Ch. 7
80) When performing an audit of internal control under PCAOB requirements, auditors evaluate control: Design Effectiveness Operating Effectiveness A. Yes Yes B. Yes No C. No Yes D. No No A) Option A B) Option B C) Option C D) Option D
A
84) When obtaining an understanding of internal control relevant to planning of a financial statement audit, the auditor should obtain adequate knowledge about the ________. A) Design of controls. B) Controls related to audit engagement assessment. C) Operating effectiveness of all controls. D) Safeguards over realization transactions.
A
12) Which is most likely when the assessed level of control risk increases? A) Change from performing substantive procedures at an interim date to performing them at year end. B) Performing substantive procedures directed inside the entity rather than parties directed toward parties outside the entity. C) Using additional dual-purpose tests. D) Use smaller sample sizes for substantive procedures.
A
13) Which of the following must the auditor communicate to the audit committee? A) Significant deficiencies and material weaknesses. B) Only significant deficiencies. C) Only material weaknesses. D) Neither significant deficiencies nor material weaknesses.
A
15) Which of the following would be least likely to be regarded as a test of a control? A) Review of a confirmation of accounts payable. B) Comparisons of the signatures on cancelled checks to the authorized check signer list. C) Tests of signatures on purchase orders. D) Recalculation of payroll deductions.
A
24) The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) includes controls related to the reliability of internal and external reporting, the effectiveness and efficiency of operations, and: A) Compliance with applicable laws and regulations. B) Effectiveness of prevention of fraud. C) Effectiveness in safeguarding assets. D) Effectiveness of ethical business practice standards.
A
27) When an auditor is considering a client's risk assessment policies, which of the following does not ordinarily increase financial reporting risk? A) Salaried sales personnel. B) Implementation of a new information system. C) Rapid growth of the organization. D) Corporate restructuring.
A
40) Which of the following is an advantage of describing internal control through the use of a standardized questionnaire? A) Questionnaires highlight weaknesses in the system. B) Questionnaires are more flexible than other methods of describing internal control. C) Questionnaires usually identify situations in which internal control weaknesses are compensated for by other strengths in the system. D) Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing internal control.
A
41) Which of the following is least likely to be considered an audit risk assessment procedure relating to internal control? A) Counting marketable securities at year-end. B) Inquiries of client personnel. C) Inspecting documents and reports. D) Observing the application of specific controls.
A
44) Which of the following would be least likely to be considered a benefit of effective internal control? A) Reduction of costs. B) Restricting access to assets. C) Detecting ineffectiveness. D) Ensuring authorization of transactions.
A
45) After documenting the client's prescribed internal control, the auditors will often perform a walk-through of each transaction cycle. An primary objective of a walk-through is to: A) Verify that the controls have been implemented (placed in operation). B) Replace tests of controls. C) Evaluate the major strengths and weaknesses in the client's internal control. D) Identify weaknesses to be communicated to management in the management letter.
A
48) A service auditor's report on a service center should include a(n) A) Detailed description of the service center's internal control. B) Statement that the user of the report may assess control risk at the minimum level. C) Indication that no assurance is provided. D) Opinion on the operating effectiveness of the service center's internal control.
A
49) The report of a service auditor may provide assurance on whether: Controls are implemented Operating effectiveness of controls A. Yes Yes B. Yes No C. No Yes D. No No A) Option A B) Option B C) Option C D) Option D
A
52) The use of fidelity bonds protects a company from embezzlement loses and also: A) Minimizes the possibility of employing persons with dubious records in positions of trust. B) Reduces the company's need to obtain expensive business interruption insurance. C) Allows the company to substitute the fidelity bonds for various parts of internal control. D) Protects employees who made unintentional errors from possible monetary damages resulting from such errors.
A
58) A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect material misstatements on a timely basis is referred to as a: A) Control deficiency. B) Material weakness. C) Reportable condition. D) Significant deficiency.
A
66) If the external auditors decide that the work performed by the internal auditors may be used, they should consider the internal auditors': A) Competence, objectivity, and approach. B) Efficiency and experience. C) Independence and review skills. D) Training and supervisory skills.
A
69) In assessing the competence of a client's internal auditor, an external auditor most likely would consider the: A) Internal auditor's compliance with professional internal auditing standards. B) Client's policies that limit the internal auditor's access to management salary data. C) Evidence supporting a further reduction in the assessed level of control risk. D) Number of internal auditors.
A
73) An auditor's purpose for performing tests of controls is to provide reasonable assurance that: A) Controls are operating effectively. B) The risk that the auditor may unknowingly fail to modify the opinion on the financial statements is minimized. C) Transactions are executed in accordance with management's authorization and access to assets is limited by a segregation of functions. D) Transactions are recorded as necessary to permit the preparation of the financial statements in conformity with generally accepted accounting principles.
A
85) A primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with ________. A) Knowledge necessary to assess the risks of material misstatements. B) Evidence to use to assess inherent risk. C) A basis for modifying tests of controls. D) An evaluation of the consistency of application of management's policies.
A
93) An organization has decided to hedge raw materials with highly volatile prices. This is an example of: A) Risk sharing B) Risk reduction C) Risk avoidance D) Risk acceptance
A
98) How do auditors obtain evidence about the operating effectiveness of monitoring controls? A) Inquiry, inspection, and reperformance. B) Observation and inquiry. C) Confirmation and reperformance. D) Review and observation.
A
100) Which of the following factors most likely would be considered an inherent limitation to an entity's internal control? A) The ineffectiveness of the entity's audit committee. B) Collusion of employees in circumventing internal controls. C) The lack of resources to monitor internal controls. D) The complexity of the entity's electronic order processing system.
B
102) Which of the following procedures would an auditor most likely perform before the balance sheet date? A) Confirm with client's lawyer that all litigation probable of assertion has been disclosed to the auditor. B) Obtain an understanding of the client's internal control activities. C) Determine whether there are any liens or encumbrances on assets that have been pledged as collateral. D) Consider the client's plans and ability to meet imminent purchase commitments and cash flow obligations.
B
16) Which of the following is not considered one of the five major components of internal control? A) Risk assessment. B) Segregation of duties. C) Control activities. D) Monitoring.
B
18) The effectiveness of controls is not generally tested by: A) Inspection of documents and reports. B) Performance of analytical procedures. C) Observation of the application of accounting policies and procedures. D) Inquiries of appropriate client personnel.
B
19) On financial statement audits, it is required that the auditors obtain an understanding of internal control, including: A) Its operating effectiveness. B) Whether it has been implemented (placed in operation). C) Whether it has been flowcharted. D) Its ability to provide reasonable assurance.
B
21) This organization developed a set of criteria that provide management with a basis to evaluate controls not only over financial reporting, but also over the effectiveness and efficiency of operations and compliance with laws and regulations: A) Foreign Corrupt Practices Organization. B) Committee of Sponsoring Organizations. C) Public Companies Oversight Board. D) Financial Accounting Standards Board.
B
23) Which statement is correct concerning the definition of internal control developed by the Committee of Sponsoring Organizations (COSO)? A) Its applicability is largely limited to internal auditing applications. B) It is a 'process' effected by individuals. C) It emphasizes the effectiveness and efficiency of operations over the reliability of financial reporting. D) It views internal control as an end result as contrasted to a means to obtain an end.
B
25) Which statement is correct concerning the relevance of various types of controls to a financial statement audit? A) An auditor may ordinarily ignore the consideration of controls when a substantive audit approach is used. B) Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls may also be relevant. C) Controls over safeguarding assets and liabilities are of primary importance, while controls over the reliability of financial reporting may also be relevant. D) All controls of the organization are ordinarily relevant to an audit.
B
26) Which of the following is not a component of the control environment? A) Integrity and ethical values. B) Monitoring performance. C) Commitment to attracting, developing, and retaining competent employees. D) Organizational structure.
B
28) The Sarbanes-Oxley Act of 2002 requires that the audit committee: A) Annually reassess control risk using information from the CPA firm. B) Be directly responsible for the appointment, compensation, and oversight of the work of the CPA firm. C) Rotate audit firms every 4 years. D) Review the level of management compensation.
B
29) When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level of control risk will: A) Be less than the preliminary assessed level of control risk. B) Equal the preliminary assessed level of control risk. C) Equal the actual control risk. D) Be less than the actual control risk.
B
33) During financial statement audits, the auditors' consideration of their clients' internal control is integral to both assessing the risk of material misstatement and: A) Assessing inherent risk. B) Designing further audit procedures. C) Assessing management competence. D) Providing a reasonable basis for an opinion on compliance with applicable laws.
B
34) Which of the following comes closest to outlining the auditors' responsibility for considering internal control in all financial statement audits? A) An understanding of the control environment, information and communication, risk assessment and monitoring is necessary an understanding of control activities is only necessary for areas in which the auditor is performing tests of controls. B) The auditor must obtain an understanding of each of the five internal control components sufficient to assess the risks of material misstatement for the audit. C) When tests of controls have been performed, control risk must be assessed at a level less than the maximum. D) An understanding of the control environment is necessary, but no understanding of the other components is necessary unless control risk is to be assessed at a level less than the maximum.
B
38) Which of the following is not a responsibility that should be assigned to a company's internal audit department? A) Evaluating internal control. B) Making inquiries to management about fraud risks. C) Reporting on the effectiveness of operating segments. D) Investigating potential merger candidates.
B
43) Which of the following is not a factor that is considered a part of the client's overall control environment? A) The organizational structure. B) Controls over major transaction cycles. C) Management philosophy and operating style. D) Board of directors.
B
47) Which of the following is correct with respect to control deficiencies discovered during an audit? A) Auditors must communicate and recommend corrections relating to all material weaknesses in internal control to management. B) All material weaknesses in internal control must be reported to the audit committee in writing. C) All such matters must be communicated to the audit committee and regulatory agencies. D) All control deficiencies are also significant deficiencies.
B
51) After considering the client's internal control, the auditors have concluded that it is well-designed and is functioning as anticipated. Under these circumstances, the auditors would most likely: A) Cease to performfurther substantive procedures. B) Reduce substantive procedures in areas where the internal control was found to be effective. C) Increase the extent of anticipated analytical procedures. D) Decrease the extent of tests of controls.
B
53) The external auditors might consider the procedures performed by the internal auditors because: A) They are employees whose work must be reviewed during substantive testing. B) They are employees whose work might affect the external auditors' work. C) Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations. D) Most of the procedures for a financial statement audit may be performed by the external or internal auditors.
B
54) In the consideration of internal control, the operating effectiveness of controls is tested by: A) Walkthroughs. B) Tests of controls. C) Substantive procedures. D) Decision tables.
B
60) Well-designed internal control that is functioning effectively is most likely to detect a fraud arising from: A) The fraudulent action of several employees. B) The fraudulent action of an individual employee. C) Informal deviations from the official organization chart. D) Management fraud.
B
62) Controls are not designed to provide assurance that: A) Transactions are executed in accordance with management's authorization. B) Fraud will not occur. C) Access to assets is permitted only in accordance with management's authorization. D) The recorded accountability for assets is compared with the existing assets at reasonable intervals.
B
63) The scope of substantive procedures as compared to the scope of tests of controls generally vary: A) In a parallel manner. B) Inversely. C) Directly. D) Equally.
B
64) Which of the following is least likely indicates that an identified risk of misstatement requires special audit consideration? A) Complex calculations are involved. B) The rate of technological change is moderate in the industry. C) The potential for fraud seems high. D) Various subjective methods of application of a key accounting policy exist.
B
70) Which of the following factors would most likely be considered an inherent limitation to an entity's internal control? A) The complexity of the information processing system. B) Human judgment in the decision-making process. C) The ineffectiveness of the board of directors. D) The lack of management incentives to improve the control environment.
B
72) Which of the following is intended to detect deviations from prescribed controls? A) Substantive procedures specified by a standardized audit plan. B) Tests of controls designed specifically for the client. C) Analytical procedures as set forth in an industry audit guide. D) Computerized analytical procedures tailored for the configuration of the computer equipment in use.
B
75) Tests of controls are most likely to be performed when: A) Controls seem weak but are well-documented. B) The auditor plans to rely on the controls. C) The auditor wishes to assess control risk at the maximum. D) The client's control environment appears weak.
B
83) Applying a data analytical approach to tests of controls is least likely to result in which of the following? A) Testing a number of controls simultaneously electronically. B) Documenting the engagement through an electronic representation letter obtained monthly. C) Testing all incidents of operation of a control during the year. D) Following up sample results with an analysis of the entire population.
B
9) Which of the following is least likely to be evidence of operating effectiveness of controls? A) Cancelled supporting documents. B) Confirmations of bank accounts. C) Records documenting usage of computer programs. D) Signatures on authorization forms.
B
91) Segregation of duties is an aspect of which of the following components of internal control? A) Monitoring. B) Control activities. C) The information system. D) Control environment.
B
92) Hiring competent and ethical employees is an aspect of which of the following components of internal control? A) Control activities. B) Control environment. C) Monitoring. D) The information system.
B
94) A company operates an oil refinery. To reduce risk the company has decided to implement significant controls over safe operations. This is an example of: A) Risk sharing. B) Risk reduction. C) Risk avoidance. D) Risk acceptance.
B
97) The Foreign Corrupt Practices Act: A) Prohibits bribes to purchasing agents. B) Requires an effective system of internal controls. C) Requires compliance with trade treaties. D) Prohibits corporate officials from making political contributions.
B
17) Which of the following statements is correct concerning the understanding of internal control needed by auditors? A) The auditors must understand the information system, not the accounting system. B) The auditors must understand monitoring and all preliminary accounting controls. C) The auditors must have a sufficient understanding to assess the risks of material misstatement. D) The auditors must understand the control environment, risk assessment, and all control activities.
C
31) The provision of the Foreign Corrupt Practices Act that require implementing an internal control system apply to: A) All U.S. corporations. B) All U.S. corporations that engage in foreign operations. C) All corporations under the jurisdiction of the SEC. D) All U.S. partnerships and corporations.
C
35) Which of the following is not a primary procedure auditors use to obtain sufficient knowledge about the design of the relevant controls and to determine whether they have been implemented (placed in operation)? A) Previous experience with the entity. B) Inquiries of appropriate management personnel. C) Results of substantive procedures. D) Inspection of document and records.
C
37) For effective internal control, which of the following functions should not be assigned to the company's accounting department? A) Reconciling accounting records with existing assets. B) Recording financial transactions. C) Authorizing payments. D) Preparing financial reports.
C
39) Which of the following is true about the auditors' consideration of internal control in a financial statement audit? A) The auditors must assess control risk at a level lower than the maximum. B) The auditors must prepare a flowchart description of internal control for their working papers. C) The auditors must obtain an understanding of the steps in processing major types of transactions. D) The auditors must perform tests of controls.
C
42) Which of the following is least likely to be considered an audit risk assessment procedure? A) Analytical procedures. B) Inspection of documents. C) Observation of the counting of inventory. D) Observation of the performance of certain accounting procedures.
C
46) The major components of internal control include all of the following, except: A) Risk assessment. B) The control environment. C) Internal auditing. D) Control activities.
C
5) Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee? A) Management's failure to renegotiate unfavorable lease contracts. B) Significant changes in operations. C) Evidence of a lack of objectivity by those responsible for accounting decisions. D) Management's plans to change the nature of operations.
C
50) When a client uses a service organization to process certain transactions (e.g., its employee benefit plan), the auditor is least likely to obtain an understanding relating to these transactions by: A) Contacting the service organization to obtain specific information. B) Visiting the service organization and performing procedures. C) Investigating the reputation of the service organization. D) Obtaining and reading a Type 1 or Type 2 report from the service organization's auditor.
C
55) The auditors who become aware of a significant deficiency in internal control are required to communicate this to the: A) Client's legal counsel. B) Compensation committee. C) Audit committee. D) Internal auditors.
C
57) At least what level of probability of a material misstatement is required for a control deficiency to be considered a material weakness? A) More than remote. B) Probable. C) Reasonable possibility. D) Sufficient.
C
59) To provide for the greatest degree of independence in performing internal auditing functions, an internal auditor most likely should report to the: A) Financial vice-president. B) Corporate controller. C) Audit committee. D) Vice-president of operations.
C
6) In assessing the objectivity of a client's internal auditors, the CPA would be most likely to consider internal auditor's: A) Education levels. B) Experience. C) Organizational status within the company. D) Training and supervisory skills.
C
65) Which of the following audit tests would be regarded as a test of control? A) Tests of the specific items making up the balance in a given general ledger account. B) Tests confirming receivables. C) Tests of the signatures on canceled checks to board of director's authorizations. D) Tests of the additions to property, plant, and equipment by physical inspection.
C
67) In the consideration of internal control, the auditor is basically concerned that it provides reasonable assurance that: A) Management cannot override the system. B) The company will not have financial difficulty. C) Misstatements have been prevented or detected. D) Controls have not been circumvented by collusion.
C
78) An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses financial statements and: A) Compliance with laws. B) Internal control over asset safeguarding. C) Internal control over financial reporting. D) Suitable criteria.
C
79) A report on internal control performed in accordance with PCAOB standards includes an opinion on internal control for: A) The entire year. B) The prior quarter. C) The "as-of date." D) The end of each quarter.
C
8) After obtaining an understanding of internal control and arriving at a preliminary assessed level of control risk, an auditor decided to perform additional tests of controls. The auditor most likely decided that: A) Additional evidence to support a reduction in the assessed level of control risk is not available. B) Substantive tests would be more efficient. C) It would be efficient to perform tests of controls that would result in a reduction in planned substantive procedures. D) There were many internal control deficiencies that would allow misstatements to enter the accounting system.
C
81) When performing an internal control audit under PCAOB requirements, one or more material weaknesses in internal control that exist at year-end will result in what type of report(s)? Qualified Adverse A. Yes Yes B. Yes No C. No Yes D. No No A) Option A B) Option B C) Option C D) Option D
C
88) Data analytics is most likely to increase the effectiveness of which of the following components of internal control? A) Control environment. B) Control activities. C) Monitoring. D) Risk assessment.
C
89) Ongoing monitoring activities are most likely to be performed by: A) External auditors. B) Internal auditors. C) Management. D) The board of directors.
C
95) How does segregation of duties help prevent financial statement misstatements? A) Reduction in incentive. B) Sharing of risk. C) Reduction in opportunity. D) Avoidance of risk.
C
96) Which of the following is an example of a corrective control? A) Approval of transactions. B) Segregation of duties. C) Maintaining back-up files. D) Ongoing monitoring.
C
10) Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes? A) Checklist. B) Flowchart. C) Questionnaire. D) Reconciliation.
D
101) When assessing an internal auditor's objectivity, an independent auditor should: A) Perform tests of controls to determine whether significant internal control activities are properly maintained. B) Analyze the risk factors that relate to misstatements arising from the misappropriation of assets. C) Review the internal auditor's reports to verify that the conclusions reached are consistent with the procedures performed. D) Consider the policies that prohibit the internal auditor from auditing areas where relatives are employed in key management positions.
D
11) Tests of controls do not ordinarily address: A) By whom a control was applied. B) How a control was applied. C) The consistency with which a control was applied. D) Whether the control is effectively designed.
D
14) A client's internal control appears strong, but the CPA has elected not to perform any tests of controls. The planned assessed level of control risk is at what level? A) Zero. B) Low. C) Moderate. D) Maximum.
D
20) A significant deficiency: A) Differs from a material weakness in that it involves internal control over compliance with laws and regulations rather than internal control over financial reporting. B) Involves an amount of discovered misstatements greater than the amount used as the planning measure of materiality. C) Is identical to a material weakness except that it need not be communicated to those responsible for oversight of the company's financial reporting. D) Is less severe than a material weakness.
D
22) Which of the following is most likely to be considered a audit risk assessment procedure relating to internal control? A) Confirm accounts receivable. B) Perform a test of a control relating to payroll. C) Take test counts of the year-end inventory. D) Trace a transaction through the information system relevant to financial reporting.
D
90) Which of the following components of control is likely to prevent processing of an erroneous sales transaction? A) Control environment. B) Monitoring. C) Risk assessment. D) Control activities.
D
30) Under which circumstance is it likely that the extent of substantive procedures will be expanded beyond that anticipated in the audit plan? A) The auditors have determined that controls have been implemented (placed in operation) but, in accordance with the audit plan, have performed no tests of controls. B) Certain controls do not leave a trail of documentary evidence. C) Deviation rates were greater than zero and approached anticipated levels. D) The operating effectiveness of certain controls was found to be less than expected, although no material misstatements were identified.
D
32) If the auditors do not perform tests of controls for certain assertions: A) They have performed a substandard audit. B) They are not required to communicate significant deficiencies relating to those accounts to management and the board of directors. C) They must issue a qualified opinion. D) They must assess control risk at the maximum level for those assertions.
D
36) A control deficiency that is less severe than a material weakness, but important enough to merit attention by those responsible for oversight of the company's financial reporting is referred to as a(n): A) Control deficiency. B) Inherent limitation. C) Reportable deficiency. D) Significant deficiency.
D
56) A material weakness involves an amount that could result in a misstatement that is: A) Smaller than inconsequential. B) Larger than inconsequential. C) Tolerable. D) Greater than a significant deficiency.
D
61) The program flowcharting symbol representing a decision is a: A) Triangle. B) Circle. C) Rectangle. D) Diamond.
D
99) Which of the following COSO internal control framework components encompasses establishing structures, reporting lines, authorities, and responsibilities? A) Accounting information system. B) Control activities. C) Monitoring. D) Control environment.
D
68) Which of the following is least likely to be considered an appropriate response relating to risks the auditors identify at the financial statement level? A) Assign more experienced staff. B) Incorporate additional elements of unpredictability in the selection of audit procedures. C) Increase the scope of auditor procedures. D) Emphasize the need to remain neutral, rather than to exercise professional skepticism.
D
7) In a financial statement audit performed following AICPA Professional Standards, how frequently must an auditor test operating effectiveness of controls that appear to function as they have in past years and on which the auditor wishes to rely upon in the current year? A) When personnel change. B) At least every audit. C) At least every second audit. D) At least every third audit.
D
71) Proper segregation of duties reduces the opportunities to allow any employee to be in a position to both: A) Journalize cash receipts and disbursements and prepare the financial statements. B) Monitor internal controls and evaluate whether the controls are operating as intended. C) Adopt new accounting pronouncements and authorize the recording of transactions. D) Record and conceal fraudulent transactions in the normal course of assigned tasks.
D
74) Of the following statements about internal control, which one is not valid? A) No one person should be responsible for the custodial responsibility and the recording responsibility for an asset. B) Transactions must be properly authorized before such transactions are processed. C) Because of the cost/benefit relationship, a client may apply control procedures on a test basis. D) Control activities alone can be effective at minimizing the risk of material misstatements.
D
76) Which of the following would least likely be included in an auditor's tests of controls? A) Inspection. B) Observation. C) Inquiry. D) Analytical procedures.
D
82) When performing an internal control audit under PCAOB standards, one or more material weaknesses in internal control that exist at year-end will result in what type of report(s)? Qualified Disclaimer A. Yes Yes B. Yes No C. No Yes D. No No A) Option A B) Option B C) Option C D) Option D
D
86) Which of the following statements regarding auditor documentation of the client's internal control is correct? A) Documentation must include flowcharts. B) Documentation must include procedural write-ups. C) No documentation is necessary, although it is desirable. D) No one particular form of documentation is necessary, and the extent of documentation may vary.
D
87) Which of the following is a likely approach for testing the segregation of duties? A) Personal inquiry and confirmation. B) Counting variations in levels of performance. C) Analytical procedures. D) Observing employees performing processes.
D