Quiz 2 Flashcards
(41 cards)
What should the internal controls do
ensure assets and records are safeguarded, generate reliable information for decision making
How do good internal controls help auditors
gives the auditor assurance about the reliability of the data generated by the information system
the auditor uses risk assessment procedures to:
obtain understanding of internal controls, identify key controls, recognize types of potential misstatements, design tests
Internal Control framework
reliability of financial reporting, effectiveness and efficiency of operations, compliance with laws and regulations
why is reliability of financial reporting for internal controls relevant
it pertains to the preparation of the financial statements
why is compliance with laws and regulations relevant
only relevant when they relate to the data the auditor uses to apply auditing procedures
components of internal controls
control environment, entity’s risk assessment process, control activities, information and communication, monitoring activities
control environment
set of standards, processes, and structures that provides the basis for carrying out internal controls of an organization. Established by board of directors and senior management
entity’s risk assessment process
involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives, determining how risks should be managed. Management determines external environment and others things that imped objectives
Control Activities
actions established by policies and procedures to help ensure that management directives to mitigate risk to the achievement of objectives are carried out.
Information and Communication
necessary for the entity to carry out internal control responsibilities. communication occurs internally and externally for day to day activities. helps employees understand importance of internal controls
Ongoing evaluations
separate evaluations, or some combination of the two are used to ascertain whether each of the five components are present and functioning.
what is the substantive strategy based on
controls do not pertain to assertation, controls are assessed as ineffective, testing the effectiveness of controls is inefficient.
Reliance Strategy
plan to rely on internal control and assess control risk at a lower level
How does one understands internal controls
understand environment, understand risk assessment process, information system and communications, control activities, monitoring of controls
limitation of internal controls
management override of internal control, human error, collusion
assessing control risk
identify controls that will be relied upon, preform test of controls, conclude on the achieved level of control risk.
performing tests of controls
inquiry of personnel, inspect documents, observation of application of control, reperformance of control by auditor
interim test of controls
assertion tested not significant, control has been effective previously
Type 1 report
describes the service organization’s controls and assesses whether they are suitably designed to achieve specified internal control objectives
type 2 report
goes further by providing assurance on the operating effectiveness of the service organization’s controls based on the auditor’s test of controls (decrease control risk below high)
Control deficiency
does not allow management or employee to detect, prevent, or correct misstatement on a timely basis
significant deficiency
less severe than a material weakness, but is important enough to merit attention
material weakness
deficiencies such that there is a reasonable possibility that material misstatement will not be prevented, detected, or corrected, on a timely basis.
