Internal Control & Risk Assessment.txt

  1. Auditor's risk assessment procedures should include what? (3)
    • 1- inquiries
    • 2-analytical procedures
    • 3-observation and inspection
  2. Risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity's ability to achieve its objectives and execute its strategies or from the setting of inappropriate objectives and strategies
    business risk
  3. A function of the desired level of overall audit risk and the assessed levels of inherent and control risk
    acceptable level of detection risk
  4. Can the auditor's preliminary assessments of inherent and control risk change as the audit work continues?
  5. The relationship between acceptable level of detection risk, control risk, inherent risk and the assurance provided by substantive tests is
    inverse for detection and direct for control and inherent
  6. What is the relationship between control and acceptable level of detection risk
    Inverse. Acceptable level of detection risk affects substantive testing
  7. When the inherent and control risk are low, what is the effect on audit and detection risk?
    HIGH detection, LOW audit risk
  8. When inherent and control risk are high, what is the effect on audit and detection risk?
    LOW detection , LOW audit
  9. PSA 315 states that internal controls are designed and implemented to achieve the entity's objectives with regard to (3)
    • 1-reliability of financial reporting
    • 2-effectiveness and efficiency of operations
    • 3-complaiance with applicable laws and regulations
  10. 5 components of entity's internal controls
    • 1-control environment
    • 2-entity's risk assessment process
    • 3-information and communication
    • 4-control activities
    • 5-monitoring of controls
  11. The use of IT in internal control allows an entity to
    • 1-consistently apply predefined business rules and perform complex calculations in processing large volumes of transactions and data
    • 2-enhance the timeliness availability and accuracy of information
    • 3-facilitate additional analysis of information
    • 4-enhance the ability to monitor the performance of the entity's activities and its policies and procedures
    • 5-reduce the risk that control will be circumvented
    • 6-enhance the ability to achieve effective segregation of duties by implementing security controls in applications, databases and operating systems.
  12. This involves considering whether the control, individually or in combination with other controls is capable of effectively preventing o detecting and correcting material misstatements
    evaluating the design of the control
  13. This means that the control exists and that entity is using it
    implantation of control
  14. Risk assessment procedures to obtain an understanding of controls relevant to the audit include (4)
    • 1-inquiry
    • 2-observation
    • 3-inspection
    • 4-tracing transactions thru the information system to financial reporting (reperformance)
  15. PSA 315 requires the auditor to perform risk assessment procedures at what level?
    assertion and financial statement level
  16. Are audit procedures designed to evaluate the operating effectiveness of controls in preventing, detecting and correcting material misstatements at the assertion level
    internal controls
  17. The foundation for all other internal control components. PSA 315 states that this includes the governance and management functions and the attitudes awareness and actions of those charged with governance and management concerning the entity's internal control and its importance to the entity. It sets the tone of the organization influencing the control consciousness of the people.
    Control environment
  18. What are the elements of a control environment?(7)
    • 1-communication and enforcement of integrity and ethical values
    • 2-commitment to competence
    • 3-participation by those charged with governance
    • 4-management's philosophy and operating style
    • 5-organizational structure
    • 6-assignment of authority and responsibility
    • 7-human resource policies and practices
  19. The component of internal control which communicates prospective roles and responsibilities to employees as well as the use of training policies.
    Control Environment
  20. Are manual or automate procedures that typically operate at a business process level and apply to the processing of transactions by individual applications
    application controls
  21. Monitoring activities which are built into the normal recurring activities of an entity and include regular management supervisory activities such as reviewing the purchasing function
    ongoing monitoring activities
  22. Internal audit function is part of what element of an internal control?
    Monitoring activities
  23. Are policies and procedures that help ensure that management directives are carries out. They are intended to ensure that necessary actions are taken to address risks that threaten the achievements of an entity's objectives
    Control Activities
  24. What are the 5 specific controls which relate to Control Activities?
    • 1-performance review
    • 2-authorization
    • 3-physical controls
    • 4-information processing
    • 5-segregation of duties
  25. The primary criterion in designing an internal control
    cost-benefit relationship
  26. What are the inherent limitations of an internal control?
    Management override, Mistakes in judgment and Collusion
  27. Are incompatible functions inherent limitations in an internal control?
    NO. This is a failure to segregate functional responsibilities properly
  28. In obtaining an understanding of an entity's internal control, an auditor is required to (3)
    • 1-knowledge of the design and whether they have been implemented
    • 2-document understanding of the entity's internal control procedures
    • 3-peform procedures to evaluate the design of controls
  29. Under PSA 330, Auditor´┐Żs responses to assessed risks, the auditor is required to perform tests of controls when (2)
    1-his risk assessment includes an expectation of the operating effectiveness of the IC 2-substantve procedures are not sufficient
  30. Testing the operating effectiveness of controls includes obtaining audit evidence about (3)
    • 1- how they are applied
    • 2-if they are consistently applied
    • 3-by whom or by what means they are applied
  31. The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the risk that
    material misstatements exist in the financial statements
  32. The auditor ordinarily assesses control risk high when (2)
    • 1-IC is not effective
    • 2-evaluating the effectiveness of IC is not efficient
  33. Control risk is assessed in terms of
    Financial Statement Assertions
  34. The process of evaluating the effectiveness of an entity's internal control in preventing or detecting and correcting material misstatements
    Assessment of Control risk
  35. The basis for an auditor's conclusions about the assessed level of control risk need not be documented unless the control risk is assessed at what level?
    MINIMUM. If maximum, not required
  36. Under PSA 330, if an auditor plans to use the audit evidence about the operating effectiveness of controls obtained in prior audits, the auditor is then required to
    obtain audit evidence about whether changes in those specific controls have occurred subsequent to the prior audit. He may then perform inquiry in combination with observation or inspection
  37. Under PSA 330, if an auditor plans to rely on controls that have changed since they were last testes, the auditor is required to
    test the operating effectiveness of such controls in the current audit
  38. Is audit evidence of operating effectiveness of IC at a point in time sufficient for the auditor's purpose?
    Not All the time. It may be only sufficient for applicable purposes such as when testing controls over physical inventory count at year end
  39. *Tests of controls at a particular time may provide evidence of operating effectiveness throughout the period and vice versa.
    FALSE. TOC at a particular time provides evidence of operating effectiveness of IC at that time while TOC throughout the period provides evidence for that period and not vice versa.
  40. The length of time period between retesting controls that have not changed since they were last tested is how many years?
    A matter of professional judgment, but should not exceed 2 years, therefore they must be tested at least once every 3rd audit
  41. What procedures are performed by the auditor who wants to detect material misstatements at the assertion level?
    Substantive Tests
Card Set
Internal Control & Risk Assessment.txt
Internal Controls