Internal Control 2

Question 1

What is the relationship between Internal Control and Substantive Testing?

Answer 1

Inverse Relationship

• Stronger Internal Controls - Less Testing needed
• Weaker Internal Controls - More Testing Needed

Question 2

If Internal Control is poor and a company’s accounting practices are sloppy - which risk is higher?

Answer 2

Control risk increases with poor Internal Controls and sloppy accounting practices

Question 3

If Internal Control is poor - what is the effect on the audit?

Answer 3

Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements

Question 4

What happens when Control Risk is below the maximum level?

Answer 4

• Auditor MUST verify the effeciveness of the IC so that it can be relied upon
• Identifying specific controls relevant to specific assertions,
• Test of control will be performed
• limited substantive tests may be performed
• Weaker Internal Control - More substantive tests
• Stronger Internal Control - Less substantive tests

Question 5

What should an auditor understand with respect to Information and Communication on an audit?

Answer 5

Understand Client’s

• Major transaction classes
• Transaction initiation
• Support records/documents
• Transaction processing
• Financial Statement internal reporting process
• Financial Statement external reporting process

Question 6

What does an auditor’s assessment of Detection Risk determine?

Answer 6

Detection Risk determines nature, timing, and extent of audit procedures.

Question 7

What are the inherents limitations of IC ?

COCO

Answer 7

• Controls can’t stop Collusion - segregation of duties
• Management can Override controls
• Competence - bad judgment in decision makin - Human errors and mistakes
• Obscolescence - due to change in the company operation, size
• Reasonalble assurrance - Cost > Benefit - relationship of Internal Control

Question 8

What is required in an examination of Internal Control under Sarbanes-Oxley?

Answer 8

• CEO/CFO must disclose Internal Control deficiencies
• Management must provide assessment of Internal Control
• Management must certify Financial Statements

Question 9

What determines the acceptable level of Detection Risk?

Answer 9

Risk of material misstatement determines acceptable level of Detection Risk

Question 10

What is the purpose of testing Internal Controls?

Answer 10

Auditor needs reasonable assurance that controls are functioning as designed and effective

Question 11

When can controls tested by an auditor in a prior year be used in the current year’s audit assessment?

Answer 11

PCAOB ⇒ CAN NOT USE test every year

Audit Standard ⇒ Controls tested by auditor in a prior year can be used in the current year’s audit assuming they are re-tested every third year

Exception If the control has changed since the last audit

Question 12

Internal Controls Deficiency

Answer 12

Deficiency in IC Exist when the design or operation of a control does not allow management or employees in the normal course of performing their assigned functions, to prevent, or detect and correct misstatement on a timely basis

• When an auditor becomes aware of deficiencies in IC* , the auditor will evaluate them to determine if they amount to material weakness or significant deficiency - probality and magnitude
• Control Risk increases
• Scope of substantive procedures increases
• Detection Risk decreases

Question 13

What is a Material Weakness?

Answer 13

Material Weakness is Deficiency in IC such as there is a Reasonable possibility that a material misstatement in Financial Statements would not be found - and has more than a remote chance of occurrence

• result to Adverse opinon on IC

Question 14

According to AU-C 315.A69, risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls include the following:

Answer 14

According to AU-C 315.A69, risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls include the following:

• Inquiry of entity personnel
• Observing the application of specific controls
• Inspecting documents and reports
• Tracing transactions through the information system relevant to financial reporting.