Audit CH 8
An observed condition that provides evidence that the control being tested did not operate as intended is called a/an _______. A. control exception B. significant deficiency C. attribute sampling D. material weakness
A. control exception
Which of the following refers to a sampling technique used to reach a conclusion about a population in terms of a rate (frequency) of occurrence? A. Attribute sampling B. Control exception C. Tests of control D. Benchmarking
A. Attribute sampling
Which of the following best defines detection controls? A. Controls that are applied after transactions have been processed to identify whether fraud or errors have occurred, and to rectify the fraud or errors on a timely basis B. The collective assessment of the client's control environment, risk assessment process, information system, control activities and monitoring of controls C. Controls that affect a particular transaction cycle or group of transactions D. Controls that determine the flow of documents through the system
A. Controls that are applied after transactions have been processed to identify whether fraud or errors have occurred, and to rectify the fraud or errors on a timely basis
Assessing control risk begins with understanding which of the following? A. Entity-level controls B. Transaction-level controls C. Internal controls D. External controls
A. Entity-level controls
Which of the following should be done by the auditor if tests of controls indicate that a key control is not functioning as designed? A. Increase the assessed level of control risk B. Increase the level of assessed detection risk C. Stabilize the nature, timing, and extent of substantive tests related to the assertion D. Rely on external controls
A. Increase the assessed level of control risk
Which of the following controls are designed to prevent misstatements from happening (prevent controls) and / or detect and correct misstatements on a timely basis (detect controls)? A. Internal controls B. External controls C. Entity-level controls D. Transaction-level controls
A. Internal controls
Define expected rate of deviation. A. It is the rate at which the auditor expects controls to not function as planned. B. It is the maximum rate of deviation from a prescribed control that an auditor is willing to accept. C. It is the rate that represents the confidence that the evidence obtained is representative of the underlying population from which the sample was taken. D. It is similar to the actual rate of deviation in the population.
A. It is the rate at which the auditor expects controls to not function as planned.
Which of the following refers to a deficiency where there is more than a remote possibility that a material misstatement could occur in the financial statements due to a breakdown in the system of internal control? A. Material weakness B. Significant deficiency C. Control deficiency D. Insignificant deficiency
A. Material weakness
Which of the following is NOT a part of tests of control? A. Performance B. Observation C. Inquiry D. Inspection of physical evidence
A. Performance
Which of the following refer(s) to the audit procedures designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level? A. Tests of controls B. Financial auditing C. External controls D. Transaction-level controls
A. Tests of controls
An auditor watching an employee prepare a bank reconciliation would be an example of _______. A. observation B. professional skepticism C. recalculation D. inquiry
A. observation
When performing tests of controls, the auditor is making _______. A. a "yes or no" decision with respect to effectiveness B. multiple decisions C. sure that all controls are working perfectly, with no errors, material or immaterial D. certain that he or she will ultimately be in a position to render absolute assurance on the financial statements and internal control
A. a "yes or no" decision with respect to effectiveness
Entity-level controls involve _______. A. all five components of internal controls B. all four components of internal controls C. all auditor and client controls D. all controls recommended by the internal audit function
A. all five components of internal controls
The two levels of internal control are _______. A. entity-level controls and transaction-level controls B. entity-level controls C. transaction-level controls D. transaction-level and auditor-level controls
A. entity-level controls and transaction-level controls
If the auditor intends to assess control risk at a low level, _______. A. he or she performs more testing than if he or she is planning to obtain only limited assurance from tests of controls B. he or she performs less testing than if he or she is planning to obtain only limited assurance from tests of controls C. he or she performs the same amount of testing if he or she is planning to obtain only limited assurance from tests of controls D. he or she performs more testing than if he or she is planning to obtain unlimited assurance from tests of controls
A. he or she performs more testing than if he or she is planning to obtain only limited assurance from tests of controls
Manual follow-up procedures are ineffective _______. A. if they are not acted upon on a timely basis, or if client personnel fail to clear items noted on an exception report B. if they are acted upon on a timely basis, or if client personnel fail to clear items noted on an exception report C. if they are not acted upon on a timely basis only D. if client personnel fail to clear items noted on an exception report only
A. if they are not acted upon on a timely basis, or if client personnel fail to clear items noted on an exception report
Transaction-level controls are _______. A. implemented by businesses to reduce the risk of misstatement due to error or fraud, and to ensure that business processes are operating effectively B. implemented by the auditors to reduce the risk of misstatement due to error or fraud, and to ensure that business processes are operating effectively C. the same as entity-level controls D. tested by the internal auditors
A. implemented by businesses to reduce the risk of misstatement due to error or fraud, and to ensure that business processes are operating effectively
The technique that involves the auditor using questioning skills to determine how the control is completed and whether it appears to have been carried out properly and on a timely basis is known as _______. A. inquiry B. observation C. reperformance D. recalculation
A. inquiry
When an auditor asks management how it makes sure the reconciliation is prepared correctly and on a timely basis, this is an example of _______. A. inquiry B. interrogation C. audit scanning techniques D. professional skepticism
A. inquiry
When the auditor inspects initials and dates on bank reconciliation, he or she is doing ______. A. inspection of physical evidence B. inquiry C. observation D. reperformance
A. inspection of physical evidence
Preventing errors during processing _______. A. is an important objective of every accounting system B. is an optional objective of every accounting system C. is the responsibility of the auditor D. is the responsibility of the internal auditors
A. is an important objective of every accounting system
The tolerable deviation rate _______. A. is the maximum rate of deviation from a prescribed control that an auditor is willing to accept and still use the planned assessed level of control risk B. is the minimum rate of deviation from a prescribed control that an auditor is willing to accept and still use the planned assessed level of control risk C. refers to the extent that audit fees can go over the roughly agreed amount D. relates to how many immaterial misstatements the auditor finds
A. is the maximum rate of deviation from a prescribed control that an auditor is willing to accept and still use the planned assessed level of control risk
The expected rate of deviation in the population _______. A. is the rate at which the auditor expects controls not to function as planned B. is the rate at which the auditor expects controls to function as planned C. relates to how many accounts within the population will be stated correctly D. relates to how many accounts within the population will be consistent with the auditor's expectation
A. is the rate at which the auditor expects controls not to function as planned
The auditor testing the effectiveness of manual follow-up to see whether items put on an exception report were appropriately cleared is an example of _______. A. reperformance B. observation C. inquiry D. inspection of physical evidence
A. reperformance
If the auditor determines that an effective compensating control does not exist, or tests of controls show that the compensating control is not functioning as designed, _______. A. the auditor revises the overall audit risk assessment for the related account and assertion, and the planned audit strategy B. the auditor makes no changes to the overall audit risk assessment for the related account and assertion, and the planned audit strategy C. the auditor concludes that internal control is weak, and issues an appropriate opinion D. the auditor would lower inherent risk surrounding the engagement as a whole
A. the auditor revises the overall audit risk assessment for the related account and assertion, and the planned audit strategy
When performing an integrated audit (to issue an opinion on the financial statements and an opinion on internal controls over financial reporting), _______. A. the auditor uses a top-down approach to determine which controls to select B. the auditor uses a bottom-up approach to determine which controls to select C. the auditor should be careful to issue the same audit opinion for both the financial statements and internal control D. the auditor should be careful to issue different audit opinions for the financial statements and internal control
A. the auditor uses a top-down approach to determine which controls to select
If there is a high risk of material fraud related to an assertion, _______. A. the auditor will want to test controls over that assertion B. the auditor will want to test controls over other assertions C. the auditor should request the audit be conducted by the internal audit function D. the auditor should withdraw from the engagement, to avoid risk exposure
A. the auditor will want to test controls over that assertion
If the audit firm is performing an integrated audit for a public company, _______. A. there is an expectation that the auditor will test controls in order to support an opinion on Internal Control over Financial Reporting (ICFR) B. there is an expectation that the auditor will audit the financial statements only in order to support an opinion on ICFR C. the audit should be conducted in conjunction with the internal auditors D. the auditor should request the assistance of the prior auditor
A. there is an expectation that the auditor will test controls in order to support an opinion on Internal Control over Financial Reporting (ICFR)
Once auditors understand the flow of transactions, _______. A. they will use their knowledge of assertions to understand what can go wrong B. they will use their knowledge of the client's legal history to understand what can go wrong C. they are ready to issue a clean audit opinion D. they should request the internal audit function begin the audit
A. they will use their knowledge of assertions to understand what can go wrong
Most companies design detection controls _______. A. to ensure that if prevention controls are not effective, errors or fraud will be detected and corrected on a timely basis B. to ensure that if detection controls are not effective, errors or fraud will be detected and corrected on a timely basis C. to catch errors or fraud before the transactions have been processed D. to catch errors or fraud while the transactions are being processed
A. to ensure that if prevention controls are not effective, errors or fraud will be detected and corrected on a timely basis
The assurance that the _______ is not exceeded by the actual rate of deviation is influenced by the degree to which the auditor intends to rely on the control as a basis for limiting substantive tests or for supporting an opinion on internal control over financial reporting (ICFR). A. tolerable rate of deviation B. expected rate of deviation in the population C. desired level of assurance D. control exception
A. tolerable rate of deviation
The first step in assessing control risk is to _______. A. understand entity-level controls B. understand the flow of transactions C. identify relevant controls to test D. determine preliminary audit strategy
A. understand entity-level controls
Processing auditor test data using the client's software application _______. A. will allow the auditor to verify that the software application is functioning as designed B. will allow the auditor to verify manual controls within the software application are functioning as designed C. may corrupt the client's system, and should not be attempted D. should be performed without the knowledge of the client's senior management
A. will allow the auditor to verify that the software application is functioning as designed
In the audit of a private company, _______. A. an auditor's tests of controls are unrelated to the planned audit strategy B. an auditor's tests of controls are largely dictated by the planned audit strategy C. the auditor is not subject to reporting and notification requirements D. the auditors should preemptively determine the entities ability to pay for the audit and request a certain percentage in advance
B. an auditor's tests of controls are largely dictated by the planned audit strategy
An audit testing strategy that can be used to allow evidence obtained in prior audit periods to support a conclusion about IT application controls in the current audit period is known as _______. A. statistical benchmarking B. benchmarking C. nonstatistical sampling D. prior period inference
B. benchmarking
Detection controls vary _______. A. from year-to-year with the same client B. from client to client to a greater extent than prevention controls C. from client to client to a lesser extent than prevention controls D. depending on managements desire to override controls
B. from client to client to a greater extent than prevention controls
A control would be ineffective _______. A. if it was performed B. if it was not performed, or if it failed to function as designed C. if it was not performed only D. if it failed to function as designed only
B. if it was not performed, or if it failed to function as designed
Internal controls can _______. A. only include certain procedures approved by management and the auditor B. include any procedure used and relied upon by the client to prevent errors from occurring when processing transactions, or to detect and correct errors that may occur in these transactions C. include any procedure used and relied upon by the auditor to prevent errors from occurring when processing transactions, or to detect and correct errors that may occur in these transactions D. never be subject to senior management override
B. include any procedure used and relied upon by the client to prevent errors from occurring when processing transactions, or to detect and correct errors that may occur in these transactions
Absence of effective prevention controls _______. A. decreases the risk that errors or fraud may occur B. increases the risk that errors or fraud may occur C. decreases the overall risk of the audit D. has no bearing on the risk of the audit
B. increases the risk that errors or fraud may occur
If a client has strong entity-level controls, _______. A. it is less likely that transaction-level controls will operate effectively B. it is more likely that transaction-level controls will operate effectively C. it is likely that the client has an ineffective audit committee D. it is likely that the client has a higher assessed level of inherent risk
B. it is more likely that transaction-level controls will operate effectively
An example of a purely manual control is a _______. A. computerized batch processing system B. locked inventory cage for high dollar-value items to which only a few authorized staff have a key to access C. requirement for employees to login to computer systems using validating credentials D. automated prevention and detection controls
B. locked inventory cage for high dollar-value items to which only a few authorized staff have a key to access
Strong entity-level controls _______. A. make it less likely that transaction-level controls will operate effectively B. make it more likely that transaction-level controls will operate effectively C. generally increase inherent risk D. have no bearing on inherent risk
B. make it more likely that transaction-level controls will operate effectively
A common software-based audit technique involves _______. A. requesting management complete flowcharts and questionnaires related to the audit B. submitting certain test data into the client's software application while the auditor is in control of the software C. allowing the internal auditors access to the external auditor's software application in order to assist with the audit D. deleting client files and transactions to ensure that the client's software appropriately alerts the correct staff
B. submitting certain test data into the client's software application while the auditor is in control of the software
When testing controls, _______. A. the auditor must be alert for evidence that the control might be effective, even if only once or twice B. the auditor must be alert for evidence that the control might be ineffective, even if only once or twice C. the auditor should delegate audit procedures to the internal auditors where possible D. it is possible for the auditor to rely on the opinion of the prior auditor
B. the auditor must be alert for evidence that the control might be ineffective, even if only once or twice
If the test results do not confirm the preliminary evaluation of controls, _______. A. the auditor will consider whether there is a compensating control that might prevent and correct a misstatement missed by the original control being tested B. the auditor will consider whether there is a compensating control that might detect and correct a misstatement missed by the original control being tested C. the auditor should obtain additional written assurances from management D. the auditor should consider withdrawing from the engagement
B. the auditor will consider whether there is a compensating control that might detect and correct a misstatement missed by the original control being tested
With respect to audit sampling, _______. A. there is no relationship between assurance and sample size B. there is a direct relationship between assurance and sample size C. the choice of which accounts to sample should be as non-random as possible D. the auditors should ideally select a sample size which is larger than the population
B. there is a direct relationship between assurance and sample size
Inquiry _______. A. alone would be considered quality audit evidence B. would not be considered quality audit evidence C. should not be used in conjunction with other audit procedures D. involves making inquiries of prior auditors
B. would not be considered quality audit evidence
The auditor begins selecting controls to test by _______. A. asking management which controls they would prefer the auditor to test B. checking the same controls as the prior year C. by understanding the entity and the business and determining the risk of material fraud or error at the financial statement level D. by understanding the entity and all other industries and determining the risk of material fraud or error at the financial statement level
C. by understanding the entity and the business and determining the risk of material fraud or error at the financial statement level
Prevention controls _______. A. should always have physical evidence indicating whether the control was performed B. will rarely have physical evidence indicating whether the control was performed C. do not always have physical evidence indicating whether the control was performed D. are the same as detect controls
C. do not always have physical evidence indicating whether the control was performed
The fourth step in assessing control risk is _______. A. understand entity-level controls B. understand the flow of transactions C. identify relevant controls to test D. perform tests of controls
C. identify relevant controls to test
An IT application control will be ineffective _______. A. if the entity is hacked or experiences some form of phishing B. if it lists an appropriate transaction on an exception report C. if it fails to put an invalid transaction on an exception report D. if it is consistently used
C. if it fails to put an invalid transaction on an exception report
An auditor asking the employee who prepares the bank reconciliation how reconciling items are identified would be an example of _______. A. observation B. reperformance C. inquiry D. statistical testing
C. inquiry
The procedure that relies on the auditor testing the physical evidence to verify that a control has been performed properly _______. A. is referred to as reperformance B. is referred to as recalculation C. is known as inspection of physical evidence D. is known as inspection of computer systems
C. is known as inspection of physical evidence
Important information obtained through inquiry _______. A. should be forwarded to the client's legal counsel for review and approval B. should be disregarded if it contradicts management's statements and intentions C. should be corroborated with other evidence D. should be used in isolation
C. should be corroborated with other evidence
In order to determine the extent of testing of controls, _______. A. the auditor should inquire of management as to their preferences B. the auditor can use statistically based sampling techniques only C. the auditor can use either statistically based sampling techniques or nonstatistical techniques D. the auditor can use non nonstatistical techniques only
C. the auditor can use either statistically based sampling techniques or nonstatistical techniques
The more assurance the auditor wants, _______. A. the less representative a sample should be of the population, and the more testing the auditor needs to do B. the more representative a sample should be of the population, and the less testing the auditor needs to do C. the more representative a sample should be of the population, and the more testing the auditor needs to do D. the less representative a sample should be of the population, and the less testing the auditor needs to do
C. the more representative a sample should be of the population, and the more testing the auditor needs to do
The greater the amount of difference between tolerable deviation rate and expected deviation rate, _______. A. the larger the sample size B. the lower any statistical variance should be C. the smaller the sample size. D. the smaller the population being sampled should be
C. the smaller the sample size.
Prevention controls are those applied _______. A. at both the entity and transaction levels B. at the transaction level only C. to each transaction during normal processing and are intended to stop fraud or errors from occurring D. to each entity during normal processing and are intended to stop fraud or errors from occurring
C. to each transaction during normal processing and are intended to stop fraud or errors from occurring
If the auditor is auditing a public company in the United States and must report on internal controls over financial reporting (ICFR), the identification of one or more material weaknesses _______. A. will result in the auditor issuing an adverse opinion on the financial statements B. will result in the auditor issuing a disclaimer of opinion on the financial statements C. will result in an adverse opinion on ICFR D. will result in an unmodified opinion on ICFR
C. will result in an adverse opinion on ICFR
With respect to timing, tests of controls _______. A. are usually carried out after the firm's financial statement date B. are usually carried at the firm's financial statement date C. will usually be carried out at an interim date, often about three months prior to year-end D. will usually be carried out at an interim date, often about six months prior to year-end
C. will usually be carried out at an interim date, often about three months prior to year-end
In trying to determine whether there is a need for additional tests of controls, the following factors are considered: A. Results of inquiries and observations B. Evidence provided by other tests C. Changes in the overall control environment D. All of these answer choices are correct
D. All of these answer choices are correct
If tests of controls indicate that a key control is not functioning as designed, and if other compensating controls do not exist, the auditor should _______. A. increase the assessed level of control risk B. decrease the level of assessed detection risk C. make appropriate changes to the nature, timing and extent of substantive tests related to the assertion D. All of these answer choices are correct.
D. All of these answer choices are correct.
The auditor always needs to investigate any control exceptions (deviations) that he or she identifies during testing to find out, to the extent practical, _______. A. the causes and the amounts involved B. the financial statement accounts affected C. the potential effect on other audit procedures D. All of these answer choices are correct.
D. All of these answer choices are correct.
Reperformance _______. A. should be delegated to the internal audit function B. should be the responsibility of the client's legal counsel C. is mandatory at every client audit D. is likely to be used, but would be determined by the auditor's professional judgment
D. is likely to be used, but would be determined by the auditor's professional judgment