Glossary of AUD - Internal Control

Start Studying! Add Cards ↓

What is internal control?
A process designed to provide reasonable assurance that entity objectives will be achieved.
Three categories of objectives in internal control:
1. reliability of financial reporting
2. effectiveness and efficiency of operations
3. compliance with applicable laws and regulations
What is the fundamental concept behind internal control?
Segregation of duties in order to elminate incompatible functions, which place a person in the position to both perpetuate and conceal errors or fraud in the normal course of duties.
- separation of authorization, record keeping and custody of assets
Basic influences of internal control (6)
Methods of information processing
Organization and ownership characteristics
Diversity and complexity of ops
Entity's size
Regulatory and legal requirements
Nature of its business
Components of internal control
(components of internal control fight CRIME)
Control activities
Risk assessment
Information and communication
control Environment
What are control activities?
those policies and procedures established to provide reasonable assurance that management decisions are executed
What is risk assessment?
an entity’s (not an auditor’s) location, evaluation, and management of risk.
Under Sarbanes Oxley, how long must be workpapers be retained?
7 years
Segregation of duties must separate what?
(ARC that protects from sea of troubles)
The overall attitude and awareness of the BOD concerning the imptce of IC is reflected in what?
The Control Environment
What are the 7 audit steps?
-Planning the audit
-Review internal control
-Evaluate internal control, preliminary assessment of control risk-Consider evidence to justify further reduction of assessed control risk
-Final assessed level of control risk (NET)
-Perform substantive tests
-Write audit report
What are the 4 types of controls (compliance testing)?
Re-perform procedures
An auditor uses the knowledge provided by the understanding of IC and final assessed level of control risk primarily to determine NET of?
Substantive tests
Direct or inverse relationship between:
control risk and detection risk
Direct or inverse relationship between:
detection risk and substantive testing
Direct or inverse relationship between:
control risk and substantive testing
What is the primary consideration regarding an internal control policy or proecdure?
Whether it affects mgmt's financial statement assertions
In planning, the auditor's knowledge about the design of relevant IC policies and procedures should be used to?
Identify the types of potential misstatements that could occur
What are the 9 control activities you always want to be looking for?
Numeric checks
Cross checks
Internal audit function
Separation of duties
Mechanical devices
Personnel polices/procedures
If control risk is at maximum
- high probability of errors
- document basis for conclusion
- no tests of controls
- extensive substantive tests
If control risk is below maximum
- document basis for conclusion
- identify specific p/p in place to be relied on
- low probability of errors
- perform test of controls
The acceptable level of detection risk is inversely related to what?
Assurance provided by substantive tests
What are reportable conditions?
Deficiencies in IC design, or failure in IC operation
Control risk should be assessed in terms of what?
financial statement assertions
Mailing disbursement checks and remittence advices should be controlled by the employee who
signs the checks last
True or false: an auditor must search for reportable conditions
True or false: if control risk is below maximum, proper documentation about conclusion and supporting evidence are included in w/ps
True or false: To document ICs, an auditor must use both flowcharts and questionnaires.
false - can use anything
True of false: during planning the auditor is required to evaluate the operating effectiveness of controls over time
false - you dont evaluate the effectivessness in planning, just that they are there
True or false: substantive testing can be completely eliminated in performing an audit
False - you can never completely eliminate substantive testing
Where does the AP/Purchasing cycle begin?
With the factory user.
-runs out of material and fills out a Stores Requisition (SR)
When a Purchasing Dept fills out a Purchase Order, where do the 4 copies go?
Copy 1 - Filed
Copy 2 - Sent to vendor
Copy 3 - Blind copy to receiving dept
Copy 4 - Sent to accounts payable department
Are auditors required to search for reportable conditions?
No, but if you find something, you have to report them to the Board of Directors or Audit Committee
What is a material weakness?
Reportable condition that is EXTREMELY significant.
- as an auditor, not required to distinguish between material weaknesses and reportable conditions
What if reportable conditions are not corrected?
- may feel its too expensive, may have compensating controls
- if a lot of time passes, may want to report on them a second time

Add Cards

You must Login or Register to add cards