Communication system that enables computer users to share computer equipment, application software, data, and voice and video transmissions
Network environment
Series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records
Accounting system
PSA 315 is based on which internal control framework?
COSO ICIF
Criteria of control (CoCo) framework originated from which country?
Canada
Risks can arise or change due to circumstances such as
Changes in operating environment, New personnel, New or revamped information systems, Rapid growth, New technology, New business models, products, or activities
A collection of data that is shared and used by many different users for different purposes
Database
The electronic exchange of transactions, from one entity’s computer to another entity’s computer through an electronic communications network
Electronic Data Interchange (EDI)
The auditor should document his understanding of internal control. The extent of documentation is a matter of the CPA’s judgment and the form of documentation depends upon
Preference and skills
File system with exclusive access to and use of individual data
Flat file system
Includes considering whether controls are operating as intended and that they are modified as appropriate for changes in conditions
Monitoring of controls
Consists of infrastructure (physical and hardware components), software, people, procedures, and data
Information system
Involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting
Communication
Two Possible Risk Assessments
Maximum (high) control risk assessment; Below the maximum (less than high) control risk assessment
Audit approaches in relation to control risk assessment
Reliance and no reliance approach
Exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether the computer is operated by the entity or by a third party
CIS environment
Tests of control are performed to obtain audit evidence about the effectiveness of the
Design and operation/implementation of controls
All the policies and procedures adopted by the management of an entity to assist in achieving management’s objective of ensuring, as far as practicable, orderly and efficient conduct of its business, etc.
Internal Control System
Understanding of the design and operation/implementation of internal controls would help the auditors identify
Potentially reliable controls
Which type of analytical procedures is not required for every audit?
Substantive analytical procedures
Process for identifying and responding to business risks and the results thereof
Entity’s risk assessment process
Assertions about account balances at the end of the period
Existence, rights and obligation, completeness, valuation and allocation
Types of CIS application controls
controls over input, processing, and output
Internal Control Components (PSA 315)
Control environment; Entity’s risk assessment process; Information system, Control Activities, Monitoring
What happens to the overall objective and scope of an audit in a CIS environment?
Do not change
Transactions are accumulated and processed in a group
Batch processing system
The policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks that threaten the achievement of the entity’s objectives
Control activities
Includes the attitudes, awareness, and actions of management and those charged with governance concerning the entity’s internal control and its importance in the entity
Control environment
Your experience on this site will be improved by allowing cookies.