Auditing Chapter 3 review

¡Supera tus tareas y exámenes ahora con Quizwiz!

4. Which of the following creates an opportunity for committing fraudulent financial reporting in an organization? a.Management demands financial success. b.Poor internal control. c.Commitments tied to debt covenants. d.Management is aggressive in its application of accounting rules.

B. Poor internal control

3. Which of the following are affected by the quality of an organization's internal controls? a. Reliability of financial data. b. Ability of management to make informed business decisions. c. Ability of the organization to remain in business. d. All of the above. e. Only a and c.

D. All of the above

13. Only organizations in high-risk industries face a risk that they will not achieve their objective of reliable financial reporting. (T / F)

False

17. There is one standard set of control activities that all organizations should implement. (T / F)

False

25. As part of monitoring, an organization will select either ongoing evaluations or separate evaluations, but not both. (T / F)

False

29. Management of U.S. public companies may provide a public report on the effectiveness of their organization's internal control over financial reporting, but management is not required to do so. (T / F)

False

34. Management will classify a control deficiency as a material weakness only if there has been a material misstatement in the financial statements. (T / F)

False

38. While understanding a client's internal control over financial reporting may help the external auditor plan the audit, the external auditor is not required to obtain this understanding for all audit engagements. (T / F)

False

6. Organizations use the GAAP framework of internal control as a benchmark when assessing the effectiveness of internal control over financial reporting. (T / False)

False

5. The purpose of internal control is to provide absolute assurance that an organization will achieve its objective of reliable financial reporting. (T / False)

False- reasonable assurance

1.Effective internal control over financial reporting allows for more informed decisions by internal and external users of the financial information. (True/ F)

True

10. The control environment is seen as the foundation for all other components of internal control. (T / F)

True

14. An organization's risk assessment process should identify risks to reliable financial reporting from both internal and external sources. (T / F)

True

18. Control activities include both preventive and detective controls. (T / F)

True

2. Management needs to understand its risks to reliable financial reporting before determining which internal controls would be most helpful to achieving its goal of reliable financial reporting. (True/ F)

True

21. An organization's accounting system is part of its information and communication component of internal control. (T / F)

True

22. An organization needs information from both internal and external sources to achieve its objectives. (T / F)

True

26. Communicating identified control deficiencies is a principle of monitoring. (T / F)

True

30. As part of a walkthrough, management will follow a transaction from origination to when it is reflected in the financial records to determine whether the controls are effectively designed and have been implemented. (True/ F)

True

33. If management identifies even one material weakness in internal control, then management will conclude that the organization's internal control over financial reporting is not effective. (T / F)

True

37. The auditor needs to understand a client's internal controls in order to anticipate the types of material misstatements that may occur in the financial statements and then develop sufficient appropriate audit procedures to determine whether those misstatements exist in the financial statements. (T / F)

True

9. The control environment component of internal control is a pervasive or entity-wide control because it affects multiple processes and multiple types of transactions. (T / F)

True

36. Which of the following scenarios represents a control deficiency? a.A missing control that is required for achieving objectives. b.A control that operates as designed. c.A control that provides reasonable, but not absolute assurance, about the reliability of financial reporting. d.An immaterial individual misstatement in internal.

a. A missing control that is required for achieving objectives.

27. Which of the following is not an effective implementation of the monitoring component of COSO's Internal Control- Integrated Framework? a.Internal audit periodically works to improve internal controls. b.Management reviews current economic performance against expectations and investigates to determine causes of significant deviations from the expectations. c.The organization implements software that captures all instances in which the underlying program identifies processed transactions that exceed company-authorized limits. d.The organization builds in edit checks to determine whether all purchases are made from authorized vendors, and flags those that are not.

a.Internal audit periodically works to improve internal controls.

40. Which of the following statements is true regarding the auditor's assessment of a client's internal control over financial reporting? a.The auditor reviews management's documentation of its internal control and management's evaluation and findings related to internal control effectiveness. b.The auditor's assessments of control deficiencies will be the same as management's assessment of the same deficiencies. c.In testing controls, the auditor is only concerned about the client's control environment and risk assessment. d.All of the above are true.

a.The auditor reviews management's documentation of its internal control and management's evaluation and findings related to internal control effectiveness.

20. Which of the following statements about application controls is true? a.Organizations can have manual application controls or automated application controls, but not a combination of the two. b.Application controls are intended to mitigate risks associated with data input, data processing, and data output. c.Application controls are a part of the monitoring component of internal control. d.Self-checking digits are an output control.

b. Application controls are intended to mitigate risks associated with data input, data processing, and data output.

12. Which one of the following components of internal control over financial reporting sets the tone for the organization? a.Risk assessment. b.Control environment. c.Information and communication. d.Monitoring Risk Assessment Organizations face risks of material misstatement in their financial reports.

b. Control environment

What are the components of internal control per COSO's Internal Control-Integrated Framework? a. Organizational structure, management philosophy, planning, risk assessment, and control activities b.Control environment, risk assessment, control activities, information and communication, and monitoring. c.Risk assessment, control structure, backup facilities, responsibility accounting, and natural laws. d.Legal environment of the firm, management philosophy, organizational structure, control activities, and control assessment.

b. Control environment, risk assessment, control activities, information and communication, and monitoring

8. Which of the following statements regarding internal control is false? a.Internal control is a process consisting of ongoing tasks and activities. b.Internal control is primarily about policy manuals, forms, and procedures. c.Internal control is geared toward the achievement of multiple objectives. d.A limitation of internal control is faulty human judgment. e.All of the above statements are true.

b. Internal control is primarily about policy manuals, forms, and procedures.

16. Which of the following is not part of management's fraud risk assessment process? a.The assessment considers ways the fraud could occur. b.The assessment considers the role of the external auditor in preventing fraud. c.Fraud risk assessments serve as an important basis for determining the control activities needed to mitigate fraud risks. d.The assessment considers pressures that might lead to fraud in the financial statements.

b. The assessment considers the role of the external auditor in preventing fraud.

23. Which of the following is an effective implementation of the information and communication component of COSO's Internal Control-Integrated Framework? a.The organization has one-way communication with parties external to the organization. b.The organization has a whistle-blower function that allows parties internal and external to the organization to communicate concerns about possible inappropriate actions in the organization's operations. c.The organization has a robust process for assessing risks internal and external to the organization. d.The organization builds in edit checks to determine whether all purchases are made from authorized vendors.e.All of the above.

b.The organization has a whistle-blower function that allows parties internal and external to the organization to communicate concerns about possible inappropriate actions in the organization's operations

31. Which of the following statements is false regarding management's documentation of internal control over financial reporting? a.Management needs to maintain sufficient and appropriate documentation of the internal controls they have designed and implemented to achieve the objective of reliable financial reporting. b.Internal control documentation is useful in training new personnel or serving as a reference tool for all employees. c.Management only needs to maintain documentation if the company's auditors will be providing an opinion on internal control effectiveness. d.Documentation provides evidence that the controls are operating.

c.Management only needs to maintain documentation if the company's auditors will be providing an opinion on internal control effectiveness

28. Which of the following is the most accurate statement related to the monitoring component of COSO's Internal Control-Integrated Framework? a.Monitoring is a process that is relevant only to the control activities component of COSO's Internal Control- Integrated Framework. b.Separate evaluations are more timely than ongoing evaluations in identifying control deficiencies. c.Monitoring is a process that provides feedback on the effectiveness of each component of internal control. d.Monitoring includes automated edit checks to determine whether all purchases are made from authorized vendors.

c.Monitoring is a process that provides feedback on the effectiveness of each component of internal control.

39. Which of the following is a reason that the auditor obtains an understanding of the client's internal control over financial reporting? a.This understanding is required by professional auditing standards. b.Understanding of internal control is needed to properly plan the audit. c.This understanding helps an auditor assess a client's risk of material misstatement. d.All of the above are reasons why the auditor obtains an understanding of the client's internal control over financial reporting.

d. All of the above are reasons why the auditor obtains an understanding of the client's internal control over financial reporting.

15. Which of the following statements is false regarding the risk assessment component of internal control? a.Risk assessment includes assessing fraud risk. b.Risk assessment includes assessing internal and external sources of risk. c.Risk assessment includes the identification and analysis of significant changes. d.Economic changes would not be considered a risk that needs to be analyzed as part of the risk assessment process.

d. Economic changes would not be considered a risk that needs to be analyzed as part of the risk assessment process.

19. Which of the following scenarios provides the best example of segregation of duties? a.Employees perform multiple jobs, and have access to related records. b.The internal audit function performs an independent test of transactions throughout the year and reports any errors to departmental managers. c.The person responsible for reconciling the bank account is responsible for cash disbursements but not for cash receipts. d.The payroll department cannot add employees to the payroll or change pay rates without the explicit authorization of the Human Resources Department.

d. The payroll department cannot add employees to the payroll or change pay rates without the explicit authorization of the Human Resources Department.

35. Assume that an organization sells software. The sales contracts with the customers often have nonstandard terms that impact the timing of revenue recognition. Thus, there is a risk that revenue may be recorded inappropriately. To mitigate that risk, the organization has implemented a policy that requires all nonstandard contracts greater than $1 million to be reviewed on a timely basis by an experienced and competent revenue accountant for appropriate accounting, prior to the recording of revenue. Management has classified this deficiency as a material weakness. Which of the following best describes the conclusion made by management? a.There is more than a remote possibility that a material misstatement could occur. b.The likelihood of misstatement is reasonably possible. c.There is more than a remote possibility that a misstatement could occur. d.There is a reasonable possibility that a material misstatement could occur. e.There is a reasonable possibility that a misstatement could occur.

d. There is a reasonable possibility that a material misstatement could occur.

24. Which of the following is not a principle of the information and communication component of COSO's Internal Control-Integrated Framework? a.The organization identifies, obtains, and uses relevant information. b.The organization communicates internally. c.The organization communicates externally. d.All of the above are principles of the information and communication component of COSO's Internal Control- Integrated Framework.

d.All of the above are principles of the information and communication component of COSO's Internal Control- Integrated Framework.

32. Which of the following is not included in management's report on internal control? a.A statement that management is responsible for internal control. b.A definition of internal control. c.A discussion of the limitations of internal control. d.The criteria used in assessing internal control. e.A description of the work that the internal auditors performed.

e. A description of the work that the internal auditors performed.

11. Which of the following principles would not be considered a principle of an organization's control environment? a.Independence and competence of the board. b.Competence of accounting personnel. c.Structures, reporting lines, and authorities and responsibilities. d.Commitment to integrity and ethical values. e.They would all be considered principles of the control environment.

e. They would all be considered principles of the control environment.


Conjuntos de estudio relacionados

Org Behavior Ch 13: Organizational Structure and Culture

View Set

Chapter 11. Pricing Products and Services

View Set

AOM: TG Ch. 5: Head, Neck, and Face Muscles and Bones Review

View Set

Mathematics 800 Fundamentals - Unit 5: More With Functions DISTRIBUTIVE PROPERTY

View Set