You are on page 1of 4

CHAPTER 3 ∙ Internal Control over Financial Reporting

Application controls
See transaction controls.
Control activities
The component of internal control that includes control actions that
have been established by policies and procedures. They help ensure
that management’s directives regarding internal control are carried
out.
Control deficiency
A shortcoming in internal controls such that the objective of reliable
financial reporting may not be achieved.
Control environment
The component of internal control that includes the set of standards,
processes, and structures that provides the basis for carrying out
internal control across the organization. It includes the “tone at the
top” regarding the importance of internal control and the expected
standards of conduct.
COSO’s updated Internal Control–Integrated Framework
A comprehensive framework of internal control used to assess the
effectiveness of internal control over financial reporting, as well as
controls over operational and compliance objectives.
Detective controls
Controls designed to discover errors that occur during processing.
Edit tests
See input validation tests.
Entity-wide controls
Controls that operate across an entity and affect multiple processes,
transactions, accounts, and assertions.
General computer controls
Pervasive control activities that affect multiple types of information
technology systems and are necessary for automated application
controls to work properly (also referred to as information technology
general controls).
Information and communication
The component of internal control that refers to the process of
identifying, capturing, and exchanging information in a timely fashion
to enable accomplishment of the organization’s objectives.
Information technology general controls
See general computer controls.

5

Internal control A process. Physical controls over assets Controls designed to protect and safeguard assets from accidental or intentional destruction and theft. in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis. designed to provide reasonable assurance regarding the achievement of objectives relating to operations. effected by an entity’s board of directors. Ongoing evaluations Monitoring procedures that are built into the normal recurring activities of an entity. and that only authorized transactions can be input.CHAPTER 3 ∙ Internal Control over Financial Reporting Input controls Controls designed to ensure that authorized transactions are correct and complete. Output controls Controls designed to provide reasonable assurance that all data are completely processed and that output is distributed only to authorized recipients. Monitoring The component of internal control that determines whether the controls. management. Preventive controls Controls designed to prevent the occurrence of a misstatement. Integrated audit An audit in which the same auditor provides an opinion on both the financial statements and the effectiveness of internal control over financial reporting. Input validation tests Control tests built into an application to examine input data for obvious errors (also referred to as edit tests). Material weakness in internal control A deficiency. or a combination of deficiencies. are present and continuing to function effectively. including all five components. reporting. and other personnel. and compliance. Processing controls 6 .

without considering the effect of internal controls. Separate evaluations Monitoring procedures that are conducted periodically. Significant deficiency in internal control A deficiency. typically by objective management personnel. without considering the effect of internal controls. . is most relevant to determining whether there is a reasonable possibility that the account could contain a material misstatement. yet important enough to merit attention by those responsible for oversight of the company’s financial reporting. all transactions are processed. accounts. and assertions These are controls that do not have an entity-wide effect. or a combination of deficiencies. internal auditors. or vice versa. Segregation of duties A control activity that is designed to protect against the risk that an individual could both perpetrate and cover up a fraud. Transaction controls Control activities implemented to mitigate transaction processing risk that typically affect only certain processes. or external consultants.CHAPTER 3 ∙ Internal Control over Financial Reporting 7 Controls designed to provide reasonable assurance that the correct program is used for processing. in internal control over financial reporting that is less severe than a material weakness. and the transactions update appropriate files. Relevant assertion A financial statement assertion. Risk assessment The component of internal control that is the process for identifying and assessing the risks that may affect an organization from achieving its objectives. Transaction trail Includes the documents and records that allow a user (or auditor) to trace a transaction from its origination through to its final disposition. for a given account. transactions. Self-checking digits A type of input test that has been developed to test for transposition errors associated with identification numbers. Significant account An account that has a reasonable possibility of containing a material misstatement.

observation. inspection of documentation making up the transaction trail. and reperformance of controls. 8 . This process includes a combination of inquiry.CHAPTER 3 ∙ Internal Control over Financial Reporting Walkthrough A process whereby management (or the auditor) follows a transaction from origination through the organization’s processes until it is reflected in the organization’s financial records.