Internal Control Flashcards
(35 cards)
What is internal control?
Provides reasonable assurance that
- ) Material misstatements will be prevented
- ) reliability and integrity of F/S will be preserved
- ) Assets are protected against misuse.
Examination of I/C is required by mgmt under?
Sarbanes-Oxley
Under Sarbanes-Oxley what must management do?
- ) CEO/CFO must disclose deficiencies
- ) Mgmt must assess I/C
- ) Mgmt must certify F/S
What type of relationship does I/C have with Substantive Testing?
An inverse relationship
Stronger I/C =
Less testing needed
Weaker I/C =
More testing needed
What are the 3 objectives of I/C?
- ) Reliability of Financial Reporting
- ) Operational efficiency/effectiveness
- ) Compliance with Law and Regulations
What are the 5 components of I/C?
- ) Control environment
- ) Risk assessment
- ) Control activities
- ) Information and communication
- ) Monitoring
What does the control environment assessment do?
Sets tone for the entire company
What are the 8 questions that the control environment assessment should address?
- ) How are mgmt’s integrity/ethics
- ) Is mgmt competent
- ) Healthy organizational structure
- ) Appropriate HR policies
- ) Authority/responsibility assignments
- ) What is mgmt’s style
- ) Is mgmt agressive
- ) Are the Board/Audit Committee actively involved
What is the risk of material misstatement? (RMM)
determines acceptable level of detection risk
What is detection risk? (DR)
Detection risk determines the nature, timing, and extent of audit procedures
What type of growth is considered risky?
Rapid
What are 3 risk assessment questions to ask about mgmt?
How does mgmt:
- ) Identify risks
- ) Estimate significance
- ) Assess occurrence likelihood
When performing a risk assessment what are the major changes that need to be addressed?
- ) operations
- ) personnel
- ) systems
- ) IT
- ) products
- ) corporate organization
- ) foreign ops
What type of I/C testing is performed when control risk is assessed at maximum?
None
What types of procedures are performed when control risk is assessed below maximum?
- ) tests I/C
- ) evaluates control risk based on tests
- ) adjusts substantive tests accordingly
What are 4 types of control activities?
- ) performance reviews
- ) information processing
- ) physical controls
- ) segregation of duties
When it comes to information and communication what are 6 things an auditor needs to understand?
- ) major transaction classes
- ) transaction initiation
- ) support records/documents
- ) transaction processing
- ) financial statement internal reporting process
- ) financial statement external reporting process
How can an auditor document I/C?
- ) memo
- ) flowchart
- ) questionnaires
Understanding I/C allows the auditor to determine what?
The nature, timing and extent of planned audit procedures.
What are 6 risks associated with material misstatements?
- ) were all transactions recorded
- ) were they recorded timely
- ) were they measured appropriately
- ) were they recorded in the correct period
- ) were they presented and disclosed properly
- ) did mgmt communicate their responsibilities
I/C should be IRON strong. What does IRON stand for?
I - inquiry: interview co personnel
R - re-performance: can it be replicated
O - observation: watch the control being applied
N - inspection: dig into the details/documents
Substantive procedures should not need to be adjusted if the results of I/C testing are?
as expected
