Term
| What are the 4 categories of entity objectives? |
|
Definition
| Strategic, operations, reporting, compliance |
|
|
Term
| What are the components of good risk management? |
|
Definition
| Risk assessment => response => control activities => monitoring |
|
|
Term
| What are management's assertions over internal controls? |
|
Definition
1. accept responsibility for effectiveness of internal controls
2. adopt framework for evaluating internal controls
3. evaluate the effectiveness of internal controls
4. support eval w/ evidence
5. present written assessment |
|
|
Term
| What are the auditors responsibilities in an integrated audit? |
|
Definition
| Express an opinion on management's reported assessment and over the design and operations of the internal controls. |
|
|
Term
| What is the fundamental objective of the audit of internal controls? |
|
Definition
| to obtain reasonable assurance that no material weaknesses exist in the control system. |
|
|
Term
| What are the steps for evaluating internal control design and effectiveness? |
|
Definition
1. plan eval
2. evaluate management's documentation/testing
3. obtain an understanding of internal control
4. assess control risk
5. test effectiveness
6. eval results of control tests |
|
|
Term
| What are methods of understanding internal controls? |
|
Definition
| flow charts, narrative,s internal control questionaires |
|
|
Term
| If the evaluating of results of controls does not support control risk assessment, how do you proceed? |
|
Definition
|
|
Term
| What are the components of COSO control |
|
Definition
| Control environment, risk assessment, control activities, information and communication, monitoring |
|
|
Term
| What is the process for risk assessment? |
|
Definition
| Identification=> measurement => prioritization |
|
|
Term
| What is the process for risk response? |
|
Definition
| avoidance => acceptance => reduction => sharing |
|
|
Term
| What is the process for control activities? |
|
Definition
| strategic controls => business process controls => financial reporting controls => compliance controls |
|
|
Term
| What is the process of risk analysis? |
|
Definition
1. identify risks
2. identify controls linked to risk
3. performance indicators for monitoring risks |
|
|
Term
| How do you test internal controls? |
|
Definition
| inquiry, inspection, observation, reperformance |
|
|
Term
| What are management controls? |
|
Definition
| activities undertaken by senior management to mitigate strategic risks to an organization and to promote the effectiveness of decision making and efficiency of business activities |
|
|
Term
| What are process controls? |
|
Definition
| control activities that are performed as part of the various processes within the organization |
|
|
Term
| What is the difference between physical and processing controls? |
|
Definition
| Processing controls are general design and management level while physical controls are limiting access to resources and information through material means. |
|
|
Term
| What is segregation of duties? |
|
Definition
| The belief that separating the duties of individuals within an organization can remove the possibility of fraud or theft. |
|
|
Term
| What are the 4 segregated duties? |
|
Definition
| authorization of transactions, recording of transaction, custody of resulting assets, operations |
|
|
Term
| When are compensating controls used? |
|
Definition
| In small companies when not enough people are available for full segregation of duties |
|
|
Term
| What is the process for internal control assessement? |
|
Definition
1. assess risk
2. assess controls and process effectiveness
3. assess control risk
4. design and execute audit procedures |
|
|
Term
| What must the auditor assess in an integrated audit? |
|
Definition
| Design of controls and testing of controls |
|
|
Term
| What must the auditor report in an integrated audit? |
|
Definition
| significant deficiency, material weakness |
|
|
Term
| What is a significant control deficiency? |
|
Definition
| remote likelihood controls would not detect fraud or errors that are more than inconsequential. Often occur when compensating controls exist and no material misstatements are likely to occur |
|
|
Term
| Who does the auditor report a significant control deficiency to? |
|
Definition
| audit committee & management |
|
|
Term
| Is an opinion on control effectiveness provided? |
|
Definition
|
|
Term
| What is worse? Material weakness or Significant deficiency? |
|
Definition
|
|
