ACC 4110 Chapter 6: Internal Control in a Financial Statement Audit
Processing steps and computer processing are included in a ______ flowchart. Multiple choice question. A. systems B. document C. program
A.
These apply to the processing of individual applications and help ensure the occurrence, completeness and accuracy of transaction processing. Multiple choice question. A. Application controls B. Control activities C. General controls
A.
What are application controls?
apply to the processing of individual application to ensure the occurrence, completeness and accuracy of transactions.
An effective internal control system allows management to do what?
focus on operations and financial performance goals with maintaining compliance with relevant laws and minimizing surprises.
Controls over network operations are included as part of ____________ controls which relate to the overall information processing environment.
general
Less severe than a material weakness, a(n) _____________ _______________is still important enough to merit attention by those charged with governance.
significant deficiency
The last step in the decision process is performing ____________ procedures.
substantive
What is a closed loop verification?
process that takes data entered into the system to find and present other related information, thus enabling the user to verify the correctness of the original data entry
Flowcharting systems are divided into three groups: input/output symbols, ___________symbols, and _____________ flow and ___________symbols.
processing, data and storage
In regards to internal control systems, the concept of ______________ ____________ recognizes that the cost should not exceed the benefits expected to be derived.
reasonable assurance
The level of _____________ risk is used to determine the nature, timing, and extent of substantive tests.
detection
The auditor's understanding of an entity's internal control over financial reporting are documented using diagrammatic representation known as a(n) ____________.
flowchart
To set control risk below high, the auditor must do three things?
1. Identify specific controls 2. Perform tests of identified controls 3. Conclude on the achieved level of control risk given results of testing.
When audit risk is low and the risk of material misstatement is high, substantive tests should be performed ______. Multiple choice question. A. mostly at interim dates throughout the year B. mostly at year-end C. consistently thought the year at interim dates and year end
B
Internal Control as defined by COSO Framework consists of which 5 components?
Control Environment Entity Risk Assessment Process Control Activities Information and Communication Monitoring Activities
Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded, and that the entity's information system generates information that is reliable for decision making?
Management
The third principle underlying the components of internal control is? This principle is related to which component? Explain.
Management establishes, with board oversight, structures, reporting lines and appropriate authorities and responsibilities in the pursuit of objectives. Related to the Control Environment This is related because since the control environment represents the policies that structure that set the basis for carrying out internal controls. This specific structure is needed in order carry out these policies.
Designated lines of authority and responsibility are presented on an entity's _______________________ _______________________.
Organization Chart
True or false: The application systems acquisition, development and maintenance controls are critical for ensuring the reliability of information processing.
True
The assessment of ___________ _________includes consideration of incentives and pressures, opportunities and how personnel might rationalize or justify inappropriate actions
fraud risk
When an auditor decides to follow a(n) _________ strategy, he or she has to understand the control activities that relate to assertions for which a lower level of control risk is expected.
reliance
When the auditor has decided not to rely on the entity's controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a(n) ___________ audit strategy.
substantive
The auditor should gain sufficient knowledge about the control environment to understand the attitudes, awareness, and actions concerning the control environment of the ______. Multiple select question. A. management B. internal auditors C. board of directors D. non-management employees
A and C
Information that is capable of making a difference in user decisions has the characteristic of ___________.
Relevance
Information that is capable of making a difference in user decisions has the characteristic of _______________.
Relevance
Fundamental qualitative characteristics include which two?
Relevance and Faithful representation
To obtain an understanding of the entity's internal controls which helps identify key controls, recognize types of potential misstatements and design test of controls and substantive procedures, auditors use_____________ procedures.
Risk Assessment
Data capture, data validation, processing, output and errors controls are all categories of _____________ controls.
application
When a reliance strategy is chosen, ______. Multiple choice question. a. substantive test procedures are not required b. tests of controls are used to assess the achieved level of control risk c. a detailed understanding of internal control is not required
b.
Procedures manuals, organization charts, internal control questionnaires, flowcharts and narrative descriptions are all tools for _____________ the auditor's understanding of internal controls.
documenting
When the auditor sets control risk at high, he or she documents that control risk assessment and performs ______________ procedures.
substantive
Controls that can be applied at various stages and are mainly concerned with the accuracy assertion are ______ controls. Multiple choice question. A. processing B. data capture C. data validation D. output
C.
Monitoring the operating effectiveness of internal controls ______. Multiple choice question. A. should involve the external auditors B. should only be done by management C. may be done by internal auditors
C.
When audit risk is low and the risk of material misstatement is high, substantive tests should be performed ______. Multiple choice question. A. mostly at interim dates throughout the year B. consistently thought the year at interim dates and year end C. mostly at year-end
C.
How authority and responsibility are delegated and monitored and the framework within which the entity's activities for achieving entity wide objectives are planned, executed, controlled and reviewed are defined by the entity's _____________ ____________.
Organizational Structure
The first principle underlying the components of internal control is ____________________? This principle is related to which component? Why?
a commitment to integrity and ethical values It is related to the control environment component Since the control environment is the foundation of of all internal control, this bedrock foundation of integrity and ethical values is naturally related.
Which of the following communicate policies and procedures to the entity's personnel? Multiple select question. 1. Policy manuals 2. Memoranda 3. Accounting manuals 4. Personnel manuals
1, 2, and 3
Which of the following statements are correct? Multiple select question. 1. Proper segregation of duties is important in preventing errors from processing. 2. Errors must be corrected and resubmitted at the correct point in processing. 3. Errors can be identified at any point in the system. 4. Most transaction errors are identified by processing or output controls.
1, 2, and 3
Data capture controls are concerned primarily with the ______ assertions. Multiple select question. 1. accuracy 2. completeness 3. authorization 4. reliability 5. occurrence
1,2, and 5
Internal communication within an organization related to internal control ______. Multiple select question. 1. involves providing and understanding of roles and responsibilities 2. should always be made by senior management either orally or in writing 3. provides clear messages about the importance of how control responsibilities are to be performed 4. is provided by policy manuals
1,3, and 4
These provide a diagrammatic representation of the entity's accounting system. Multiple choice question. A. Procedures Manuals B. Internal Control Questionnaires C. Flowcharts D. Organizational Charts
C
True or false: All communication regarding matters affecting the functioning of internal control within an organization should be internal.
False
True or false: An entity's external auditor does not need to be concerned about the internal control system at service organizations used by the entity.
False
True or false: How the components of internal control are implemented is not impacted by the size of the entity.
False
Ensuring the completeness and accuracy of transaction processing, authorization, and validity is the goal of ___________ controls.
application
An internal control ________________ is generally used for entities with a relatively complex internal control structure.
questionnaire
Assessing the quality of internal control performance over time is the intention of ______ of controls. Multiple choice question. A. monitoring B. enforcement C. communication D. creation
A.
If properly designed, ______ controls should operate more consistently and are not typically subject to human errors or mistakes in its application.
Automated
Which of the following statements are correct? Multiple select question. A. The external auditor should not be involved in the system acquisition or development process. B. Good documentation is an important component of managing controls. C. Auditors are mainly concerned that program changes are properly authorized, tested and implemented.
B and C
The understanding of internal control may be documented in a(n) ________________which is most appropriate when then entity has a simple internal control system.
Memorandum
The possibility of events that threaten the achievement of objectives should be considered in an entity's __________ __________process.
risk assessment
What us an existence test?
test of an ID number or code by comparison to a file containing valid ID numbers or codes
This type of report includes management's description of the service organization's system and the auditor's opinion as to whether the service organization's controls are suitably designed to achieve management's control objectives as of the end of the period. Multiple choice question. A. Type 1 Report B. Type 2 Report
A.
After planned tests of controls have been completed, the auditor should reach a conclusion on the ______ level of control risk. Multiple choice question. A. assessed B. appropriate C. planned D. achieved
D.
What is a substantive audit strategy?
auditor has decided not to rely on entities internal controls and instead use substantive procedures as the main source of evidence about the assertions in the financial statements.
Within an entity, there is always a risk of the fraud of _____________ between individuals will destroy the effectiveness of segregation of duties.
collusion
Based upon its risk assessment, management determines which relevant business processes require ________ __________.
control activities
The auditor uses the combination of the achieved level of ___________ risk and the assessed level of ____________risk to determine the required level of ____________risk needed to bring audit risk to an acceptably low level.
control, inherent, detection
What is a limit test?
ensures that a numerical value does not exceed some predetermined value
What is a range test?
ensures the value in a field falls within an allowable range of values
Large public companies are required to engage a(n) ____________ or _____________auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting.
external or independent
The infrastructure, software, people, procedures and data used to support the functioning of internal control is known as a(n) _______________ _______________.
information system
The approach to taking and monitoring business risks and attitudes and actions toward financial reporting are characteristics that may signal important information to the auditor about management's ______________and ____________ values.
integrity and ethical
What is a check-digit verification?
numerical value computed to provide assurance that the original value was not altered
In order to provide evidence to support the lower level of control risk when using a reliance strategy, the auditor performs ____________ _____________ _____________.
test of controls
What is the control environment?
this is the set of standards, processes and structures that is the basis for carrying out internal control across the organization. The board of directors and management set the tone at the top regarding these standards.
Output documents from the application that are used as source documents in later processing are called _____________ documents.
turnaround
The information gathered by performing risk assessment procedures is used to evaluate the __________________ of controls and to determine whether they have been _________________.
design, implemented
What is risk assessment?
involves a dynamic and iterated process for identifying and analyzing risks to achieve the entity's objectives. It forms the basis for determining how risks should be managed.
What are control activities?
the actions established by policies and procedures that help ensure that management directives to mitigate risks to the achievement of objectives are carried out.
In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems ______. Multiple select question. 1. sophistication 2. complexity 3. effectiveness 4. accuracy
1 and 2
Which of the following statements are correct? Multiple select question. 1. The auditor should understand the control procedures used by the entity to provide financial statement assurance. 2. Understanding the information system requires knowing how IT is involved in data processing. 3. The auditor must learn about each business process that affects all account balances in the financial statements.
1 and 2
Which of the following statements are correct? Multiple select question. 1. Violations of internal control raise serious questions about management integrity. 2. Senior management may override an entity's internal controls. 3. Violations of control activities by senior management are easy to detect with normal audit procedures.
1 and 2
Communication with external parties regarding matters affecting the functioning of internal control ______. Multiple select question. 1. enables inbound receipt of relevant information 2. should only be done between the entity and its external auditors 3. can assist in meeting outside requirements and expectations
1 and 3
The two fundamental qualitative characteristics for external financial reporting are ______. Multiple select question. 1. relevance 2. understandability 3. faithful representation 4. timeliness 5. comparability
1 and 3
An effective accounting system establishes methods and records that will ______. Multiple select question. 1. describe transactions in sufficient detail to permit proper classification 2. determine the proper time period in which transactions occurred 3. identify and record all valid transactions 4. present transaction and disclosures in a manner than ensures profitability for the entity
1, 2 and 3
Identify the fraud risk factors that organizations must consider in assessing risks to the achievement of objectives. Multiple select question. 1. Rationalization 2. Opportunities 3. Threats 4. Morality 5. Incentives
1, 2 and 5
The components of internal controls as defined by the COSO Framework are ______. Multiple select question. 1. information and communication 2. control environment 3. detection activities 4. entity's risk assessment 5. monitoring activities
1, 2, 4, and 5
In order to set control risk below a high level, the auditor must ______. Multiple select question. 1. conclude on the achieved level of control risk 2. identify specific controls that will be relied upon 3. perform test of the identified controls 4. rely upon the work of the internal audit function 5. confer with the audit committee
1, 2, and 3
Factors that can impact the effectiveness of the board of directors or audit committee include ______. Multiple select question. 1. nature and extent of interactions with auditors 2. information availability 3. stock performance 4. compensation packages 5. experience of members
1, 2, and 5
In determining whether an IT specialist is needed, the auditor should consider the ______. Multiple select question. 1. extent to which data are shared among systems 2. total revenue the entity generates in a typical year 3. complexity of the IT systems and controls and how they are used 4. entity's use of existing, common IT technologies 5. existence of the entity's participation in electronic commerce
1, 3, and 5
Monitoring of internal controls ______. Multiple select question. 1. is intended to assess quality of performance over time 2. should be done to determine operating effectiveness 3. has received decreased attention in recent years 4. may identify the need for control redesign
1,2 and 4
An auditor may decide to follow a substantive strategy for some or all of the assertions because of one of 3 factors...
1. Implemented controls do not pertain to the assertions the auditor is considering 2. The implemented controls are assessed as ineffective 3. Testing the operating effectiveness of the controls would be inefficient
According to COSO's Internal control - integrated framework, a system of internal control is designed and carried out to accomplish what 3 things?
1. Reliability, timeliness, and transparency of internal and external financial and nonfinancial reporting. 2. Effectiveness and Efficiency of Operations, including safeguarding of assets 3. Compliance with applicable laws and regulations
What 5 factors might indicate the need for an IT specialist
1. complexity of the entity's IT system and controls and the manner in which they are used 2. significance of changes made to the existing systems or the implementation of new systems 3. extent to which data are shared among systems 4. Extent of the entity's participation in electronic commerce 5. Use of emerging tech 6. significance of audit evidence available in electronic form
If the auditor determines that internal controls are not properly designed or not implemented the auditor will ______. Multiple select question. 1. perform tests of controls to obtain audit evidence that controls are operating effectively 2. set the level of control risk at high 3. use substantive procedures to reduce the risk of material misstatement to an acceptable level 4. make an assessment of control risk based on the result of tests of controls
2 and 3
People that significantly influence the control consciousness of the entity and must take their fiduciary responsibilities seriously and actively oversee the entity's accounting and reporting policies and procedures include the ______. Multiple select question. 1. external auditors 2. board of directors 3. internal auditors 4. audit committee
2 and 3
To obtain an understanding of an entity's internal controls auditors may use ______. Multiple select question. 1. recalculation of account balances 2. inquiry of appropriate personnel 3. reperformance of control activities 4. observation of entity activities and operations 5. inspection of entity documents and reports
2, 4, and 5
If the auditor determines that internal controls are not properly designed or not implemented the auditor will ______. Multiple select question. 1. make an assessment of control risk based on the result of tests of controls 2. perform tests of controls to obtain audit evidence that controls are operating effectively 3. set the level of control risk at high 4. use substantive procedures to reduce the risk of material misstatement to an acceptable level
3 and 4
Commonly categorized control activities include ______. Multiple select question. 1. fraud controls 2. risk identification controls 3. physical controls 4. performance reviews 5. information processing controls 6. segregation of duties
3, 4, 5, and 6
The controls that are of most direct relevance to a financial statement audit are those that contribute to financial statement ______. Multiple select question. 1. effectiveness 2. accuracy 3. timeliness 4. transparency 5. reliability
3, 4, and 5
The main concern of ______ controls is that computer reports, checks, documents or other printed or displayed information may be distributed or displayed to unauthorized users. Multiple choice question. 1. processing 2. data validation 3. output 4. error
3.
General controls play an important role in providing assurance about the quality of _____ controls. Multiple choice question. 1. output 2. data validation 3. data capture 4. processing
4.
Auditing standards ______ that the auditor document his or her understanding of the entity's internal control components. Multiple choice question. A. require B. suggest C. recommend
A
Documenting the understanding of internal control in a memorandum is most appropriate when the entity has a(n) ______ internal control system. Multiple choice question. A. simple B. complex C. extensive
A
The competence level for a particular job should be specified and translated into a job description that details the specific knowledge and skills required. This task should be done by ______. A. management B. the audit committee C. internal auditors D. external auditors
A
Which of the following statements are correct? Multiple select question. A. Lack of management review is one of the primary sources of internal control weakness. B. The cost of internal controls should not exceed the benefits derived. C. The internal control system should be designed to provide absolute assurance that objectives are being achieved.
A and B
If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will ______. Multiple select question. A. perform tests of controls to obtain audit evidence that controls are operating effectively B. use substantive procedures to reduce the risk of material misstatement to an acceptable level C. make an assessment of control risk based on the result of tests of controls D. set the level of control risk at high
A and C
The quality of internal control is directly related to the ______ of the personnel operating the system. Multiple choice question. A. experience B. age C. quality D. gender
C
When a service organization provides accounting services to an entity and those services affect the entity's accounting records, ______. Multiple select question. A. they are considered part of the entity's information system B. control risk must be assessed at high C. the entity's external auditor must rely on the control assessment provided by the service organization's auditor D. the entity's external auditor must be concerned with the internal control system at the service organization
A and D
When deciding whether substantive procedures are to be performed at an interim date, the auditor should consider the ______. Multiple select question. A. nature of the relevant assertions B. purpose of the substantive procedures C. desired risk of material misstatement D. control environment
A, B and D
Data capture controls must ensure that ______. Multiple select question. A. all transactions are recorded in the application system B. every transaction entered has appropriate source documentation C. rejected transactions are identified, controlled, corrected and reentered D. transactions are only recorded once
A, C and D
The auditor may decide to follow a substantive strategy for some or all assertions because ______. Multiple select question. A. implemented controls do not pertain to the assertion under consideration B. tests of controls have been used to assess control risk C. testing the operating effectiveness of the controls would be inefficient D. implemented controls are assessed as ineffective
A, C and D
The operating effectiveness of a control ______. Multiple choice question. A. may be tested using audit data analytics if the control is automated B. may be tested using computer-assisted audit techniques if the control is manual C. should not be affected by whether it is performed manually or is automated
A.
The physical protection of computer equipment, software and data as well as loss of assets and information through theft or unauthorized use is the concern of ______ controls. Multiple choice question. A. access and security B. output C. processing D. data center and network
A.
The tone of a organization is set an the control consciousness of its people is influenced by the ______, Multiple choice question. A. control environment B. monitoring of controls C. risk assessment procedures D. COSO Framework
A.
This type of report provides assurance on the operating effectiveness of the service organization's controls based on the auditor's test of those controls. Multiple choice question. A. Type 2 Report B. Type 1 Report
A.
The auditor's understanding of ______ is used to identify the controls that are likely to prevent, or detect and correct, material misstatement in specific assertions. Multiple choice question. A. the control environment B. internal controls C. management objectives D. fraudulent activities
B
The two fundamental qualitative characteristics for external financial reporting are ______. Multiple select question. A. comparability B. relevance C. understandability D. faithful representation E. timeliness
B and D
An internal control questionnaire ______. Multiple select question. A. is generally used for entities with a relatively simplistic internal control structure B. is one of many types of questionnaires used by auditors C. provides a systematic means to investigate internal control D. contains questions about the five internal control components
B, C and D
Types of tests of controls include ______. Multiple select question. A. recalculation B. inspection C. observation D. inquiry
B, C and D
A deficiency, or combination of deficiencies, in internal controls, such that there is a reasonable possibility that a material misstatement of the entity's financial statement will not be prevented, or detected and corrected on a timely basis is a ______. Multiple choice question. A. control deficiency B. material weakness C. significant deficiency
B.
Assignment of authority and responsibility for operating activities and the establishment of reporting relationships and authorization hierarchies are part of the ______ environment principle. Multiple choice question. A. financial B. control C. detection D. risk
B.
Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are examples of ______. A. Multiple choice question. B. physical controls C. segregation of duties controls D. fraud controls E. information processing controls F. risk identification controls
B.
In many entities, this produces much of the knowledge used in monitoring. Multiple choice question. A. Accounting system B. Information system C. Control environment D. Report manuals
B.
Interim tests of controls give auditors time to inform the ______ so that likely misstatements can be located and corrected before the rest of the audit is performed. Multiple choice question. A. audit committee B. management C. board of directors D. internal auditors
B.
Knowledge of the information system is important to understand the related accounting records when they are ______. Multiple choice question. A. manual only B. electronic or manual C. electronic only
B.
Monitoring ______. Multiple choice question. a. must be included in ongoing activities to be effective b. can be done through ongoing activities or separate evaluations c. should only be done through separate evaluations
B.
Rotation of duties and mandatory vacations, review of the operating system log and regular updates of anti-virus software are examples of ______ controls. Multiple choice question. A. output B. data center and network C. access security D. processing
B.
Setting an audit strategy ______. Multiple choice question. A. helps the auditor determine how to evaluate internal controls B. requires a detailed understanding of the entity's internal controls C. should be done based upon the scope of the engagement
B.
What should be used when it is necessary to show the movement of a document or report back to a previous function? Multiple choice question. A. Off-line storage B. On-page connector C. Communication link D. Off-page connector
B.
Many organizations prepare ______ which include documentation of the accounting system and related control activities. Multiple choice question. A. internal control questionnaires B. organizational charts C. procedures manuals D. flowcharts
C
Auditors ______. Multiple choice question. A. should only rely on controls that affect an individual assertion B. should only rely on controls that have a pervasive effect on many assertions C. may rely on any control likely to prevent or detect and correct material misstatements
C.
Controls over data preparation, work flow control and library functions are included in ______ controls. Multiple choice question. A. access security B. processing C. data center and network D. output
C.
Setting an audit strategy ______. Multiple choice question. A. helps the auditor determine how to evaluate internal controls B. should be done based upon the scope of the engagement C. requires a detailed understanding of the entity's internal controls
C.
Small to midsize entities ______. Multiple choice question. A. generally do not need a system of internal control B. generally achieve internal control objectives using the same methods as large entities C. sometimes use alternative approaches to achieve effective internal control
C.
These apply to the processing of individual applications and help ensure the occurrence, completeness and accuracy of transaction processing. Multiple choice question. a. General controls b. Control activities c. Application controls
C.
Controls over data preparation, work flow control and library functions are included in ______ controls. Multiple choice question. A. access security B. processing C. output D. data center and network
D.
How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ______. Multiple choice question. A. board of directors B. the chief financial officer C. audit committee D. auditors
D.
Locked doors to prevent unauthorized entry, preventing programmers from entering the computer room and an operational disaster recovery plan are examples of ______ controls. Multiple choice question. A. data center and network B. processing C. output D. access and security
D.
The auditor intends to depend on the entity's controls and may need a more detailed understanding of internal controls to develop a preliminary or "planned" assessment of control risk when following a ______ strategy. Multiple choice question. A. differentiation B. substantive C. benchmarking D. reliance
D.
The auditor's understanding of ______ is used to identify the controls that are likely to prevent, or detect and correct, material misstatement in specific assertions. Multiple choice question. A. the control environment B. fraudulent activities C. management objectives D. internal controls
D.
The proper execution of transactions is ensured by ______ controls. Multiple choice question. A. data capture B. output C. data validation D. processing
D.
True or false: Monitoring is an effective component of internal control, whether or not deficiencies are communicated to those with oversight responsibilities in a timely manner.
False; if not communicated, not effective
The extent of an entity's use of ______ can affect internal controls because this function affects the way transactions are initiated, authorized, recorded, processed and reported.
Information Technology
How does information and control fit into the components of control?
Information is necessary for the entity to carry out internal responsibilities in support of achievement of it's objectives. Communication occurs both internally and externally and provides the org with the information needed to carry out the day to day internal control activities.
How does an entity's use of information technology affect internal control?
It affects the way transactions are initiated, authorized, recorded, processed and reported.
Why does management has a responsibility to design and maintain a system of control?
It provides reasonable assurance that assets and records are properly safeguarded and that the entity's information systems generates information that is reliable for decision making.
A direct relationship exists between ______________which reflect what an entity is trying to achieve, ______________which represent what the entity needs to do to achieve them, ______________and the of the entity.
Objectives, components, structure
Controls that may be relevant to the audit when they have an impact on data the auditor uses to apply audit procedures include ______ controls. management decision operations planning compliance
Operations and compliance; These directly impact the reliability of the financial statements
The fifth principle underlying the components of internal control is? This principle is related to which component? Explain.
Organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Related to control environment component Polices are no good is there is no accountability. The tone set at the top by managers can only be effective with sound accountability.
True or false: An entity's risk assessment process should consider the possibility of events that threaten the achievement of objectives. True false question. True False
T
The second principle underlying the components of internal control is? This principle is related to which component? Explain.
The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Related to the control environment component This is related because the board of directors and audit committee have a large influence upon the control consciousness of the entity.
The fourth principle underlying the components of internal control is? This principle is related to which component? Explain.
The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Relates to the control environment The quality of your people directly correlates with the ability to effectively execute policies that outline your control environment
The sixth principle underlying the components of internal control is? This principle is related to which component? Explain.
The organization specifies specific objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. The risk assessment component Without specific objectives, there can be no effective measurement of risk
What are monitoring controls?
These are ongoing evaluations that are used to determine if the 5 components of internal control are present and functioning.
Controls that are part of the computer programs used in the accounting system are _______________ controls.
application
The process of evaluating the effectiveness of an entity's internal control in preventing, or detecting and correcting, material misstatements in the financial statements is called ______________control risk.
assessing
What is a reliance strategy?
auditor intends to rely on the entity's controls.
What is a field test?
check on a field to ensure that it contains either all numeric or all alphabetic characters
Based upon its risk assessment, management determines which relevant business processes require _____________ ___________.
control activities
To understand management's and the board of directors' attitudes, awareness, and actions concerning it, the auditor should gain sufficient knowledge about the ____________ _____________.
control environment
What is a sequence check?
determines if the input data are in proper numerical or alphabetical sequence
What aspect of risk assessment process is most directly relevant to auditors?
how management identifies risks relevant to the preparation of financial statements and then estimates their significance, assesses the likelihood of their occurrence, and then decides on how to manage them.
Auditors may test controls at a(n) __________ date because the assertion being tested may not be significant, the control has been effective in prior audits, or it may be more efficient to conduct the tests at that time.
interim
Tests of controls directed toward _________________ ______________ are concerned with assessing how the control was applied, the consistency with which it was applied during the audit period and by whom it was applied.
operating effectiveness
Report distribution logs, transmittal sheets, reasonableness reviews and reconciliations to control or batch totals are examples of ______ controls. Multiple choice question. A. processing B. output C. data validation D. error
output
A policy might call for two people to sign all checks over a certain dollar amount and the _____________ is the action of having two people sign a check.
procedure
As it relates to the external financial reporting objective, the entity's _______________ _____________ process should consider internal and external events and circumstances that may arise and adversely affect the entity's ability to initiate, authorize, record, process and report financial data consistent with management's financial statement assertions.
risk assessment
Allowing the individual who opens mail and receives cash payments to have access to the accounts receivable subsidiary ledger is a violation of the _____________ ______________ __________principle.
segregation of duties
The risk that material misstatements are present in financial statements may be increased by conducting ________________ procedures only at an interim date
substantive
When an auditor decides to follow a(n) ___________strategy, little work is done on understanding specific control activities.
substantive
Which controls are directly relevant to the auditors? Why are they relevant?
the controls that contribute to the reliability, timeliness and transparency of external financial reporting. These are directly relevant because they help prevent, detect and correct material misstatements in the entity's financials
General Controls relate to what?
the overall information processing environment and include controls over data center and network operations; system software acquisition, change and maintenance; access security; and application system acquisition, development and maintenance.
When a auditor traces a sales transaction from its origination to its inclusion in the financial statements, he or she is performing a(n) ___________.
walkthrough