Term
What are the 4 categories of entity objectives? |
|
Definition
Strategic, operations, reporting, compliance |
|
|
Term
What are the components of good risk management? |
|
Definition
Risk assessment => response => control activities => monitoring |
|
|
Term
What are management's assertions over internal controls? |
|
Definition
1. accept responsibility for effectiveness of internal controls 2. adopt framework for evaluating internal controls 3. evaluate the effectiveness of internal controls 4. support eval w/ evidence 5. present written assessment |
|
|
Term
What are the auditors responsibilities in an integrated audit? |
|
Definition
Express an opinion on management's reported assessment and over the design and operations of the internal controls. |
|
|
Term
What is the fundamental objective of the audit of internal controls? |
|
Definition
to obtain reasonable assurance that no material weaknesses exist in the control system. |
|
|
Term
What are the steps for evaluating internal control design and effectiveness? |
|
Definition
1. plan eval 2. evaluate management's documentation/testing 3. obtain an understanding of internal control 4. assess control risk 5. test effectiveness 6. eval results of control tests |
|
|
Term
What are methods of understanding internal controls? |
|
Definition
flow charts, narrative,s internal control questionaires |
|
|
Term
If the evaluating of results of controls does not support control risk assessment, how do you proceed? |
|
Definition
|
|
Term
What are the components of COSO control |
|
Definition
Control environment, risk assessment, control activities, information and communication, monitoring |
|
|
Term
What is the process for risk assessment? |
|
Definition
Identification=> measurement => prioritization |
|
|
Term
What is the process for risk response? |
|
Definition
avoidance => acceptance => reduction => sharing |
|
|
Term
What is the process for control activities? |
|
Definition
strategic controls => business process controls => financial reporting controls => compliance controls |
|
|
Term
What is the process of risk analysis? |
|
Definition
1. identify risks 2. identify controls linked to risk 3. performance indicators for monitoring risks |
|
|
Term
How do you test internal controls? |
|
Definition
inquiry, inspection, observation, reperformance |
|
|
Term
What are management controls? |
|
Definition
activities undertaken by senior management to mitigate strategic risks to an organization and to promote the effectiveness of decision making and efficiency of business activities |
|
|
Term
What are process controls? |
|
Definition
control activities that are performed as part of the various processes within the organization |
|
|
Term
What is the difference between physical and processing controls? |
|
Definition
Processing controls are general design and management level while physical controls are limiting access to resources and information through material means. |
|
|
Term
What is segregation of duties? |
|
Definition
The belief that separating the duties of individuals within an organization can remove the possibility of fraud or theft. |
|
|
Term
What are the 4 segregated duties? |
|
Definition
authorization of transactions, recording of transaction, custody of resulting assets, operations |
|
|
Term
When are compensating controls used? |
|
Definition
In small companies when not enough people are available for full segregation of duties |
|
|
Term
What is the process for internal control assessement? |
|
Definition
1. assess risk 2. assess controls and process effectiveness 3. assess control risk 4. design and execute audit procedures |
|
|
Term
What must the auditor assess in an integrated audit? |
|
Definition
Design of controls and testing of controls |
|
|
Term
What must the auditor report in an integrated audit? |
|
Definition
significant deficiency, material weakness |
|
|
Term
What is a significant control deficiency? |
|
Definition
remote likelihood controls would not detect fraud or errors that are more than inconsequential. Often occur when compensating controls exist and no material misstatements are likely to occur |
|
|
Term
Who does the auditor report a significant control deficiency to? |
|
Definition
audit committee & management |
|
|
Term
Is an opinion on control effectiveness provided? |
|
Definition
|
|
Term
What is worse? Material weakness or Significant deficiency? |
|
Definition
|
|