Week 7 Flashcards
(7 cards)
Entity-level controls:
control environment entity’s risk assessment process IT and communication systems control activities monitoring of controls.
Transaction-level controls
Designed to reduce the risk of misstatement due to error or fraud and to ensure that processes are operating effectively.
Controls can include any procedure used and relied upon by client to prevent errors occurring, or to detect and correct errors that occur
Controls have two main objectives:
Controls have two main objectives:
Controls are classified as:
manual controls
automated (or application) controls
IT general controls (ITGCs)
IT-dependent manual controls.
Prevent controls
Prevent controls can be applied to each transaction during normal processing to avoid errors occurring:
Commonly automated.
For example reject duplicate transaction.
Detect controls
Detect controls are necessary to identify and correct errors that do enter the records.
Usually not applied to transaction during normal flow of processing, but applied outside normal flow to partially or fully processed transactions.
E.g. cheques for payment prepared, and held by system until approved for payment and then processed.
Auditor uses combination of techniques when testing controls.
Enquiry:
Observation:
Inspection of physical evidence:
Re-performance:
