Documentos de Académico
Documentos de Profesional
Documentos de Cultura
INTERNAL CONTROL
Entity Objectives:
1. Reliability of financial reporting Most RELEVANT to audit and auditor MUST consider and
understand
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations
Auditor should focus on: How a specific control prevents, or detects and corrects, material misstatements
Generally, those controls that pertain to the first objective, reliability of financial reporting, are most relevant
to the audit; it is primarily those controls that the auditor must consider and understand. The auditor need
not assess all controls related to financial reporting, but use professional judgment in determining it.
A CPA tests internal control in order to adequately plan the NET audit.
C Control Environment: - the overall tone of the organization; sets the tone of an organization
A17 AT (005)
Page 1 of 7
CPA should obtain understanding and knowledge of activities to monitor internal control
Process that assesses the quality of internal control (design and control operations) performance over
time
Establishing and maintaining internal control is a responsibility of management, for example:
Internal audit function
Regular management and supervisory activities
Other procedures such as mailing customer statements
.
P Pre-numbering documents
All transactions are recorded -Completeness
No transactions are recorded more than once -Existence
Example: Your Checkbook .
A Authorization of transactions
Authorization should occur before commitment of resources
Example: Signed approval .
I Independent checks to maintain asset accountability
Independent checks involve the verification of work previously performed by others:
Review of bank reconciliations
Comparison of subsidiary records to control accounts
Comparison of physical counts of inventory to perpetual records
Example: Checks and balances .
D Documentation
A17 AT (005)
Page 2 of 7
Evidence of transactions and a basis for responsibility for the execution and recording of
transaction
Example: Paper trail .
T Timely and appropriate performance reviews
Comparison of actual performance to budgets, forecasts, and prior periods
Comparison of financial and nonfinancial information
Example: Analytical procedures .
I Information processing controls
Ensure that transactions are valid, authorized, and completely and accurately recorded
Application controls: processing of individual applications (i.e. controls surrounding payroll)
General controls: information processing throughout the company (i.e. access controls, controls
over data center, network operations) .
P Physical controls for safeguarding assets
Physical segregation of security of assets
Authorized access to assets and records
Periodic counting and comparison of actual assets with amounts shown in accounting records
Example: Security .
S Segregation of duties
One individual provides a crosscheck on the work of another individual
Assigning different people the responsibilities of authorizing, recording transactions, and
maintaining custody of the related assets reduces the opportunities for any individual to both
perpetrate and conceal errors or fraud
Internal control environment should detect fraud by one person, NOT
Collusion
Management override
Client should separate these functions:
A Authorization
R Recordkeeping
C Custody of related assets
****Segregation of duties is your ARC to protect against a flood of troubles.
Human error
Deliberate circumvention of controls by collusion of two or more people
Management override of internal control
Segregation of duties may be difficult to achieve in a smaller entity (cost/benefit issue)
IT system may make it impossible to reduce detection risk through substantive testing alone
MUST also perform control testing.
A CPA must document all evaluations.
IT Benefits:
The ability to process large volumes of transactions and data accurately and consistently
Improved timeliness and availability of information
Facilitation of data analysis and performance monitoring
Reduction in the risk that controls will be circumvented
Enhanced segregation of duties through effective implementation of security controls
IT Risks:
Auditor should:
1. Document use of programs
2. Perform tests more often during the year
C Control group: responsible for internal control in IT dept. Maintain error log and determine its
cause.
A17 AT (005)
Page 3 of 7
Weakness:
1. Anyone doing more than one job
2. Anyone supervising another area
Page 4 of 7
a. Substantive tests rarely guarantee the accuracy of the records if only a person who performs
incompatible functions.
b. The records may be accurate even though they are maintained by a person who performs
incompatible functions.
c. Substantive tests relate to the entire period under audit, but tests of controls ordinarily are confined to
the period during which the auditor is on the clients premises.
d. Many computerized procedures leave no audit trail of who performed them, so substantive tests may
necessarily be limited to inquiries and observation of office personnel.
11. After obtaining an understanding of internal control and assessing control risk, an auditor decided not to
perform additional tests of controls. The auditor most likely concluded that the
a. Additional evidence to support a further reduction in control risk was not cost-beneficial to obtain.
b. Assessed level of inherent risk exceeded the assessed level of control risk.
c. Internal control was properly designed and justifiably may be relied on.
d. Evidence obtainable through tests of controls would not support an increased assessment of control
risk.
12. The objective of tests of details of transactions performed as tests of controls is to
a. Monitor the design and use of entity documents such as prenumbered shipping form
b. Determine whether controls have been placed in operation.
c. Detect material misstatements in the account balances of the financial statements.
d. Evaluate whether controls operated effectively.
13. An auditor wishes to perform tests of controls on a clients cash disbursements procedures. If the controls
leave no audit trail of documentary evidence, the auditor most likely will test the procedures by
a. Confirmation and observation.
c. Analytical procedures and confirmation.
b. Observation and inquiry.
d. Inquiry and analytical procedures
14. The auditor is examining copies of sales invoices only for the initials of the person responsible for checking
the extensions. This is an example of a
a. Test of controls
c. Dual purpose test
b. Substantive test
d. Test of balances
15. Which of the following types of evidence would an auditor most likely examine to determine whether
controls are operating as designed?
a. Confirmations of receivables verifying account balances.
b. Letters of representations corroborating inventory pricing.
c. Attorneys responses to the auditors inquiries.
d. Client records documenting the use of computer programs.
16. An auditor is least likely to test controls that provide for
a. Classification of revenue and expense transactions by product line
b. Approval of the purchase and sale of trading securities
c. Segregation of the functions of recording disbursements and reconciling the bank account
d. Comparison of receiving reports and vendors invoices with purchase orders
17. In a small company that doesn't employ an adequate number of employees to permit proper division of
responsibilities, effective internal control can be strengthened by
a. Direct participation by the owner of the business in the record keeping activities of the business.
b. Employment of temporary personnel to aid in the separation of duties.
c. Delegation of full, clear-cut responsibility to each employee for the functions assigned to each.
d. Engaging a CPA to perform monthly "write up" work.
18. Which of the following is true of the communication to management of material weaknesses in accounting
and internal control?
a. Communication must be in writing.
b. Oral communication of material weaknesses, when appropriate, would be documented in the audit
working papers.
c. The communication should indicate that the auditor had extensively examined the accounting and
internal control system of the client.
d. The auditors should indicate in the communication that the examination is primarily designed to
determine whether the accounting and internal control is adequate.
19. Internal control should provide reasonable (but not necessarily absolute) assurance which means that:
a. The cost of control activities should not exceed the benefits.
b. Internal control is managements, not auditors, responsibility.
c. An attestation engagement about managements internal control assertions may not necessarily detect
all reportable conditions.
d. There is always a risk that reportable conditions may result in material misstatements.
20. Which of the following statements is an example of an inherent limitation of internal control?
a. Errors may arise from mistakes in judgments.
b. The effectiveness of control procedures depends on segregation of duties.
c. Procedures are designed to assure that transactions are executed as management authorities.
d. Computers process large numbers of transactions.
21. Which of the following activities would be least likely to strengthen a companys internal control?
a. Maintaining insurance for fire and theft.
b. Separating accounting from other financial operations.
c. Fixing responsibility for the performance of employee duties.
d. Carefully selecting and training employees.
22. When considering internal control, the auditors primary concern is to determine
a. The reliability of the accounting information system.
A17 AT (005)
Page 5 of 7
A17 AT (005)
Page 7 of 7