Internal Controls Flashcards
What are the three main categories of internal control objectives?
Operations objectives, reporting objectives and compliance objectives.
A-Accurate & reliable financial reporting
C-Compliance with applicable laws and regulations
E-Efficient and effective operations
What are the 5 components of an entity’s internal control?
C-Control activities R-Risk assessment I-Information and communication M-Monitoring E-control Environment
In order to obtain an initial understanding of internal control sufficient to assess RMM of FS, an auditor would most likely perform what procedure?
Risk-assessment procedures to evaluate the design of relevant controls.
This consists of inquiries, analytical procedures and observations to obtain an understanding.
When are tests of controls performed?
Test of controls are performed when an auditor determines that controls may be relied upon to prevent or detect and material misstatements to the FS to determine if they were operating effectively during the period being audited.
Why should an auditor concentrate on the substance of the internal control procedures rather than their form?
Management may establish appropriate procedures but not enforce compliance with them.
What are the 5 assertions related to Events and Transactions generally presented on the income statement?
CPA-CO
Completeness- all events or transactions pertain to the entity occurred.
Period cutoff-all events and transactions have been reported in the appropriate period
Accuracy-Have been reported in the appropriate amounts.
Classification- Are included in appropriate accounts or categories.
Occurrence- It happened.
What are the 4 assertions related to Account Balances presented on the balance sheet?
RACE
Rights and obligations-the entity has rights to those items reported as assets and liabilities are obligations.
Allocation and valuation-All assets, liabilities and equity related items are reported in amounts that are correct
Completeness-All assets, liabilities, and equity that should have been reported are included on the financial statement.
Existence- Assets, liabilities and equity on FS exist as of the financial statement date. (They are real)
What are the 5 assertions related to the Presentation of the financial statements and financial statement Disclosures?
RACOU-n (Racoon)
Rights and obligations-all information presented and disclosed is related to events, transactions and other matters that pertain to the entity. (It all took place)
Accuracy and valuation- Both financial and nonfinancial information is fairly presented, properly disclosed, and provides appropriate amounts (We know it is correct)
Completeness-All information that should be presented is disclosed. (it is all included)
Occurrence-Disclosed events, transactions and other matters have occurred and pertain to the entity.
Understandability and classification- Financial information is appropriately presented and described and disclosures are expressed in a clear manner. (Everything is clear)
What are the factors attributed to the control environment?
CHOPPER Commitment to competence Human resource policies & practices Organizational structure Participation of those charged with governance Philosophy of management and mgt operating style Ethical values & integrity Responsibility assignment
Segregation of duties are controls that involve assigning different people responsibilities for what?
ARCC Authorization of transactions Recording (posting) of transactions Custody of assets Comparisons (reconciliations)
What are the risk assessment procedures?
Analytical procedures (using high level data) Inquiries of management and others within the entity including internal auditors. Inspection of documents and records Observation of the application of specific controls
When assessing control risk below maximum level, the auditor is required to document the auditor’s
A. Basis for concluding that control risk is below the maximum level
B. Understanding of the entity’s internal control structure elements
Both A and B
Only A
Only B
Neither
Both A and B
When relying on internal controls, the auditor is required to justify the basis of the assessment which is accomplished by testing internal controls and determining that the controls are effective.
All engagements require the auditor to document the understanding of internal controls.
Can an engagement letter include a statement stating that IT specialists will be used during the audit?
Yes, an engagement letter may indicate, if appropriate, that the auditor will use the work of specialists, such as an IT specialist, in the performance of the engagement.
