Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
51 Cards in this Set
- Front
- Back
3 key internal control concepts
|
1. Reliability of financial reporting
2. Efficiency and effectiveness of operations 3. Compliance with laws and regulations. |
|
Reliability of financial reporting
|
Auditors focus here unless things in efficiency or compliance have material impact. As auditors we focus on this, this is our primary concern.
|
|
Efficiency and effectiveness of operations
|
If I'm the bus. this includes both financial and non-financial info. Accuracy based on the need for decision making (Exact or ballpark)
|
|
Compliance with laws and regulations
|
OSHA, EPA, Dept of edu
|
|
When do auditors worry about Efficiency and effectiveness of operations and Compliance with laws and regulations
|
only when they have a material impact on the financial statements.
|
|
5 components of COSO
|
1. Control environment -broad over all the others.
2. Risk assessment 3. Control activities 4. Information and communication 5. Monitoring |
|
What are the 3 components of the fraud triangle
|
1. Incentives/pressures
2. Opportunities 3. Attitudes/rationalizations |
|
Incentives/pressures
|
financial instability
Poor econ. conditions tight debt covenant requirements executive compensation incentives debt covenants-you might trip you have incentive |
|
Opportnities
|
Significant account investments that involve judgement huge allowance for doubt balance
Ineffective BOD/audit committee. Opp b/c they're oversight High turnover/ineffective fin. staff |
|
Attitudes/rationalizations
|
Bad/ineffective communication of values.
Known history of SEC violations History of aggressive/optimistic forecasts to fin analyst and creditors. |
|
if all three conditions exist what does that mean?
|
HIGH likelihood of financial fraud.
|
|
Control environment is
|
The big umbrella
|
|
What does COSO say about control environment?
|
That it should be STRONG. BCAOB calls this entity level controls.
|
|
What are the necessary conditions for good control environment?``
|
Integrity and ethical values
commitment to competence BOD or audit committee participation Management's philosophy and operating style Organizational structure Human resource policies and practices |
|
Integrity and ethical values
|
Code of ethics and how it's communicated. Every organization must have one of these.
|
|
Commitment to competence
|
Commitment to training and development of employees. Competence means someone who is well qualified.
|
|
BOD or audit committee participation
|
ACtive and independent BOD and audit comittee must be 100% financially literate
|
|
Management's philosophy and operating style
|
Do you have a super agressive CEO vs. conservative? If super agressive you are likely to have bad control environment
|
|
Organizational structure
|
clear lines of responsiblity and authority
Allow people to know what job description is |
|
Human resource policies and practices
|
Methods of hiring, training, promoting, and compensating employees.
|
|
Risk assessment policies who is in charge of these?
|
CPA doesn't do this management does
|
|
RISK assessment
|
Management is responsible for identification and analysis of rsiks related to the business and the preparation of financial statements.
|
|
What are the 5 control activites?
|
1. Adequate separation of duties
2. Proper authorization of trans and activities 3. Adequate documents and records 4. Physical controls over assets and records 5. Independent checks on performance |
|
Adequate separation of duties what do you separate?
|
1. Custody -physical
2. recording- journal entries 3. Authorization - Can override controls |
|
What is necessary for adequate separation of duties?
|
IF 2/3 are incompatible. If controls aren't separated it's no good.
|
|
What does proper authorization of transactions and activities entail?
|
general authorization or specific authorizations
|
|
General authorizations
|
Relate to overall policies such as credit limits. I'm authorized to make sale up to 40,000,000 without authorization.
|
|
Specific authorization
|
Relates to particular transactions can be a dollar amount.
|
|
ADequate documents and records:
|
Pre-numbered, prepared in real time don't pre fill our a form.
|
|
How should forms be designed?
|
They should be designed simply, for multiple uses, should gather info once for multiple purposes, designed to reduce errors.
|
|
Physical controls over assets and records
|
Lock up inventory
Backup and recovery of IT stuff |
|
Independent checks on performance
|
Someone verifies what someone else does.
|
|
Information and communication
|
Accounting information system for financial information. TX's happen and reports are formed and sent to dept's who review them.
|
|
Monitoring
|
Internal audit division which ideally reports indep of the acct. or finance function.
If publically held co.files report to the SEC. Have internal audit committee so you have someone who reports to the board. |
|
What is management responsible for?
|
1. Estblishing and maintainging internal controls
2. If a public co they must report on the operational effectiveness of internal controls. |
|
What must the auditor include on the 10-k?
|
Statement that management is responsible for est. and maintainging an internal control.
2. Must identify the structure and procedures for financial reporting 3. Must identify the framework used to audit the controls often COSO is used. |
|
Key concepts
|
1. Reasonable assurance
2. Inherent limitations on internal control |
|
Reasonable assurance
|
Cost/benefit analysis
Not absolute assurance. It's reasonable. "only a remote likelihood that a material misstatement will not be prevented or detected on a timely basis" |
|
Inherent limitations on internal controls
|
Human error
human laziness Fraud incentives possible collusion |
|
What is the auditors responsibilities
|
Issue an audit report on management's internal control structiure and operations.
Test all stignificant classes of transactions and disclosures, rights and obligations, and values and obligations assertions. |
|
When the auditor is issuing the control report what do they focus on?
|
1. Concentrate on controls related to fin. reporting (includes budget controls)
2. Emphasis is on classes of trans. not ending balances because balances are a sum of related transactions. exceptions estimate of realizable value rights and obligations presentation and disclosure |
|
What 3 procedures to docuent an understanding of internal control are typically used?
|
1. narrative
2. flowchart 3. internal control questionaire |
|
Narrative
|
easy to develop hard to understand.
Paragraph describing documents origins, processes, and dispositionsof transactions. IT's like someone talking describes exact process in a cycle can't track where documents go. Hard to identify control problems. |
|
FLowchart
|
A diagram of a narrative.
Advantage easier to read and update Disadvantage - hard to develop from scratch |
|
Internal control questionarie
|
usually developed over time
Yes/no questions about contrls. A no response indicates a control violation. Verifies if controls have been modified last year also legal liability. Did you inform the audit committee of all fraudulant transactions. You want the answer to be yes. A NO ALWAYS INDICATES A PROBLEM IN THESE. |
|
Evaluate internal control implementation
|
1. Update and evaluate the auditor previous experience with the entity
2. Make inquiries of client personnel 3. Examine documents and records 4. Observe entity activities and operations. 5. Perform walkthroughs of the accounting system |
|
Update and evaluate the auditor previous experience with the entity
|
Inquire about changes. Describe changes in internal control structure this year. Look for implementation of suggested changes from last year.
|
|
Make inquiries of client personnel
|
ASk open ended questions of personnel and then compare answers to the flowchart
|
|
Examine documents and records
|
Are the documents annotated and filed as described. Flowchart says should be stamped on or initialed check to see if they actually are.
|
|
Observe entity activities and operations
|
Watch the process happen
|
|
perform walkthroughs of the accounting system
|
PCAOB requires at least one walk through for each major class of transactions. Take one or more documents from beginning to end then observe and inquire about it.
|