Audit Chapter 5 LearnSmart
Which of the following statements are correct regarding internal control communications to public entities?
All deficiencies must be communicated in writing to management, the auditors' report must be in writing
True or false: An understanding of the design of controls or how they are intended to function provides the audit team complete evidence as to the operating effectiveness of controls.
False
True or false: Document examination alone is never considered an adequate test of controls.
False
True or false: Professional standards do not require the audit team to evaluate the sufficiency of management's control activities.
False
Which of the following statements are correct?
If a control activity has high risk, more persuasive evidence is needed, it may be more efficient for the auditor to choose not to rely on controls
True or false: Control activities designed to promote a culture of honest and ethical behavior should be evaluated in response to fraud risks identified during the planning stage.
True
True or false: In some sense, all controls can be thought of as preventative controls.
True
Which of the following statements are correct?
Using and accounting for prenumbered documents helps support the completeness assertion, spreadsheet "errors" can pose risks to an entity's internal control system
An external auditor recommends an internal control to a client that will improve the system. After doing a cost-benefit analysis, the client rejects the suggestion. The auditor should
accept the client's decision under the concept of reasonableness assurance
The final assessment of control risk should:
assist in determining the list of substantive procedures required, be coordinated with the final audit plan
All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as __, that can prevent the organization from achieving it objectives.
business risks
A strong system of controls __ guarantee that errors will not occur.
cannot
Separation of duties cannot prevent __ which is two or more people working together to circumvent the internal control system.
collusion
The audit team:
communicates internal control issues to help management carry out internal control monitoring responsibilities, must communicate significant deficiencies and material weakness identified during the audit
The foundation for all other components of internal control is the __.
control environment
An employee knowingly doing something to bypass the internal control system is an act of
deliberate circumvention
Whether the controls over financial reporting, if operating as they should, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements is determined by __.
design effectiveness
When a single audit test produces both control testing and substantive testing evidence, it is called a(n) __-__ test.
dual-purpose
An audit procedure that selects recorded payroll entries to vouch payroll to time cards and calculate the correct dollar amount of payroll is an example of a
dual-purpose test
COSO internal control categories include __ and __ of operations.
effectiveness, efficiency
COSO developed a(n) __ framework to facilitate the assessment and mitigation of business risks a company faces.
enterprise risk management
The idea behind ERM or __, is that management, boards, and employees have to be constantly thinking about what could go wrong with the business and how to prevent it.
enterprise risk management
Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called __ controls.
entity-level
Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of __ testing.
exception
The professional standards require the auditor to gain an understanding of the client's risk assessment process related to:
financial reporting risks, fraud risk
Segregation of duties:
forces different people or departments to deal with different facets of transactions, prevents fraud that do not involve collusion, prevents incompatible responsibilities
To be considered appropriate audit evidence, an audit sample must be:
from a population that covers the entire period of reliance, representative of the population being sampled
When audit teams reach the third phase of an evaluation of internal control they:
have identified controls on which they intend to rely, have set an acceptable rate of compliance for an activity to be considered effective
Flowcharts:
help the audit team assess the key control points in the process, involve considerable time and effort, have become a popular documentation method for auditors
The higher the assessment of control risk, the __ the assessment of risk of material misstatement.
higher
An audit team's assessment of control risk as high:
implies controls cannot be relied upon, implies controls are ineffective
Combinations of duties that place a single person in a position to create and conceal misstatement due to errors or frauds in his or her normal job are __ responsibilities.
incompatible
An account's significance is based on its __ risk.
inherent
The risk of material misstatement is composed of __ risk and __ risk.
inherent, control
The four methods of testing controls are __, __, document examination and __.
inquiry, observation, reperformance
External auditors complete an audit on the financial statements and one on internal control as part of a(n) __.
integrated audit
The efficiency of a management interview can be improved by using a(n)
internal control questionnaire
The emphasis of the Sarbanes-Oxley Act is on the ___ as an important means to prevent or detect material misstatements in the financial statements due to fraud.
internal control system
Physical access should be limited to authorized personnel. This limitation should include:
inventory, payroll records, securities
The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion:
is equivalent to assessing control risk at 100%
After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because:
it is less time consuming to conduct substantive tests, the internal control system is too ineffective to rely on, the cost of obtaining a low control risk assessment is high
Each member of the audit committee must be financially __ and one member must be a financial __.
literate, expert
After understanding and documenting internal control, the audit team should be able to:
make a preliminary assessment of control risk
Section 302 of the Sarbanes-Oxley Act:
makes management responsible for monitoring, supervising and maintaining control activities, allows managers to make their own judgements about the necessity of specific controls, is designated to ensure the proper "tone at the top"
Under the Sarbanes-Oxley Act who is responsible for evaluating the effectiveness of an organization's internal control system?
management and external auditors
Although not required by auditing standards, audit teams often issue a(n) __ containing commentary and suggestions on a variety of matters in addition to internal control matters.
management letter
Management may not be able to conclude that the entity's internal controls over financial reporting is effective if any __ exist.
material weaknesses
The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is:
moderate
Narrative descriptions tend to be:
most efficient for audits of small businesses
A method for documenting the audit team's inderstanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) __.
narrative description
A method for documenting the audit team's understanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) __.
narrative description
The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the __, __, and __ of further audit procedures to be conducted for the financial statement audit.
nature, timing, extent
An auditor can
never rely on information produced by the company's information system without investigation
Duties of the audit committee include:
oversight of the public accounting firm conducting the entity's audit, engaging legal counsel in the event of management fraud, overseeing the anonymous fraud hotline
When documenting their understanding of the internal control system, the audit team should consider questions related to:
policies and procedures documentation and communication, selection and development of control activities, integration with the risk assessment process, information technology
External auditors are:
primarily concerned with a client's internal control system as it relates to the financial reporting category
Internal control provides __ assurance that management's objectives will be achieved.
reasonable
The COSO definition states that internal control is designed to provide __ regarding the achievement of objectives in three categories.
reasonable assurance
Duties that should be segregated are:
reconciliation, recording, authorization, custody
COSO internal control categories include __ of financial reporting and __ with applicable laws and regulations.
reliability, compliance
A key factor in audit sampling is that, for a sample to be considered __, all items in a population must have an opportunity to be selected.
representative
Performance reviews:
require management's active participation in the supervision of operations, can help lower the risk of material misstatements, include the study of budget variances with follow up actions
The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) __ assessment, (3) __ activities, (4) __ and (5) information and __.
risk, control, monitoring, communication
Common monitoring controls include:
self-assessments by management regarding the tone they set, analysis of and follow up items that might be indicative of a control failure, quality assurance review of the internal audit department
Internal control questionnaires:
should be used in combination with other methods, make it less likely for the audit team to forget to cover an important point, tend to be inflexible, are somewhat unique for each organization, help the auditing team obtain evidence about the control environment, should include questions about each relevant assertion
Flowcharts:
should flow from left to right and top to bottom, should include narrative explanations, must be understandable to an audit supervisor
The information system produces an audit trail that begins with __ documents and proceeds through to the financial reports.
source
A well-functioning internal control environment requires:
support as shown by management's philosophy and operating style, competent individuals in financial reporting and oversight roles, supportive human resource policies and practices
When the audit team members document their understanding of management's control activities, a positive assessment may result in
testing control activities for reliance
In order to assess control risk below the maximum:
tests of controls must be performed
Obtaining an understanding of the information system relevant to financial reporting includes understanding:
the nature of the underlying accounting records, information and accounts used to execute a transaction, how the information system captures events and conditions other than transactions significant to the financial statements
Professional standards recognize that to make effective decisions, managers must have access to __, __ and __ information.
timely, reliable, relevant
The audit team identifies __-__ controls that pertain to specific classes of entries, account balances and disclosures.
transaction-level
A combination of personnel inquiry, operation observation and document examination while tracing a single transaction through the entire audit trail is a(n)
walkthrough