Chapter 8 reading guide

Question 1

What are the four broad objectives when management designs an effective system of internal control?

Answer 1

strategic objectives

reliability of financial reporting

efficiency and effectiveness of operations

compliance with laws and regulations

Question 2

strategic objectives

Answer 2

high-level goals that support the mission of the entity

Question 3

reliability of financial reporting objective

Answer 3

ensuring financial statement are accurate, complete, and prepared inaccordance with the applicable framework

Question 4

effeciency and effectiveness of operations objective

Answer 4

promoting the effective and efficient use of the organization’s resources to achieve its operational goals

Question 5

compliance with laws and regulations

Answer 5

ensuring the organization adheres to all applicable legal and regulatory requirements

Question 6

What are the inherent limitations of controls?

Answer 6

limitations that stop any control system from providing absolute assurance:

1. Management override
2. collusion

Question 7

what are the three control levels that effective systems have over financial reporting

Answer 7

1. entity level controls
2. information technology controls
3. Business Process controls

Question 8

What are the auditor responsibilities for internal controls? Does the auditor always need to gain an
understanding of controls? Does the auditor always need to test controls?

Answer 8

UNDER CAS 315

responsibilities:
understanding, identifying and evaluating the entity’s system of internal control

• this helps identify and assess risks of material misstatement at both financial statement level and assertion level.
• Helps determine the nature, timing, and extent of further audit procedures

Yes they always need to gain an understand of controls

No, but yes, only to test the operating effectiveness of controls when they plan to rely on those controls to reduce substantive testing

Question 9

What is COSO?

Answer 9

Committee of sponsoring organizations of the treadway commission

a framework that provides a comprehensive model for:

1. designing and evaluating internal controls
2. ensuring effective risk management and governance
3. promoting reliable financial reporting and compliance

Question 10

5 components of COSO

Answer 10

Control environment

risk assessment

control activities

information and communication

monitoring

Question 11

control environment coso, purpose and example

Answer 11

purpose: establish tone at the top

example: board oversight, ethical culture

Question 12

risk assessment coso, purpose and example

Answer 12

purpose: identify and analyze risks

Example: fraud risk assessment

Question 13

control activities coso, purpose and example

Answer 13

purpose: implement control policies and procedures

examnple: approvals, reconciliations

Question 14

information and communication coso, purpose and example

Answer 14

purpose: share accurate, timely info

example: policy manuals, reporting systems

Question 15

monitoring coso, purpose and example

Answer 15

purpose: evaluate control effectiveness

example: internal audit reviews

Question 16

What is the difference between preventative and detective controls?

Answer 16

preventative = proactive - stops problems from happening

detective = reactive - finds problems after they have occured

Question 17

Control activities in individual business processes are generally broken down into five groups. What are they?

Answer 17

authorizations and approval

adequate documents and records

physical and logical controls

segregation of duties

independent checks

Question 18

authorizations and approval in control activity process, purpose and example

Answer 18

purpose: ensure validity of transactions

example: manager signs purchase order

Question 19

adequate documents and records in control activity process, purpose and example

Answer 19

purpose: maintain accurate, complete data

example: pre-numbered invoices

Question 20

physical and logical controls in control activity process, purpose and example

Answer 20

purpose: safeguard assets and data

examples: locked in inventory room

Question 21

segregation of duties in control activity process, purpose and example

Answer 21

purpose: prevent fraud/ errors

example: separate custody and recording

Question 22

independent checks in control activity process, purpose and example

Answer 22

purpose: detect irregularitties

example: bank reconciliation

Question 23

Differentiate between general controls and application controls

Answer 23

general controls: broad, organization-wide controls that apply to all aspects of the IT function

Application controls: specific controls that apply to individual applications or business processes

in simple terms:

general controls ensure systems themselves are secure and reliable

application controls ensure transactions processed by those general systems are valid, accurate and complete

Question 24

When considering segregation of duties what are the four categories of activities that should be separated
from one another?

Answer 24

1. custody of assets
2. recording/ data entry
3. authorization
4. reconciliation/ systems development

Question 25

custody of assets, segregation duties, role, and why separate them

Answer 25

role: holding or handling assets why? prevent theft or misues

Question 26

recording/ data entry segregation duties role and why separate it

Answer 26

role: maintaining accounting records why? prevents concealment of unauthorized transactions

Question 27

authorization segregation duties role and why separate it

Answer 27

role: approving transactions why? ensures validity and legitimacy