Internal Control and Responding to Assessed Risks A3

A process designed to provide reasonable assurance about the entity's achievement of objectives.

34 cards   |   Total Attempts: 188
  

Related Topics

Cards In This Set

Front Back
Entity Objectives
1) Reliability of financial reporting
2) Effectiveness and efficiency of operations
3) Compliance with applicable laws and regulations
Five Components of Internal Controls
1) Control Environment: overall tone of the org.
2) Risk Assessment: management's ID of risk
3) Info and Comm systems: a means of recording transactions and communicating responsibilities
4) Monitoring: assessment of IC performance over time
5) Existing Control Activities: control policies and procedures
Relevance of components to an audit
Generally, those controls that pertain to the first objective, reliability of financial reporting, are most relevant to the audit; it is primarily those controls that the auditor must consider and understand.
The auditor should obtain an understanding of the 5 components of IC sufficient to:
1) Evaluate the design of relevant controls and determine whether they have been implemented
2) Assess the risk of MM.
3) Design the NET of further audit proceduers
Inherenet Limitations of IC
IC provides only reasonable assurance regarding the achievement of objectives due to the following inherent limitations of IC:
1) Human error
2) Deliberate circumvention of controls by collusion
3) Management override
4) Segregation of duties may be difficult to achieve in a smaller entity
Effect of IT on IC
A. management who doesn't appropriately address IT risks could negatively impact the control environment
b. use of IT may enhance risk assessment by providing more timely information
c. much of the monitoring is provided by IT, thus the system is crucial
Manual vs automated controls
Manual make judgment calls easier
Automated make human error and control overrides less.
IT benefits
-the ability to process large volumes of transaction and data accurately and consistently
-improved timeliness and availability of information
-facilitation of data analysis and performance monitoring
-reduction in the risk that controls will be circumvented
-enhanced segregation of duties through effective implementation of security controls
IT risks
-potential reliance on inaccurate systems
-unauthorized access and changes to data
-failure to make required changes or updates to systems
Organization of the IT Dept.
A. Control group: responsible for IC within the IC (keep track of errors, seek out the cause, and develop solutions)
b. Operators: convert data into machine readable for
c. Programmers: develop and write computer programs
d. analysts: determine what is needed and design the system
e. Librarians: keep track of program files and use, control access to the programs
Control Environement
1) Sets the tone of an ogranization and influences the control consciousness of its people
2) Provides discipline and structure as the foundation for all other components of IC
3) Originates with management
The control environment includes such factors as:
1) Communication and enforcement of integrity and ethical values of the people who create and monitor IC
2) Commitment to competence as reflected in management's consideration of the skills required for particular jobs
3) Participation of those charged with governance and their participation of auditors
4) Management's philosophy and operating style, particularly with respect to risk-taking
5) Organizational structure that monitors its activities
6) Assignment of authority
7) HR policies and procedures
Responsibilities of those charged with governance
1) Overseeing the financial reporting and disclosure process
2) Balancing the conflicting pressures that may be placed on management
3) Bearing responsibility for the prevention and detection of error/fraud
4) Overseeing "whistle-blower" procedures
5) Overseeing the process for reviewing the effectiveness of IC
Weak control environment
When there are weak controls, an auditor will perform more substantive procedures as of the BS date rather than at interim; may also modify the nature of the tests to obtain more persuasive evidence or incrase the extent of testing
Strong control environment
The auditor will perform tests at interim rather than at the BS date; may use tests that provide somewhat less persuasive evidence and reduce the extent of testing