486 Exam 2
Assignment of authority and responsibility for operating activities in the establishment of reporting relationships and authorization hierarchies are part of the _________ environment principal
Control
Based upon his risk assessment, management determines which relevant business procedures require _________ _________
Control activities
These exist in internal controls when the design or operation of a control does not allow management or employees to prevent, detect, or correct Misstatements on a timely basis
Control deficiency
This exists in internal controls when the design or operation of a control does not allow management or employees to prevent, detect, or correct Misstatements on a timely basis
Control deficiency
Samples to test internal controls are intended to provide a basis for an auditor to conclude whether _________
Controls are operating effectively.
_________ maybe used to mitigate the risk of unauthorized changes to computer programs
Controls over access
All of the following controls may mitigate the risk of fraud and management override except _________
Controls related to executive compensation.
Which of the following controls would most likely be tested during an interim period
Controls that operate on a continuous basis.
_________ controls come into play when a misstatement is found
Corrective
Inventory can be observed as it is _________ by client personnel
Counted
Important information on the ability of the entity to continue as it going concern are provided by _________ ratios
Coverage
The _________ ratio is usually considered acceptable if it is 2 to 1 or better
Current
If control risk is mistakenly set at a low level blank
Detection risk will be set too high
The goal to find a Misstatement that has already been made is a type of _________ control
Detective
Which of the following primary assertions is satisfied when an auditor observes the entities physical count of inventory
Existence
Fair values can be evaluated by comparing to prices on _________ markets
Existing
Which of the following audit techniques would most likely provide an auditor with the least assurance about the effectiveness of the operation of a control
Inquiry of entity personnel
The sample size is blank related to the tolerable deviation rate
Inversely
Which of the following statements concerning audit evidence is correct
The measure of the reliability of audit evidence lies in the auditor's judgment.
Which of the following statements regarding the auditor documentation of the entities internal control is correct
No one particular form of documentation is necessary, and the extent of documentation Mayberry
The two general approaches to audit sampling are _________ and _________
Non-statistical, statistical
A direct relationship exists between _________ trying to achieve, _________ which represent what the entity needs to do to achieve them, and the _________ of the entity
Objectives, components, structure
The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by _________
Observation by the auditor of the employees performing control activities.
Organizational structure provides the basis for planning, directing, and controlling
Operations
If the misstatement is detected by substantive procedures, the auditors should consider whether the control deficiency might affect the _________ on the audit of ICFR
Opinion
When an entity has a material weakness, it should take steps to correct it, which is referred to as _________
Remediation
If the financial reporting risks for a location are low and the entity has good entity-level controls, management may rely on which of the following for its assessment?
Self-assessment processes in conjunction with entity-level controls.
_________ should develop a statement of ethical values
Senior management
_________ auditors are the auditors of a service organization
Service
If the auditor is interested in examining the effectiveness of a control designed to ensure that all shipments to customers are build, the correct population to test is the population of _________
Shipping records
An entities ability to meet its current obligations can be evaluated using _________ _________ _________ ratios
Short term liquidity
The auditor must report the following to the audit committee or others charged with governance
Significant deficiencies and material weaknesses.
When the auditor has decided to not rely on the entities controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a _________ audit strategy
Substantive
When the auditors sets control risk at high, he or she documents that control risk assessment and performs _________ procedures
Substantive
Regardless of the assessed level of control risk, an auditor would perform some _________
Substantive procedures to restrict detection risk for significant transaction classes
Audit effectiveness is impacted when the auditor doesn't do enough _________
Testing
A cut off test That relates to plant assets typically affects
The balance sheet
When the auditor has decided to rely on controls, the confidence level is set at 90 or 95%, meaning that the auditors willing to except a 10 or 5% risk of accepting
The control as effective when in fact it is not
Which of the following statements about internal control is correct
The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.
As a result of sampling procedures applied as tests of controls, an auditor incorrectly assesses control risk lower than appropriate. The most likely explanation for this situation is that _________
The deviation/failure rate in the auditors sample is less than the TDR, but the deviation/failure rate in the population exceeds the TDR
True or false: auditing standards base the need for substantive procedures for significant account balances on the assessed risk of material Misstatement
false
An audit document that reflects the major components of an amount reported in the financial statements is referred to as a
lead schedule
Audit sampling for tests of controls is generally appropriate when the completion of a control procedure _________
leaves documentary evidence
The primary source of evidence about pending litigation is the attorney
letter
he difference between a control deficiency, a significant deficiency, and a material weakness is determined solely based on _________
magnitude
Reports accepting responsibility for establishing and maintaining adequate ICFR are issued by _____ of public companies
management
According to the reliability hierarchy by evidence type as presented in the text, an example of audit evidence with a low level of reliability is:
observation
Unrestricted random sampling without replacement means Blank
once an item is selected, it cannot be selected a second time
A type _________ report assesses the controls and their suitability
1
Place the following steps in the top-down, risk-based approach to the audit of ICFR in their proper order
1. Identify entity-level controls 2. Identify significant accounts and disclosures and their relevant assertions 3. Understand likely sources of misstatement 4. Select controls to test
A type _________ report assesses the controls, their suitability, and effectiveness
2
An auditors primary consideration regarding an entities internal controls is whether they _________
Affect the financial statement assertions
A control issue does not rise to the level of control deficiency if the likelihood is ______.
remote
The substantive analytical procedure known as trend analysis is best described by
the examination of changes in an account over time
Sample size varies indirectly with which of the following
tolerable deviation rate
To effectively help the auditor determine if asset accounts contain material Misstatements, _________ ratios maybe used
Activity
Misstatements in the entities records are corrected with _________ entries
Adjusting
A company generated total sales of $1,500,000 and has accounts receivable of $14,550. If 85% of sales are made on credit, the days outstanding in accounts receivable is
4.17 days (you take $1,500,000 times 85% equals $1,275,000 divided by $14,550 equals 87.6 receivables turnover then take 365 days divided by 87.6 equals 4.17)
Unless a longer period of time is required, PCAOB standards require the auditor to retain audit documentation for the ICFR and financial statement audit for _________ years
7
How effectively the entity's assets are managed is indicated by _________ ratios
Activity
The current file of the auditors working papers should generally include
A copy of the financial statements.
AnnaLisa, an auditor for N. M. Neal & Associates, is prevented by the management of Lileah Company from auditing controls over inventory. Lileah is a public company. Management explains that controls over inventory were recently implemented by a highly regarded public accounting firm that the entity hired as a consultant and insists that it is a waste of time for AnnaLisa to evaluate these controls. Inventory is a material account, but procedures performed as part of the financial statement audit indicate the account is fairly stated. AnnaLisa found no material weaknesses in any other area of the entity's internal control relating to financial reporting. What kind of report should AnnaLisa issue on the effectiveness of Lileah's internal control?
A disclaimer of opinion
Which of the following best illustrates the concept of sampling risk
A randomly chosen sample may not be representative of the population as a whole on the characteristic of interest.
Using a systematic selection approach to select a sample means _________
A starting number is selected first and then every Nth item is selected
In verifying the existence in for an asset, and auditor ordinarily works from the
Accounting records to the supporting documents
After obtaining an understanding of an entities internal control system, and auditor may set control risk at high for summer sessions because the auditor
Believes the internal controls are unlikely to be effective
A reliance strategy is chosen when the auditor _________
Both a and C
Understanding each of the components of internal control provides knowledge about _________
Both a and C
If a material weakness cannot be corrected and/or properly tested before the "as of" date _________
Both management and the auditors should issue a report that the ICFR is not operating affectively
Because the auditor does not know the true deviation right, he or she calculate a _________
Computed upper deviation rate
The purpose of the _________ framework is to help management better control the organization and to provide boards of directors and added ability to oversee internal control
COSO
A controlled deviation Caused by an employee performing a control procedure that he or she is not authorized to perform is always considered a _________
Deficiency in operation
Once key controls have been identified, the auditors starts with evaluating their _________ effectiveness, which may also provide some evidence about _________ effectiveness
Design, operating
Backup copies maybe used to mitigate the risk of _________
Destruction of data
Most of the steps for planning and carrying out a nonstatistical Test of controls are the same as those for a statistical test of controls. Which of the following represent the steps that could difference between non-statistical and statistical sampling as discussed in the text
Determining the sample size, selecting the sample items, calculating the computed upper deviation rate
For test of controls, a departure from adequate performance of the internal control is called a _________
Deviation
The auditor _________ need to test all controls
Does not
The role of the registered independent auditing firm relative to its clients internal controls under the Sarbanes-Oxley act of 2002 is to
Express an opinion on the effectiveness of the entity's internal control.
Information that is complete, neutral, and free from error has the characteristic of _________ _________
Faithful representation
The effectiveness of internal control is reduced by _________
Human errors or mistakes.
Which of the following is not one of the five major components of internal control
Human resource background checks.
In order to be able to set control risk at a lower level, the auditor must do all of the following except
Identify all general IT controls
Generalized Audit Software (GAS) Would likely be used in the audit of accounts receivable for all of the following except
Identifying weaknesses in the documentation of entity controls
In substantive testing, the risk that the sample supports a material Misstatement does not exist when immaterial Misstatement actually does exist is the risk of _________ _________
Incorrect acceptance
In substantive testing, the risk that the sample supports a material Misstatement when it does not exist is the risk of _________ _________
Incorrect rejection
Differences identified by substantive analytical procedures indicate an _________ likelihood of Misstatements
Increased
If detection risk is set to high, the risk of the auditor will fail to detect an actual Misstatement Blank
Increases
Audit documentation is the property of the _________
Independent auditors
In order to evaluate profitability ratios, it should be interpreted by comparison to _________ data
Industry
The primary purpose of sampling is to draw a _________ about the whole population based on the results of testing only a subset of the population
Inferences
The infrastructure, software, people, procedures, and data used to support the functioning of internal control is known as an
Information system
When assessing the tolerable deviation rate, the auditors should consider that while deviations from control procedures increase the risk of material Misstatements, search deviations may not necessarily result in errors. This explains why _________
It recorded dispersement that is not properly authorize me nonetheless be recorded properly in the cash disbursements journal
Management's assessment of the entity's ICFR must be based on
a recognized control framework
Confirmations would normally be most likely used as a type of audit evidence in connection with which of the following
accounts receivable
Management asserts that ICFR is effective _________
as of the end of the fiscal year
Which of the following types of evidence is most likely to utilize sampling
confirmation
Understanding the nature and cause of a deviation helps the auditor better assess control risk and evaluate whether the deviations represent _________
control deficiencies
Analytical procedures are the primary way to test data
interrelationships
A company generated total sales of $1,500,000 and has inventory of $134,680 if cost of good sold is 47% of sales the inventory turnover ratio is
1.69 (you take $1,500,000 times 47% equals $705,000 divided by $134,680 = 5.23)
There are _________ types of reports that auditors of a service organization can provide
2
Authorization requirements for access to computer programs in periodic counting and comparison with amount shown on control records are examples of _________
Physical controls
_________ may be used to mitigate the risk of unauthorized access in computer operations
Physical controls
In conducting a statistical sample for a test of controls, auditing standards require the auditor to properly _________ the sampling application
Plan, performance, and evaluate
If the auditor believes that the expected Blank deviation rate exceeds the blank deviation rate, statistical testing should not be performed
Population, tolerable
The quality of an expectation is referred to as the _________ of the expectation
Precision
Which of the following types of audit evidence is the least reliable
Prenumbered purchase order forms prepared by the entity.
Segregation of duties is a control aimed at _________ Misstatement
Preventing
Statistical sampling uses the laws of _________ to compute sample size and evaluate the sample results
Probability
Random number selection is used in many statistical sampling applications because the auditor is required to be able to measure the _________ of selecting the sample units selected
Profitability
The entities success or failure for a given period is measured by _________ ratios
Profitability
Which of the following types of audit reports would not be appropriate for an auditor to issue on the effectiveness of an entities internal controls
Qualified (A significant deficiency exists)
The quality of internal control is directly related to the _________ of the personnel operating system
Quality
A material weakness is a deficiency or combination of deficiencies in ICFR such that there is a _________ possibility that a material financial statement misstatement will not be prevented or detected on a timely basis
Reasonable
An unqualified opinion regarding the effectiveness of the entities ICFR provides _________ assurance that the entities controls are designed and operating effectively in all material respects as of the balance sheet date
Reasonable
And effective internal control system provides _________ assurance that the risk of not achieving an entity's objective is reduced to an acceptable level
Reasonable
The COSO definition of ICFR is designed to provide _________ assurance regarding the reliability of financial reporting and GAAP financial statement presentation
Reasonable
Audit evidence supporting effective internal control must be obtained at the level of _________
Reasonable assurance
According to the reliability hierarchy by evidence type as presented in the text, an example of audit evidence with a high level of reliability is:
Recalculation
To properly present information on the financial statements a _________ entry that affects either in the income statement or the balance sheet must be made
Reclassification
Which of the following is not considered a general control
Reconciliation of payroll record count with the number of active employees.
Preparing _________ _________ can help detect Misstatements that have been made
Reconciliations
Assessing the control risk to low represents an inappropriate _________ of the extent of substantive procedures
Reduction
Internal controls are designed to achieve company objectives in all of the following areas except
Reduction of debt financing costs.
An auditor would be least likely to use confirmations in connection with the examination of
Refundable income taxes.
Information that is capable of making a difference in user decisions has the characteristic of _________
Relevance
The extent of an auditors understanding of control activities as a function of _________
The audit strategy
Which of the following statements is true in an attribute sampling plan Where the tolerable deviation rate is 7%, the computed upper deviation rate is 6.5%, the sample deviation rate is 2%, and the risk of assessing control risk too low is 5%
The auditor is likely to determine that the results do support reliance on the control because the computed upper deviation rate is less than the tolerable deviation rate.
The likelihood of assessing control risk too high is the risk that the sample selected to test controls _________
does not support the auditor's planned assessed level of control risk when the true operating effectiveness of internal control justifies such an assessment.
The best way to identify potential sources of misstatements is often _________
Performing walkthroughs
An auditor desired to test credit approval on 10,000 sales invoices processed during the year. The auditor designed a statistical sample that would provide 1 percent risk of assessing control risk too low for the assertion that not more than 7 percent of the sales invoices lacked approval. The auditor estimated from previous experience that about 2½ percent of the sales invoices lacked approval. A sample of 200 invoices was examined, and 7 of them were lacking approval. The auditor then determined the computed upper deviation rate to be 8 percent. Based on the information above, the plan allowance for sampling risk was _________
4.5%
A company generated total sales of $1,500,000 and has accounts receivables of $14,550. If 85% of sales are made on credit, the receivables turnover ratio is
87.6 (you take $1,500,000 times 85% equals $1,275,000 divided by 14,550 equals 87.6)
When assessing the tolerable deviation rate, the auditors should consider that, while deviations from control procedures increase the risk of material Misstatements, search deviations do not necessarily result in Misstatements. This explains why:
A recorded disbursement that does not show evidence of required approval me nevertheless be a transaction that is properly authorized and recorded
Which of the following is true regarding technological advances and auditing
A well-controlled, automated accounting system that processes routine transactions with few errors can reduce the number of times auditors need to utilize sampling techniques in an audit.
In auditing ICFR for a public company, Emily finds that the entity has a significant subsidiary located in a foreign country. Emily's accounting firm has no offices in that country, and the entity has thus engaged another reputable firm to conduct the audit of internal control for that subsidiary. The other auditor's report indicates that there are no material weaknesses in the foreign subsidiary's ICFR. What should Emily do?
Accept the other auditor's opinion after evaluating the auditor's work, and make reference to the other auditor's report in her audit opinion.
Which of the following represents the correct sequence of audit steps that come after first obtaining an understanding and documenting the entities internal control
Access control risk, test of controls, reassess control risk, determine extent of substantive testing
A primary advantage of using generalized audit software packages to audit the financial statements of an entity that uses an IT system is that the entity may
Access information stored on computer files while having a limited understanding of the entities hardware and software features
If one or more unremediated material weaknesses as identified, the auditor issues an _________ opinion on the entities internal control
Adverse
when considering financial reporting risks, management should generally include _________ business units
All
Audit documentation provided the principal support for which of the following
All of the above
Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective
All of the above are correct
Which of the following presumptions is least likely to relate to the reliability of audit evidence
An auditor's opinion is formed within a reasonable time to achieve a balance between benefit and cost.
Which of the following presumptions is correct regarding the reliability of audit evidence
An effective internal control system provides increased assurance with regard to the reliability of audit evidence.
In auditing a public company, Natalie, an auditor for N. M. Neal & Associates, identifies four deficiencies in ICFR. Three of the deficiencies are unlikely to result in financial misstatements that are material. One of the deficiencies is reasonably likely to result in misstatements that are not material but significant. What type of audit report should Natalie issue?
An unqualified report.
Which of the following is not a requirement for management under section 404 of the Sarbanes Oxley act of 2002
Guarantee effectiveness of the entity's ICFR.
Ensuring the completeness and accuracy of transaction processing, authorization, and validity is the goal of _________ controls
Application
These apply to the processing of individual applications and help ensure the occurrence, completeness and accuracy of transaction processing
Application controls
The requirement to _________ journal entries is an example of a preventive control
Approve
SOC one, type 2 reports issued by the service organizations auditor typically _________
Assess whether the service organizations controls are suitably designed an operating effectively
The process of evaluating the effectiveness of an entities internal control in preventing, or detecting, incorrect and material Misstatements in the financial statements is called _________ control risk
Assessing
The primary objective of final analytical procedures is to
Assist the auditor in assessing the validity of the conclusions reached on the audit.
Which of the following types of statistical testing is likely to be used for a test of controls
Attribute sampling
Which of the following is true regarding audit evidence
Audit evidence is gathered to determine whether each relevant financial statement assertion is being supported.
The document that outlines the auditors understanding of the entity and potential risks as well as the strategy to be followed by the auditor is called the _________ _________
Audit plan
Specific acts performed by the auditors to gather evidence about whether specific assertions are being met are referred to as _________ _________
Audit procedures
Which of the following statements is correct
Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness
The audit procedures that will be conducted by the auditor are contained in the _________ _________
Audit program
Representation letters are dated as of the date of the
Audit report
The selection and evaluation of less than 100% of the items in a population that is expected to be representative of the population to provide a reasonable basis for a conclusion is the definition of _________ _________
Audit sampling
The basic framework for the auditors understanding of audit evidence and it's use in supporting the auditors opinion on the financial statements is _________
Auditing standards
How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the _________
Auditors
Which of the following statements concerning control deficiencies is true
Auditors are required to report all control deficiencies to the audit committee
Which of the following statements best describes how the requirements under Sarbanes-Oxley changed the auditors responsibility for issuing an opinion in connection with the audits of most public companies
CPA firms are now required to issue a second opinion related to their evaluation of the effectiveness of internal controls in addition to an opinion on the overall fairness of the financial statements.
If the computed upper deviation rate is less than or equal to the tolerable deviation rate, the auditor concludes that the control tested _________ be relied upon
Can
If the auditor fails to obtain written representations from management, the auditor _________ opinion of ICFR
Cannot issue an unqualified
Which of the following items is generally not included as part of audit documentation
Client review notation.
Professional standards indicate that sample sizes for non-statistical applications should be _________ sample sizes for statistical applications
Comparable to
Which of the following procedures would an auditor most likely rely on to verify management assertion of completeness
Comparing a sample of shipping documents to related sales invoices
For non-public companies with preliminary control risk assessment set at high, auditors are likely to
Complete little or no tests of controls
Discussions with the owner - manager of an entity under audit reveal to the auditor that the company is more concerned with minimizing its income tax payments then maximizing income. Based on this information which management assertion will the auditor be most concerned about verifying with regard to sales revenue
Completeness
Audit evidence can come in different forms with different degrees of reliability. Which of the following is the most persuasive type of evidence
Computations made by the auditor.
Assessing control risk below high involves all of the following except
Concluding that controls are Ineffective
Entity-level controls can have a pervasive effect on the entity's ability to meet the control criteria. Which one of the following is not an entity-level control?
Controls to monitor the inventory taking process.
In regards to applying the audit testing hierarchy , starting with tests of _________ is generally more effective and efficient than starting with tests of _________
Controls, details
"Remediation" refers to _________
Corrective actions taken by management to eliminate a material weakness.
Auditors obtain an understanding of a non-public entities internal control for the primary purpose of
Determining the nature, extent, and timing of subsequent audit procedures to be performed
One of the most difficult steps of an auditing sampling application is generally blank
Determining the sample size
Management may include additional information in its report on ICFR, in regards to such information the auditors should _________
Disclaim an opinion
If the auditor believes that additional management information in its report of ICFR contains a material Misstatement of fact the auditor should immediately _________
Discuss the matter with management
For a control system to be considered _________ each of the five components and relevant principles must be present and functioning, and the five components must operate together in an integrated Manner
Effective
An audit needs to have the correct balance of efficiency and _________
Effectiveness
The integrity and ethical values of management personnel heavily influence the _________ of an entities internal controls
Effectiveness
Type two reports address operating _________. type one do not
Effectiveness
In applying attribute sampling two tests of controls, the auditor normally attempts to determine the operating _________ of a control in terms of _________ from a prescribed internal control
Effectiveness, deviations
Audit _________ is affected when too much substantive testing is done
Efficiency
If you examine a sample of 100 transactions and find eight with errors, this suggests a transaction error rate of _________ percent
Eight
The audit committee should be composed of directors who are not _________ of the organization
Employees
Which of the following steps or procedures is least likely to be performed as part of management's assessment of the effectiveness of internal controls
Engaging the external auditors to conduct cut off tests
Systematic selection provides a sample where _________
Every sampling unit has an equal chance of being selected
For which of the following audit tests would an auditor most likely use attribute sampling
Examining supporting documentation for purchases for evidence of proper authorization
_________ maybe used to mitigate unauthorized access to programs
Password systems
True or false: a control deficiency is defined as an existing control that is not properly designed to meet control objectives even if it operates as designed.
False
True or false: in planning an integrated audit, the auditor should design separate tests of controls to accomplish the objectives of the audit of ICFR and the audit of financial statements
False
True or false: the auditor is required to obtain corroborative evidence for planned analytical procedures
False
The working papers document the auditors compliance with auditing standards and particularly compliance with the standards of _________
Fieldwork
_________ maybe used to mitigate the risk of viruses in electronic commerce
Firewalls
If three deviations are found in a sample of 60, the Sample deviation rate is _________ percent
Five
The auditor may document the achieved level of control risk using all of the following Except
Flow charts
The physical representation of the population is referred to as the _________
Frame
The assessment of _________ _________ includes consideration of incentives and pressures, opportunities and how personnel might rationalize or justify inappropriate actions
Fraud risk
Controls over network operations are included as part of _________ controls which relate to the overall information processing environment
General
An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances on which of the following controls with the auditor initially focus
General controls
The approach to taking and monitoring business risk and attitudes and actions toward financial reporting are characteristics that make signal important information to the auditor about management _________ and _________ values
Integrity, ethical
Auditors may test controls at an _________ date because the assertion being tested may not be significant, the control has been effective in prior audits, or it may be more efficient to conduct the tests at that time
Interim
The phrase "all material respects" means that the entities ICFR _________
Is free of any material weakness
If the computed upper deviation rate exceeds the tolerable deviation rate, the auditor will normally conclude that the control _________
Is not operating at an acceptable level
Which of the following is true relating to audit work paper documentation
It serves as the basis of review for audit supervisors to determine if sufficient, appropriate evidence has been gathered.
An auditor may need to obtain a service auditors report when an entity receives accounting services such as payroll from a service organization. Which of the following statements is true regarding this service audit report
It should include an opinion.
All else being equal, the less risk that the auditors willing to accept, the blank the sample size must be
Larger
If they computed upper deviation rate is _________ the tolerable deviation rate, the auditor can conclude that the control tested can be relied upon
Less than or equal to
The severity of a control deficiency depends on the _________
Likelihood and magnitude
Auditors must carefully control the risk of assessing risk too high or _________ when performing tests of controls
Low
When audit risk is low and the risk of material Misstatement is high, detection risk will be set at _________
Low
The blank the tolerable deviation rate, the blank the sample size
Lower, larger
Interim tests of controls give auditors time to inform the _________ so that likely Misstatements can be located in corrected before the rest of the audit is performed
Management
The competence level for a particular job should be specified and translated into a job description that details the specific knowledge and skills required. This task should be done by _________
Management
Who is responsible for the fair presentation of the financial statement
Management
When audit evidence supports _________ _________, the auditor can issue an unqualified report
Managements assertions
A deficiency in ICFR, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis is defined as a ___________ __________ by the PCAOB
Material weakness
Deficiency or combination of deficiencies in internal controls, such that there is a reasonable possibility that a material Misstatement of the entities financial statement will not be prevented, or detected and corrected on a timely basis is a
Material weakness
If the frame and the population differ, the auditor blank
May draw the wrong conclusion about the population
And advantage of statistical sampling over non-statistical sampling is that statistical sampling helps an auditor to _________
Measure the sufficiency of the evidential matter obtained
When compared to automated controls, manual controls should be subjected to _________ testing
More extensive
The _________ precise the expectation, the _________ the likelihood that the difference is actually a Misstatement
More, greater
Determining the sample size is typically one of the _________ steps of an audit sampling application
Most difficult
The requirements of section 404 of the Sarbanes-Oxley act of 2002 apply to _________
Most publicly-held companies.
With regard to entities that have locations for business units that are judged to have financial reporting risks, the auditor _________
Must first determine whether those risks are adequately addressed by entity level controls
The permanent file section of the working papers that is kept for each audit client most likely contains
Narrative descriptions of the entity's accounting system and control procedures.
The _________ of the audit evidence refers to the form or type of information, which includes accounting records and other available information
Nature
Because documents like checks, shipping documents, and receiving reports are usually _________ it is easier for auditors to verify cut off
Numbered
How authority and responsibility are delegated and monitored and the framework within which the entities activities for achieving entity wide objectives are planned, executed, controlled and reviewed are defined by the entities _________ _________
Organizational structure
Reporting distribution logs, transmittal sheets, reasonableness reviews and reconciliations to control or batch totals are examples of _________ controls
Output
The main concern of _________ controls is that computer reports, checks, documents, or other printed or displayed information may be distributed or displayed to unauthorized users
Output
The _________ issues statements on attestation on the effectiveness of ICFR
PCAOB
As it relates to the external financial reporting objective, the entities _________ _________ process should consider internal and external events and circumstances that may arise and adversely affect the entities ability to initiate, authorize, record, process and report financial data consistent with management financial statement assertions
Risk assessment
Which of the following best illustrates the components that make up the upper deviation rate
Sample Deviation rate + allowance for sampling risk
The number of deviations found in the sample divided by the number of items in the sample is the _________ rate
Sample deviation
Which of the following statements is true regarding non-statistical sampling
Sample sizes for non-statistical sampling should be comparable to statistical sampling
Auditors will tolerate deviation and still consider a control to be effective because there is a risk that the blank deviation rate differs from the blank deviation rate
Sample, population
Significant deficiencies and Material weaknesses must be communicated to an entities audit committee because they represent
Significant deficiencies in the design or operation of internal control
Less severe than a material weakness, a _________ _________ is still important enough to Merit attention by those charged with governance
Significant deficiency
Significant deficiencies are matters that come to an auditors attention that should be communicated to entities audit committee because they represent _________
Significant deficiency in the design or operation of the internal control
If employees lack _________ they may be ineffective in performing their duties
Skills
The amount appearing as an asset on a financial statement is usually the accumulation of many _______ items
Smaller
Auditors may use audit _________ to test clerical accuracy
Software
Coverage ratios provide information on the long term _________ of the entity
Solvency
_________ may be involved in some testing of calculations
Specialists Specialist
If a large number of deviations are detected early in the tests of controls, the auditors should consider _________
Stopping the test as soon as it is clear that they results of the test will not support the plant assessed level of control risk
The last step in the decision process is performing _________ procedures
Substantive
Which of the following statements is false concerning the audit requirements of the Sarbanes-Oxley act of 2002 and AS5 related to internal controls
The auditor should provide recommendations to the audit committee for improving internal control as part of the auditor's assessment.
Which of the following statements is correct with regard to the quality or appropriateness of evidential matter
The auditor's direct personal knowledge, obtained through observation and inspection, is more persuasive than information obtained indirectly from independent outside sources.
Which of the following statements concerning control deficiency is true
The auditors should communicate to management, in writing, all control deficiencies in internal control identified during the audit
The Sarbanes-Oxley act of 2002 requires management To include a report on the effectiveness of ICFR in the entities annual report. And also requires auditors to report on the effectiveness of ICFR. Which of the following statements concerning these requirements is false
The auditors should provide recommendations for improving internal control in the audit report
Which of the following is not a factor that might affect the likelihood that a control deficiency could result in a Misstatement in an account balance
The financial statement amounts exposed to the deficiency.
Monitoring is a major component of the COSO Internal control integrated framework. Which of the following is not correct and how the company can implement the monitoring component
The independent auditor conserve as part of the entities control environment and continuous monitoring
Assume an auditor is evaluating a statistical attribute sample of 50 items that resulted in three deviations. What should the auditor conclude if the tolerable deviation rate is 7 percent, the expected population deviation rate is 5 percent, and the allowance for sampling risk is 2 percent?
The planned assessed level of control risk should be modified because the sample deviation rate plus the allowance for sampling risk exceeds the tolerable deviation rate.
Which of the following is a proper reason for not conducting tests of controls for non-public companies
The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.
Which of the following most likely represents a weakness in internal control of an IT system
The systems analyst reviews output and controls the distribution of output from the IT department.
Which of the following statements is false regarding the use of the test data approach in the evaluation of an accounting system
The test data should consist of only valid conditions.
One of the main objectives of performing analytical review procedures during planning phase of the audit is to identify
Unusual changes that may signal possible account misstatements.
Which of the following audit procedures would most likely be used to test the mathematical accuracy of a 500 page inventory listing
Use computer-assisted audit techniques to foot, or sum, the entire listing
All of the following factors should be considered by the auditor when deciding on the extent of controls testing except _________
The time the auditor has to test controls before a report must be issued.
When auditors report on the effectiveness of internal control "as of" a Specific date and obtain evidence about the operating effectiveness of controls at an interim day, which of the following items would be the least helpful and evaluating the additional evidence to gather for the remaining period
The walk-through of the control system conducted at interim
Which of the following statements is correct concerning statistical sampling in tests of controls
There is an inverse relationship between the sample size and the tolerable deviation right
According to the text, each of the following is a main purpose for performing audit procedures except
To develop recommendations for the control system
The second step in the analytical procedures decision process is to define a _________ difference
Tolerable
The amount of difference that can be excepted will always generally be lower than _________ _________
Tolerable Misstatements
The maximum deviation rate for my prescribe controlled of the auditor is willing to accept and still consider the control effective is called the blank rate
Tolerable deviation
An auditor desired to test credit approval on 10,000 sales invoices processed during the year. The auditor designed a statistical sample that would provide 1 percent risk of assessing control risk too low for the assertion that not more than 7 percent of the sales invoices lacked approval. The auditor estimated from previous experience that about 2½ percent of the sales invoices lacked approval. A sample of 200 invoices was examined, and 7 of them were lacking approval. The auditor then determined the computed upper deviation rate to be 8 percent. In the evaluation of this sample, the auditor decided to increase the level of the preliminary assessment of control risk because the _________
Tolerable deviation rate (7%) was less than the computed upper deviation rate (8%)
True or false: a substantive strategy requires the auditor to have a sufficient understanding of the entities internal controls to know whether they are designed and implemented properly
True
True or false: although the auditor owns the audit documents, they cannot be shown to outside parties without the entities consent, except under certain circumstances
True
True or false: audit evidence includes information developed by the auditor that permits him or her to reach conclusions through valid reasoning
True
True or false: sample results can only be projected to the population from which the sample was selected
True
true or false: the COSO definition of ICFR includes reasonable assurance regarding the safeguarding of assets
True
This type of report includes managements description of the service organizations system and the auditors opinion as to whether the service organizations controls are suitably designed to achieve management control objectives as of the end of the period
Type one report
This type of report provides assurance on the operating effectiveness of the service organizations controls based on the auditors test of those controls
Type two report
An auditors flow chart of an entity's accounting system is a diagrammatic representation that depicts the auditors
Understanding of the system
After auditing the effectiveness of an entities internal control, and auditor issues an _________ _________ if the entities internal control is designed and operating effectively in all material respects
Unqualified opinion
The reliability of inspection of records and documents depends primarily on ______
Weather the document is internal or external
Audit documentation is referred to as _________ _________ or the audit file
Working papers
The focal point for reviewing the work of subordinates and for quality control reviewers are the _________ _________
Working papers
to provide reasonable assurance, a control system _________
allows for a remote likelihood of material misstatement
The assurance bucket is filled with all of the following types of evidence except
audit report
To enhance the control environment, management develops job _________
descriptions
When a control necessary to meet the relevant control objective is missing, a(n) _________ __________ exists.
design deficiency
The computed upper deviation rate is the sum of the _________
sample deviation rate and an appropriate allowance for sampling risk
The risk of incorrect rejection is associated with _________
sampling risk
As a result of sampling procedures applied as tests of controls, an auditor incorrectly assesses control risk lower than appropriate. The most likely explanation for this situation is that _________
the deviation rate in the auditor's sample is less than the tolerable deviation rate, but the deviation rate in the population exceeds the tolerable deviation rate.
A walk through is one procedure used by an auditor as part of the internal control audit. A walk through requires an auditor to _________
trace a transaction from each major class of transactions from origination through the entity's information system until it is reflected in the entity's financial reports.
To perform a(n) _________ the auditor traces a transaction from an organization all the way to its reflection in the entity's financial statements
walkthrough