ADT CH5
COSO internal control categories include ______ and ______ of operations.
Effectiveness Efficiency
True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness.
False (The components work in an integrated manner)
True or false: For audits of internal control, the audit team must understand and evaluate internal controls for the entire period.
False (This is true for financial statement audits. Internal control audits are as of the end of the fiscal year.)
Section 302 of the Sarbanes-Oxley Act ______.
allows managers to make their own judgments about the necessity of specific controls makes management responsible for monitoring, supervising and maintaining control activities is designed to ensure the proper "tone at the top"
According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______.
always required
Common monitoring controls include ______.
analysis of and follow up items that might by indicative of a control failure self-assessments by management regarding the tone they set quality assurance review of the internal audit department
Internal control questionnaires ______.
are somewhat unique for each organization can be useful in detecting internal control weaknesses help the auditing team obtain evidence about the control environment
All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as ______, that can prevent the organization from achieving it objectives.
business risk
Flowcharts ______.
can be helpful in identifying missing controls are easy to evaluate after they are completed are time-consuming to construct
Two or more people working together to circumvent the internal control system is called ______ and it cannot be prevented by separation of duties.
collusion
AS 2201 encourages the audit team to use the work of internal auditors but the audit team must evaluate their ______ and ______ and perform some tests of their work. (Enter only one word per blank.)
competence objectivity
Specific actions a client's management and employees take to help ensure management's directives are carried out are called ______
control activities
Integrity, ethical values and competence of the entity's people are all ______ factors.
control environment
The foundation for all other components of internal control is the
control environment
When either the design or operation of the control under consideration does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion an internal control ______ exists.
deficiency
An employee knowingly doing something to bypass the internal control system is an act of ______.
deliberate circumvention
A problem relating to either a necessary control that is missing or an existing control so poorly constructed that it fails to satisfy the control's objective is called a(n) ______.
design deficiency
COSO developed a(n) ______ framework to facilitate the assessment and mitigation of business risks a company faces.
enterprise risk management
Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls.
entity
For all relevant assertions for each significant account and disclosure, the audit team begins by examining ______ controls that are pervasive to the internal control system and reliability of the financial statements as a whole.
entity-level
Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.
exception
Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ______ testing.
exception
Procedures related to internal control in an integrated audit performed under AS 2201 are ______ than those in a GAAS audit for a nonpublic entity.
far more extensive
The higher the assessment of control risk, the ______ the assessment of risk of material misstatement.
higher
The preliminary assessment of control risk ______.
includes identifying activities explicitly designed to support reliable financial statement reporting may be made after understanding and documenting internal control
Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are ______ responsibilities.
incompatible
An account's significance is based on its ______ risk.
inherent
The risk of material misstatement is composed of ______risk and ______risk.
inherent control
When testing controls, the audit team often uses ______ about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed.
inquiry
The four methods of testing controls are ______, ______, document examination and ______
inquiry observation reperformance
After understanding and documenting internal control, the audit team should be able to ______.
make a preliminary assessment of control risk
A deficiency that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis is a(n) ______.
material weakness
The focus of AS 2201 is to determine whether a(n) ______ exists at the end of the year being reported on. If it does, the entity's internal control over financial reporting cannot be considered effective.
material weakness
The magnitude of the potential misstatement that could occur and would not be detected on a timely basis is the primary difference between a(n) ______.
material weakness and significant deficiency
Under Sarbanes-Oxley, an audit of the internal control system over financial reporting is required and ______.
must be integrated with the financial statement audit
Flowcharts ______.
must be understandable to an audit supervisor should include narrative explanations should flow from left to right and top to bottom
The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the ______, ______, and ______ of further audit procedures to be conducted for the financial statement audit.
nature timing extent
When gaining an understanding of internal controls, assertions should ______.
only be considered if they are relevant
When a properly designed control is either ignored or inappropriately applied, a(n) ______ has occurred.
operating deficiency
Separation of duties ______.
prevents incompatible responsibilities forces different people or departments to deal with different facets of transactions prevents fraud that do not involve collusion
The COSO definition states that internal control is designed to provide ______ regarding the achievement of objectives in three categories.
reasonable assurance
A material weakness is a deficiency that results in a(n) ______ that a material misstatement would not be prevented or detected on a timely basis.
reasonable possibility
An assertion that has a reasonable possibility of containing a material misstatement is considered to be a(n) ______ assertion.
relevant
COSO internal control categories include ______ of financial reporting and ______ with applicable laws and regulations.
reliability compliance
A key factor in audit sampling is that, for a sample to be considered ______, all items in a population must have an opportunity to be selected.
representative
Section 302 of the Sarbanes-Oxley Act ______.
requires management to assess the risks it wishes to control makes managers responsible for establishing a control environment
The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) ______ assessment, (3) ______ activities, (4) ______ and (5) information and ______
risk control monitoring communication
When control activities do not lend themselves to automated testing, the audit team is likely to use audit ______ to test the population.
sampling
Common monitoring controls include ______.
self-assessments by boards regarding the effectiveness of their oversight supervisory review of controls periodic evaluation of controls by internal audit
Gaining an understanding of internal controls should start by identifying ______ accounts and disclosures and their ______.
significant relevant assertions
A deficiency in internal controls that is less severe than a material weakness yet important enough to merit attention from those charged with governance is a(n) ______.
significant deficiency
Internal control questionnaires ______.
tend to be inflexible make it less likely for the audit team to forget to cover an important point should be used in combination with other methods
Obtaining an understanding of the information system relevant to financial reporting includes understanding ______.
the nature of the underlying accounting records, information and accounts used to execute a transaction how the information system captures events and conditions other than transactions significant to the financial statements
Professional standards recognize that to make effective decisions, managers must have access to ______, ______, and ______ information.
timely reliable relevant
The audit team's focuses on threats to the integrity of the external financial reporting process by taking a ______ approach to evaluating the effectiveness of the internal control system over financial reporting.
top-down
