Flashcards in Internal Control Deck (66):
What does the auditor use the knowledge provided by his understanding of internal control and the assessed level of the risks of material misstatement to do?
Determine the nature, timing, and extent of further audit procedures to determine whether FS info is accurate.
What types of service auditor reports may be issued?
Reports can be on either whether controls have been placed in operation OR on operating effectiveness. NOT to be confused with compliance effectiveness.
Report is ordinarily restricted in use and no summary assessment of control risk is included.
If a client records a large purchase twice in error, what control would detect this in a timely and efficient manner?
Reconciling the vendor's monthly statements with the subsidiary ledger for payables should disclose a difference in the month following the error.
Note this will not be found by footing the purchases journal or tracing totals from purchases journal to ledger accounts.
Sending written quarterly confirmations to vendors will only detect the error quarterly and is not timely or efficient.
What is the sequence of steps for processing a voucher?
In a properly designed AP system, a voucher is prepared after the invoice, purchase order, requisition, and receiving report are verified. As the appropriate documents have been assembled and verified, this allows a decision on whether the voucher should be approved for payment.
If approved, the check is issued.
Supporting documents are cancelled at the time of payment (not before the voucher has been approved) . This indicates that an invoice has been paid in order to avoid duplicate pmt of that invoice.
Why would the auditor consider the org structure in the context on control risk?
To ensure proper lines of reporting are in place to prepare FS that follow GAAP.
What is determined prior to tests of controls
Existence of necessary controls
Existence of incompatible functions and other conditions
What is a tests of controls for
Provides reasonable assurance that the internal control procedures are designed and operating effectively.
What do substantive tests address
They more directly address the existence of material dollar errors.
What do the standards allow for use of audit evidence about the operating effectiveness of controls obtained in prior year audits?
Allows use of such evidence if the related controls are tested at least every third year. It can be used for material or immaterial accounts.
Why are prenumbered termination forms by the payroll dept used?
Payroll dept is entrusted with preparing the payroll and must determine that terminated employees do not continue to receive payroll checks.
The proper use of prenumbered termination notices would provide assurance that the terminated employees are removed from payroll.
What functions should be segregated?
Transaction, authorization, recordkeeping, custody of assets, and the extent possible, operations should be segregated.
If the AP manager issues POs, this is a weakness as the AP manager should manager the overall AP function and the purchasing dept should issue POs.
No lack of appropriate segregation of duties occurs when the AP clerk files invoices and support or manually verifies arithmetic on the vendor invoices.
How can the risk of duplicate payment be reduced?
The official signing the check should compare the check with the voucher and should deface/cancel the voucher package/documents.
Note duties of voucher preparation and check signing should be segregated.
Who should mail signed checks?
The treasurer who has custody of the checks after he signs them may mail them most efficiently.
The receptionist should not as this additional involvement may increase the number of processing errors.
The AP and payroll clerk cannot as it would merge the responsibilities of recordkeeping and custody of assets.
What is a material requisition for
Used during the production process to requisition materials with which to produce the goods
When are shipping order and bill of lading received / prepared
The shipping order is not received until the good has been sold and is to be shipped.
The bill of lading will not be prepared until the item is sold.
For internal controls, what provides that finished goods are to be accepted for stock?
Only after presentation of a completed production order AND an inspection report. Finished goods should be inspected to determine their condition before leaving the production dept.
What do the independent auditors need to consider of the internal auditors
AICPA professional standards require them to consider the internal auditor's competence, objectivity, and work performance.
What does an unqualified opinion on an entity's system of internal control imply?
The broad objectives of internal control are to render reasonable assurance that assets are safeguarded from unauthorized use or disposition and that financial records are sufficiently reliable to permit the preparation of financial statements.
Note that the likelihood of mgmt fraud may be at a higher than minimal level.
The auditor is most concerned with controls that provide reasonable assurance about the...
Entity's ability to record, process, summarize, and report financial data consistent with the assertions embodied in the FS.
What is a key control for ensuring sales are properly authorized when assessing control risks for sales?
Needs to directly relate to authorization of sales - Sales orders should be sent to the credit dept for approval/authorization.
What is a control that can be used for an entity with a large volume of customer remittances by mail to reduce the risk of employee misappropriation of cash?
Use a bank lockbox system which will result in collection of receivables by a bank, eliminating employee contact with the cash.
Daily, check summaries, employee fidelity bonds, and independently prepared mailroom prelists are less effective.
What are effective internal control procedures over the purchasing of raw materials?
Systematic reporting of product changes which will affect raw materials - required to achieve efficient purchasing of raw materials
Determining the need for raw materials is essential prior to purchasing
Obtaining financial approval prior to making a commitment
Note that obtaining third party written quality and quantity reports prior to payment for the raw materials is NOT required.
What is a flowchart described as
Flowchart prepared during the consideration of internal control is a symbolic representation of a system of sequential processes. It can be used in lieu of the internal control questionnaire which has the same purpose (to prepare a record of prescribed internal control).
What is ordinarily considered a factor indicative of increased financial reporting risk when considering a client's risk assessment policies?
Rapid growth of the organization.
Note that materiality standards for determining whether to capitalize acquistions of fixed assets relates to auditor's judgment and is not ordinarily considered a risk factor.
Note commissioned sales personnel are also not considered a risk factor.
What happens when an auditor discovers that certain control activities were ineffective?
An increase in the extent of tests of details (a type of substantive test) will decrease detection risk, as control risk has increased.
The detection risk must be decreased. It will probably not be appropriate to change the assessed level of inherent risk, but if it is, it would be decreased, not increased.
Since the controls are not operating effectively, further tests of controls is inappropriate.
What system should be used in strengthening controls over the accounting for materials used in production for a company that mass produces 8 products
Perpetual inventory system would be the best as it will show when and where materials are being used.
A job order cost accounting system would not as the company mass produces.
What is an economic order quantity system (EOQ)
EOQ system is a control system that controls ordering and storage cost, but NOT usage.
What is 'lapping' and how can it be protected against?
Lapping of trade AR involves an abstraction of funds and subsequent delay in crediting receipts to AR. It occurs by misappropriating mail receipts/checks. Lapping involves incorrect entries in the AR subsidiary ledger, not the GL.
If customers send pmts directly to a depository bank, there is no opportunity for abstraction of funds or subsequent misapplication.
How do you prevent direct manufacturing labor from being charged to manufacturing overhead?
Comparison of daily JE with the factory labor summary will detect any direct manufacturing labor which has been properly recorded on the labor summary but incorrectly posted to manufacturing OH account
Note time cards will only provide total hours worked and will not show the details of time charged to direct labor vs overhead.
What are walkthroughs for?
Provide evidence to confirm the auditor;s understanding of the flow of transactions and the design of controls, to evaluate the effectiveness of the design of controls and to confirm whether controls have been placed in operation.
How should org be structured for effective internal control?
Internal auditors report to audit committee of board of directors
controller should be independent of production function
payroll dept reports to the chief accountant
cashier reports to treasurer (has responsibility for cash custodianship) -also responsible for bad debt writeoffs as independent of sales authorization and recordkeeping functions.
Treasurer not to be confused with controller (recordkeeping)
What are the control environment factors (set the tone of an org including control consciousness of people)?
Integrity and ethical values
Commitment to competence
HR policies and practices
Assignment of authority and responsibility
Mgmt philosophy and operating style
Board of directors or audit committee participation
What are the control activity types?
Performance reviews (actual vs budget, forecast)
Info processing (check accuracy, completeness, and authorization)
Physical controls (physical security of assets)
Segregation of duties (separate authorization, recordkeeping, custody)
What are limitations of internal control
1 - human judgement can be faulty
2 - breakdowns can occur because of human error
3 - controls, can be circumvented by collusion
4 - mgmt has ability to override
5 - cost constraints (cost of internal control should not exceed the expected benefits expected)
6 - custom, culture, and corporate governance system may inhibit fraud, but they are not absolute deterrents
How does auditor perform test of controls
Inquiries of appropriate personnel
Inspection of reports and documents
Observation of the application of controls
Reperformance of the control by the auditor (when evaluating operation)
How can auditor examine a sample of paid vouchers that each voucher is submitted and paid only once?
If the voucher (and all attached support) is stamped paid by the check signed, that support may not be submitted a second time.
Note prenumbering will not prevent a second payment because the support if not stamped paid can be reused.
If there is a material weakness at year end, what is opinion for audit of a public company's internal control
Internal control audits require a report with an adverse opinion in this case, NOT a qualified report.
While obtaining an understanding of a client's risk assessment policies, the auditor considers how mgmt...
An auditor obtains sufficient knowledge of the risk assessment process to understand how mgmt considers risks relevant to financial reporting objectives and decide about actions to address those risks. That knowledge might include understanding of how mgmt identifies risks, estimates their significance, and assesses the likelihood of their occurrence, and relates them to financial reporting.
In order to safeguard assets through proper internal control, AR that are written off should be transferred to?
Once AR are written off, they should be controlled for possible future collection. Accordingly, they should be recorded to maintain accountability in a separate ledger. If they were simply written off and forgotten, there would be no means of maintaining accountability over these contingent assets.
Note that credit managers should not have control over accounts that have been written off because it does not separate functional responsibilities
What are acceptable controls in payroll?
The payroll dept prepares checks and CFO signs them.
The payroll dept prepares checks using a signature plate - treasurer supervises process before distribution.
Accounting dept wires transfer funds to payroll bank account - transfer based on totals from payroll dept summary.
NOT acceptable for payroll clerk to distribute checks and return undistributed checks to payroll dept.
It should be distributed by a paymaster, and undistributed checks should be deposited in a bank account.
Mutual fund company uses a transfer agent to handle accounting for shareholders. How does auditor test transfer agent's internal controls? What type of report would auditor want to see?
The transfer agent is operating as a service organization, and when a service org is involved and is to be relied upon, the most efficient approach is for an auditor to obtain that organization's service auditor report on its internal control. In this situation, a type 2 report will provide info on both whether controls are placed in operation and on their operating effectiveness. A type 1 report will only address whether controls are placed in operation.
Note the auditor would not audit them (perform test of controls) as the service org has their own internal control reports that are audited.
What should the auditor communicate to an independent audit committee of a public entity?
Significant audit adjustments recorded by the entity
Mgmt's consultation with other accountants about significant accounting matters
What opinion when circumstances result in a scope limit in relation to audit of a public company internal control
Qualified or disclaimer NOT adverse
What is the primary responsibility of a bank acting as registrar of capital stock?
Prevent any overissuance of stock , and thereby verify that stock is issued properly. Verify that stock is issued in accordance with the authorization of the board of directors and the articles of incorporation.
Note that it is the transfer agent that maintained records of total shares outstanding, as well as detailed stockholder records, and carry out transfers of stock ownership.
Registrars will not determine that dividend amounts are proper. Registrars do not act as an independent third party between board and outside investors concerning M&A, and sale of treasury stock.
In a wholesaling business, what is auditor concerned with regarding authorization?
Concerned with granting of credit, shipment of goods, and determination of discounts as all require authorization.
Would not be concerned with selling of goods for cash as at that point, discount decision will have been made and receiving cash removes credit considerations.
What is the most important internal control activity over acquisitions of property plant and equipment?
Using budgets to control acquisitions implies a follow up analysis of budget variances. The use of budgets also permits the level of authorized expenditures to be controlled.
Note that analyzing monthly variances between authorized expenditures and actual costs does not include any provision for controlling the level of authorized expenditures (budget).
What is a good control to prevent concealment of cash shortage resulting from the improper writeoff of an AR?
Writeoffs must be approved by a responsible officer after review of credit department recommendations and supporting evidence.
Note need segregation of duties in operations/collections and authorization.
What is the most likely type of ongoing monitoring activity?
Involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions - such as reviewing the purchasing function.
What are the five components of internal control
Info and communication
What is the Foreign Corrupt Practices Act?
Makes pmt of bribes to foreign officials illegal and requires publicly held companies to maintain systems of internal control sufficient to provide reasonable assurances that internal control objectives are met.
What is auditor obligated to do during the consideration of internal control in a FS audit?
obtain an understanding of the internal control environment and info system
obtain info on the design of internal control and on whether control activities have been implemented
Does NOT need to obtain evidence relating to operating effectiveness when control risk is to be assessed at a max level
What is required for documentation of client's internal control?
At a minimum a list of reasons for nonreliance must be provided. There is not one particular form of documentation necessary, and the extent of documentation may vary.
What is required in every audit?
Risk assessment procedures, substantive procedures, and analytical procedures on every audit.
Note test of controls is only required when auditor relies on controls or substantive tests are not enough to audit particular assertions.
What does assessing control risk at a LOW level involve?
1 - identifying specific controls relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions
2- performing tests of controls to evaluate the effectiveness of such controls
It may lead to less extensive substantive tests, not more.
Actual level of inherent risk is not affected.
It may lead to interim date substantive testing rather than year end testing.
Why are control risk and inherent risk assessed
Used to determine the acceptable level of detection risk for FS assertions
What happens when auditor increases assessed level of CR as controls were determined to be ineffective?
The auditor would increase the assessed level of risk of material misstatement which decreases the acceptable level of detection risk. The auditor will need to increase the extent of substantive tests such as tests of details.
Inherent risk is independent of controls.
What is a good internal control immediately upon receiving checks from customers by mail for a responsible employee?
Prepare a duplicate listing of checks received provides the company with a source document of all the checks received that day. One list is then forwards to the employee responsible for depositing checks at the end of the day and the other is sent to accounting dept to post to cash receipts journal.
Note that the employee opening mail should not also perform recordkeeping.
What are controls designed to reduce the risk of misstatements in the billing process?
- comparing control totals for shipping docs with corresponding totals for sales invoices
- using computer programmed controls on pricing and accuracy of sales invoices
- matching shipping documents with approved sales orders before invoice prep
Note that reconciling control totals for sales invoices with AR sub ledger is not effective as billing errors will have already occurred.
Why do employers bond employees who handle cash receipts?
Fidelity bonds reduce the possibility of employing dishonest individuals
Employee knowledge that bonding companies often prosecute those accused of dishonest acts may deter employees' dishonest acts.
What assertion is tested when an auditor vouches a sample of entries in the voucher register to the supporting documents?
This tests existence or occurrence addressing whether recorded entries are valid and the direction of this test is from the recorded entry to the supporting documents.
If it was completeness, it would be tested the other way around, from supporting to entry.
What are controls that exist in the vouchers payable dept?
Will match the vendor's invoice with the related receiving report to determine that the item for which the company has been billed has been received
Will approve vouchers for pmt when all documentation is proper and present, authorized employee will sign
Will code the vouchers with accounts to be debited, indicating the asset and expense accounts
Note that they should not have access to purchase orders and receiving reports.
An entity has internal control to require every check request have an approved voucher, supported by prenumbered PO and prenumbered receiving report. How does auditor test whether checks are being issued for unauthorized expenditures?
Take a sample of canceled checks, which does not have support and may have been unauthorized.
Will not be able to see from other docs, when a check had been issued without supporting docs.
What is stated in a letter to the audit committee on significant deficiencies?
1 - indicate the audit's purpose was to report on the FS and not to express an opinion on internal control
2 - include definition of significant deficiency
3 - restrict distribution of the report
What can the work of internal auditors impact?
1 - procedures the auditor performs when obtaining an understanding of the entity's internal control
2- procedures the auditor performs when assessing risk
3- substantive procedures the auditor performs
What does the auditor consider when considering the effect of the internal auditor's work?
1 - materiality of FS amounts
2- risk of material misstatement of the assertions
3- degree of subjectivity involved in the evaluation of the audit evidence
Existence of fixed asset additions involves little subjectivity compared to contingencies and intangibles and related party transactions.