1. As of date
    A concept applied to internal control reporting by the Sarbanes-Oxley Act of 2002 and PCAOB Standard No. 2. The internal control reports of both management and the auditors are as of the final day of the reporting period—the "as of date."
  2. Assessed level of control risk
    The level of control risk used by the auditors in determining the acceptable detection risk for a financial statement assertion and, accordingly, in deciding on the nature, timing, and extent of substantive testing.
  3. Audit decision aid
    A standard checklist, form, or computer program that assists auditors in making audit decisions by ensuring that they consider all relevant information or that aids them in weighting and combining the information to make a decision.
  4. Compensating control
    A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective (e.g., avoiding misstatements). Compensating controls are ordinarily controls performed to detect, rather than prevent, the original misstatement from occurring.
  5. Complementary controls
    Controls that function together to achieve the same control objective.
  6. Control deficiency
    A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis. A deficiency in designexists when either a control necessary to meet a control objective is missing or the existing control is not designed to operate effectively. A deficiency in operation exists when a properly designed control does not operate as designed, or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.
  7. Control risk
    The possibility that a material misstatement due to error or fraud in a financial statement assertion will not be prevented or detected by the client's internal control.
  8. Corrective control
    A control established to remedy control problems (e.g., misstatements) that are discovered through detective controls.
  9. Detective controls
    Controls designed to discover control problems soon after they occur.
  10. Fidelity bonds
    A form of insurance in which a bonding company agrees to reimburse an employer for losses attributable to theft or embezzlement by bonded employees.
  11. Foreign Corrupt Practices Act
    Federal legislation prohibiting payments to foreign officials for the purpose of securing business. The act also requires all companies under SEC jurisdiction to maintain a system of internal control providing reasonable assurance that transactions are executed only with the knowledge and authorization of management.
  12. Incompatible duties
    Assigned duties that place an individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance.
  13. Inherent risk
    The risk of material misstatement of a financial statement assertion, assuming there are no related controls.
  14. Integrated audit
    Public Company Accounting Oversight Board Standard No. 2 requires that public companies undergo both (1) an audit of internal control over financial reporting, and (2) an audit of the financial statements. The overall audit approach is referred to as an integrated audit because each audit provides the auditor with evidence relevant to the other audit.
  15. Internal auditors
    Corporation employees who design and execute audit programs to test the effectiveness and efficiency of all aspects of internal control. The primary objective of internal auditors is to evaluate and improve the effectiveness and efficiency of the various operating units of an organization rather than to express an opinion as to the fairness of financial statements.
  16. Internal control
    A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of (1) effectiveness and efficiency of operations, (2) reliability of financial reporting, and (3) compliance with applicable laws and regulations. Prior to 1996, the AICPA's Professional Standards referred to an entity's internal control as its internal control structure.
  17. Internal control questionnaire
    One of several methods of describing internal control in audit working papers. Questionnaires are usually designed so that "no" answers prominently identify weaknesses in internal control.
  18. Management letter
    A report to management containing the auditors' recommendations for correcting any deficiencies disclosed by the auditors' consideration of internal control. In addition to providing management with useful information, a management letter may also help limit the auditors' liability in the event a control weakness subsequently results in a loss by the client.
  19. Material weakness
    A significant deficiency, or combination of significant deficiencies, that results in more than a remote likelihood that a material misstatement of the annual or interim financial statements will not be prevented or detected.
  20. Organizational structure
    The division of authority, responsibility, and duties among members of an organization.
  21. Planned assessed level of control risk
    The level of control risk the auditor uses in developing a preliminary audit strategy, which includes an appropriate combination of tests of controls and substantive procedures.
  22. Preventive controls
    Controls that deter control problems before they occur.
  23. Redundant controls
    Duplicate controls that achieve a control objective.
  24. Significant deficiency
    A control deficiency (or a combination of control deficiencies) that adversely affects the company's ability to initiate, authorize, record, process, or report external financial data reliably in accordance with generally accepted accounting principles, such that there is more than a remote likelihood that a misstatement of the company's annual or interim financial statements which is more than inconsequential will not be prevented or detected.
  25. Suitable criteria
    Criteria are the standards or benchmarks used to measure and present the subject matter and against which the CPA evaluates the subject matter. Suitable criteria are established or developed by groups composed of experts that follow due process procedures, including exposure of the proposed criteria for public comment. Suitable criteria must have each of the following attributes: objectivity, measurability, completeness, and relevance.
  26. Systems flowchart
    A symbolic representation of a system or series of procedures with each procedure shown in sequence. Systems flowcharts are a widely used method of describing internal control in audit working papers.
  27. Tests of controls
    Tests directed toward the design or operation of a control to assess its effectiveness in preventing or detecting material misstatements of financial statement assertions.
  28. Transaction cycle
    The sequence of procedures applied by the client in processing a particular type of recurring transaction. The auditors' working paper description of internal control often is organized around the client's major transaction cycles.
  29. Walk-through
    A test of the accuracy and completeness of the auditors' working paper description of internal control. A walk-through is performed by tracing several transactions through each step of the related transaction cycle, noting whether the sequence of procedures actually performed corresponds to that described in the audit working papers.
  30. Written narrative of internal control
    • A written summary of internal control for inclusion in audit working papers. Written narratives are more flexible than questionnaires, but by themselves are practical only for describing relatively small, simple systems.
Card Set
Chapter 7- Internal Controls