Approving journal entries

Preventive

68

A common way to help detect misstatements that have been made is to

Prepare bank Reconciliations

69

Lifo calculations, Depreciation, Physical inventory, and financial statement closes are what type of transactions?

Nonroutine

70

Bad debt expense is what type of transaction?

Estimation

71

Cash receipts, payroll, cash disbursement, and inventory costing is considered what type of transaction?

Routine

72

The significance of accounts should be considered ______ (with/without) regard to internal control.

without

73

The first step of planning steps of the audit of internal control is

Management's report on internal control

74

What kind of approach is sued to identify controls to a tesT?

top-down

75

An account is significant if there is a reasonable possibility that it could contain a misstatement that has a material effect on the financial statements. True or False

True

76

Accounting ______ (disclosures/estimates) involve management's judgment or assumptions.

estimates

77

Is design or operating effectiveness tested first?

Design

78

Efficient planning of the evaluation of internal control requires coordination the financial statement audit. True or false?

True

79

Evidence as to the design of internal control and its operating effectiveness should be considered ____________ (as of, before, or after) the date specified in the assessment

as of

80

The audit committee is especially important as it exercises oversight responsibility over the financial statements. True or False

True

81

Who should develop a statement of ethical values?

Senior Management

82

Management's evaluation process of internal control ____________ (concludes/begins with) with the management report on internal control--the first step of the audit process.

concludes

83

Organizational structure provides a basis for planning, directing, and controlling operations. True or False?

True

84

To enhance the control environment, management develops job descriptions. True or False?

True!

85

For well controlled operations, the same employee that maintains custody of assets should also keep the accounting records for the assets. True or False?

False

86

An employee has incompatible duties if the person is in a position to perpetrate and conceal errors or fraud in the normal course of performing his or her duties. True or False?

True

87

The controls over a client's sales cycle are part of that client's control environment. True or False?

False

88

The establishment of sales terms is an example of a control. True or False?

True

89

The internal audit function is an important part of the monitoring component of internal control. True or False?

True

90

All material weaknesses are also control deficiencies. True or False??

True

91

Both the design of controls and the operating effectiveness of controls is considered in an audit of internal control performed under PCAOB standards. True or False?

True

92

A control activity that leaves evidence of compliance is usually tested by inquiry and observation. True or False?

True

93

An advantage of an internal control questionnaire is that weaknesses in internal control are highlighted by the questionnaire. True or False?

True

94

In audits of both public and nonpublic companies significant deficiencies and material weaknesses noted by the auditors must be communicated to management in writing. True or false??

True

95

Before assessing control risk at a level lower than the maximum, the auditor obtains reasonable assurance that controls are in use and operating effectively. This assurance is most likely obtained in part by:

Analyzing tests of trends and ratios

preparing flowcharts

inspecting documents

performing substantive procedures

inspecting documents

96

Examine signatures on checks is considered a test of control?

Yes

97

When performing an audit of internal control, the period or date on which the opinion relates under PCAOB standards is the: as of date or the entire period under audit?

As of Date

98

Counting and listing cash on hand considered a test of control?

No

99

No one particular form of documentation of client's internal control is required, and the extent of documentation may vary. True or false?

True

100

Obtaining or preparing reconciliations of bank accounts as of the balance sheet date considered a test of control?

No

101

Observation of client personnel applying the control is most likely to provide an auditor with utmost assurance about the effectiveness of the operation of internal control. True or false?

True

102

An auditor's flowchart of a client's internal control is a diagrammatic representation which depicts the auditors':

documentation of control risk

understanding of the system

planned tests of controls

program for tests of controls

understanding of the system

103

Is monitoring considered a component of internal control?

Yes