A concept applied to internal control reporting by the Sarbanes-Oxley Act of 2002 and PCAOB Standard No. 5. The internal control reports of both management and the auditors are as of the final day of the reporting period-the "as of date
As of Date
The level of control risk used by the auditors in determining the acceptable detection risk for a financial statement assertion and, accordingly, in declining, in deciding on the nature, timing, and extent of substantive procedures
Assessed level of control-risk
A standard checklist, form, or computer program that assists auditors in making audit decisions by ensuring that they consider all relevant information or that aids them in weighting and combining the information to make a decision
Audit decision aid
A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objectives (e.g., avoiding misstatements). Compensating controls are ordinarily controls performed to detect, rather than prevent, th
Compensating control
Controls that function together to achieve the same control objectives
Complementary controls
the possibility that a material misstatement due to error or fraud in a financial statement assertion will not be prevented or detected by the client's internal control
Control Risk
A control established to remedy control problems (e.g., misstatements) that are discovered through detective controls
Corrective control
A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis
Deficiency in Internal Control
Controls designed to discover control problems soon after they occur
Detective Controls
A form of insurance in which a bonding company agrees to reimburse an employer for losses attributable to theft or embezzlement by bonded employees
Fidelity bonds
Federal legislation prohibiting payments to foreign officials for the purpose of securing business. The act also requires all companies under SEC jurisdiction to maintain a system of internal control providing reasonable assurance that transactions are ex
Foreign Corrupt Practices Act
Substantive procedures for all relevant assertions and tests of controls when the auditors' risk assessment includes an expectation that controls are operation effectively. The auditors perform risk assessment procedures to obtain an understanding of the
Further Audit Procedures
Assigned duties that place an individual in a position to both perpetrate and conceal errors or fraud in the normal course of job performance
Incompatible Duties
The risk of material misstatement of a financial statement assertion, assuming there are no related controls
Inherent Risk
An audit where auditors, in addition to an opinion on the financial statements, express an opinion on the effectiveness of a company's internal control over financial reporting, in accordance with PCAOB Aduiting Standard No. 5. Public companies with a mar
Integrated Audit
Corporation employees who design and execute audit programs to test the effectiveness and efficiency of all aspects of internal control. The primary objective of internal auditors is to evaluate and improve the effectiveness and efficiency of the various
Internal Auditors
A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of (1) effectiveness and efficiency of operations, (2) reliability
Internal Control
One of several methods of describing internal control in audit working papers.
Internal control questionnaire
A report to management containing the auditors' recommendations for correcting any deficiencies disclosed by the auditors' consideration of internal control. In addition to providing management with useful information, a management letter may also help li
Management Letter
A deficiency in internal control over financial reporting (or a combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis
Material Weakness
The division of authority, responsibility, and duties among members of an organization
Organized Structure
The level of control risk the auditors assume in designing further audit procedures, which include an appropriate combination of tests of controls and substantive procedures
Planned assessed level of control risk
Controls that deter control problems before they occur
Preventive controls
Duplicate controls that achieve a control objective
Redundant controls
Assertions that have a meaningful bearing on whether an account balance, class of transactions, or disclosure is fairly stated
Relevant Assertions
Audit procedures performed to obtain an understanding of the client and its environment, including its internal control
Risk Assessment Procedures
the acceptance level of variation in performance relative to the achievement of objectives.
Risk tolerance
a practitioner that reports on the internal controls at a service organization
Service auditor
an organization or segment of an organization that provides services to user entities that are relevant to the user entities internal control over financial reporting
service organization
A deficiency in internal control over financial reporting (or combination of deficiencies) that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company's financial reporting.
Significant Deficiency
Procedures performed by the auditor to detect material misstatements in account balances, classes of transactions, and disclosures
Substantive Procedures
Criteria are the standards or benchmarks used to measure and present the subject matter and against which the CPA evaluates the subject matter.
Suitable Criteria
A symbolic representation of a system or series of procedures with each procedure shown in sequence.
Systems Flowcharts
Procedures performed by the auditor to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level.
Tests of controls
The sequence of procedures applied by the client in processing a particular type of recurring transaction
Transaction cycle
an auditor that audits and reports on the financial statements of a user entity
user auditor
an entity that uses the services of a service organization and whose financial statements are being audited
user entity
A procedure in which an auditor follows a transaction from origination through the company's processes including information systems, until it is reflected in the company's financial records, using the same documents and information technology the company
Walk-through
a procedure in which an auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company financial records, using the same documents and information technology that company
walk through
A written summary of internal control used for inclusions in audit working papers.
Written Narrative of Internal Control