Chapter 7 Audit

One or more _________ in internal control result in an adverse opinion on internal control.

material weaknesses

A situation in which a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis

Deficiency in internal control

Select each of the following terms with the appropriate attributes. No reply is used more than once. Substantive procedures and tests of controls

Further audit procedures

Select each of the following terms with the appropriate attributes. No reply is used more than once. Merits attention, less than a material weakness

Significant deficiency

Effective Board of Directors

The extent of independence of this group is critical

The sequence of procedures applied by the client in processing a particular type of recurring transaction

Transaction cycle

The audit committee should be composed of directors who are not _______of the organization.

employees

A form of insurance in which an insurance company agrees to reimburse an employer for losses attributable to employee theft is referred to as ____________.

fidelity bonds

A control that reduces the risk of misstatement by remediating control deficiencies through automated means

N/A

Which of the following is most likely to provide an auditor with the most assurance about the effectiveness of the operation of internal control? Recomputation of account balance amounts. Inquiry of client personnel. Observation of client personnel applying the control. Confirmation with outside parties.

Observation of client personnel applying the control.

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Segregation of duties over purchasing.

Preventive

Select each of the following terms with the appropriate attributes. No reply is used more than once. Inquire, inspect, observe, reperform

Tests of controls

The Foreign Corrupt Practices Act of 1977 prohibits __________ to foreign officials to obtain business and requires companies to maintain an effective system of internal control.

bribes

Controls that rely on segregation of duties may be circumvented by __________ among employees.

collusion

When performing an audit of internal control, the period or date on which the opinion relates under PCAOB standards is the: end of each quarter of the year. last day of significant fieldwork. as of date. entire period under audit.

as of date.

Auditors must communicate internal control significant deficiencies to: the SEC. the shareholders. the Public Company Accounting Oversight Board. the audit committee.

the audit committee.

Tests of controls ordinarily are designed to provide evidence of: Balance correctness. Control implementation. Disclosure adequacy. Operating effectiveness.

Operating effectiveness.

There are _____ types of reports that auditors of service organizations (service auditors) can provide.

Two

Under PCAOB standards, when a significant deficiency exists, the auditors' report on internal control is most likely to include an opinion that is: qualified. disclaimer. unqualified. adverse.

unqualified.

A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective

Compensating control

Under COSO, the control environment, risk assessment, the accounting information and communication system, control activities and monitoring are referred to as the ____________ of internal control.

Components

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Questionnaire

Documentation

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Allows a reasonable possibility of a material misstatement

Material weakness

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. Management surveys customers about their satisfaction with the company's service.

Monitoring. /OnGoing

Commitment to Integrity and Ethical Values

A clearly articulated statement of ethical values

Effective Organizational Structure

A well designed structure provides a basis for planning, directing, and controlling operations

A control that functions together with another control to achieve the same control objective

Complementary control

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. Entry into the warehouse is strictly controlled by security personnel

Control activities. /physical controls.

Which of the following is not a basic principle relating to control activities? Design controls that restrict board of director oversight. Select and develop control activities that mitigate risks of the achievement of organizational objectives to acceptable levels. Deploy control activities that establish what is expected to effect the organization's policies. Select and develop general control activities over technology to support organization objectives.

Design controls that restrict board of director oversight.

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Flowchart

Documentation

Which of the following is not an advantage of establishing an enterprise risk management system within an organization? Reduces operational surprises. Provides integrated responses to multiple risks. Eliminates all risks. Identifies opportunities.

Eliminates all risks.

Which of the following statements regarding auditor documentation of the client's internal control is correct? No one particular form of documentation is required, and the extent of documentation may vary. No documentation is necessary although it is desirable. Documentation must include procedural write-ups. Documentation must include flowcharts.

No one particular form of documentation is required, and the extent of documentation may vary.

Which of the following is least likely to be a test of controls? Inquiries of client personnel. Inspection of documents. Observation of confirmations. Reperformance of controls.

Observation of confirmations.

______should develop a statement of ethical values.

Senior management

An auditor may compensate for a weakness in internal control by increasing the extent of: Tests of controls. Detection risk. Substantive tests of details. Inherent risk.

Substantive tests of details.

Select each of the following terms with the appropriate attributes. No reply is used more than once. GAAP

Suitable criteria

When the auditors are performing a first-time internal control audit in accordance with the Sarbanes-Oxley Act and PCAOB standards, they should: Modify their report for any significant deficiencies identified. Use a "bottom-up" approach to identify controls to test. Test controls for all significant accounts. Perform a separate assessment of controls over operations.

Test controls for all significant accounts.

Organizational structure provides a basis for planning, directing, and controlling _________.

operations

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Accounting information system

Component of internal control

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Control environment

Component of internal control

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Monitoring

Component of internal control

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. Management has developed and distributed a code of conduct.

Control environment. /integrity and ethical values.

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Management review of budget/actual information.

Detective

Effective internal control in a small company that has an insufficient number of employees to permit proper separation of responsibilities can be improved by: Employment of temporary personnel to aid in the separation of duties. Direct participation by the owner in key record-keeping and control activities of the business. Engaging a CPA to perform monthly write-up work. Delegation of full, clear-cut responsibility for a separate major transaction cycle to each employee.

Direct participation by the owner in key record-keeping and control activities of the business.

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. The internal auditors periodically evaluate the controls in the various departments of the company.

Monitoring. /separate evaluations.

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Less severe than a material weakness

Significant deficiency

Monitoring is considered: a component of internal control. a portion of the information and communication system. the primary asset safeguarding technique. an element of the control environment.

a component of internal control.

A client's __________ factors include such things as management philosophy and operating style, and organizational structure.

control environment

Which of the following would be least likely to be considered an objective of internal control? Checking the accuracy and reliability of accounting data. Detecting management fraud. Encouraging adherence to managerial policies. Safeguarding assets.

Detecting management fraud.

Tests of controls do not address: How controls were applied. How controls were originated. The consistency with which controls were applied. By what means the controls were applied.

How controls were originated.

A deficiency in internal control such that there is a reasonable possibility that a material misstatement will not be prevented or detected on a timely basis

Material weakness in internal control

Type 2 reports address operating _______; Type 1 do not.

effectiveness

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. The accounting department uses a manual of accounting policies and procedures.

Accounting information and communication system. / (Blank)

At the completion of the audit, the auditors are least likely to know: The assessed level of control risk. The planned assessed level of control risk. Actual control risk. The scope of tests of controls.

Actual control risk.

Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes? Checklist. Confirmation. Flowchart. Questionnaire.

Confirmation.

When a CPA decides that the work performed by internal auditors may have an effect on the nature, timing, and extent of the CPA's procedures, the CPA should consider the competence and objectivity of the internal auditors. Relative to objectivity, the CPA should: Consider the organizational level to which the internal auditors report the results of their work. Review the internal auditors' work. Consider the qualifications of the internal audit staff. Review the training program in effect for the internal audit staff.

Consider the organizational level to which the internal auditors report the results of their work.

Of the following statements about internal control, which one is not valid? No one person should be responsible for the custodial responsibility and the recording responsibility for an asset. Because of the cost benefit relationship, a client may apply controls on a test basis. Transactions must be properly authorized before such transactions are processed. Control activities reasonably ensure that collusion among employees cannot occur.

Control activities reasonably ensure that collusion among employees cannot occur.

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. Invoices are reviewed for accuracy before they are mailed to customers.

Control activities. /transaction processing (or application) control.

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. Management compares actual performance with budgets and forecasts.

Control activities. performance reviews.

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. The human resources department investigates the educational background of prospective employees.

Control environment. /commitment to attract, develop and retain competent employees.

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. Management has prepared and distributed an organizational chart.

Control environment. /effective structure, reporting lines, and authority and responsibility.

Select each of the following terms with the appropriate attributes. No reply is used more than once. Likelihood a misstatement will not be prevented or detected

Control risk

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Adjustment of perpetual inventory records to physical counts.

Corrective

A control established to remedy misstatements that are discovered

Corrective control

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Annual physical inventory.

Detective

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Internal audits of payroll.

Detective

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Monthly reconciliation of bank accounts.

Detective

To have an adequate basis to issue a management report on internal control under Section 404(a) of the Sarbanes-Oxley Act, management must do all of the following, except: Establish internal control with no material weakness. Accept responsibility for the effectiveness of internal control. Evaluate the effectiveness of internal control using suitable control criteria. Support the evaluation with sufficient evidence. Explanation

Establish internal control with no material weakness.

Which of the following is ordinarily considered a test of a control? Count and list cash on hand. Send confirmation letters to financial institutions. Examine signatures on checks. Obtain or prepare reconciliations of bank accounts as of the balance sheet date.

Examine signatures on checks.

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Walk-through

Implemented

Select each of the following terms with the appropriate attributes. No reply is used more than once. Likelihood of misstatement assuming no controls

Inherent risk

Select each of the following terms with the appropriate attributes. No reply is used more than once. Reporting on internal control and financial statements

Integrated audit

A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with: Knowledge necessary to determine the nature, timing, and extent of further audit procedures. Audit evidence to use in reducing detection risk. A basis for modifying tests of controls. An evaluation of the consistency of application of management policies.

Knowledge necessary to determine the nature, timing, and extent of further audit procedures.

Attracting, Developing, and Retaining Competent Employees

Management is committed to hiring employees with appropriate levels of education, experience, and evidence of integrity and ethical behavior

An entity's ongoing monitoring activities often include: Periodic audits by internal auditors. The audit of the annual financial statements. Approval of cash disbursements. Management review of weekly performance reports.

Management review of weekly performance reports.

Select each of the following terms with the appropriate attributes. No reply is used more than once. Creates a reasonable possibility a material misstatement will not be detected

Material weakness

A deficiency in internal control that is less severe than a material weakness, but more severe than a significant deficiency

N/A

Duplicate controls that achieve a control objective

N/A

Procedures cycled periodically through the auditors' internal control deviation analysis

N/A

Controls over financial reporting are often classified as preventative, detective, or corrective. Which of the following is an example of a detective control? Segregation of duties over cash disbursements. Requiring approval of purchase transactions. Preparing bank reconciliations. Maintaining backup copies of key transactions.

Preparing bank reconciliations

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Dual signatures for checks

Preventive

You are performing an audit of Systex Corporation and evaluating various controls. Classify the following controls as being primarily preventive, detective, or corrective. Supervisory approval of time cards.

Preventive

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Reasonable assurance

Relationship of costs and benefits

Select each of the following terms with the appropriate attributes. No reply is used more than once. Inquiries, analytical procedures, observation

Risk assessment procedures

For each of the controls, identify the internal control component and, if applicable, the subcomponent or principle to which it relates. Control components may be selected more than once. Management periodically evaluates the threats to preparing reliable financial statements.

Risk assessment. / (Blank)

______ auditors are the auditors of a service organization.

Service

Auditors selected by a service organization to assess systems

Service Auditors

Perform data processing/computer/IT services, like payroll processing, for various clients

Service Organization

Auditors should have an understanding of the various terms that relate to their consideration of internal control of an organization. For each term presented below, select the category that most clearly defines or includes the term. The categories may be selected once, more than once, or not at all. Controls over operating effectiveness

Test of control

Tests of controls are most likely in which of the following situations? When substantive procedures are being used as the only further audit procedures. Few transactions have occurred, but for very material amounts. The cost of tests of controls is likely to exceed the savings brought about by a resulting decrease in the scope of substantive procedures. The assessed level of the risk of misstatement includes a presumption that controls operate effectively.

The assessed level of the risk of misstatement includes a presumption that controls operate effectively.

Effective internal control requires organizational independence of departments. Organizational independence would be impaired in which of the following situations? The controller reports to the vice president of production. The internal auditors report to the audit committee of the board of directors. The payroll accounting department reports to the chief accountant. The cashier reports to the treasurer.

The controller reports to the vice president of production.

Individual Accountability

The organization must hold individuals accountable for their internal control responsibilities

The preliminary assessments of control risk are often referred to as: The assessed level of control risk. The planned assessed level of control risk. Control risk. Internal control objectives risk.

The planned assessed level of control risk.

A Type ___ report assesses the controls and their suitability.

Type 1

A report that documents a service organization's controls and documents their suitability

Type 1 Report

A Type ___ report assesses the controls, their suitability, and effectiveness.

Type 2

A report that documents a service organization's controls and documents their suitability and effectiveness

Type 2 Report

A procedure in which an auditor follows a transaction from origination through the company's processes, including information systems, until it is reflected in the company's financial records

Walk-through

Select each of the following terms with the appropriate attributes. No reply is used more than once. Follow a transaction through the system

Walk-through

A situation when the design or operation of a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis is referred to as a(n): material weakness in internal control. significant deficiency. inherent limitation of internal control. control deficiency.

control deficiency.

The purpose of tests of controls is to provide reasonable assurance that the: entity has complied with disclosure requirements of generally accepted accounting principles. entity has complied with requirements of quality control. controls are operating effectively. accounting treatment of transactions and balances is valid and proper.

controls are operating effectively.

To enhance the control environment, management develops job __________.

descriptions

The two broad categories of information processing controls are _____________ and application controls.

general controls

No single employee in a company should have __________ allowing the employee to both perpetrate and conceal errors or fraud in the normal course of performing his or her job.

incompatible duties

Before assessing control risk at a level lower than the maximum, the auditor obtains reasonable assurance that controls are in use and operating effectively. This assurance is most likely obtained in part by: inspecting documents. preparing flowcharts. analyzing tests of trends and ratios. performing substantive procedures.

inspecting documents.

Taylor Sales Co. maintains a large full-time internal audit staff that reports directly to the chief accountant. Audit reports prepared by the internal auditors indicate that internal control is functioning as it should and that the accounting records are reliable. The external auditor will probably: increase the depth of the consideration of administrative controls. eliminate tests of controls. make limited use of the work performed by the internal audit staff. avoid duplicating the work performed by the internal audit staff.

make limited use of the work performed by the internal audit staff.

Auditors are required by professional standards to communicate __________ and material weaknesses to the audit committee.

significant deficiencies

If employees lack ________, they may be ineffective in performing their duties.

skills

An auditor's flowchart of a client's internal control is a diagrammatic representation that depicts the auditors': understanding of the system. documentation of control risk. planned tests of controls. program for tests of controls.

understanding of the system.

The auditors of a service organization, known as service auditors, may review the controls at the organization and issue a report that may be relied upon by __________.

user auditors