Internal Control

Card Set Information

Internal Control
2012-01-14 00:08:03

Show Answers:

  1. Perfomring Test of Controls
    • After obtaining an understanding of internal control and assessing control risk, an auditor will perform tests of controls, if it is believed that such performance will result in a reduction in planned
    • substantive tests.

    • If the performance of tests of controls would not
    • result in a reduction in substantive testing, completing tests of controls would be inefficient and therefore should not be performed.
  2. Auditor's Required Audit Documents
    The auditor is required to document the understanding of the system obtained to plan the audit.

    • The auditor is also required to document the
    • basis for the assessment of control risk, including when control risk is assessed at maximum.
  3. Assessment of Control Risk
    • Understanding internal control and assessing control risk are steps which may be performed concurrently in an audit. The evidence collected to achieve one objective may also be used for the other objective. For
    • example, inquiries and information gathered about management's use of budgets in order to understand the control environment may also be used as a test of control over the effectiveness and operation of the
    • budgeting control.

    Evidence about the operation of controls in prior audits is factor impacting an auditor's current year assessment of control risk.

    The basis for an auditor's conclusions about the assessed level of control risk must be documented regardless of the level of control risk assessed.

    The lower the assessed level of control risk, the MORE assurance evidence must provide that the controls are operating effectively. An assessment of control risk below maximum must be supported by the collection of evidence indicating the controls are operating effectively. An assessment of control risk at maximum does not require the collection of evidence about the operation of the controls; however, it does require documentation of the basis for the assessment at maximum.
  4. High Control Risk
    When the auditor assesses control risk too high, it means that the auditor's sample indicates that the control is NOT working properly whenit really is. Thus, control risk based on the auditor's sample is greater than the true operating effectiveness of the control.
  5. Assessment of Control Risk
    The auditor assesses control risk (the risk that the internal control structure will not prevent or detect a material misstatement) and inherent risk (the risk of a material misstatement occurring) in order to determine the acceptable level of detection risk.
  6. Procedures performed to evaluate control risk
    • inquiries of personnel
    • inspection of documents and records
    • observation of activities and operations
    • reperformance of the control procedure
  7. Inherent limitations
    A system of internal control can provide only reasonable assurance of achieving an entity's control objectives because of inherent limitations.

    • These include:
    • - the fallibility of human judgment and performance
    • - the possibility of collusion
    • - management override
  8. Additional Tests of Controls
    The performance of additional tests of controls would be performed only if such performance were considered cost-beneficial. The cost of obtaining the additional evidence must be less than the benefits to be derived from the related reduction in substantive testing.
  9. Deviation
    A deviation will receive more consideration if it is initially concealed by a forged document. The forgery indicates a planned and intentional effort to conceal an irregularity as opposed to a deviation resulting from an error. The auditor must consider both the qualitative and quantitative aspects of deviations noted. Qualitative aspects, in particular, are important because of the potential impact on other areas of the audit.
  10. Assessing control risk below maximum
    • 1) obtain an understanding of the internal control structure
    • 2) identify specific controls relevant to specific financial statement assertions
    • 3) test the identified controls to determine if they are operating effectively.

    • The auditor would NOT perform tests of details of
    • transactions. These are substantive procedures which would generally be performed after the assessment of control risk is made.