This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Chapter 05 - Risk Assessment: Internal Control Evaluation CHAPTER 5 Risk Assessment: Internal Control Evaluation LEARNING OBJECTIVES Review Checkpoints Exercises, Problems, and Simulations 1. Distinguish between management’s and auditors’ responsibilities regarding an entity’s internal control. 1, 2, 3, 4, 5 63, 66, 68, 73, 74, 77, 78 2. Define and describe internal control, and explain the limitations of all internal control systems. 6, 7, 8, 9 69, 76, 77 3. Define and describe the five basic components of internal control, and specify some of their characteristics. 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21 64, 73, 75 4. Explain the phases of an evaluation of control and risk assessment and the documentation and extent of audit work required. 22, 23, 24, 25, 26, 27, 28, 29 63, 65, 67, 68, 69, 70 5. Describe additional responsibilities for management and auditors of public companies required by Sarbanes-Oxley and AS 5 . 30, 31, 32, 33 66, 74, 78 6. List the major components of the auditors’ report on internal control over financial reporting. 34 71, 72, 74, 7. Describe situations in which the auditors’ report on internal control over financial reporting would be modified. 35, 36, 37 71, 72 8. Explain the communication of internal control deficiencies to those charged with governance such as the audit committee and other key management personnel. 38 5-1 Chapter 05 - Risk Assessment: Internal Control Evaluation SOLUTIONS FOR REVIEW CHECKPOINTS 5.1 As stated in the Sarbanes-Oxley Act of 2002, management is responsible for establishing a control environment, assessing risks it wishes to control, specifying information and communication channels and content (including the accounting system and its reports), designing and implementing control activities, and monitoring, supervising, and maintaining the controls. Management of public companies must report to the shareholder’s their evaluation of the company’s financial reporting controls. External auditors are not responsible for designing effective controls for audit clients. They are responsible for evaluating existing internal control and assessing the control risk in them. For public companies, auditors must give an opinion on the effectiveness of internal control over financial reporting based on an audit of internal control that is integrated with the financial statement audit. 5.2 Control risk is the probability that the client’s internal control activities will fail to prevent or detect material errors and frauds, provided any enter the data processing system in the first place. Assessing control risk is part of using the audit risk model in the planning stage of the audit. 5.3 The primary reason for conducting an evaluation of a client’s existing internal control system is to give the auditors a basis to determine the nature, timing and extent of subsequent substantive audit procedures. For public companies, Sarbanes-Oxley requires auditors to perform an audit of internal control over financial...
View Full Document
- Spring '10