Table of Contents

Course Learning Objectives. 5

Introduction. 1

Part I - The Principles of Internal Control - Section 1. 3

Internal Control Systems. 3

The Definition of Internal Control 3

Limitations of Internal Controls. 4

Internal Control Frameworks. 4

2013 COSO Framework. 5

Overview.. 5

Components of Internal Control 6

The Control Environment 6

Risk Assessment 8

Identify Risks. 9

Assess Risks. 9

Respond to Risks. 9

Relevance to Sarbanes-Oxley Compliance. 11

Control Activities. 11

Information & Communication Systems Support 13

Monitoring. 14

The GAO Green Book. 15

Overview.. 15

Framework Principles. 17

Control Framework - 17 Principles. 17

Control Framework with GAOs Attributes. 18

Part I - Section 1 Review Questions. 21

Part I - The Principles of Internal Control - Section 2. 22

Types of Controls. 22

Directive Controls. 22

Preventive Controls. 22

Detective Controls. 23

Corrective Controls. 24

The Concepts of ICFR.. 24

Integrating Controls over Information Systems. 26

IT General Controls. 26

IT Application Controls. 27

Considerations Specific to Smaller Entities. 30

Cost-Benefit Relationships. 31

Benefit-Cost Analysis. 31

Cost-Effectiveness Analysis. 32

Part I - Section 2 Review Questions. 34

Part II - Management Assessment of Internal Controls - Section 3. 35

Understanding the Sarbanes-Oxley Act Rules. 36

Enhanced Financial Disclosures (Section 404) 36

Overview.. 36

Managements Internal Control Report. 38

The Role of Independent Public Accountant. 40

Corporate Responsibility (Section 302) 41

Other Key Principles. 43

Auditor Independence. 43

The Role of Audit Committee. 43

Disclosures in Periodic Reports. 44

Corporate and Criminal Fraud Accountability. 45

Identification of Risks and Controls. 45

Step 1: Selecting the Control Framework. 45

Step 2: Defining Control Objectives. 47

Step 3: Addressing and Monitoring Risks. 49

General Concerns. 49

Anti-Fraud Considerations. 51

Assessment Criteria. 52

Step 4: Establishing Controls. 53

Part II - Section 3 Review Questions. 56

Part II - Management Assessment of Internal Controls - Section 4. 57

Assessment of the Adequacy of Controls. 57

Determining Key Controls. 58

Evaluating the Effectiveness of Controls. 59

The Design of Controls. 59

The Operating Effectiveness of Controls. 61

Evaluation of Control Deficiencies. 65

Step 1: Understanding the Nature of the Deficiency. 65

Step 2: Assessing the Likelihood of Misstatements. 66

Step 3: Considering Compensating Controls. 67

Step 4: Determining Classification of Deficiencies. 68

Step 5: Reporting Assessment Results. 69

Documentation of Effective Controls. 70

Identification of Control Gaps. 73

Illustration of Potential Internal Control Weaknesses and Compensating Controls: Accounting and Financial Reporting. 76

Part II - Section 4 Review Questions. 79

Part III - Audit of ICFR Integrated with Audit of Financial Statements - Section 5 80

Audit Objectives and Scope. 80

Relevant Standards. 81

Auditing Standard No. 2201. 81

Statement on Auditing Standards 130. 82

Planning the Audit 83

Part III - Section 5 Review Questions. 84

Part III - Audit of ICFR Integrated with Audit of Financial Statements - Section 6 85

Using a Top-Down Approach. 85

The Key Concepts. 85

Sample Audit Programs. 88

Cash in Bank. 88

Trade Accounts and Notes Receivable. 90

Inventory. 92

Fixed Assets. 95

Prepaid Expenses and Deferred Charges. 96

Accounts Payable. 97

Stockholders Equity. 99

Sales and Other Types of Income. 101

Expense Items. 102

Assessing the Risk of Fraud. 104

Characteristics of Financial Statement Fraud. 104

Types of Fraud. 104

Fraud Risk Factors. 105

Brainstorming Sessions. 105

Fraud Risk Assessment. 106

Collect Information. 107

Identify and Assess Fraud Risks. 107

Respond to the Fraud Risk Assessment 108

Testing Controls. 109

Testing Design Effectiveness. 109

Testing Operating Effectiveness. 109

Relationship of Risk to the Evidence to be Obtained. 110

Evaluating Control Deficiencies. 111

Examples of Significant Deficiencies and Material Weaknesses. 113

Scenario A  Significant Deficiency. 113

Scenario B  Material Weakness. 114

Responding to Misstatements Caused by Fraud. 114

Reporting Audit Results. 116

Other Considerations. 117

Considerations Specific to Smaller, Less Complex Entities. 117

Considerations of Financial Information Systems. 117

Management Written Representations. 119

Communication of Certain Matters. 120

Use of the Work of Internal Auditors or Others. 121

Part III - Section 6 Review Questions. 122

Part IV - Fraud Prevention and Detection - Section 7. 123

Fraud Awareness. 123

Basics of Fraud. 123

Definition of Fraud. 123

Fraud Triangle. 124

Opportunity. 125

Pressure/Incentive. 127

Rationalization. 128

The Evolution of Fraud. 129

Types of Fraud. 130

Occupational (Corporate) Fraud. 130

Corruption. 132

Asset Misappropriation. 133

Risk Factors Relating to Misstatements Arising from Misappropriate of Assets. 133

Financial Statement Fraud. 135

Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting. 135

Procurement and Contractor Frauds. 138

False Claims and False Statements. 139

Part IV - Section 7 Review Questions. 141

Part IV - Fraud Prevention and Detection - Section 8. 143

Forensic Accounting and Auditing. 143

Fraud and Perpetrators. 145

The Fraud Symptoms. 145

Indicators of Financial Crime. 146

Red Flags of Employee Behavior 146

Red Flags of Organizational Behavior 147

Recent Cases in Corporate Fraud. 147

Fraud Prevention and Detection. 149

Fraud Risk Assessment 149

Techniques for Fraud Prevention. 151

The ACFE Fraud Prevention Checkup. 159

Interpreting the Entitys Score. 162

The Use of Technology for Fraud Detection. 163

Data Mining. 163

Forensic Computing. 164

Part IV - Section 8 Review Questions. 166

Review Question Answers. 167

Part I - Section 1 Review Questions Answers. 167

Part I - Section 2 Review Questions Answers. 170

Part II - Section 3 Review Questions Answers. 171

Part II - Section 4 Review Questions Answers. 173

Part III - Section 5 Review Questions Answers. 175

Part III - Section 6 Review Questions Answers. 177

Part IV - Section 7 Review Questions Answers. 180

Part IV - Section 8 Review Questions Answers. 184

Appendix A: Example of Management Report 186

Appendix B: Section 404 Management Compliance Checklist 187

Appendix C: Financial Reporting Controls and Information Systems Checklist - Medium to Large Business. 189

Part 1. Internal Control Assessment Questionnaires. 189

Control Environment 189

Significant Account Balances and Transaction Cycles. 194

Revenue Cycle. 194

Revenue and Accounts Receivable. 195

Cash Receipts. 197

Purchasing Cycle. 198

Purchases and Accounts Payable. 198

Cash Disbursements. 199

Inventory. 200

Financing. 202

Investments. 202

Debt 203

Property, Plant, and Equipment. 203

Payroll Cycle. 205

Part 2. Financial Information System Checklist 206

End-User Computing. 206

Procedures and Controls over End-User Computing. 207

Information Processed by Outside Computer Service Organizations. 208

Part 3. Assessing Segregation of Duties and the Risk of Management Override 208

Lack of Segregation of Duties. 208

Management Override. 209

Part 4. Interpret Results. 210

Appendix D: Computer Applications Checklist - Medium to Large Business 212

Computer Hardware. 212

Computer Software. 212

Computer Control Environment 213

Outside Computer Service Organizations. 215

Glossary. 216

Index. 219

CPE Exam Answer Sheet 220

Final Examination. 222

CPASelfstudy.com Course Evaluation. 229