Who is responsible for establishing and maintaining the internal control system quizlet?

Upgrade to remove ads

Only SGD 41.99/year

  1. Social Science
  2. Sociology
  3. Management

  • Flashcards

  • Learn

  • Test

  • Match

  • Flashcards

  • Learn

  • Test

  • Match

Terms in this set (56)

Internal Control

a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following three categories:

Reliability of financial reporting.
Effectiveness and efficiency of operations (maintaining a good business reputation, ensuring a positive return on investment, increasing market share, promoting new product innovation, and using assets effectively and efficiently)
Compliance with applicable laws and regulations

reasons internal controls can fail

Human error due to mistakes in judgment, fatigue, and carelessness can still occur.
Although controls are implemented to prevent and detect errors, deliberate circumvention by people in the system can still occur.
Because most internal controls are directed at lower-level employees, management override can occur. For example, it is often possible for management to override controls by force of authority (i.e., if the CEO says to do something, most employees will).
Page 174
Although separation of duties can be extremely effective in an internal control system, collusion among people who are supposed to act independently can lead to a failure in the achievement of relevant internal control objectives.

Reasonable Assurance

The concept that recognizes that the costs of control activities should not exceed the benefits that are expected from the control activities

Management is responsible for

establishing a control environment; assessing the risks it wishes to control; specifying information and communication channels and content (including the accounting system and its reports); designing and implementing appropriate control activities; and monitoring, supervising, and maintaining the control activities. also in a position to estimate the benefits to be derived from specific controls and then weigh them against the costs. They are expected to make their own judgments about the necessity of specific controls.

In addition to certifying the entity's financial statements and disclosures under Section 302, Sarbanes-Oxley requires

management to assess and report on the entity's internal control over financial reporting in Section 404.

Report on Internal Control over Financial Reporting

A statement that management is responsible for establishing and maintaining adequate internal control over financial reporting.
A statement identifying the framework (e.g., the COSO framework) that management uses as a benchmark for evaluating the effectiveness of the entity's internal control.
A statement providing management's assessment of the effectiveness of the entity's internal control.

Under Section 302, management must also

disclose any material weaknesses in internal control. If any material weaknesses exist, management may not be able to conclude that the entity's internal control over financial reporting is effective.

Integrated Audit Process

The term used to describe an audit process that is designed to provide an opinion on both the financial statements and internal control system of an entity,

for each fraud risk identified during the planning stage

, the audit team should evaluate whether the client has implemented control activities that are specifically designed to address the risk of fraud that has been identified.

final reason for evaluating an entity's internal control is to

assess the risk of material misstatement (RMM) for each relevent assertion

The assessment of RMM at the assertion level is completed for all financial statement audits in order to

give the audit team a basis for planning the audit and determining the nature, timing, and extent of further audit procedures to be conducted for the financial statement audit

Control Risk

The likelihood that the client's internal control policies and procedures fail to prevent or detect a material misstatement

According to Coso you want an internal control system that has 3 things

First, the system will allow for effective and efficient operations. Second, it will allow for reliable financial reporting. And, third, the system will allow the organization to comply with its laws and regulations.

the COSO report defines five basic components of a properly designed internal control system

(1) control environment, (2) risk assessment, (3) control activities, (4) monitoring, and (5) information and communication. Important to note that should be considered as working in an interrelated manner to support the internal control system's overall effectiveness

Control Environment

Sets the tone of the organization. It is the foundation for all other components of internal control. integrity, ethical values, and competence of the entity's people

The following are general principles of an effective internal control environment:

Integrity and ethical values. Sound integrity and ethical values, particularly of top management, are developed and understood and set the standard of conduct for financial reporting.
Board of directors. The board of directors understands and exercises oversight responsibility related to financial reporting and related internal control.
Management's philosophy and operating style. Management's philosophy and operating style support achieving effective internal control over financial reporting.
Organizational structure. The company's organizational structure supports effective internal control over financial reporting.
Financial reporting competencies. The company retains individuals who are competent in financial reporting and related oversight roles.
Page 179
Authority and responsibility. Management and employees are assigned appropriate levels of authority and responsibility to facilitate effective internal control over financial reporting.
Human resources. Human resource policies and practices are designed and implemented to facilitate effective internal control over financial reporting.

All strongly and unquestionably related to the "tone at the top" set by management

2013 Coso update (5 additional principles)

The organization demonstrates a commitment to integrity and ethical values.
The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
With board oversight, management establishes structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives.

Audit Comittee

A subcommittee of the board of directors that is generally composed of three to six "outside" members of the organization's board of directors. Each member must be financially literate, and one member must be a financial expert.

Some of the more important duties of the audit committee are

Appointment, compensation, and oversight of the public accounting firm conducting the entity's audit.
Resolution of disagreements between management and the audit team.
Oversight of the entity's internal audit function.
Approval of nonaudit services provided by the public accounting firm performing the audit engagement.
Oversight of the anonymous fraud hotline which is designed to provide employees a confidential and effective manner in which to report possible financial reporting issues.

Business Risk

those factors, events, and conditions that could prevent the organization from achieving its business objectives

professional standards require the auditor to specifically gain an understanding of the risk assessment process

as it relates to financial reporting risks, including fraud risk. When gaining such an understanding, the auditor should determine whether management is actually assessing the likelihood of fraud risks and how they are managing such risks

control activities

the specific actions taken by a client's management and employees to help ensure that management directives are carried out

following four things should be kept n mind when following principle related to control activities


Information tech

Information technology. Has the audit client taken full advantage of significant advances in information technology by using entirely automated control activities whenever it is efficient and effective?

Level of integration with their risk assessment process.

Has the audit client's management team taken the action necessary to address the identified risks to the achievement of financial reporting objectives?

Selection and development of control activities

. Control activities are selected and developed considering their cost and their potential effectiveness in mitigating the risks identified

Policies and procedures.

Have the policies related to reliable financial reporting been documented and communicated throughout the company?

Preventative controls

The activities that prevent misstatements before they occur,

detective controls

The activities that detect misstatements after they occur

Performance reviews

something like budget

Separation of duties

ARRCS next four

Authorization to execute transactions.

This duty belongs to people who have the authority and the responsibility for initiating or approving transactions. Authorization may be general, referring to a class of transactions (e.g., all purchases up to $100,000), or it may be specific (e.g., sale of a major asset).

Recording transactions.

This duty refers to the accounting and record-keeping function, which in most organizations is delegated to a computerized information system. People who control computerized processing are the record keepers

Custody of assets involved in the transactions

. This duty refers to the actual physical possession or effective physical control of property.

Periodic reconciliation of existing assets to recorded amounts.

This duty refers to making comparisons at regular intervals and taking appropriate action with respect to any differences

Physical access

physical access to assets and important records, documents, and blank forms should be limited to authorized personnel. even running software check

Information Processing Control Activities

Information processing control activities are essential to the effectiveness of an internal control system. Generally, all organizations employ computerized information processing on a routine basis. When entities use computerized information processing, the professional standards make clear that information technology (IT) poses specific risks to an entity's internal control system.

Information System

An entity's system, usually built on some type of technological platform that has been designed to produce the information necessary for the entity to operate and control its business operations. Needs to be timely, relaible and relevant

Fundamental Principles of Monitoring

Ongoing and separate evaluations. Ongoing evaluations of controls that are separate from other types of evaluations (e.g., operational) enable management to determine whether the other components of internal control continue to function over time.
Reporting deficiencies. Internal control deficiencies are identified and communicated in a timely manner to those parties for taking corrective action and to management and the board as appropriate.

Monitoring controls

Periodic evaluation of controls by internal audit.
Analysis of and appropriate follow-up of operating reports or metrics that might identify anomalies indicative of a control failure.
Supervisory review of controls, such as reconciliation reviews as a normal part of processing.
Self-assessments by boards and management regarding the tone they set in the organization and the effectiveness of their oversight functions.
Audit committee inquiries of internal and external auditors.
Quality assurance reviews of the internal audit department.

Gaining an understanding of internal controls should be performed in

a "top-down" risk-based manner that first identifies significant accounts and disclosures and their relevant assertions

account's significance is based on

its inherent risk (i.e., the likelihood of containing a material misstatement before the consideration of internal control or "what could go wrong"

Relevant assertions

are those that represent the possibility of a material misstatement

Entity Levle Controls

start with examining this. the controls that are pervasive to the financial statements taken as a whole,

transaction level controls

the controls that relate to specific classes of transactions, account balances, and disclosures. Do walk through to evaluate design effectiveness.

Design Effectiveness

determines whether the controls over financial reporting, if operating effectively, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements


Consists of a combination of inquiry of personnel, observation of an entity's operations, and document examination while tracing one or more transactions through the audit trail from initiation of the transaction to its inclusion in the financial statements.

Operating effectiveness

refers to whether the control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively

Internal Controls Questionnaire

The audit documentation that uses a checklist of internal control-related questions to gain and document an understanding of the client's internal control

narrative description

The audit documentation that describes the environmental elements, the accounting system, and the control activities in an entity's internal control


The audit documentation that provides a visual display of the accounting system and control activities in an entity's internal control system

least persuasive to most persuasive types of evidence

Inquiry of client personnel.
Observation of the control activity being performed.
Inspection of relevant documentation.
Reperformance of the control activity.

if the audit team wants to achieve a lower control risk assessment,

more persuasive evidence is needed

tes of controls deisgned to test in two ways sometimes

completeness direction, ex which the audit team is interested in ensuring that all valid hours are included in the entity's payroll; as a result, time logs (which represent valid hours worked) are traced to payroll department files and the payroll register (which represents hours included in the payroll). occurrence test of payroll is to ensure that all labor hours included in the payroll (represented by the payroll register) were actually worked (represented by time logs).

substantive procedures

detailed audit and analytical procedures designed to detect material misstatements in account balances and footnote disclosures

dual purpose tests

An audit procedure used as both a test of controls and a substantive test,

Sets with similar terms

Auditing and Assurance Services CH 5 key terms

28 terms


Chapter 5: Internal Control

51 terms


ACC 451 Chapter 6

43 terms


Chapter 5 Auditing

49 terms


Sets found in the same folder

Audit Chapter 1

54 terms


Auditing Ch. 4 (4)

15 terms


Accounting 102

18 terms


ACCT 460 - Module H Quiz

25 terms


Other sets by this creator


124 terms


Acronyms plus important terms

36 terms



23 terms



6 terms


Recommended textbook solutions

Who is responsible for establishing and maintaining the internal control system quizlet?

Information Technology Project Management: Providing Measurable Organizational Value

5th EditionJack T. Marchewka

346 solutions

Who is responsible for establishing and maintaining the internal control system quizlet?

Human Resource Management

15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine

249 solutions

Who is responsible for establishing and maintaining the internal control system quizlet?

Operations Management: Sustainability and Supply Chain Management

12th EditionBarry Render, Chuck Munson, Jay Heizer

1,698 solutions

Who is responsible for establishing and maintaining the internal control system quizlet?

Information Technology Project Management: Providing Measurable Organizational Value

5th EditionJack T. Marchewka

346 solutions

Other Quizlet sets

Sample Questions Midterm

21 terms


Ch 1. intro to the field of OB

21 terms


Intro to Family Theory Final Exam

106 terms


Six Sigma Project Management Quiz 12

20 terms


Related questions


View that displays a small image of the contents of each file. Icons - view that displays the items with icons above the file names.

3 answers


The most controversial impasse resolution procedure short of a strike is:

3 answers


Which automotive company is credited with founding the modern school of Lean thought?

15 answers


A company dress code and award ceremonies would be part of

15 answers

Who is responsible for establishing and maintaining internal control system?

Management is responsible for establishing internal controls. In order to maintain effective internal controls, management should: Maintain adequate policies and procedures; Communicate these policies and procedures; and.

Who is responsible for establishing and maintaining the internal control system * A The internal auditor B the accountant C management d the external auditor?

The external auditor is responsible for establishing and maintaining the internal control system. 7.

Why management is responsible for internal control?

Simply put, internal controls are activities or procedures designed to provide reasonable assurance that operations are “going according to plan.” Without adequate internal controls, management has little assurance that its goals and objectives will be achieved.