Lec 9

Question 1

what is the purpose of the internal control structure

Answer 1

to manage business risk and produce fairly presented F/S and disclosures

Question 2

Management’s and directors’ attitudes, awareness, and actions concerning the company’s internal controls set the tone for

Answer 2

the control environment

Question 3

which is more effective, preventive or detective controls?

Answer 3

preventive controls because detective controls only come into play after the issue has occurred

Question 4

“company tone” is synonymous with what

Answer 4

control environment

Question 5

what does management’s risk assessment process do?

Answer 5

identify risks relevant to misstatements occurring in the preparation of financial statements and to estimate risks’ likelihood and magnitude

Question 6

what are application controls

Answer 6

procedures performed at the application level in relation to date input, process and output

Question 7

what is monitoring

Answer 7

ongoing process for reviewing and assessing whether the control procedures in place are adequate to address control risks

Question 8

what is misappropriation of assets

Answer 8

the theft or misuse of an organization’s assets

Question 9

what is embezzlement

Answer 9

fraud involving employ-ees or non-employees wrongfully taking money or property entrusted to their care, custody, and control; often accompan-ied by false accounting entries and other forms of lying and cover-up

Question 10

what is defalcation

Answer 10

fraud in which an employee takes assets (money or property) from an organization for per-sonal gain; may be due to corruption or asset misappropriation

Question 11

what is fraudulent financial reporting

Answer 11

intentional manipulation of reported financial results to portray a mis-stated economic picture of the firm by which the perpetrator seeks an increase in personal wealth through a rise in stock price or compensation

Question 12

what is fraud risk

Answer 12

the risk that fraud has resulted in intentional misstatement in the financial statements

Question 13

what are the two types of fraud risk

Answer 13

fraudulent financial reporting and asset misappropriation

Question 14

what do auditors think is more important in recognizing signs of fraud, attitude or situational factors

Answer 14

attitude

Question 15

what is fraud incentive

Answer 15

when management is under pressure to reach goals which may or may not be realistic; might involve having consequences if not met

Question 16

what are the three part of the fraud triangle

Answer 16

incentive/pressure, opportunity, rationalization - when these three are apparent, auditors should look to further investigate

Question 17

what stage of the audit process is materiality determined

Answer 17

planning

Question 18

what stage of the audit do you determine the type of tests you will do and based on what?

Answer 18

planning stage. the types of tests are decided based on the risk assessment

Question 19

understanding of internal controls is required in which of the tests?

Answer 19

both substantive and control

Question 20

what two methods do auditors use to understand internal control and are they part of the procedures

Answer 20

a walkthrough and enquiry. at this point of the audit they are not substantive tests and are done just to get an understanding

Question 21

the substantive and control method require how many substantive tests to be conducted and what are they

Answer 21

One requires 6 tests to be done and the other 4. recalculation, confirmation, observation, inquiry, analysis, inspection

Question 22

what do substantive tests gain evidence on

Answer 22

DIRECTLY obtain evidence on whether an account or class of transaction has been misstated

Question 23

the control method requires how many control tests to be conducted and what are they

Answer 23

the control method requires only 4 tests to be conducted. those are recalculation, inquiry, observation, inspection

Question 24

what sort of evidence do control tests gain

Answer 24

INDIRECT evidence that misstatements exist in accounts and classes of transactions due to internal control

Question 25

what do control tests aim to measure

Answer 25

control risk - whether it is high, medium, or low

Question 26

if the identified control risk is low, what does that mean for the risk you are willing to accept for detection

Answer 26

the risk for detection will be higher

Question 27

if the control risk, what does that meant about the amount of audit work you will be doing

Answer 27

the amount of audit work done will be lower because the detection risk acceptable will be higher

Question 28

if you do control tests, will you do more or less substantive tests and what is the benefit of this

Answer 28

you will do less substantive tests and the benefit is that the audit cost will decrease since substantive tests cost more

Question 29

based on what control risk levels can a combined audit be done

Answer 29

if the control risk levels assessed are low or medium

Question 30

what does it mean if the control risks assessed are high, should you do combined testing and why

Answer 30

it means that the internal controls set up do not work. if they are assessed to not work, there is not point in doing further testing

Question 31

what should you do if you discover in the middle of the control tests that internal control risks do not work

Answer 31

you should move over to doing substantive test

Question 32

what are two advantages of doing control tests

Answer 32

cost benefits and having the ability to begin you audit procedures earlier - maybe Q3 (interim date)

Question 33

can Canadian auditors use substantive or control method?

Answer 33

canadian auditors have a choice between the two methods

Question 34

if a public company is being audited in canada which of the two methods will most likely be chosen and why

Answer 34

combined method because public companies typically are required to satisfy internal control guidelines in order to be listed publicly

Question 35

do auditors have to comment on internal controls in canada?

Answer 35

no

Question 36

what is the only reason the combined approach is done in canada

Answer 36

cost reductions

Question 37

which companies would ask the auditor to issue an opinion on internal controls and why

Answer 37

typically companies in which tasks are outsourced to (e.g. payroll and Ceridian). this is done because auditors do not want to have to test the internal controls of ceridian if they are sending in confirmations for A/P - they want to just trust ceridians internal controls

Question 38

in usa for public companies, do auditors have a choice between substantive and combined and why

Answer 38

no, they must use only combined approach due to the requirements by SOX

Question 39

must american auditors give an opinion on internal controls and why

Answer 39

yes, and opinion on internal controls is required by SOX

Question 40

what are two reasons the combined approach done for public companies

Answer 40

• better internal controls are required for the companies to be listed publicly
• it is too costly to do substantive tests for a big company

Question 41

why is substantive method used for private corporations

Answer 41

because they most likely do not have strong internal controls

Question 42

what is the purpose of internal controls for management and which ones do auditors care about

Answer 42

• reliability of financial reporting
• effectiveness and efficiency of operations
• compliance to laws and regulations
  Auditors only care about reliability and compliance

Question 43

definition of control risk

Answer 43

the risk that a company’s internal control system will not be able to prevent or detect material misstatements

Question 44

what are the components of internal control

Answer 44

• control environment
• risk assessment
• control activities
• information and communication
• monitoring

Question 45

which of the components is considered the umbrella component

Answer 45

control environment

Question 46

control environment contains a______, p_____ and p______ that reflect the a_____ of top management and board about c_______

Answer 46

actions, policies, procedures, attitudes, control

Question 47

the essence of an effectively controlled business lies in the a_____ of management

Answer 47

attitude

Question 48

control environment factors can be used to build what kind of profile

Answer 48

a client risk profile

Question 49

what are the components of the control environment (HIPDOC)

Answer 49

• HR policies and practices
• Integrity and ethical values
• management’s Philosophy and operating style
• board of Directors (audit committee)
• Organization structure
• Commitment to competence

Question 50

what does the hr policies of HIPDOC include

Answer 50

hiring practices, evaluation, and compensation

Question 51

what does the management philosophy and operating style of HIPDOC include

Answer 51

behavior should be encouraged and documented in the code of ethics

Question 52

what should the board of directors in HIPDOC include

Answer 52

• independent directors (required by stock exchange)
• audit committee composed of independent directors and financial experts

Question 53

what does the organizational structure in HIPDOC include

Answer 53

• a structure appropriate for planning, directing and controlling
• clear authority and responsibility

Question 54

what is risk assessment in internal controls

Answer 54

management identification and analysis of risks relevant to preparing f/s in relation to GAAP

Question 55

what is the process in management risk assessment

Answer 55

• risk identification
• risk possibility/likelihood
• risk magnitude/significance
• develop action plan to reduce risk to acceptably low level

Question 56

will risk increase if a company acquires anther company with great control systems

Answer 56

yes, because it will take time for the systems to integrate with one another

Question 57

what are some risks a company can face

Answer 57

• new personnel
• changed I/S
• rapid growth
• new business model
• restructuring
• new accounting methods

Question 58

should you use the risk assessments a business has done themselves

Answer 58

yes, you can use part of it if you deem it reliable

Question 59

what are control activities

Answer 59

policies and procedures that ensure the entity reaches its goals, including financial reporting goals

Question 60

what are the two components of control activities

Answer 60

general and application controls

Question 61

what are general controls

Answer 61

policies and procedures that relate to applications and support the functioning of applications
include performance reviews

Question 62

what are the components of general controls in control activities (SPAID)

Answer 62

• separation of duties
• physical controls
• authorization
• independent checks
• documents and records

Question 63

what are application controls

Answer 63

the accounting systems that record transactions and produce the F/S

Question 64

what are the essential functions of application controls/accounting system

Answer 64

• data preperation
• data entry
• transaction processing
• report production and distribution

Question 65

what are the components of application controls in control activities (PPAC)

Answer 65

• program changes
• program development
• access to programs and data
• computer operations

Question 66

the accounting system produces what sort of trail

Answer 66

audit trail

Question 67

what are the components of information and communications system (IFSAI)

Answer 67

• initiation, authorization, recording, processing and reporting
• financial reporting process
• significant classes of transactions
• accounting records
• information technology

Question 68

unlike human control measures, IT control measure operate in what % of times

Answer 68

100% of cases

Question 69

what are the procedures in the information and communication systems

Answer 69

• record valid transactions
• classify transactions
• measure value of transactions
• determine time period of transaction
• present transaction in FS

Question 70

what is the monitoring of controls

Answer 70

considerations whether the controls are working as intended

Question 71

what may monitoring controls include

Answer 71

• reviews of reconciliations
• internal audit
• evaluation of compliance

Question 72

what are some of managements objectives with internal control

Answer 72

• provide reliable accounting data
• safeguard assets
• operational efficiency
• prevent or detect errors
• ensure compliance with laws

Question 73

auditor responsibilities in relation to internal controls

Answer 73

• assess control risk as part of audit planning process
• test controls if doing combined approach
• communicate weakness if required or asked to