CPA AUD Understanding and Testing of Internal Control — Flashcards | CPA (Certified Public Accountant) | FatSkills

CPA AUD Understanding and Testing of Internal Control — Flashcards

Fast review mode: answers are shown by default so you can skim quickly. Hide them if you want to self-test.

CPA AUD testing of internal control requires understanding design/implementation (walkthroughs) and testing operating effectiveness (inquiry, observation, inspection, reperformance). Auditors evaluate control risk to determine the nature, timing, and extent of substantive procedures. If controls are effective, substantive testing is reduced.
 

1. Understanding Internal Control (Design & Implementation)
Auditors must understand the control environment and information systems (IT). 

Purpose: Determine if controls are designed to prevent or detect material misstatements.
Procedures: Walkthroughs (tracing transactions from inception to financial records).
Documentation: Flowcharts, narratives, and questionnaires.
Key Focus: Evaluating design and implementation (not yet operating effectiveness). 

2. Testing Internal Control (Operating Effectiveness)
If an auditor plans to rely on controls to reduce substantive testing (i.e., assess control risk below high), they must perform tests of controls. 

Inquiry: Asking personnel (least reliable).
Observation: Watching employees perform controls (e.g., safeguarding assets).
Inspection: Reviewing documentation (signatures, logs).
Reperformance: Auditor independently executes the control (most reliable). 

3. Evaluating Results
Effective Controls: Allows reduction of substantive procedures (smaller sample sizes, interim testing).
Deficiencies/Weak Controls: If controls fail, the auditor must assess control risk at high and use a "substantive approach" (increased testing). 

Key Audit Concepts
Segregation of Duties: Essential separation of authorization, custody, and recording.
IT Controls: Testing automated controls is crucial as companies rely on IT systems.
Management Override: Auditors must specifically assess the risk of fraud related to overriding controls, particularly in journal entries. 

1 of 18 Ready
Management’s ability to foresee problems and take steps in advance to prevent problems is known as:
I. control environment
II. control activities
Neither I nor II
Shortcuts
Prev Space Show / hide Next
Turn this into a study set.
Sign in with Google to save tricky questions to your reminder list and resume on any device.
Sign in with Google Free • no extra password