Assessment of control risk
a measure of the auditor's expectation that internal controls will neither prevent material misstatements from occurring nor detect and correct them if they have occurred; control risk is assessed for each transaction
related audit objective in a cycle or
Chart of accounts
a listing of all the entity's accounts, which classifies transactions into individual balance sheet and income statement accounts
Compensating control
a control else where in the system that offsets the absence of a key control
Collusion
a cooperative effort among employees to steal assets or misstate records
Control activities
policies and procedures, in addition to those included in the other four components of internal control, that help ensure that necessary actions are taken to address risks in the achievement of the entity's objectives; they typically include the following
Control deficiency
a deficiency in the design or operation of controls that does
not permit company personnel to prevent or detect and correct misstatements on a timely basis
Control environment
the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity
Control risk matrix
a methodology used to help the auditor assess control risk by matching key internal controls and internal control deficiencies with transaction-related audit objectives
Entity-level controls
Controls that have a pervasive effect on the entity's system
of internal control; also referred to as company-level controls
Flowchart
a diagrammatic representation of the client's documents and records and the sequence in which they are processed
General authorization
companywide policies for the approval of all transactions
within stated limits Independent checks
Independent checks
internal control activities designed for the continuous
internal verification of other controls
Information and communication
the set of manual and/or computerized procedures that initiates, records, processes, and reports an entity's transactions and maintains accountability for the related
assets
Internal control
a process designed to provide reasonable assurance regarding the achievement of management's objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable
Internal control questionnaire
a series of questions about the controls in each audit area used as a means of indicating to the auditor aspects of internal control that may be inadequate
Key controls
controls that are expected to have the greatest effect on meeting the transaction-related audit objectives
Management letter
an optional letter written by the auditor to a client's
management containing the auditor's recommendations for improving any aspect of the client's business
Material weakness
a significant deficiency in internal control that, by itself, or in combination with other significant deficiencies, results in a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected
Monitoring
management's ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed
Narrative
a written description of a client's internal controls, including the origin, processing, and disposition of documents and records, and the relevant control procedures
Procedures to obtain an understanding
procedures used by the auditor to gather evidence about the design and implementation of specific controls
Risk assessment
management's identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework
Separation of duties
separation of the following activities in an organization:
(1) custody of assets from accounting, (2) authorization from custody of assets, (3) operational responsibility from record keeping, and (4) IT duties from outside users of IT
Significant deficiency
one or more control deficiencies exist that is less severe
than a material weakness, but important enough to merit attention by those responsible for oversight of the company's financial reporting
Significant risks
risks the auditor believes require special audit consideration; the auditor is required to test the operating effectiveness of controls that mitigate these risks in the current year audit if control risk is to be assessed below the maximum
Specific authorization
case-by-case approval of transactions not covered by
companywide policies
Tests of controls
audit procedures to test the operating effectiveness of controls in support of reduced assessed control risk
Those charged with governance
the person(s) with responsibility for overseeing the strategic direction of the entity and its obligations related to the account ability of the entity, including overseeing the financial reporting and disclosure process
Walkthrough
the tracing of selected transactions through the accounting
system to determine that controls are in place
Assessment of control risk
...
Chart of accounts
...