Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
56 Cards in this Set
- Front
- Back
- 3rd side (hint)
State the 2nd fieldwork standard
|
A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed
|
|
|
List the 2 primary objectives for the consideration of internal control
|
1) Aid in planning the remainder of the audit
2) Assess control risk |
|
|
Internal control is designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
|
1) Reliability of financial reporting
2) Effectiveness & efficiency of operations 3) Compliance with applicable laws & regulations |
|
|
What control is generally most relevant to audits?
|
Controls over financial reporting
|
|
|
What are the components of internal control?
|
1) Control environment
2) Risk assessment 3) Control activities 4) Information & communication 5) Monitoring |
CRCIM
|
|
What are the factors of the control environment?
|
1) Integrity & ethical values
2) Commitment to competence 3) HR Policy & procedures 4) Assignment of authority & responsibility 5) Management's philosophy & operating style 6) BOD & audit committee participation 7) Organizational structure |
IC HAMBO
|
|
For financial reporting purposes an entity's risk assessment is its:
|
Identification, analysis, and management of risks relevant to the preperation of financial statements following GAAP
|
|
|
List some risks that may affect an entity's ability to properly record, process, summarize, and report financial data
|
1) Changes in operating environment
2) New personnel 3) New information system 4) New technology 5) New lines, products, or activities 6) Rapid growth 7) Corporate restructuring 8) Foreign operations 9) Accounting pronouncements |
|
|
What are the four main control activities that help ensure that necessary actions are taken to adress risks to achieving the entity's objectives.
|
1) Performance reviews(review actual performance against budgets)
2) Information processing ( check accuracy, completion, and authorization of transactions) 3) Physical controls (activities that ensure the physical security of assets & records) 4) Segregation of duties (seperation authorization, recordkeeping, & custody) |
PIPS
|
|
The accounting system consists of methods and records established to:
|
Record, process, summarize, & report entity transactions & to maintain accountability of the related assets and liabilities
|
|
|
To be effective the accounting system must accomplish the following goals for transactions:
|
1) Identify & record all valid transactions
2) Describe on a timely basis 3) Measure the value properly 4) Record in the proper time period 5) Properly present and disclose 6) Communicate responsibilities to employees |
|
|
What are some limitations to even the best internal control?
|
1) Human judgement in decision making
2) Simple errors & mistakes 3) Collusion 4) Cost constraints 5) No absolute deterrants |
|
|
What does the Foreign Corrupt Practices Act do?
|
1) Requires every corporation registered under the SEC to maintain a system of strong internal accounting control
2) Requires corporations to maintain accurate books and records 3) Makes it illegal for individuals or business entities to make payments to foreign officials to secure business |
|
|
What are the fines for violating the foreign corrupt practices act?
|
Up to 1 million for SEC registerants and 10,000 for individuals and up to 5 years in prison
|
|
|
What does section 302 of the SOX do?
|
Makes officers responsible for maintaining effective internal control & requires executives to disclose all internal control deficiencies to the audit committee
|
|
|
What does section 404 of SOX do?
|
Requires management to acknowledge its responsibility for establishing adequate internal control over financial reporting & provide an assessment in the annual repport of the effectiveness of internal control.
|
|
|
What does section 906 of SOX do?
|
Requires management to certify reports filed with the SEC
|
|
|
What are the 4 main steps in the auditor's consideration of internal control?
|
1) Obtain & document understanding of internal control to plan the audit
2) Assess control risk 3) Perform (additional) tests of controls 4) Reassess control risk |
|
|
The knowledge of internal control obtained for planning is used to:
|
1) Identify types of potential misstatements
2) Consider factors that affect the risk of material misstatement 3) Design test of controls 4) Design substantive tests |
|
|
What understanding of internal control is necessary concerning the control environment?
|
Understanding of managements & BOD's attitude, awareness, & actions concerning the control environment
|
|
|
What understanding of internal control is necessary concerning risk assessment?
|
Understanding how management considers risks relevant to financial reporting objectives & decides about actions to address those risks
|
|
|
What understanding of internal control is necessary concerning control activities?
|
Understand the control activities relevant to planning the audit
|
|
|
The auditor needs to obtain a level of knowledge of the information & communication system to understand:
|
1) Major classes of transactions
2) How those transactions are initiated 3) Available accounting records & support 4) Manner of processing those transactions 5) Financial reporting process used to prepare financial statements 6) Means the entity uses to communicate financial reporting roles & responsibilities |
|
|
What does the auditor rely on to obtain the needed understanding of internal control?
|
1) Previous experience with the entity
2) Inquiries 3) Inspection of documents & records 4) Observation of entity activities |
|
|
In gaining an understanding of internal control for planning purposes the auditor is concerned primarily with these 2 things:
|
1) Design of controls
2) Whether the controls have been placed in operation |
|
|
In evaluating operating effectiveness, the auditor considers these 3 things:
|
1) How the control was applied
2) Consistency with which it was applied & 3) By whom |
|
|
What is a decision table?
|
Graphic methods of describing logic in decisions. Various combinations of conditions are matched to one or several actions.
|
|
|
To assess control risk is to evaluate the:
|
Effectiveness of an entity's internal control in preventing and detecting material misstatements
|
|
|
What is the next step after documenting an understanding of internal control?
|
Determine a planned assessed level of control risk
|
|
|
There are 3 circumstances in which additional tests of controls will not be performed subsequent to obtaining an understanding to plan the audit.
|
1) Controls are believed to be ineffective, and therefore control risk is to be assessed at the maximum level
2) Controls are believed to be effective, but testing them is not cost effective so control risk is set at max 3) Controls are believed to be effective & evidence already obtained is adequate to support the planned assessed level of control risk that is below the max |
|
|
Tests of controls are used to test either the effectiveness of:
|
1) Design
2) Operation of control |
|
|
List 4 approaches to test of controls
|
1) Inquiries of appropriate personnel
2) Inspection of documents & records 3) Observation of the application of controls 4) Reperformance of the control by the auditor |
|
|
For reasons of efficiency & practically, when does the auditor generally perform tests of controls?
|
Prior to year end
|
|
|
As the assessed level of control risk decreases, the auditor must modify:
|
The nature, timing, & extent of substantive tests
|
|
|
When should the auditor document understanding of internal control obtained to plan the audit?
|
Always
|
|
|
When should the auditor document the assessed level of control risk?
|
When assessed level of control risk is set at maximum
|
|
|
When should the auditor document the basis for the control risk assessment?
|
When assessed level of control risk is set below the maximum
|
|
|
How do you perform a test of completeness? existence?
|
1) From source document to recorded entry (Tracing)
2) From recorded entry to source document (Vouching) |
|
|
Inadequate segregation of duties exists whenever one individual is performing 2 or more of the following:
|
Authorization, Recordkeeping, & Custodianship
|
|
|
A significant deficiency in the design or function of internal control that could adversely affect the organization's ability to record, process, summarize, & report financial data
|
Reportable Condition
|
|
|
What is the rule for reportable conditions?
|
They should be communicated to audit committee and at least be documented in the working papers
|
|
|
What are 4 audit-related matters that must be communicated with the audit committee?
|
1) Auditor responsibility under GAAS
2) Significant audit adjustments 3) Uncorrected misstatements determined by management to be immaterial 4) Auditor responsibility for other information in documents containing audited financial statements |
|
|
What are the 3 accounting matters that the auditor must determine if the audit committee is aware of?
|
1) Significant accounting policies
2) Important management judgements & accounting estimates 3) Quality of accounting principles |
|
|
An internal control deficiency that could adversly affect the entity's ability to properly initiate, record, process, & report financial data
|
Significant deficiency
|
|
|
When does a significant deficiency occur?
|
If there is more than a remote likelihood that internal controls will fail to prevent or detect misstatements that are larger than inconsequential
|
|
|
A transaction for a recurring financial activity recorded in the accounting records in the normal course of business, such as sales, purchases, cash receipts, cash disbursements, & payroll
|
Routine Transaction
|
|
|
A transaction that occurs only periodically, such as counting & pricing inventory, calculating depreciation expense, or determining prepaid expenses
|
Nonroutine Transaction
|
|
|
A transaction involving management's judgements or assumptions, such as determining the allowance for doubtful accounts, establishing warranty reserves, & assessing assets for impairment
|
Estimation transaction
|
|
|
The "as of date" as it relates to whether internal control is effective at a point in time refers to:
|
The last day of the company's fiscal period
|
|
|
When should walkthroughs for each major type of transaction be conducted?
|
During a CPA firm's 1st audit of internal control
|
|
|
Walkthroughs provide the auditor with evidence to: (3)
|
1) Confirm the understanding of the flow of transactions & design of controls
2) Evaluate effectiveness of design of controls 3) Confirm whether controls have been placed in operation |
|
|
Accounts with more than a remote likelihood that they could contain misstatements that individually, or combined with others could have a material effect on the financial statements
|
Significant accounts
|
|
|
The "as of date" as it relates to whether internal control is effective at a point in time refers to:
|
The last day of the company's fiscal period
|
|
|
When should walkthroughs for each major type of transaction be conducted?
|
During a CPA firm's 1st audit of internal control
|
|
|
Walkthroughs provide the auditor with evidence to: (3)
|
1) Confirm the understanding of the flow of transactions & design of controls
2) Evaluate effectiveness of design of controls 3) Confirm whether controls have been placed in operation |
|
|
Accounts with more than a remote likelihood that they could contain misstatements that individually, or combined with others could have a material effect on the financial statements
|
Significant accounts
|
|