Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Audit > Chapter 9 -- Internal Control Communications and Reports > Flashcards

Chapter 9 -- Internal Control Communications and Reports Flashcards

1
Q

Section 9.1: Communicating Internal Control Related Matters

What is a control deficiency?

A
  • A control deficiency may arise either in the design or operation of a control.
  • It is the lowest level of deficiency identified in the standards.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Section 9.1: Communicating Internal Control Related Matters

What are examples of internal control design failures?

A
  • Segregation of duties
  • Employee skills and training mismatch
  • Lack of an audit committee
  • Failure to document internal controls
  • Failure to safeguard assets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Section 9.1: Communicating Internal Control Related Matters

What is a design deficiency?

A

The control is operating effectively
* Is the control satisfying the objective?
* Can the control prevent, detect or correct fraud or errors that can result in a material misstatement?
* Is there documentation regarding the operation?
* Is the control operating when observing the performance?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Section 9.1: Communicating Internal Control Related Matters

What is an operating deficiency?

A

Is the control operating effectively?
* Has the control been implemented?
* Is the person operating the control authorized?
* Is the person operating the control competent?
* Is the application of the control consistent?
* Can management override the control?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Section 9.1: Communicating Internal Control Related Matters

What are examples of internal control operational failures?

A
  • Failure to reconcile accounts
  • Management override of internal controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Section 9.1: Communicating Internal Control Related Matters

What issues related to internal control over financial reporting are required to be communicated in writing to management and those charged with governance?

A
  • Significant deficiencies
  • Material weaknesses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Section 9.1: Communicating Internal Control Related Matters

What is the objective of the auditor’s communication of significant control deficiencies?

A
  • State that the purpose of the audit was to report on the financial statements, not to provide assurance on internal control
  • Give the definition of significant control deficiencies and material weaknesses
  • State that the report is intended solely for the information and use of those charged with governance, management, and others within the organization (or specified regulatory agency)
  • The report is not intended to be, and should not be, used by anyone other than the specified parties.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Section 9.1: Communicating Internal Control Related Matters

What are examples of significant deficiencies and material weaknesses?

A
  • Unqualified personnel
  • Insufficient control consciousness within the organization
  • Significant undisclosed related party transactions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Section 9.1: Communicating Internal Control Related Matters

What should the auditor communicate when communicating significant deficiencies to a non-issuer?

A

The purpose of the audit was to report on the financial statements, not to provide assurance on internal control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Section 9.2: The Auditor’s Communication with Governance

What matters should the auditor discuss with those charged with governance?

A
  • The auditors’ responsibility under GAAS
  • Significant accounting policies
  • Sensitive accounting estimates
  • Uncorrected and material corrected misstatements
  • Significant unusual transactions
  • Auditor disagreements with management, whether or not satisfactorily resolved
  • Management’s consultations with other accountants
  • Issues discussed with management prior to the auditors’ retention
  • Any serious difficulties the auditors may have had with management during the audit.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Section 9.2: The Auditor’s Communication with Governance

What should the auditor communicate to the audit committee?

A
  • Significant adjustments arising from the audit that were recorded by management.
  • The basis for the auditor’s conclusions about the reasonableness of management’s sensitive accounting estimates
  • The level of responsibility assumed by the auditor under GAAS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Section 9.3: Reporting on an Entity’s Internal Control

What should an auditor test in internal control over financial reporting?

A
  • Design effectiveness
  • Operating effectiveness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Section 9.3: Reporting on an Entity’s Internal Control

What is design effectiveness?

A

Design effectiveness is tested by determining whether the controls:
* If they are operated as prescribed by persons with the necessary authority and competence to perform the control effectively
* The control satisfies the control objectives
* The control can effectively prevent, or detect and correct, fraud or errors that could result in material misstatements in the financial statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Section 9.3: Reporting on an Entity’s Internal Control

What is operating effectiveness?

A

Operating effectiveness of a control is determined whether:
* The control is operating as designed
* The person performing the control possesses the necessary authority and competence to perform the control effectively.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Section 9.3: Reporting on an Entity’s Internal Control

How does an auditor begin an integrated audit?

A
  • Understand the overall risks to internal control over financial reporting
  • Focus on entity-level controls and work down to significant classes of transactions, account balances, disclosures and their relevant assertions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Section 9.3: Reporting on an Entity’s Internal Control

What are examples of entity-level controls?

A
  • The control environment
  • Controls over management override
  • Monitoring of the results of operations
  • Controls over the period-end financial reporting process
  • Monitoring of other controls
  • The risk assessment process.
17
Q

Section 9.3: Reporting on an Entity’s Internal Control

What sources should an auditor review when forming an opinion on the effectiveness of an issuer’s internal control over financial reporting (ICFR)?

A
  • Tests of controls (required in an integrated audit)
  • Misstatements detected in the financial statement audit
  • Identified control deficiencies
18
Q

Section 9.3: Reporting on an Entity’s Internal Control

What sources should an auditor review when forming an opinion on the effectiveness of an non-issuer’s internal control over financial reporting (ICFR)?

A
  • Tests of controls (excluding the operating effectiveness)
  • Misstatements detected during the audit
  • Identified deficiencies
19
Q

Section 9.3: Reporting on an Entity’s Internal Control

What is a walkthrough?

A
  • A walkthrough follows a transaction from its origination to being reflected in the financial statements using the same documents and information technology that company personnel use.
  • Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant documentation, and reperformance of controls.
20
Q

Section 9.3: Reporting on an Entity’s Internal Control

What procedures are performed in a walkthrough of an issuer’s integrated audit?

A
  • Inquiry
  • Observation
  • Inspection of relevent documentation
  • Reperformance of controls
21
Q

Section 9.3: Reporting on an Entity’s Internal Control

What is the auditor’s objective in an audit of internal control over financial reporting?

A

To express an opinion on whether the entity maintained, in all material respects, effective internal control as of the specified date, based on the control criteria.

22
Q

Section 9.3: Reporting on an Entity’s Internal Control

What type of reports does an auditor issue for an issuer under PCAOB regulations?

A
  • An opinion on the financial statements
  • An opinion on the internal control
  • An assessment on management’s effectiveness of internal control
23
Q

Section 9.3: Reporting on an Entity’s Internal Control

What is required to be included in the annual report of an issuer?

A
  • Attest to and report on the internal control assessment made by management of th issuer
  • The responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  • An assessment of the effectiveness of the internal control structure and procedures for financial reporting.

NOTE: This requirement does not apply to nonaccelerated filers (issuers with market equity of less than $75,000,000).]

24
Q

Section 9.3: Reporting on an Entity’s Internal Control

What is included in the determination of a risk assessment in an integrated audit of a non-issuer?

A
  • Determining significant classes, transactions, account balances and relevant assertions
  • Selecting controls to test
  • Determining evidence necessary to conclude on the effectiveness of the given control
25
Q

Section 9.4: Service Organizations

What is a service organization?

A
  • A service organization is an organization that the entity uses to perform certain tasks (i.e. ADP for payroll)
  • The auditor may need service provider’s audit report if the services provided are part of the entity’s financial statements.
26
Q

Section 9.4: Service Organizations

What is the difference between a SOC1 and a SOC2 Report?

A
  • SOC1 reporting is for service organizations whose controls impact the entity’s financial reporting (i.e. ADP)
  • SOC2 reporting is for service organizations whose controls impact the entity’s oeprations and compliance (i.e. ComputerShare)
27
Q

Section 9.4: Service Organizations

What are the different types of SOC1 Report?

A
  • Type 1 report
  • Type 2 report
28
Q

Section 9.4: Service Organizations

What is an SOC Type 1 Report?

A
  • Report on the design and implementation (ONLY) of the service organizations’ system of internal controls at a specific point in time.
  • On the fairness of management’s description of the controls and whether the controls have been implemented and are suitably designed
  • This report will not report on the operating effectiveness of internal controls.
  • Will not report on a test of controls
  • Further audit testing will be required by the user auditor.
  • Type 1 reports will not allow the user auditor to reduce its overall control risk assessment.
  • The type 1 report should include a disclaimer of opinion related to operating effectiveness of the controls.
29
Q

Section 9.4: Service Organizations

What is an SOC Type 2 Report?

A
  • Report on the design and implementation and operating effectiveness of the service organizations system of internal controls over a period of time.
  • Type 2 reports provide more assurance because the work is done for the auditor throughout a period of time.
  • Contains a description of the tests of controls performed and their results
  • Type 2 reports will allow the user auditor to reduce its overall control risk assessment.
  • An opinion on whether controls are operating effectively over a specified period.
  • In a Type 2 report, the audit firm examines the control environment over a period of time.
30
Q

Section 9.4: Service Organizations

What type of engagement is SOC reporting?

A

An attestation engagement to provide assurance.

31
Q

Section 9.4: Service Organizations

What is the purpose of the service audit report in relation to the auditor’s work?

A
  • A service auditor’s report should be helpful in providing a sufficient understanding to plan the audit of the user organization.
  • The service auditor’s report may express an opinion on the fairness of the description of the controls implemented at the service organization and whether they were suitably designed.
  • If the service auditor also has tested controls, the report may express an opinion on the operating effectiveness of the controls.
32
Q

Section 9.4: Service Organizations

What is an auditor’s responsibility concerning making reference to service provider’s report?

A
  • An auditor is not responsible for including a reference to the service provider’s report if the service auditor was not responsible for examining any portion of the user entity’s financial statements.
  • If the user auditor’s opinion is modified, the service auditor’s work may be referred to if it is relevant to understanding the modification
33
Q

Section 9.4: Service Organizations

When can an auditor use the service auditor’s report?

A

If the user auditor is unable to obtain a sufficient understanding of the controls of the user entity, the auditor may use either a SOC 1 Type 1 or SOC 1 Type 2 report.

Audit (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions