CHAPTER 3 Internal Control over Financial Reporting

Application controls
See transaction controls.
Control activities
The component of internal control that includes control actions that
have been established by policies and procedures. They help ensure
that managements directives regarding internal control are carried
out.
Control deficiency
A shortcoming in internal controls such that the objective of reliable
financial reporting may not be achieved.
Control environment
The component of internal control that includes the set of standards,
processes, and structures that provides the basis for carrying out
internal control across the organization. It includes the tone at the
top regarding the importance of internal control and the expected
standards of conduct.
COSOs updated Internal ControlIntegrated Framework
A comprehensive framework of internal control used to assess the
effectiveness of internal control over financial reporting, as well as
controls over operational and compliance objectives.
Detective controls
Controls designed to discover errors that occur during processing.
Edit tests
See input validation tests.
Entity-wide controls
Controls that operate across an entity and affect multiple processes,
transactions, accounts, and assertions.
General computer controls
Pervasive control activities that affect multiple types of information
technology systems and are necessary for automated application
controls to work properly (also referred to as information technology
general controls).
Information and communication
The component of internal control that refers to the process of
identifying, capturing, and exchanging information in a timely fashion
to enable accomplishment of the organizations objectives.
Information technology general controls
See general computer controls.

CHAPTER 3 Internal Control over Financial Reporting

Input controls
Controls designed to ensure that authorized transactions are correct
and complete, and that only authorized transactions can be input.
Input validation tests
Control tests built into an application to examine input data for obvious
errors (also referred to as edit tests).
Integrated audit
An audit in which the same auditor provides an opinion on both the
financial statements and the effectiveness of internal control over
financial reporting.
Internal control
A process, effected by an entitys board of directors, management, and
other personnel, designed to provide reasonable assurance regarding
the achievement of objectives relating to operations, reporting, and
compliance.
Material weakness in internal control
A deficiency, or a combination of deficiencies, in internal control over
financial reporting such that there is a reasonable possibility that a
material misstatement of the companys annual or interim financial
statements will not be prevented or
detected on a timely basis.
Monitoring
The component of internal control that determines whether the
controls, including all five components, are present and continuing to
function effectively.
Ongoing evaluations
Monitoring procedures that are built into the normal recurring activities
of an entity.
Output controls
Controls designed to provide reasonable assurance that all data are
completely processed and that output is distributed only to authorized
recipients.
Physical controls over assets
Controls designed to protect and safeguard assets from accidental or
intentional destruction and theft.
Preventive controls
Controls designed to prevent the occurrence of a misstatement.
Processing controls

CHAPTER 3 Internal Control over Financial Reporting

7
Controls designed to provide reasonable assurance that the correct
program is used for processing, all transactions are processed, and the
transactions update appropriate files.

Relevant assertion
A financial statement assertion, for a given account, is most relevant to
determining whether there is a reasonable possibility that the account
could contain a material misstatement, without considering the effect
of internal controls.
Risk assessment
The component of internal control that is the process for identifying
and assessing the risks that may affect an organization from achieving
its objectives.
Segregation of duties
A control activity that is designed to protect against the risk that an
individual could both perpetrate and cover up a fraud.
Self-checking digits
A type of input test that has been developed to test for transposition
errors associated with identification numbers.
Separate evaluations
Monitoring procedures that are conducted periodically, typically by
objective management personnel, internal auditors, or external
consultants.
Significant account
An account that has a reasonable possibility of containing a material
misstatement, without considering the effect of internal controls.
Significant deficiency in internal control
A deficiency, or a combination of deficiencies, in internal control over
financial reporting that is less severe than a material weakness, yet
important enough to merit attention by
those responsible for oversight of the companys financial reporting.
Transaction controls
Control activities implemented to mitigate transaction processing risk
that typically affect only certain processes, transactions, accounts, and
assertions These are controls that do not have an entity-wide effect.
Transaction trail
Includes the documents and records that allow a user (or auditor) to
trace a transaction from its origination through to its final disposition,
or vice versa.

CHAPTER 3 Internal Control over Financial Reporting

Walkthrough
A process whereby management (or the auditor) follows a transaction
from origination through the organizations processes until it is
reflected in the organizations financial records. This process includes a
combination of inquiry, observation, inspection of documentation
making up the transaction trail, and reperformance of controls.