Week 9 Flashcards Preview

External Auditing > Week 9 > Flashcards

Flashcards in Week 9 Deck (16):
1

Rely on Internal Controls
Why?

To identify entity-level & transaction controls
Assess effectiveness of IC…what is the risk that they are not operating well?

2

Rely on Internal Controls
How

Thoroughly understand client operations, industry, economy
Interview client, tour operations
Identify ICs within Business Processes by creating or reading documentation
Evaluate IC – strength or weakness

3

3 phases of Control valuation

1. Understand client’s internal control system
Identify what controls exist at the entity-level and transactional level
2. Assess control risk by identifying controls strengths & weaknesses in the AIS.
3. Testing controls to prove control risk.

4

Entity vs. Transactional Controls

Entity
Throughout the entire organization

Transaction
Affect a particular transaction
Respond to WCGW with transactions
Must be sensitive enough to prevent or detect

5

Classes of Transactions

Companies make money by creating value
- Making products
- Providing a service

Companies do this via a series of activities (business process) in the value chain

These activities are reported in the f/s
- Purchase inventory: dr inventory cr cash
- Sell inventory: dr COGS cr inventory

Classes of transactions is the grouping of routine transactions

6

Prevent vs. Detect Controls
Prevent

Applies to each transaction
Before / during the transaction
Evidence of the effectiveness may not be available
Dependent on IT controls

7

Prevent vs. Detect Controls
Detect

Applies to a group of transactions
After the transaction
Vary greatly
Need to be sensitive, consistent and timely
Dependent on prevent controls

8

Types of Internal Controls

Manual

(IT General Controls)
Automated
Combination

9

IT General Controls to ensure:

Effective Management of the IT Department
- Governance - personal practices, how department is run
- Segregation of duties
- Contracts are signed with qualified 3rd party service providers

Accurate Processing of Data
- Access to programming & applications is limited
- Formal change management procedures for program changes
- Training of Staff & input controls
- Testing of applications

Prevent Unauthorized Access to Data
- Physical environment and physical security of the system
- Logical security
- Business Continuity

10

Types of Application Controls

Input Controls
Processing Controls
Output Controls

11

Input Controls

Ensure information is reliable

Mandatory fields
Checks – range, validity
Observation by competent staff

12

Processing Controls

Ensure correctly classified & summarized
Logic is working as intended

Batch Totals
Programs tested
Exception reports

13

Output Controls

Ensure completeness & security of information

Reconciliations
Output is Limited
Performance reviews

14

Strengths of IC

Successfully prevents errors from occurring
Sensitive enough to detect errors & correct them
Operates consistently throughout the year

15

Weaknesses of IC

Absence of a control
Not operating consistently throughout the year
Not being performed by a competent person, or one with skepticism

16

Objectives of IC for Financial Reporting

Completeness
Recorded – omission of transactions will be prevented or detected

Accuracy
Classified – transactions are recorded in the right account
Summarized – transactions are summarized & totaled correctly
Posted – accumulated totals in special journals are transferred to the Sub-ledger and G/L correctly
Timely – transactions are recorded in the correct accounting period

Valuation
Valued – correct amounts are assigned to transactions

Existence
Real – fictitious or duplicate transactions are not included