This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 05 - Risk Assessment: Internal Control Evaluation CHAPTER 5 Risk Assessment: Internal Control Evaluation LEARNING OBJECTIVES Review Checkpoints Exercises, Problems, and Simulations 1. Distinguish between management’s and auditors’ responsibilities regarding an entity’s internal control. 1, 2, 3, 4, 5 62, 63, 67 2. Define and describe internal control. 6, 7, 8 68 3. Define and describe the five basic components of internal control, and specify some of their characteristics. 9, 10, 11, 12, 13, 14, 15, 16, 17, 18 64, 72, 74 4. Explain the phases of an evaluation of control and risk assessment and the documentation and extent of audit work required. 19, 20, 21, 22, 23, 24, 25 66, 69, 73 5. Describe additional responsibilities for management and auditors of public companies required by Sarbanes-Oxley and AS 5 . 26, 27, 28, 29 65, 74, 75 6. List the major components of the auditors’ report on internal control over financial reporting. 30 7. Describe situations in which the auditors’ report on internal control over financial reporting would be modified. 31, 32, 33 70, 71 8. Explain the communication of internal control deficiencies to those charged with governance, such as the audit committee and other key management personnel. 34 9. Explain the limitations of all internal control systems. 35, 36 5-1 Chapter 05 - Risk Assessment: Internal Control Evaluation SOLUTIONS FOR REVIEW CHECKPOINTS 5.1 As stated in the Sarbanes-Oxley Act of 2002, management is responsible for establishing a control environment, assessing risks it wishes to control, specifying information and communication channels and content (including the accounting system and its reports), designing and implementing control procedures, and monitoring, supervising, and maintaining the controls. Business managers can make estimates of benefits to be derived from controls and weigh them against the cost. Managers are perfectly free to make their own judgments about the necessary extent of controls. Managers can decide the degree of business risk they are willing to tolerate. External auditors are not responsible for designing effective controls for audit clients. They are responsible for evaluating existing internal control and assessing the control risk in them. 5.2 Control risk is the probability that the client’s internal control procedures will fail to prevent or detect material errors and frauds, provided any enter the data processing system in the first place. Assessing control risk is part of using the audit risk model in the planning stage of the audit. 5.3 The primary reason for conducting an evaluation of a client’s existing internal control system is to give the auditors a basis for finalizing the details of the account balance audit program—to determine the nature, timing and extent of subsequent substantive audit procedures. For public companies, Sarbanes-Oxley requires auditors to audit internal controls as part of the financial statement audit....
View Full Document
- Spring '09