Internal Controls Flashcards Preview

AUD > Internal Controls > Flashcards

Flashcards in Internal Controls Deck (7)
Loading flashcards...

Assertions about classes of transactions (income statement accounts) and events for the period under audit:



Assertions about account balances (balance sheet accounts) at the period-end:

Rights and Obligations
Valuation and Allocation


Assertions about presentation and disclosure:

Occurence & Rights and Obligations
Classification & Understandability
Accuracy and Valuation


Which of the following is a factor in the control environment?

Segregation of duties

Information processing

Performance reviews

Management's philosophy and operating style

Management's philosophy and operating style

When obtaining an understanding of the entity's control environment, the auditor should consider several elements that may be relevant to the understanding and how they have been incorporated into the entity's processes:

Communication and enforcement of integrity and ethical values
Commitment to competence
Participation of those charged with governance
Management's philosophy and operating style
Organizational structure
Assignment of authority and responsibility
Human resource policies and practices

Segregation of duties, information processing, and performance reviews are control activities that may impact an auditor's consideration of internal control.


Debit Memo

The debit memo is usually a notification from a buyer to a seller that tells the seller that a debit was made in the seller’s account on the buyer’s book. In other words, a debit memo is a way for a buyer to inform a seller that it wants a refund on its purchase. In the instance when nonconforming goods are returned to a vendor, the purchasing department should prepare a debit memo to be sent to seller with a copy sent to accounting in order for accounting to remove the resulting payable from the accounting records.


An auditor assesses control risk because it:

affects the level of detection risk that the auditor may accept.

Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by an entity's internal control. Detection risk is the risk that the auditor will not detect a material misstatement that exists in an assertion. Detection risk should bear an inverse relationship to inherent and control risk. The less the inherent and control risk the CPA believes exists, the greater the detection risk the CPA can accept.


Which of the following types of evidence would an auditor most likely examine to determine whether internal control activities are operating as designed?

Client records documenting the use of EDP programs

AU-C 500.04 states, “The objective of the auditor is to design and perform audit procedures that enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor's opinion.” Of the items listed in the answer choices, client records documenting the use of EDP programs are a type of evidence to determine whether control policies are operating as designed. This is a type of substantive procedure and includes tests of details of classes of transactions.

Confirmations, letters of inquiry, and representation letters are examples of substantive evidence which the auditor is required to obtain in every audit.