CHAPTER 1: AUDITING AND INTERNAL CONTROL P2

Charles Jaojao · 26問 · 1年前

通報

問題一覧

__________identify undesirable events and draw attention to the problem; _________ actually fix the problem.

detective controls. corrective controls

is conceptually pleasing but offers little practical guidance for designing or auditing specific controls.

PDC control model

The current authoritative document for speci- fying internal control objectives and techniques is the:

Statement on Auditing Standards No. 109

describes the complex relationship between the firm’s internal controls, the auditor’s assessment of risk, and the planning of audit procedures.

SAS 109

provides guidance to auditors in their application of the COSO framework when assessing the risk of material misstatement.

SAS 109

The COSO framework consists of five components: (5) (CRIMC)

1. control environment 2. risk assessment 3. information and communication 4. monitoring 5. control activities

is the foundation for the other four control components.

control environment

sets the tone for the organization and influences the control awareness of its management and employees.

control environment

Important elements of the control environment are: (familiarize)

1. The integrity and ethical values of management. 2. The structure of the organization. 3. The participation of the organization’s board of directors and the audit committee, if one exists. 4. Management’s philosophy and operating style. 5. The procedures for delegating responsibility and authority. 6. Management’s methods for assessing performance. 7. External influences, such as examinations by regulatory agencies. 8. The organization’s policies and practices for managing its human resources.

requires that auditors obtain sufficient knowledge to assess the attitude and awareness of the organization’s management, board of directors, and owners regarding internal control.

SAS 109

The following paragraphs provide examples of techniques that may be used to obtain an understanding of the control environment.(familiarise)

1. Auditors should assess the integrity of the organization’s management and may use investigative agencies to report on the backgrounds of key managers. 2. Auditors should be aware of conditions that would predispose the management of an organization to commit fraud. 3. Auditors should understand a client’s business and industry and should be aware of conditions peculiar to the industry that may affect the audit. 4. The board of directors should adopt, as a minimum, the provisions of SOX.

In addition, the following guidelines represent established best practices. (Familiarise)

1. separate CEO and chairman 2. set ethical standards 3. establish an independent audit committee 4. compensation committees 5. nominating committees 6. access to outside professionals

Organizations must perform a _______to identify, analyze, and manage risks rel- evant to financial reporting.

risk assessment

Risks can arise or change from circumstances such as: (familiarise)

1. Changes in the operating environment that impose new or changed competitive pressures on the firm. 2. New personnel who have a different or inadequate understanding of internal control. 3. New or reengineered information systems that affect transaction processing. 4. Significant and rapid growth that strains existing internal controls. 5. The implementation of new technology into the production process or information system that impacts transaction processing. 6. The introduction of new product lines or activities with which the organization has little experience. 7. Organizational restructuring resulting in the reduction and/or reallocation of per- sonnel such that business operations and transaction processing are affected. 8. Entering into foreign markets that may impact operations (that is, the risks associ- ated with foreign currency transactions). 9. Adoption of a new accounting principle that impacts the preparation of financial statements.

requires that auditors obtain sufficient knowledge of the organization’s risk assessment procedures to understand how management identifies, prioritizes, and man- ages the risks related to financial reporting.

SAS 109

An effective accounting information system will: (familiarise)

1. Identify and record all valid financial transactions. 2. Provide timely information about transactions in sufficient detail to permit proper classification and financial reporting. 3. Accurately measure the financial value of transactions so their effects can be re- corded in financial statements. 4. Accurately record transactions in the time period in which they occurred.

SAS 109 requires that auditors obtain sufficient knowledge of the organization’s in- formation system to understand: (familiarise)

1. The classes of transactions that are material to the financial statements and how those transactions are initiated. 2. The accounting records and accounts that are used in the processing of material transactions. 3. The transaction processing steps involved from the initiation of a transaction to its inclusion in the financial statements. 4. The financial reporting process used to prepare financial statements, disclosures, and accounting estimates.

is the process by which the quality of internal control design and operation can be assessed. This may be accomplished by separate procedures or by ongoing activities.

monitoring

are the policies and procedures used to ensure that appropriate actions are taken to deal with the organization’s identified risks.

control activities

Control activities can be grouped into two distinct categories: (2)

1. physical controls 2. information technology (IT) controls

This class of controls relates primarily to the human activities employed in accounting systems. These activities may be purely manual, such as the physical custody of assets, or they may involve the physical use of computers to record transactions or update accounts.

Physical controls

six categories of physical control activities: (6) (TASSAAI)

1. transaction 2. authorization 3. segregation of duties 4. supervision 5. accounting records 6. access control 7. independent verification

is to ensure that all material transactions processed by the information system are valid and in accor- dance with management’s objectives.

transaction authorization

can take many forms, depending on the specific duties to be controlled:

segregation of duties

the follow- ing three objectives provide general guidelines applicable to most organizations. (Familiarise)

Objective 1. The segregation of duties should be such that the authorization for a transaction is separate from the processing of the transaction. Objective 2. Responsibility for asset custody should be separate from the record- keeping responsibility. Objective 3. The organization should be structured so that a successful fraud requires collusion between two or more individuals with incompatible responsibili- ties.

Therefore, in small organizations or in functional areas that lack sufficient personnel, management must compensate for the ab- sence of segregation controls with close

supervision

For this reason, supervision is often called

compensating control

Consist of source of documents, journals, and ledgers

accounting records

ensure that only authorized per- sonnel have access to the firm’s assets. Unauthorized access exposes assets to misappropri- ation, damage, and theft.

access control

are independent checks of the accounting system to identify errors and misrepresentations.

verification procedures

Through independent verification procedures, management can assess

(1) the performance of individuals (2) the integrity of the transaction processing system (3) the correctness of data contained in accounting records.

Examples of independent verifications include:

1. Reconciling batch totals at points during transaction processing. 2. Comparing physical assets with accounting records. 3. Reconciling subsidiary accounts with control accounts. 4. Reviewing management reports (both computer and manually generated) that sum- marize business activity.

COSO identifies two broad groupings of IT con trols:

1. application controls 2. information technology controls

The objectives of application controls are to:

1. Ensure validity 2. Completeness 3. Accuracy of financial transactions

they are not application-specific but, rather, apply to all systems.

general controls

General controls have other names in other frameworks, including:

1. computer controls 2. information technology controls

HBO

HBO

26問 • 1年前

government accounting

government accounting

Charles Jaojao · 68問 · 1年前

government accounting part 2

government accounting part 2

68問 • 1年前

Charles Jaojao · 39問 · 1年前

government accounting part 3

government accounting part 3

39問 • 1年前

Charles Jaojao · 69問 · 1年前

hbo

hbo

69問 • 1年前

Charles Jaojao · 20問 · 1年前

statistics

statistics

20問 • 1年前

Charles Jaojao · 52問 · 1年前

management

management

52問 • 1年前

management 2

management 2

Charles Jaojao · 13問 · 1年前

management 3

management 3

13問 • 1年前

theology

theology

Charles Jaojao · 11問 · 1年前

theology 2

theology 2

11問 • 1年前

Charles Jaojao · 44問 · 1年前

government accounting

government accounting

44問 • 1年前

Charles Jaojao · 27問 · 1年前

fundamentals

fundamentals

27問 • 1年前

Charles Jaojao · 31問 · 1年前

motivation

motivation

31問 • 1年前

Charles Jaojao · 48問 · 1年前

communication

communication

48問 • 1年前

Charles Jaojao · 22問 · 1年前

partnership

partnership

22問 • 1年前

Charles Jaojao · 18問 · 1年前

Financial Ratios

Financial Ratios

18問 • 1年前

Charles Jaojao · 46問 · 1年前

premidterm examination

premidterm examination

46問 • 1年前

Charles Jaojao · 25問 · 1年前

Pre-midterm examination part 1

Pre-midterm examination part 1

25問 • 1年前

CHAPTER 1: AUDITING AND INTERNAL CONTROL P1

CHAPTER 1: AUDITING AND INTERNAL CONTROL P1

Charles Jaojao · 57問 · 1年前

CHAPTER 2: AUDITING IT GOVERNANCE CONTROLS P1

CHAPTER 2: AUDITING IT GOVERNANCE CONTROLS P1

57問 • 1年前

CHAPTER 1

CHAPTER 1

Charles Jaojao · 22問 · 1年前

CHAPTER 1 P2

CHAPTER 1 P2

22問 • 1年前