SU 05: Internal Control Concept and Information Technology Flashcards Preview

Auditing > SU 05: Internal Control Concept and Information Technology > Flashcards

Flashcards in SU 05: Internal Control Concept and Information Technology Deck (34)
Loading flashcards...
1
Q

Primary objective for procedures to obtain an understanding of internal control is to provide auditor

A

Knowledge necessary for audit planning. The second standard of field work states, the auditor must obtain a sufficient understanding of entity and its environment including its internal control to assess RMM of f/s whether due to error or fraud and to design the nature, timing, and extent of further audit procedures

2
Q

In an audit of f/s an auditor primary consideration of internal control is whether the control
A reflects management philosophy and operating style
B affect management f/s assertions

A

B, an auditor primary concern is whether a specific control affects relevant f/s assertions. Much of the audit work required to form an opinion consists of gathering evidence about relevant assertions in the f/s. These assertions are management representation embodied in component of f/s (au 326). Controls relevant to an audit pertain to the preparation of f/s that are fairly presented in conformity with GAAP (au 314)

3
Q

In obtaining understanding of controls that are relevant to audit planning an auditor is required to obtain knowledge
A design of controls included in internal control components
B effectiveness of internal controls implemented
C consistency to control is applied

A

A, in all audits the auditor should obtain an understanding of each of the 5 components of internal control sufficient to plan the audit. Sufficient understanding is obtained by performing procedures to understand design of controls and determining whether they have been implemented

4
Q

In planning an audit certain accounts an auditor may conclude specific procedures used to obtain an understanding of an entity internal control need not be included because of the auditor judgment of materiality and assessment of

A

Inherent risk, the nature, timing, and extent of procedures performed to obtain an understanding vary with size and complexity of the entity, the auditor prior experience with entity, the nature and extent of changes in systems and operations and the entity’s documentation of specific controls. The auditor assessment of inherent risk and judgement about materiality and disclosure affect nature and timing and procedures performed. Thus if account has a low assessed level of inherent risk and amounts involved are not material, specific procedures for obtaining understanding might be omitted

5
Q

1.) Auditor preforms tests of controls

A

a. B, describes what is done when the auditor has an expectation of the operating effectiveness of controls – The auditor tests controls when (a) their risk assessment is based on the expectation of the operating effectiveness of controls, or (b) substantive procedures alone do not provide sufficient appropriate evidence at the relevant assertion level.

6
Q

2.) The auditor prepares flowcharts, narratives, questionnaires, or other materials

A

a. C, describes the documentation of the understanding of the entity and its environment, including internal control, and assessment of RMM – The auditor documents among other things, the understanding of the entity and its environment, including internal control. This documentation extends to the five components of internal control. Also, documented are (a) the sources of information, (b) the risk assessment procedures, (c) the assessment of RMM, (d) the basis of the assessments (e) the risks identified and related controls evaluated. Flowcharts, questionnaires, decision tables, checklists, and narratives are among the possible forms of documentation.

7
Q

3.) The auditor considers the factors affecting the RMM

A

a. A, Describe the reason for the auditor to obtain an understanding of the entity and its environment, including internal control and assessment of RMM – The auditor should obtain an understanding of the components of internal control to assess RMM, whether due to error or fraud, and design further audit procedures. This knowledge should be used to (a) determine the types of potential misstatement, (b) considers factors affecting the RMM, (c) design of tests of controls (if applicable), and (d) design of substantive procedures.

8
Q

4.) The auditor performs risk assessment procedures to test operating effectiveness of controls

A

a. D, describe a procedure that is not performed – Risk assessment procedures are performed to obtain an understanding of the entity and its environment, including internal control. Test of controls evaluate the operating effectiveness

9
Q

5.) The auditor designs substantive procedures

A

a. A, Describe the reason for the auditor to obtain an understanding of the entity and its environment, including internal control. – The auditor should obtain an understanding of the components of internal control to assess RMM, whether due to error or fraud, and design further audit procedures. This knowledge should be used to (a) determine the types of potential misstatement, (b) considers factors affecting the RMM, (c) design of tests of controls (if applicable), and (d) design of substantive procedures.

10
Q

6.) The auditor documents the assessed RMM but not basis for the assessment

A

a. D, describe a procedure that is not performed – The auditor documents (a) assessed RMM at f/s and relevant assertion levels and (b) basis for assessment

11
Q

7.) The auditor records the control evaluated

A

a. C, describes the documentation of the understanding of the entity and its environment, including internal control, and assessment of RMM – The auditor documents the risk identified and the related controls evaluated.

12
Q

8.) The auditor considers whether substantive procedures alone do not provide sufficient appropriate evidence at the relevant assertion level.

A

a. B, describes what is done when the auditor has an expectation of the operating effectiveness of controls – The auditor tests controls when (a) their risk assessment is based on the expectation of the operating effectiveness of controls, or (b) substantive procedures alone do not provide sufficient appropriate evidence at the relevant assertion level.

13
Q

9.) The auditor applies limited substantive procedures to determine whether the control is operating effectively

A

a. D, describe a procedure that is not performed – the auditor performs substantive procedures to detect material misstatements. The auditor tests controls to determine their operating effectiveness

14
Q

10.) The auditor identifies the types of potential misstatement

A

a. A, Describe the reason for the auditor to obtain an understanding of the entity and its environment, including internal control. – The auditor should obtain an understanding of the components of internal control to assess RMM, whether due to error or fraud, and design further audit procedures. This knowledge should be used to (a) determine the types of potential misstatement, (b) considers factors affecting the RMM, (c) design of tests of controls (if applicable), and (d) design of substantive procedures.

15
Q

The internal control process is designed to provide reasonable assurance about these objectives

A
  1. ) Reliability of Financial Reporting
  2. ) Effectiveness and Efficiency of Operations
  3. ) Compliance with Laws and Regs
16
Q

Components of Internal Control

A
  1. ) Control Activities
  2. ) Risk Assessment
  3. ) Information and Communication Systems
  4. ) Monitoring
  5. ) Control Environment
17
Q

Control Activities Include

A

Performance Reviews
Information Processing
Physical Controls
Segregation of Duties

18
Q

Understanding Internal Control is used to

A

Identify types of misstatements
Design test of controls, when applicable
Design substantive tests

19
Q

Duties Requiring Segregation

A

Authorization, Recording, Custody

20
Q

Risk Assessment Circumstances

A
  • Changes in operating environment
  • New personnel
  • New information systems
  • Rapid growth
  • New technology
  • New lines, products, or activities
  • Corporate restructuring
  • Foreign operations
  • Accounting pronouncements
21
Q

Entity Risk Assessment

A

designed to identify, analyze, and manage risks that affect entity’s objectives

22
Q

Auditor Risk Assessment

A

involves assessment of inherent risk and control risk to evaluate likelihood of material
misstatements occurring in financial statements

23
Q

Control Environment

A
  • Integrity and ethical values
  • Commitment to competence
  • Human resource policies and practices
  • Assignment of authority and responsibility
  • Management’s philosophy and operating style
  • Board of directors or audit committee participation
  • Organizational structure
24
Q

Risk Assessment Procedures for Internal Control

A
  • Inquiries of management and others within the entity
  • Observing the application of specific controls
  • Inspecting documents and records
  • Tracing transactions through the information system
25
Q

Control risk may be set at the maximum level for some or all assertions

A
  • The auditor does not intend to rely on internal control in relation to those assertions
  • Tests of controls will not be performed
26
Q

Control risk may be set below maximum for some or all assertions

A
  • The auditor must verify the effectiveness of internal control so that it can be relied upon
  • Tests of controls will be performed
27
Q

Assessing control risk below maximum involves two components

A

1) Identify controls that will prevent or detect material misstatements in specific assertions
2) Perform tests of control to evaluate the effectiveness of the controls identified

28
Q

Tests of controls include

A

• Inquiry—Asking questions of appropriate personnel such as inquiring about the procedure
followed when merchandise is received
• Inspection—Looking at documentary evidence such as inspecting paid invoices to make
certain they have been cancelled to avoid double payment
• Observation—Watching client employees as they perform such as observing employees
receiving and recording purchases of merchandise to determine if there is proper segregation
of duties
• Reperformance—Repeating procedures performed by client employees such as recounting
inventories or recalculating invoice amounts

29
Q

The auditor should obtain an understanding of the information system

A

1) the classes of significant transactions; (2) the ways those transactions are initiated, authorized, recorded, processed, corrected, transferred to the general ledger, and reported; (3) the accounting records, whether electronic or manual; (4) how significant events and conditions other than transactions are captured; (5) the financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures; and (6) controls over journal entries

30
Q

Decision tables differ from program flowcharts in that decision tables emphasize

A

A decision table identifies the contingencies considered in the description of a problem and the appropriate actions to be taken relative to those contingencies. Decision tables are logic diagrams presented in matrix form. Unlike flowcharts, they do not present the sequence of the actions described.

31
Q

A field check.

A

A field check tests the characters to verify they are of the appropriate type for that field.

32
Q

An access log.

A

Access logs are designed to prevent improper use or manipulation of data files.

33
Q

A validity check

A

A validity check tests the relationships among input items and other parts of the system, e.g., that customer 1272 on the sales order is included in the customer file.

34
Q

Employee misses keying in PO number what control wold detect this error

A

Completeness test - an interactive program designed to notify the user to enter the number before accepting the report.