Chapter 8

Question 1

Def: internal control

Answer 1

policies + procedures instituted and maintained by the management to provide reasonable assurance that management’s objectives are met

Question 2

who’s responsibility is internal controls

Answer 2

management’s

Question 3

primary objectives of effective internal controls (4)

Answer 3

1. strategic, high level that support the mission
2. reliability of financial reporting
3. efficiency and effectiveness of operations
4. compliance with laws and regulations

Question 4

management must ___+____ . the entity’s internal controls

Answer 4

establish + maintain

Question 5

if the company is public, management is required to

Answer 5

publicly report on operating effectiveness of internal controls in financial reports

Question 6

auditors are responsible for

Answer 6

understanding entity internal control relevant to the audit

Question 7

why must auditors understand

Answer 7

to identify the risks of material misstatement at the financial statement and assertion level

Question 8

when must auditor obtain understanding of controls

Answer 8

ALL the time even if he does not intend on placing reliance on internal controls

Question 9

when assessing control risk, auditors are concerned with (2)

Answer 9

1. entity level controls

2. transaction controls

Question 10

Def: entity level controls

Answer 10

pervasive in nature and not address particular transaction cycles

Question 11

entity level controls may prevent or detect and correct

Answer 11

misstatements in several cycles

Question 12

def: transaction controls

Answer 12

implemented for specific transaction risks

Question 13

transaction controls specifically prevent or detect and correct

Answer 13

misstatements in classes of transactions, account balances or disclosures and their related assertions

Question 14

before the auditor can conclude that the total for any given class of transactions is fairly stated

Answer 14

five audit objectives must be met

Question 15

what are the 5 audit objectives (transaction)

Answer 15

occurrence, completeness, accuracy, cut-off and classification

Question 16

5 components of COSO internal control framework

Answer 16

1. control environment
2. risk assessment
3. control activities
4. info and communication
5. monitoring

Question 17

principles associated with control environment (5)

Answer 17

1. commitment to integrity and ethical values
2. BofD oversight responsibility
3. management structure, authority and responsibility
4. commitment to competence
5. establish and enforce accountability

Question 18

principles with risk assessment (4)

Answer 18

1. specifies relevant objectives
2. identify and assess risk
3. consider potential for fraud when assessing
4. identify and assess significant changes

Question 19

principles with control activities (3)

Answer 19

1. select and develop control activities
2. select and develop general controls over techno
3. policies and procedures

Question 20

principles with info and communication (3)

Answer 20

1. relevant and quality information
2. communicate internal
3. communicate external

Question 21

principles with monitoring (2)

Answer 21

1. select, develop and perform ongoing and separate evaluations
2. evaluate and communicate deficiencies

Question 22

def: control activities

Answer 22

actions established by policies and procedures to help ensure that management directives to mitigate risks are carried out

Question 23

Def: transaction controls

Answer 23

control activities to mitigate transaction processing risk for specific business processes

Question 24

control activities should be a combination of

Answer 24

preventive and detective controls

Question 25

def: preventive controls

Answer 25

controls designed to avoid errors or irregularities

Question 26

i.e. preventive controls

Answer 26

computer based and data entry

Question 27

why not take preventive controls?

Answer 27

cost vs. benefit analysis if something goes wrong its cheaper to fix it with detective controls

Question 28

def: detective controls

Answer 28

controls that identify errors or irregularities after they have occurred so corrective action can be taken

Question 29

controls over the business process are

Answer 29

what you want to see in an organization

Question 30

examples of controls in business process (5)

Answer 30

1. proper authorization of transactions and activities 2. adequate documents and records 3. physical and logical control over assets and records 4. adequate segregation of duties 5. independent checks of performance, recorded data and actual results

Question 31

def: business process

Answer 31

set of manual and/or computerized procedures that collect, record and process data and report results

Question 32

business process can also be known as

Answer 32

application system

Question 33

def: proper authorization of transaction and activities

Answer 33

authorization encompasses more than transactions, new programs and changes to programs since this affects the way that transactions are processed

Question 34

adequate documents and records applies to?

Answer 34

paper or electronic files on which transactions are entered and summarized

Question 35

adequate documents should be (2)

Answer 35

1. pre-numbered or automatically numbered consecutively | 2. prepared at the time a transaction takes place or asap after

Question 36

why pre-numbered/automatically numbered? (2)

Answer 36

facilitate control over missing record + aid in locating records when they are needed later

Question 37

which audit objective does pre-numbered documents help?

Answer 37

completeness (transaction related)

Question 38

why should there be physical and logical control over assets and records?

Answer 38

stolen, duplicated, damaged or lost

Question 39

an important safeguard is the use of

Answer 39

physical precautions

Question 40

Which duties should be segregated? (6)

Answer 40

1. custody of assets 2. recording/data entry 3. systems development/ acquisition and maintenance 4. computer operations 5. reconciliation 6. authorization

Question 41

example of segregation of duties

Answer 41

1. custody assets + accounting 2. authorization of transaction + custody of same assets 3. operations + record keeping 4. reconciliation +data entry 5. IT duties + user departments

Question 42

if there is issue in segregation of duties how is risk affected?

Answer 42

increase in fraud risk --> increase in control risk

Question 43

why segregate duties?

Answer 43

reduce opportunity for a person to be in a position to perpetuate and conceal a fraud

Question 44

need for independent checks of performance arises because

Answer 44

internal controls tend to change over time unless there is a mechanism for frequent review

Question 45

how to automate internal verifications?

Answer 45

computerized accounting systems

Question 46

how to complete understanding of internal controls in smaller firms

Answer 46

determine if client is auditable, assess management attitude and examine controls with accounting system