Internal Control Flashcards Preview

AUD > Internal Control > Flashcards

Flashcards in Internal Control Deck (30):

What is the minimum level of understanding that the auditor must have or readily obtain as to the functioning of the client's AIS in connection with the preparation of its F/S?

obtain understanding of the five components of internal control to asses the RMM in the F/S


When assets such as finished goods are being shipped or received, exactly what type of controls should be in place?

buyer should reconcile the physical description of the asset and the shipping documents with documents independently received

the buyer should count the assets and verify the quantity received with the appropriate documentation

the buyer should verify the condition of the assets and should proceed with a freight claim if damage is found

the seller conveying the asset to the buyer should obtain a signed receipt or document copy for the shipment being made


What is the definition of internal control?

Internal control is a system of policies and procedures designed to provide reasonable assurance to management that the company's goals and objectives will be achieved in financial reporting, effectiveness and efficiency of operations and compliance with laws and regulations.


Why is absolute assurance not possible in regards to an internal control in an audit?

certain inherent limits exist in any system of internal control

depends on competency and dependability of the people using it

human error exists

management has the ability to override


How can the auditor test to determine whether specific control activities are functioning as efficiently and as effectively as intended?

talk with applicable entity personnel about the procedures they follow

observe entity employees as they perform critical tasks

trace transactions through each activity to provide evidence to indicate that the activities were performed as designed

re-perform key activities to verify that all situations were examined


What approach should the auditor take so that reasonable assurance of no MM in an environment where an entity processes many transactions electronically?

obtain an understanding of the automated system

focus on assessing the changes to program that limit effectiveness of controls


What is meant by the term control environment?

a company's actions, policies, and procedures that reflect the overall attitude and philosophy of top management toward internal control and its importance to the entity

managements commitment to integrity and ethical values

The amount of risk management is willing to take

delegation of authority within the company

Human resource policies, practices and commitment to competence

management's attitude toward financial reporting

BOD or audit committee participation

organizational structure


What is meant by the term control activities

all other policies and procedures not included in the other four internal control components to ensure the necessary actions are taken to address the risks in the achievement of the entity's objectives

performance reviews

general controls to ensure the accuracy of data processing

application controls applied to individual transactions

physical controls to safeguard assets and records

segregation of duties


How is segregation of duties achieved?

having separate independent individuals or departments perform each of the following tasks

authorization of transactions and separation of authorization of transactions from custody of the related assets

recording of transactions and separation between the custody of assets from those accounting for them

Maintaining custody of assets and separation of operational responsibilities from record-keeping responsibilities

separation of IT duties from user departments

proper authorization of transactions and activities


What is meant by the term information and communication?

the ability of the AIS to generate reliable info and convey it in a timely manner to those parties that need it


What is meant by the term monitoring?

the ongoing or regular assessment of the quality of internal control by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions


What are some fraud risk factors in the internal control system?

Failure of management to monitor certain significant controls

inadequate recording of assets that are susceptible to theft

lack of ID'd controls for authorizing transactions

failure to correct previously noted control weaknesses

Failure of certain key employees to take at least annual vacations

failure to record transactions on a timely basis

poor physical safeguards for the entity's assets


What are the two available approaches to designing and performing further audit procedures?

perform only substantive testing

perform both tests of controls and substantive tests (requires effective controls)


In performing an assessment of internal control, what information does the auditor need to document?

the understanding of 5 internal control components

risk assessment procedures performed

assessment of RMM

basis for these assessements


What are some of the methods used by the auditor to document the understanding of the company and its environment, including its internal control?



internal control questionnaires


What is the definition of significant deficiency?

a control deficiency or a combination of deficiencies that is less severe than a material weakness but important enough to bring to the attention of those charged with governance


When designing a questionnaire to learn about the design of internal control in a client's AIS, how does the auditor determine the questions to be asked?

anticipating the controls that would normally be found the auditor then writes questions for each of the controls to determine if the control has been implemented


In an internal control questionnaire, what response is normally anticipated?

the auditor would expect a "yes" answer, normally a "No" answer is an indication of a possible control problem


How does the auditor determine controls to test in an AIS?

the auditor should ID specific control activities designed into the system that would reduce overall CR


How and when does an independent auditor convey info about significant deficiencies to management and those charged with governance?

all significant deficiencies and material weaknesses must be reported in writing to management and those charged with governance

any items previously reported and not been re-mediated must be communicated again

a report that no significant deficiencies in IC is unacceptable. auditor may report that no material weaknesses were found

made no later than 60 days following the report release date


How does failure to correct a deficiency impact a CPA's work in the current year?

this may be a fraud risk factor and thus additional substantive procedures

assessment of CR will have to be raised


What procedures are used by the auditor to test the operating effectiveness of controls?






What are some examples of inherent limitations of IC systems?

management override of control

collusion among employees

human error

controls may become unreliable due to changes in the entity or personnel


What is the function of the internal auditor/audit staff in a company?

monitors company's internal controls

test the design and functionality of the controls to ensure operational efficiency and effectiveness


How does the positive assessment of the internal auditor impact the work of independent auditor?

evaluation IR and CR lower

gather less evidence through substantive testing or accept evidence that is less persuasive due to DR set at high level


What is the definition of a service organization?

outside organization that provides accounting, payroll or other business services


What are three ways that an auditor make an evaluation of service organizations?

test the entity's own controls over the activities of the service organization

rely on the service auditor's report on internal control issued by the independent auditor of the service organization

visit the service organization and perform tests of controls


What is meant by the term risk assessment in regards to COSO framework?

managements identification, analysis and management of risks relevant to the entity's ability to record, process, summarize and report financial information

changes in personnel

instillation of new computer systems

rapid business growth and/or new technology

geographical business expansion

introduction of new products


Why should the auditor obtain sufficient knowledge of the entity's risk assessment process?

to understand how management considers and deals with risks relevant to financial reporting


What should the auditor consider when evaluation the design and implementation of the entity's risk assessment process?

how management identifies business risks relevant to financial reporting, estimates the significance of the risks, assesses the likelihood of their occurrence, and decides upon actions to manage them