Term
|
Definition
a process designed to provide reasonable assurance regarding the achievement of management’s objective in the following categories:
* Reliability of financial reporting
* Effectiveness and efficiency of operation
* Compliance with applicable laws and regulations
|
|
|
Term
Reliability of financial reporting
|
|
Definition
Management is responsible for preparing statement for investors, creditors and other users.
|
|
|
Term
| Effectiveness and efficiency of operation |
|
Definition
Controls within a company encourage efficient and effective use of its resources to optimize the company’s goals.
|
|
|
Term
| Compliance with applicable laws and regulations |
|
Definition
Section 404 requires management of all public companies to issue a report about the operating effectiveness of internal control over financial reporting.
|
|
|
Term
| Section 404 of the Sarbanes-Oxley Act requires management of all public companies to issue an internal control report that includes what? |
|
Definition
* A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.
* An assessment of the effectiveness of the internal control structure and procedure for financial reporting as of the end of the company’s fiscal year.
|
|
|
Term
| What are the two key aspects of management’s assessment of internal control |
|
Definition
* Management must evaluate the design of internal control over financial reporting
* Management must test the operating effectiveness of those controls. |
|
|
Term
| How does management evaluate the design of internal control over financial reporting |
|
Definition
Decide if controls are put in place
*to prevent
*to detect
misstatements in the financial statements
|
|
|
Term
| What are the 4 things that auditors must do? |
|
Definition
* Test results (which must also be documented)
* Form the basis for management’s assertion at the end of the fiscal year (controls’ operating effectiveness)
* Disclose any material weakness in internal control
* Even if only one material weakness is present, they must conclude that the company’s internal control over financial reporting is not effective.
* SEC requires management to include its report on internal control in its annual Form 10-K report filed with the SEC
|
|
|
Term
| How does management test the operating effectiveness of the controls. |
|
Definition
* Determine if controls are operating as designed
* Determine if the person performing the control possesses the necessary authority and qualifications to perform the control effectively
|
|
|
Term
| What is the auditor responsible for understanding about internal control? |
|
Definition
* Controls over the reliability of financial reporting
* Controls over classes of transaction
|
|
|
Term
| What kind of assertion is "recorded transactions exist" |
|
Definition
|
|
Term
| What kind of assertion is "existing transactions are recorded" |
|
Definition
|
|
Term
| What kind of assertion is "recorded transactions are stated at the correct amounts" |
|
Definition
|
|
Term
| What kind of assertion is "recorded transactions are correctly included in the master files and are correctly summarized" |
|
Definition
| posting and summarization |
|
|
Term
| What kind of assertion is "transactions are correctly classified" |
|
Definition
|
|
Term
| What kind of assertion is "transactions are recorded on the correct dates" |
|
Definition
|
|
Term
| What are the five components of the COSO internal control framework? |
|
Definition
* Control environment
* Risk assessment
* Control activities
* Information and communication
* Monitoring |
|
|
Term
|
Definition
| consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, an downers of an entity about internal control and its importance to the entity. |
|
|
Term
|
Definition
| for financial reporting is management’s identification and analysis of risks relevant to the preparation of financial statements in conformity with appropriate accounting standards. |
|
|
Term
|
Definition
| policies and procedures, in addition to those include in the other four control components that help ensure that necessary actions are taken to address risks to the achievement of the entity’s objectives. |
|
|
Term
| What are the 5 components of control activities? |
|
Definition
* Adequate separation of duties
* Proper authorization of transactions and activities
* Adequate documents and records
* Physical control over assets and records
* Independent checks on performance |
|
|
Term
| What is the four general guidelines for adequate separation of duties to prevent both fraud and errors are especially significant for auditors? |
|
Definition
* Adequate separation of duties
* Separation of the authorization of transactions from the custody of related assets
* Separation of operational responsibility from record-keeping responsibility
* Separation of IT duties from User departments
|
|
|
Term
|
Definition
| management establishes policies and subordinates are instructed to implement these general authorizations by approving all transactions within the limits set by the policy. |
|
|
Term
|
Definition
| applies to individual transactions. |
|
|
Term
| What are the 4 things that adequate documents and records should be? |
|
Definition
* Prenumbered consecutively to facilitate control over missing documents and records and as an aid in locating them when they are needed at a later date.
* Prepared at the time a transaction takes place, or as soon as possible thereafter, to minimize timing errors.
* Designed for multiple use, when possible, to minimize the number of different forms.
* Constructed in a manner that encourages correct preparation.
|
|
|
Term
| Information and communication |
|
Definition
| purpose is to initiate, record, process, and report the entity’s transactions and to maintain accountability for the related assets. |
|
|
Term
|
Definition
| activities deal with ongoing or periodic assessment of the quality of internal control by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions. |
|
|
Term
| What are the three types of documents auditors commonly obtain and document their understanding of the design on internal controls? |
|
Definition
* Narratives
* Flowcharts
* Internal control questionnaires |
|
|
Term
|
Definition
| is a written description of a client’s internal controls |
|
|
Term
|
Definition
| is a diagram of the client’s documents and their sequential flow in the organization. |
|
|
Term
| Internal control questionnaires |
|
Definition
series of questions about the controls in each audit area as a means of identifying internal control deficiencies.
|
|
|
Term
| What are the 4 methods to understanding the design? |
|
Definition
* Update and evaluate auditor’s previous experience with the entity
* Make inquiries of client personnel
* Examine documents and records
* Observe entity activities and operations
|
|
|
Term
| What are the subcomponents of control environment? |
|
Definition
* Integrity and ethical values
* Commitment to competence
* Board of director and audit committee participation
* Management’s philosophy and operating style
* Organizational structure
* Human resource policies and practices
|
|
|
Term
| What is the risk assessment process? |
|
Definition
* Identify factors affecting risks
* Assess significance of risks and likelihood of occurrence
* Determine actions necessary to manage risks
|
|
|
Term
| What are the risk assessment categories of management assertions that must be satisfied? |
|
Definition
* Assertions about classes of transactions and other events
* Assertions about account balances
* Assertions about presentation and disclosure
|
|
|
Term
| What are the types of specific control activities? |
|
Definition
* Adequate separation of duties
* Proper authorization of transactions and activities
* Adequate documents and records
* Physical control over assets and records
* Independent checks on performance
|
|
|
Term
| What are the transaction-related audit objectives that must be satisfied? |
|
Definition
* Occurrence
* Completeness
* Accuracy
* Posting and summarization
* Classification
* Timing
|
|
|
Term
What are Assess Control Risk
2 primary factors determine auditability? |
|
Definition
* Integrity of management, &
* Adequacy of accounting records
|
|
|
Term
| What are the uses of a Control Risk Matrix to Assess Control Risk? |
|
Definition
* Identify Audit Objectives
* Identify Existing Controls
* Associate Controls with Related
* Audit Objectives
* Identify and Evaluate Control Deficiencies, Significant Deficiencies, and Material
|
|
|
Term
| What are the 5 control activities of the Control Risk Matrix to Assess Control Risk? |
|
Definition
* Separation of duties
* Proper authorization
* Adequate documents and records
* Physical control over assets and records
* Independent checks on performance
|
|
|
Term
| What are the weakness of the Control Risk Matrix to Assess Control Risk? |
|
Definition
* Control Deficiency
* Significant deficiency
* Material weakness |
|
|
Term
|
Definition
exists if the design of operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis in the normal course of performing their assigned functions
|
|
|
Term
|
Definition
|
|
Term
|
Definition
this control will NOT give us a reasonable possibility that the internal control system will not discover material misstatements
|
|
|
Term
| What is the 5-step approach that can be used to identify deficiencies, significant deficiencies, and material weakness? |
|
Definition
* Identify existing controls
* Identify the absence of key controls
* Consider the possibility of compensating controls
* Decide whether there is a significant deficiency or material weakness
* Determine potential misstatements that could result
|
|
|
Term
| What is the four types of procedures to support the operating effectiveness of internal controls? |
|
Definition
* Make inquiries of appropriate client personnel
* Examine documents, records, and reports
* Observe control-related activities
* Re-perform client procedures
|
|
|
Term
| What is the key point to understand about tests of controls? |
|
Definition
| During the understanding phase, the auditor will have already gathered some evidence in support of both the design and the controls and their implementation by using procedures to obtain an understanding |
|
|
Term
|
Definition
| are those risks that the auditor believes require special audit consideration |
|
|
Term
| What are the 2 primary differences in the application of common procedures? |
|
Definition
* In obtaining an understanding of internal controls and procedures to obtain an understanding are applied to all controls identified during that phase.
* Procedures to obtain an understanding are per formed only on one or a few transactions or, in the case of observations, at a single point in time.
|
|
|
Term
| What are the 2 conditions that auditors will issue an unqualified opinion on internal control over financial reporting? |
|
Definition
* There are no identified material weaknesses
* There have been on restrictions on the scope of the auditor’s work
|
|
|
Term
|
Definition
| when one or more material weaknesses exist, the auditor must express an adverse opinion on the effectiveness of internal controls |
|
|
Term
| Qualified or disclaimer of opinion |
|
Definition
| a scope limitation requires the auditor to express a qualified opinion or a disclainer of opinion on internal control over financial reporting |
|
|
Term
| What are the most important differences in evaluating, reporting, and testing internal control for nonpublic companies? |
|
Definition
* Reporting requirements
* Extent of required internal controls
* Extent of understanding needed
* Assessing control risk
* Extent of tests of controls needed
|
|
|
