Auditing test 2 chapter 5

Auditors obtain an understanding of the internal control through all of the following, except Responses to inquiries directed to client personnel. A walk-through of one or more transactions. A substantive testing audit plan. Previous experience with the company.

A substantive testing audit plan.

What objectives of internal controls are of primary interest to an auditor performing a financial statement audit? Effective and efficient operations Accurate and reliable financial reporting Compliance with applicable laws and regulations Prevention or detection and timely correction of errors and fraud

Accurate and reliable financial reporting

The auditor should assess control risk for each relevant assertion by evaluating the evidence obtained from all sources, including The auditor's testing of controls for the audit of internal control on a public company. Misstatements detected during the financial statement audit. Any control deficiencies identified during the audit. All of the choices are correct.

All of the choices are correct.

Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization? Disclosing lack of segregation of duties to the external auditors during the annual review. Replacing personnel every three or four years. Requiring accountants to pass a yearly background check. Allowing for greater management oversight of incompatible activities.

Allowing for greater management oversight of incompatible activities.

A transaction-level internal control activity is best described as An action taken by auditors to obtain evidence. An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company. A method for recording, summarizing, and reporting financial information. The functioning of the board of directors in support of its audit committee.

An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company.

Which of the following procedures is considered a test of controls? An auditor reviews the entity's check register for unrecorded liabilities. An auditor evaluates whether a general journal entry was recorded at the proper amount. An auditor interviews and observes appropriate personnel to determine segregation of duties. An auditor reviews the audit workpapers to ensure proper sign-off.

An auditor interviews and observes appropriate personnel to determine segregation of duties.

Which of the following statements is correct regarding internal control? A well-designed internal control environment ensures the achievement of an entity's control objectives. An inherent limitation to internal control is the fact that controls can be circumvented by management override. A well-designed and operated internal control environment should detect collusion perpetrated by two people . Internal control is a necessary business function and should be designed and operated to detect all errors and fraud.

An inherent limitation to internal control is the fact that controls can be circumvented by management override.

Identify the correct statement regarding integrated audits. The AICPA began requiring integrated audits in response to accounting scandals such as Enron. An integrated audit involves providing an opinion on the financial statements and the internal control effectiveness of a company. The term 'integrated audit' refers to the cooperation between internal and external auditors in preparing audited financial statements. Evaluating internal controls is often a vital part of an integrated audit.

An integrated audit involves providing an opinion on the financial statements and the internal control effectiveness of a company.

Which of the following is a device designed to help the audit team obtain evidence about the accounting and control activities of an audit client? A narrative memorandum describing the control system. An internal control questionnaire. A flowchart of the documents and procedures used by the company. A detailed description of entity and transaction level controls.

An internal control questionnaire.

Which of the following activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud? Distributing paychecks directly to department store employees. Setting the pay rate for departmental employees. Hiring employees and authorizing them to be added to payroll. Approving a summary of hours each employee worked during the pay period.

Approving a summary of hours each employee worked during the pay period.

Which of the following client internal control activities is not usually performed in the treasurer's department? Verifying the accuracy of checks and vouchers. Controlling the mailing of checks to vendors. Approving vendors' invoices for payment. Canceling payment vouchers when paid.

Approving vendors' invoices for payment.

Which of the following would not be considered a control activity? Physical controls. Information processing controls. Performance reviews. Assessment of control risk.

Assessment of control risk.

In most audits of large entities, control risk assessment contributes to audit efficiency, which means that The cost of control evaluation work will exceed the cost of substantive procedures. Auditors will be able to reduce the cost of substantive procedures by an amount less than the cost of tests of controls. Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs. The cost of substantive procedures will exceed the cost of control evaluation work.

Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs.

The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the Authorization of transactions from the custody of related assets. Administrative controls from the internal accounting controls. Operational responsibility from the record-keeping responsibility. Human resources function from the controllership function.

Authorization of transactions from the custody of related assets.

When completing the audit of internal controls for a public company, AS 2201 requires auditors to test Operating effectiveness only. Design effectiveness only. Both operating and design effectiveness. Neither operating nor design effectiveness

Both operating and design effectiveness.

When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on: Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure. Whether the account has a history of errors. The magnitude of the potential misstatement resulting from the deficiency or the deficiencies. Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure. All of the choices are correct.

Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure.

Which of the following are principles associated with the control environment? Commitment to competence, participation of those charged with governance, and ethical values and integrity Commitment to competence and participation of those charged with governance Participation of those charged with governance and ethical values and integrity Commitment to competence and ethical values and integrity

Commitment to competence, participation of those charged with governance, and ethical values and integrity

Accounting for the numerical sequence of shipping documents is a control procedure designed to achieve the internal control objective of Accounting. Accuracy. Completeness. Validity.

Completeness.

To test the operating effectiveness of a control, an audit team might use a combination of each of the following tests except for: Confirmation of balances. Inspection of documentation. Observation of company operations. Inquiry of client personnel.

Confirmation of balances.

According to the COSO Integrated Framework, reviews of business performance are an example of which of the five components of internal control? Risk assessment Control environment Monitoring Control activities

Control activities

HexaCo has various policies and procedures pertaining to the company's operations. These policies and procedures are routinely referred to and adhered to, as they support management directives. According to the COSO Integrated Framework, policies and procedures which assist in achieving management directives would be examples of which element of internal control? Control activities Control environment Monitoring Information and communication

Control activities

An action taken to prevent, detect, and correct errors and frauds in transactions is referred to as a Control activity. Control objective. Dual-purpose test. Risk assessment.

Control activity.

The five internal control components do not include Monitoring. Control activities. Risk assessment. Control risk.

Control risk.

Significant deficiencies are defined as conditions that Relates to either a necessary control that is missing or an existing control that is so poorly designed that it fails to satisfy the control's objective. Could adversely affect the organization's ability to initiate, record, process, and report financial data in the financial statements. Exists when the design or operation of a control does not allow the company's management or employees to detect or prevent misstatements in a timely fashion. Results in a reasonable possibility that a material misstatement exists in financial statements.

Could adversely affect the organization's ability to initiate, record, process, and report financial data in the financial statements.

X Company's internal control policies require that a transaction be analyzed and, depending on the nature of the transaction, the size of the transaction, and the company's relationship with the customer, the credit department, upon approval of the customer's credit, will transfer the order to one of several departments to be fulfilled. Which means of documenting internal control would likely be most effective to illustrate this process? Flowchart Narrative Decision tree Internal control questionnaire

Decision tree

If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application? Hours worked. Total debits and total credits. Net pay. Department numbers.

Department numbers.

According to the PCAOB, during the audit of internal controls for an issuer, the ultimate objective of testing the design effectiveness of internal controls is to Determine whether the company's controls are processing company data effectively. Determine that the company's controls will satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed. Determine that the company's employees are processing the controls according to the policy and procedures manuals at the company. None of the choices are correct.

Determine that the company's controls will satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed.

The primary purpose for obtaining an understanding of a nonpublic audit client's internal control is to Provide the rationale for the inherent risk assessment at the financial statement assertion level. Provide information for a communication of internal control-related matters to management. Provide a basis for making constructive suggestions in a management letter. Determine the nature, timing, and extent of further audit tests to be performed in the audit.

Determine the nature, timing, and extent of further audit tests to be performed in the audit.

If the auditors encounter a significant scope limitation in evaluating a public company's internal control over financial reporting, which of the following types of opinions on the effectiveness of the company's internal control over financial reporting would be appropriate? Unqualified opinion or adverse opinion. Qualified opinion or adverse opinion. Unqualified opinion or disclaimer of opinion. . Disclaimer of opinion.

Disclaimer of opinion.

Which report would not be appropriate for a public accounting firm to provide on financial reporting controls? Unqualified—no material weaknesses found. Disclaimer of opinion—unable to perform all necessary procedures. Disclaimer of opinion—significant deficiencies exist. Adverse—material weaknesses exist.

Disclaimer of opinion—significant deficiencies exist.

Which of the following should an auditor do when control risk is assessed at the maximum level? Perform fewer substantive tests of details. Perform more tests of controls. Document the assessment. Document the control structure more extensively.

Document the assessment.

Which of the following outcomes is a likely benefit of information technology used for internal control? Processing of unusual or nonrecurring transactions. Enhanced timeliness of information. Potential loss of data. Recording of unauthorized transactions.

Enhanced timeliness of information.

Once the auditor detects a control deficiency, which of the following steps must he or she take first? Evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion. Perform tests of other controls related to the same assertion as the control deemed ineffective. Modify the planned substantive procedures as a result of the deficiency. Test the deficient control, assuming a maximum level of risk.

Evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion.

When completing the audit of internal controls for a public company, the PCAOB requires auditors to audit internal controls over Operations. Compliance with regulations. Financial reporting. All of the choices are correct.

Financial reporting.

When planning the audit of internal controls for an issuer, the audit team should Identify significant accounts, locations, and assertions. Conduct a walkthrough of the internal control process. Make inquiries of employees regarding the existence of control activities. Reperform control activities performed by client employees to determine their effectiveness.

Identify significant accounts, locations, and assertions.

Which of the following is a step in an auditor's decision to assess control risk at below the maximum? Apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls. Perform tests of details of transactions and account balances to identify potential errors and fraud. Identify specific internal control policies and activities that are likely to detect or prevent material misstatements. Document that the additional audit effort to perform tests of controls exceeds the potential reduction in substantive testing.

Identify specific internal control policies and activities that are likely to detect or prevent material misstatements.

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal controls? Incompatible duties. Management override. Mistakes in judgment. Collusion among employees.

Incompatible duties.

Which of the following would most likely be classified as a material weakness? Absence of appropriate separation of duties. Absence of appropriate reviews and approvals of transactions. Evidence of failure of control activities. Ineffective oversight of the financial reporting process by the company's audit committee.

Ineffective oversight of the financial reporting process by the company's audit committee.

As part of its system of internal control, X Company requires that all sales orders received from customers receive approval from the credit department before they are fulfilled. What type of control activity is this? Physical control Information processing control Performance indicator Segregation of duties

Information processing control

Which of the following is not a component of internal controls? Control environment. Control activities. Inherent risk. Monitoring.

Inherent risk.

When testing a control activity's operating effectiveness, procedures the auditor performs to test operating effectiveness would likely include Reading over the company's code of conduct. Inquiry of appropriate personnel and reperformance of the control activity. Inquiry of appropriate personnel. Reperformance of the control activity.

Inquiry of appropriate personnel and reperformance of the control activity.

A material weakness is a situation in which It is reasonably possible that an immaterial misstatement would not be detected on a timely basis. It is probable that an immaterial financial statement misstatement would not be detected on a timely basis. It is reasonably possible that a material misstatement would not be detected on a timely basis. There is a remote likelihood that a material misstatement would be detected on a timely basis.

It is reasonably possible that a material misstatement would not be detected on a timely basis.

Which of the following is a factor in the control environment? Segregation of duties. Information processing. Performance reviews. Management's philosophy and operating style.

Management's philosophy and operating style.

Which of the following is not one of COSO's objectives for internal controls? Reliability of financial reporting. Maximization of profit. Efficiency and effectiveness of operations. Compliance with applicable laws and regulations.

Maximization of profit.

Generally accepted auditing standards (GAAS) give auditors considerable discretion to decide the amount of work required to satisfy auditing standards guiding internal control evaluation and related audit planning. Which of the descriptions below best expresses the minimum amount of work permitted by GAAS for nonpublic companies? Do not obtain an understanding of client environment, accounting, or control activities. Do not document the decision to assess control risk at maximum. Perform 100% substantive audit on all financial statement transactions and balances. Obtain an understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances. Obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk below the maximum. Perform restricted substantive audit on financial statement transactions and balances, considering the control risk assessment. Obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk at zero. Perform no substantive audit on financial statement transactions and balances, since zero control risk means that no errors or fraud can reach the accounts.

Obtain an understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances.

If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must Perform only substantive procedures. Assess control risk at less than the maximum for all relevant assertions. Provide additional examples of responses to assessed fraud risks relating to fraudulent financial reporting. Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance.

Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance.

Tests of controls in a GAAS audit are required for Obtaining evidence about the financial statement assertions. Applying analytical procedures to financial statement balances. Accomplishing control over the occurrence of recorded transactions. Obtaining evidence about the operating effectiveness of client control activities.

Obtaining evidence about the operating effectiveness of client control activities.

When completing the audit of internal controls for a public company, AS 2201 requires auditors to report on Management's Report on Internal Control An Audit of Internal Control a. No No b. Yes No c. No Yes d. Yes Yes Option A Option B Option C Option D

Option C

Which of the following does not accurately summarize auditors' requirements regarding internal control? Public Entity Nonpublic Entity a. Understanding Yes Yes b. Documenting Yes Yes c. Evaluating control risk Yes Yes d. Test Controls Yes Yes Option A Option B Option C Option D

Option D

Which of the following would probably not be considered an indication of a material weakness? Evidence of a material misstatement. Overproduction by the manufacturing plant. Immaterial fraud committed by senior management. Ineffective oversight by the audit committee.

Overproduction by the manufacturing plant.

The most important fundamental component of an entity's internal control is People who operate the control system. Compliance with applicable laws and regulations. Reliability of financial reporting. Effectiveness and efficiency of operations.

People who operate the control system.

Effectiveness of audit procedures would be reduced by Performing audit procedures at the fiscal year-end date as opposed to the interim period. Performing procedures during the interim period as opposed to at the fiscal year-end date. Deciding to obtain external evidence instead of internal evidence. Selecting larger sample sizes for audit.

Performing procedures during the interim period as opposed to at the fiscal year-end date.

When would it not be appropriate to apply analytical procedures in an audit of financial statements? Planning the engagement. Performing substantive tests. Overall engagement review. Performing tests of controls.

Performing tests of controls.

Which of the following is not an objective of internal controls over financial reporting as defined by the Sarbanes-Oxley Act? Policies and procedures that pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant. Policies and procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and receipts and expenditures of the registrant are being made only in accordance with authorizations of management and directors of the registrant. Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations. Policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the registrant's assets that could have a material effect on the financial statements.

Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations.

When auditing financial statements of a private company, the minimum work an auditor must perform in connection with a company's internal control is best described by which of the following statements? Perform exhaustive tests of accounting controls and evaluate the company's control system effectiveness. Determine whether the company's control policies are designed well enough to prevent material misstatements. Prepare auditing working papers that document the auditor's understanding of the company's internal control. Design procedures to search for significant deficiencies in the actual operation of the company's internal control.

Prepare auditing working papers that document the auditor's understanding of the company's internal control.

Which of the following is not one of the elements of the control environment? A company's organizational structure. Process for recording transactions and preparing financial statements. Presence of an internal auditing function. Methods of assigning authority and responsibility.

Process for recording transactions and preparing financial statements.

Which of the following is not an input control activity? Reasonableness tests. Record counts. Financial totals. Hash totals.

Reasonableness tests.

Which of the following payroll control activities would most effectively ensure that payment is made only for work performed? Require all employees to record arrival and departure by using the time clock. Have a payroll clerk recalculate all time cards. Require all employees to sign their time cards. Require employees to have their direct supervisors approve their time cards.

Require employees to have their direct supervisors approve their time cards.

Which of the following are considered elements of an internal control structure? Segregation of duties Risk assessment Performance indicators Use of prenumbered documents

Risk assessment

X Company recognizes the need to stay current on all accounting pronouncements to make certain that the company's financial statements are being prepared in accordance with current GAAP. Identifying this need relates to which internal control component? Control environment Risk assessment Control activities Monitoring

Risk assessment

Which of the following is a preventive control? Recalculation of a sample of payroll entries by internal auditors. Detailed fluctuation analysis completed by the CFO for revenue. Separation of duties between the payroll and personnel departments. Reconciliation of a bank account.

Separation of duties between the payroll and personnel departments.

Which of the following is an information technology general control? Check digit. Run-to-run totals. Distribution of computerized output. Separation of duties in the IT department.

Separation of duties in the IT department.

Which of the following information would be included in the introductory paragraph of the auditors' report on internal control over financial reporting if the report is presented separately from the auditors' report on the entity's financial statements? The definition of a material weakness in internal control over financial reporting. A reference to the auditors' report and opinion on the entity's financial statements. The fact that the auditors conducted an audit of the entity's financial statements. Statements identifying the responsibility of the auditors and management for internal control over financial reporting.

Statements identifying the responsibility of the auditors and management for internal control over financial reporting

Which of the following audit procedures most likely would provide an auditor with the most assurance about the effectiveness of the operation of an entity's internal control? Confirmation with outside parties. Inquiry of client personnel. Successful re-performance of the control activity. Observation of client personnel.

Successful re-performance of the control activity.

S #2201 requires the audit team to do all the following except AS #2201 requires all the above. Test all internal controls in the company. Evaluate the severity of each control deficiency that comes to his or her attention. Document the process used to determine significant accounts and disclosures and major classes of transactions.

Test all internal controls in the company.

When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate? Test the operating effectiveness of such controls in the current audit. Document that reliance and proceed with the original audit strategy. Inquire of management as to the effectiveness of the controls. Report the reliance in the report on internal controls.

Test the operating effectiveness of such controls in the current audit

Which of the following areas can external auditors rely on internal auditors' work in auditing internal controls? Evaluation of the auditing environment. Testing of low risk internal control activities. All testing of the operating effectiveness of internal control activities. As providing the principle evidence for the external auditors' opinion.

Testing of low risk internal control activities.

Which organization developed the framework most commonly used by the auditing profession for benchmarking internal controls of non-issuers? The Committee of Sponsoring Organizations of the Treadway Commission The Public Company Accounting Oversight Board The Financial Reporting Council The AICPA

The Committee of Sponsoring Organizations of the Treadway Commission

An auditor has assessed risk of material misstatement as low because the client has established meaningful internal controls to prevent a material misstatement to the financial statements. The auditor has performed walkthroughs to determine if the policies have been put into place. As a result: The auditor should perform tests of controls and, if results are satisfactory, the nature, timing, and extent of further audit procedures will be adjusted as less additional evidence will be required. As a result of the walkthroughs, the auditor will adjust the nature, timing, and extent of further audit procedures as less additional audit evidence will be required. The auditor will perform substantive tests to determine whether or not the controls have been effective during the period being audited. The auditor should perform tests of controls as a basis for determining if there are control deficiencies that should be communicated to governance.

The auditor should perform tests of controls and, if results are satisfactory, the nature, timing, and extent of further audit procedures will be adjusted as less additional evidence will be required.

Which of the following factors is most likely to affect the extent of the documentation of the auditor's understanding of a client's system of internal controls? The industry and the business and regulatory environments in which the client operates. The degree to which information technology is used in the accounting function. The relationship between management, the board of directors, and external stakeholders. The degree to which the auditor intends to use internal audit personnel to perform substantive tests.

The degree to which information technology is used in the accounting function.

Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks? The relevant internal control components are not well documented. The internal auditor already has tested the relevant controls and found them effective. Testing the operating effectiveness of the relevant controls would not be efficient. The cost of substantive procedures will exceed the cost of testing the relevant controls.

The internal auditor already has tested the relevant controls and found them effective.

Which of the following would be a potential control deficiency because of a lack of segregation of duties? The person responsible for maintaining the accounts receivable subsidiary ledger is also responsible for maintaining the accounts payable subsidiary ledger. The person who reconciles the bank accounts is also responsible for reconciling the accounts receivable subsidiary ledger to the control account in the general ledger. The person who is responsible for ordering equipment is also responsible for inspecting the equipment when it is received before it is released to the shop floor. The person who is responsible for receiving inventory ordered is also responsible for custody of the inventory and releasing it to the factory as authorized requisitions are received.

The person who is responsible for ordering equipment is also responsible for inspecting the equipment when it is received before it is released to the shop floor.

Matters that could affect the necessary extent of testing for a control activity as it related to the degree of auditor reliance on a control activity would not include the following: The frequency of the performance of the control by the company during the period being audited. The length of time that the auditor is planning to rely on the operating efficiency of the control activity. The expected rate of deviation for a control activity. The relevance and reliability of the audit evidence to be obtained to test the operating effectiveness of a control activity.

The relevance and reliability of the audit evidence to be obtained to test the operating effectiveness of a control activity.

Which of the following statements is not true with respect to the auditors' report on internal control over financial reporting? The report will be dated as of the date of the financial statements. The report will express an opinion on the effectiveness of internal control over financial reporting. The report may be presented with the report on the entity's financial statements as a combined report. The auditor will issue an adverse opinion if one or more material weaknesses exist.

The report will be dated as of the date of the financial statements.

Which of the following is a definition of control risk? The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. The risk that the auditor will not detect a material misstatement. The risk that the auditor's assessment of internal controls will be at less than the maximum level. The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.

The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls.

Which of the following best describes why an auditor is always required to document the auditor's understanding of internal controls? To support the auditor's opinion To avoid performing substantive procedures To lower control risk To document the basis for risk assessment

To document the basis for risk assessment

Which of the following is the least important audit reason for the auditor's obtaining an understanding of a company's internal control? To serve as a basis for constructive suggestions. To plan subsequent substantive tests. To identify types of possible misstatements that may occur. To consider factors that may affect the risk of material misstatement.

To serve as a basis for constructive suggestions.

An auditor is evaluating a client's internal controls. Which of the following situations would be the most difficult internal control issue for an auditor to detect? The accounting staff neglects the control, due to increased transactions to be processed. The technology department writes a program that does not properly implement the control, due to a lack of understanding. Two employees, who work in different departments, are circumventing an internal control. Someone erroneously disables edit checks in a software program designed to identify control exceptions.

Two employees, who work in different departments, are circumventing an internal control.

The most efficient means of gathering evidence about the internal control is to conduct a formal interview with knowledgeable managers and Use an internal control questionnaire. Prepare a flowchart illustrating the internal control. Write a narrative description of each important control. Prepare a well-indexed file of audit documentation.

Use an internal control questionnaire.

Management's report on internal controls must include each of the following except: a statement that management is responsible for establishing and maintaining adequate internal control over financial reporting. a statement identifying the framework management uses to evaluate the effectiveness of the company's internal control. a statement providing management's assessment of the effectiveness of the company's internal control. a statement providing management's evaluation of the company's control environment.

a statement providing management's evaluation of the company's control environment.

After obtaining an understanding of the entity's internal control and assessing control risk, an auditor of a non-public company decided not to perform additional tests of controls. The auditor most likely concluded that the: additional evidence to support a further reduction in control risk was not cost beneficial. assessed level of inherent risk exceeded the assessed level of control risk. internal control structure was properly designed and justifiably may be relied on. evidence obtainable through tests of controls would not support an increased level of control risk.

additional evidence to support a further reduction in control risk was not cost beneficial.

In an audit of financial statements, an auditor's primary consideration regarding an internal control policy or activity is whether the policy or activity: reflects management's philosophy and operating style. affects management's financial statement assertions. provides adequate safeguards over access to assets. enhances management's decision making processes.

affects management's financial statement assertions.

Control strengths and weaknesses should be documented in audit documentation, sometimes called: questionnaires, narratives, and flowcharts. bridge working papers. communications of significant deficiencies. internal control letters.

bridge working papers.

A sales clerk enters a customer's six-number customer account. The computer program uses the first five numbers to calculate a sixth number. This resulting number is then compared to the sixth number entered by the sales clerk. This is an example of a: valid character test. missing data test. reasonableness test. check digit.

check digit.

The "obtaining an understanding" work phase (Phase 1) of internal control evaluation would not give auditors an overall acquaintance with the client's: control environment. information and communication system. control activity effectiveness. monitoring activities.

control activity effectiveness.

The overall attitude and awareness of an entity's board of directors concerning the importance of the client's internal control usually is reflected in its: computer-based control activities. system of separation of duties. control environment. safeguards over access to assets.

control environment.

Control activities intended to ensure that transactions are recorded in the right period are designed to achieve the ASB assertion of: occurrence. accuracy. valuation or allocation. cutoff.

cutoff.

The appropriate separation of duties does not include: authorization to execute transactions. recording of transactions. custody of assets involved in the transactions. data preparation.

data preparation.

An audit team's responsibility would not include: designing client's internal controls. documentation of understanding of a client's internal controls. communicating internal control deficiencies. assessing the effectiveness of a client's internal controls.

designing client's internal controls.

In an audit of financial statements of a non-public company in accordance with generally accepted auditing standards, an auditor is required to: document the auditor's understanding of the entity's internal control. search for significant deficiencies in the operation of the internal controls. perform tests of controls to evaluate the effectiveness of the entity's accounting system. determine whether control activities are operating effectively to prevent or detect material misstatements.

document the auditor's understanding of the entity's internal control.

After obtaining an understanding of a client's financial reporting control activities, the auditor would next: test the client's control activities. assess the final control risk. document the understanding obtained. plan the remainder of the audit work.

document the understanding obtained.

When the audit team increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the audit team would most likely increase the: extent of substantive tests of details. level of inherent risk. extent of tests of controls. level of detection risk.

extent of substantive tests of details.

Sound internal control can be described as separating all of the following duties and responsibilities except for: transaction authorization. recordkeeping. custody of, or direct access to, assets. hiring of employees.

hiring of employees.

Assessing control risk at below the maximum level most likely would involve: performing more extensive substantive tests with larger sample sizes than originally planned. reducing inherent risk for most of the assertions relevant to significant account balances. changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end. identifying specific internal control activities that are relevant to specific financial statement assertions.

identifying specific internal control activities that are relevant to specific financial statement assertions.

Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been: authorized. implemented. tested. monitored.

implemented.

After obtaining an understanding of internal controls and assessing control risk on the audit of a non-public company, an auditor decided to perform tests of controls. The auditor most likely decided that: it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests. additional evidence to support a further reduction in control risk is not available. an increase in the assessed level of control risk is justified for certain financial statement assertions. there were many internal control weaknesses that could allow errors to enter the accounting system.

it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.

The primary objective of procedures performed to obtain an understanding of the entity's internal control is to provide an auditor with: knowledge necessary for audit planning. evidential matter to use in assessing inherent risk. a basis for modifying tests of controls. an evaluation of the consistency of application of management's policies.

knowledge necessary for audit planning.

As part of understanding the internal control, an auditor is not required to: consider factors that affect the risk of material misstatement. ascertain whether internal control policies and activities have been placed in operation. identify the types of potential misstatements that can occur. obtain knowledge about the operating effectiveness of the client's internal control activities.

obtain knowledge about the operating effectiveness of the client's internal control activities.

The internal control in small business is highly dependent on the: separation of functional responsibilities. complexity of the client's internal controls. owner-manager's competence, as well as his/her ethics and integrity. bonding of employees.

owner-manager's competence, as well as his/her ethics and integrity.

If auditors assess control risk at the maximum level, they will tend to: perform a great deal of additional tests of controls. perform a great deal of substantive testing during the audit. perform substantive tests at an interim date. perform more audit procedures using internal evidence.

perform a great deal of substantive testing during the audit.

Proper separation of duties reduces the opportunities to allow persons to be in positions to both: journalize entries and prepare financial statements. record cash receipts and cash disbursements. establish internal controls and authorize transactions. perpetrate a fraud and then conceal it in the books.

perpetrate a fraud and then conceal it in the books.

In computer systems, the information technology general controls (ITGC) would not include: processing control activities. separation of various computer system functions. appropriate documentation of the data processing system. control over physical access to computer hardware.

processing control activities.

Each of the following types of controls is considered to be an entity-level control, except those: relating to the control environment. pertaining to the company's risk assessment process. regarding the company's annual stockholder meeting. addressing policies over significant risk management practices.

regarding the company's annual stockholder meeting.

In testing control activities, an auditor ordinarily selects from a variety of techniques, including: inquiry and analytical procedures. reperformance and observation. comparison and confirmation. inspection and verification.

reperformance and observation.

The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the: factors that raise doubts about the auditability of the financial statements. operating effectiveness of internal control policies and procedures. risk that material misstatements exist in the financial statements. possibility that the nature and extent of substantive tests may be reduced.

risk that material misstatements exist in the financial statements.

When obtaining an understanding of an entity's internal control in a financial statement audit at a non-public company, an auditor is not obligated to: determine whether the control activities have been placed in operation. perform procedures to understand the design of the internal control system. document the understanding of the company's internal control system. search for significant deficiencies in the operation of the internal control system.

search for significant deficiencies in the operation of the internal control system.

Tracing bills of lading to sales invoices provides evidence that: shipments to customers were invoiced. shipments to customers were recorded as sales. recorded sales were shipped. invoiced sales were recorded as sales.

shipments to customers were invoiced.

Regardless of the assessed level of control risk, an auditor of a non-public company would perform some: tests of controls to determine the effectiveness of internal control policies. analytical procedures to verify the design of internal control activities. substantive tests to restrict detection risk for significant transaction classes. dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.

substantive tests to restrict detection risk for significant transaction classes.

A report on internal control effectiveness by the management team of public companies is required by: the Sarbanes-Oxley Act of 2002. the PCAOB. the AICPA. the auditors.

the Sarbanes-Oxley Act of 2002.

A set of characteristics that helps to define a seriousness about employees' attitudes about the control activities in a company is referred to as: management assertions. the control environment. control risk assessment. functional responsibilities.

the control environment.

An auditor is concerned about a policy of management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor's concern? Matching purchase orders to accounts payable. Verifying that approved spending limits are not exceeded. Tracing sales orders to the revenue account. Reviewing minutes of board meeting.

verifying that approved spending limits are not exceeded