aud ch. 6
Which of the following application controls is a processing control? A. Before-and-after report B. Missing data check C. Visual scanning D. Reconciliation of totals
A. Before and after report
By whose standards are internal control weaknesses commonly categorized into three groups? A. Both PCAOB and U.S. GAAS B. PCAOB only C. U.S. GAAS only D. Neither PCAOB nor U.S. GAAS
A. Both PCOAB and U.S. GAAS
Which of the following are designed to provide reasonable assurance that the recording, processing, and reporting of data by an IT system are properly performed for specific applications? A. Computer application controls B. Computer general controls C. IT dependent manual controls D. None of these options are correct.
A. Computer Application Controls
One of the seventeen COSO principles of internal control states that "the organization holds individual accountable for their internal control responsibilities in the pursuit of objectives." To which component of internal control does this principle belong? A. Control Environment B. Risk Assessment C. Control Activities D. Information and Communication
A. Control Environment
What does COSO define as a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting and compliance? A. Internal control B. Compliance C. Reporting D. Risk assessment
A. Internal Control
If you place a control that the computer checks run-to-run total of beginning receivables, plus sales transactions with the sum of ending receivables, which of the following risks will you be addressing? A. Invoices not journalized or posted to customer accounts B. Sales invoices recorded in the incorrect accounting period C. Products shipped without shipping documents being generated D. Sale made without credit approval
A. Invoices not journalized or posted to the customer accounts
Which of the following is a deficiency in internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented on a timely basis? A. Material weakness B. Deficiency in internal control C. Significant deficiency D. Immaterial weakness
A. Material Weakness
Which of the following is a report sent to each customer showing the beginning receivable balance, transactions during the month, and the ending receivable balance? A. Monthly statement of receivable balances B. Sales invoice C. Sales cycle database D. Customer master file
A. Monthly statement of receivable balances
What are the most common forms of documentation for client internal controls, particularly in smaller environments where accounting and internal control activities are simple? A. Narratives B. Logic diagrams C. Flow charts D. Preformatted questionnaires
A. Narratives
Reports that summarize the detail of account balances such as an aged trial balance of accounts receivable are an example of which category of control activities? A. Performance reviews B. Information processing controls C. Physical controls D. Segregation of duties
A. Performance reviews
A deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis is best described as ________. A. a material weakness B. a significant deficiency C. a material deficiency D. a deficiency
A. a material weakness
A deficiency in an operation exists when ________. A. a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or competence to perform the control effectively B. properly designed control operates as designed and the person performing the control possesses the necessary authority or competence to perform the control effectively C. it has become clear to the auditor that performance of the operation creates significant risk that a material misstatement will not be detected by the client system D. an improperly designed control does not operate as designed or the person performing the control possesses the necessary authority or competence to perform the control effectively
A. a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or competence to perform the control effectively.
Logic diagrams provide ________. A. a visual perspective of the flow of the transactions and key controls throughout the flow that is often simpler for the reader or reviewer to understand B. a description (in words) of each step of the flow of a transaction from start to finish (that is, from initiation to reporting in the financial report C. a process flowchart on the left-hand side and the narrative describing each step in the flow on the right-hand side D. extensive description of steps detailing all aspects of transaction in the internal control processes
A. a visual perspective of the flow of the transactions and key controls throughout the flow that is often simpler for the reader or reviewer to understand
Key assertions pertaining to the delivery of goods are ________. A. accuracy, completeness, and occurrence B. completeness, occurrence, and cutoff C. accuracy, occurrence, and rights and obligations D. presentation and disclosure
A. accuracy, completeness, and occurance
An example of an entity level control would be ________. A. an entity's risk assessment process B. a detective control pertaining to accounts receivable C. a preventive control relating to an IT function D. a physical lock on a storage facility
A. an entity's risk assessment process
The management letter should: A. be prepared by the audit team, be provided to the client, and discuss internal control weaknesses and other matters discovered during the audit B. only discuss internal control weaknesses C. be sent at the beginning of the engagement D. also be sent to the client's attorneys as a matter of course
A. be prepared by the audit team, be provided to the client, and discuss internal control weaknesses and other matters discovered during the audit
\What kind of internal control documentation is particularly helpful in industries that the auditor may not personally be familiar with? A. Checklists and preformatted questionnaires B. Combinations of narratives and flowcharts C. Flowcharts and logic diagrams D. Narratives and logic diagrams
A. checklists and preformatted questionnaires
Which of the following is a form of documenting internal controls that is typically a page divided into two sections? A. Combinations of narratives and flowcharts B. Checklists C. Preformatted questionnaires D. Narratives
A. combination of narratives and flowcharts
A purpose of the management letter is to ________. A. communicate internal control matters in writing on a timely basis with those charged with governance B. identify, analyze, and manage the risks that affect an entity's ability to achieve its operational effectiveness C. ensure that every transaction is authorized by management personnel acting within the scope of their authority D. control program development, program changes, and computer operations and to secure access to programs and data
A. communicate internal control matters in writing on a timely basis with those charged with governance
IT dependent manual controls are controls that chiefly involve manual review of the _________ of computer- generated information. A. completeness and accuracy B. cutoff and classification C. rights and obligations D. valuation and allocation
A. completeness and accuracy
Which of the following types of control are designed to control program development, program changes, computer operations, and access to programs and data? A. Computer general controls B. Computer application controls C. IT dependent manual controls D. None of these options are correct.
A. computer general controls
A top-down approach begins by _____. A. considering what can go wrong in the financial statements B. considering which members of top management might be committing fraud C. assigning the highest ranking and most experienced members of an audit team to an audit D. sending questionnaires to top management to complete before interviewing any mid-level management employees
A. considering what could go wrong in the financial statements
Compared to other types of entity-level controls, the auditor finds _______the easiest to test because their operation is readily verifiable. A. control activities B. control environment C. risk assessment D. information and communication
A. control activities
Which of the following is comprised of the attitudes, awareness and actions of management and those charged with governance concerning the entity's internal control and its importance in the entity? A. Control environment B. Entity-level controls C. Monitoring activities D. Information and communication
A. control environment
Which of the following documents contains the customer shipping and billing information and the customer credit limit? A. Customer master file B. Packing slip C. Bill of landing D. Sales invoice
A. customer master file
Documents and files related to initiating credit sales would be ________. A. customer master file and sales order B. sales order and sales invoice C. bill of lading and packing slip D. credit sales order
A. customer master file and sales order
Input controls are designed to provide reasonable assurance that ________. A. data received for processing have been properly authorized and converted into machine-sensible form B. data received for processing have been properly authorized only C. the computer processing has been performed as intended for the particular application D. reports generated by the accounting system are accurate and reliable
A. data received for processing have been properly authorized and converted into machine-sensible form
Applications controls will ________. A. differ for each transaction cycle B. remain the same for each transaction cycle C. be closely related to transaction processing controls D. always consist of input controls and processing controls
A. differ for each transaction cycle
Run-to-run totals compare ________. A. ending balances with beginning balances plus known transactions processed. B. contents of a master file before and after each update. C. data with an expected limit. D. actual results and estimated results.
A. ending balances with beginning balances plus known transactions processed
IT general controls are ________-level controls. A. entity B. division C. transaction D. function
A. entity
In a top-down approach to understanding internal control over financial reporting and selecting the specific internal controls to test, the auditor focuses on _______-level controls. A. entity B. division C. operating unit D. function
A. entity
Establishing an appropriate level of professional skepticism is achieved by ________. A. gaining an understanding of the entity-level (or entity-wide) internal control components B. talking to the internal audit function C. discussions with the client's attorney D. a directive from the audit partner in charge
A. gaining an understanding of the entity-level internal control components
Common inherent limitations in internal control include ________. A. ineffective understanding of the purpose of a control B. controls within a software system are never overridden C. no evidence or history of collusion within the organization D. top management agree as to the type and extent of system to implement
A. ineffective understanding of the purpose of a control
The concept of computer general controls, controlling computer systems, and programs is an example of a(an) ________. A. layering activity B. IT activity C. general control activity D. auditing process activity
A. layering activity
The purpose of the management letter is to ________. A. meet the auditor's responsibility for communicating internal control matters in writing on a timely basis with those charged with governance B. inform management of the auditors pending desire to withdraw from the engagement C. meet the auditor's responsibility for communicating external control matters in writing on a timely basis with those charged with governance D. request management confirm the makeup and composition of its board of directors and any associated conflicts of interest
A. meet the auditor's responsibility for communicating internal control matters in writing on a timely basis with those charged with governance
Which process involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions? A. Monitoring B. Risk assessment C. Control activities D. Information and communication
A. monitoring
Physical controls are concerned with limiting ________. A. physical access to assets to those authorized to have access B. the informational output of the firm C. investors access to certain records of the firm which should be kept private D. access to accounting information to senior managers only
A. physical access to assets to those authorized to have access
Access controls include a combination of ________ safeguards. A. physical, software, and procedural B. administrative and legal C. software and hardware D. transaction-level
A. physical, software, procedural
As per the COSO Framework, one of the reporting objectives of internal control pertains to ________. A. reliability and transparency B. efficiency of the entity's operations, C. adherence to laws and regulations D. safeguarding of assets against loss
A. reliability and transparency
Transaction-level controls are those controls that ________. A. respond to things that can go wrong with transactions. B. are used reactively to determine where problems have occurred. C. deal with the financial statements in general. D. management have suggested the auditor implement.
A. respond to things that can go wrong with transactions
If you place a control that only a limited number of individuals can change the customer master file and all file changes are reviewed by appropriate levels of management, which of the following risks will you be addressing? A. Sales made to unauthorized customers B. Goods released from warehouse for unauthorized orders C. Some shipments going unbilled D. Sales invoices recorded in the incorrect amount
A. sales made to unauthorized customers
If an employee who has access to the custody of assets steals a cash remittance and covers the theft by recording a bad-debt write off, there was likely a failure in the category of __________. A. segregation of duties B. performance reviews C. authorization control D. physical controls
A. segregation of duties
A bill of lading is a (an) ________. A. shipping document serving as acknowledgement of receipt of goods for delivery by a freight carrier. B. client prepared document with the details of items included in a shipment. C. electronic file that accumulates data on sales, cash receipts, and accounts receivables. D. electronic file containing the customer shipping and billing information and the customer credit limit.
A. shipping document serving as acknowledgment of receipt of goods for delivery by a freight carrier
An auditor's documentation of the client's system of internal controls ________. A. should always be written and updated regularly as the auditor gains further understanding B. is the client's responsibility, and should be provided to the auditor by the client C. should be jointly drafted by the auditor and the client D. should be retained in the permanent audit file and never shared with the client
A. should always be written and updated regularly as the auditor gains further understanding
Which of the following principles is within the control environment component of the seventeen COSO principles of internal control? A. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. B. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. C. The organization identifies risks to the achievement of its objectives across the entity and analyzes risk as a basis for determining how the risks should be managed. D. The organization considers the potential for fraud in assessing the risks to the achievement of objectives.
A. the organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives
As per the COSO Framework, the operations objectives of internal control include ________. A. the safeguarding of assets against loss B. the adherence to laws and regulations C. reliability and timeliness D. timeliness and transparency
A. the safeguarding of assets against loss
A control ensuring that sales are recorded in the sales ledger is a/an _______-level control. A. transaction B. entity C. division D. function
A. transaction
Which application control matches the classification (or transaction) code against the master list of codes permitted for the type of transaction to be processed? A. Valid code check B. Missing data check C. Limit check D. Valid character check
A. valid code check
A deficiency in internal controls is described as ________. A. a combination of deficiencies in internal control which are as severe as material weaknesses B. a deficiency in the design or operation of a single control that does not allow management to prevent and correct misstatements on a timely basis C. a deficiency, or combination of deficiencies in internal control D. a deficiency that has created a reasonable possibility of a material misstatement
B. a deficiency in the design or operation of a single control that does not allow management to prevent and correct misstatements on a timely basis
A management letter is ________. A. formally sent by the auditor to the client before acceptance of the engagement B. a deliverable prepared by the audit team and provided to those charged with governance C. sent from management to the auditor, detailing management's assessment of the auditor's performance during the audit D. sent to the auditor by management, giving permission to contact the predecessor auditor
B. a deliverable prepared by the audit team and provided to those charged with governance
Key assertions pertaining to the audit of credit sales are ________. A. completeness and valuation B. accuracy and occurrence C. valuation and allocation D. rights and obligations
B. accuracy and occurance
In an audit, the purpose of risk assessment is to ________. A. form an ultimate opinion on the financial statements based on management's directives B. assess the combined inherent, control and detection risks to evaluate the likelihood that material misstatements could occur in the financial statements. C. audit the system of internal control only D. ultimately ensure that the internal audit function is performing properly
B. assess the combined inherent, control and detection risks to evaluate the likelihood that material misstatements could occur in the financial statements.
An integrated audit focuses on ________. A. integrating the internal and external audit functions B. auditing both internal control over financial reporting(ICFR) and the financial statements C. integrating component auditors D. comparing prior year results with the current year to look for abnormalities
B. auditing both internal control over financial reporting (ICFR) and the financial statements
The key assertion an auditor would be testing when examining a sales invoice to determine if it was billed to the correct customer would be ________. A. valuation and accuracy B. classification C. rights and obligations D. cutoff
B. classification
The COSO Framework identifies three objectives of internal control that allow organizations to focus on the differing purposes of internal control. One of these is ________. A. client acceptance and continuance B. compliance objectives which pertain to adherence to laws and regulations to which the entity is subject C. internal control analysis D. risk of material misstatement
B. compliance objectives which pertain to adherence to laws and regulations to which the entity is subject
Policies and procedures enacted by the entity which help ensure that management's directives are carried out are generally referred to as ________. A. management activities B. control activities C. legislative activities D. company procedures
B. control activities
Compensating controls are described as ________. A. controls that deal with monetary compensation for employees and contractors B. controls that compensate for another control's potential ineffectiveness C. controls that are determined to be redundant after analysis D. controls that have been determined by the auditor to be effective
B. controls that compensate for another control's potential ineffectiveness
Upon consideration of a client's system of internal control, when an auditor identifies areas with weaknesses, ________. A. reduced substantive testing in this area will be appropriate to reach the desired level of assurance B. increased substantive testing in this area will be appropriate to reach the desired level of assurance C. the auditor should document the weaknesses and refer to them during next year's audit D. the auditor should disclaim an opinion on those areas
B. increased substantive testing in this area will be appropriate to reach the desired level of assurance
Good use of a narrative method of understanding a client's system of internal control would be when the ________. A. client is large and complicated B. is relatively small and not overly complex C. requests the auditor do so D. inherent risk is deemed to be high
B. is relatively small and not overly complex
An example of a risk created by an IT system is ________. A. increased efficiency in processing transactions B. less documentary evidence C. potential availability of real-time financial information D. the extra cost of staffing an IT support function
B. less documentary evidence
An automated procedure to verify that only alphabetical, numerical, or other special characters appear as required in data fields is known as ________. A. missing data check B. valid character check C. valid code check D. sequence test check
B. valid character check
When an output is reviewed for completeness and apparent reasonableness, it is known as ________. A. a reasonableness test B. visual scanning C. a comparison to source documents D. statistical accuracy checking
B. visual scanning
When an auditor decides to follow a particular transaction from initiation through where it is recorded in the financial records, this is known as ________. A. reperformance B. walkthrough C. recalculation D. vouching
B. walkthrough
An auditor's understanding of a client's system of internal control ________. A. is unrelated to the level of substantive procedures an auditor will conduct B. will help the auditor to determine areas of risk to direct audit attention and resources to C. is optional, and should only be conducted for larger clients D. is a helpful tool to determine the accuracy of account balances and transactions
B. will help the auditor to determine areas of risk to direct audit attention and resources to.
An inherent limitation of internal control is that it ________. A. is only as good as those that designed it B. often fails to provide complete assurance of misstatements C. can only provide an entity with reasonable assurance in achieving its financial reporting objectives D. may be costly to implement, and seldom yields any tangible benefits
C. Can only provide an entity with reasonable assurance in achieving its financial reporting objectives
Controlling program development, program changes, computer operations, and securing access to programs and data is the purpose of ________. A. independent controls B. manual controls C. IT general controls D. tech controls
C. IT general controls
Integrity and ethical behavior ________. A. are provided by the auditor to the client in training sessions B. are of no concern, for they are always present C. are the products of the organization's ethical and behavioral standards D. should start at the bottom and work their way up the organization
C. are the products of the organization's ethical and behavioral standards
A logic diagram is best described as ________. A. a complex system of flowcharts detailing the audit procedures conducted and key audit findings B. a narrative surmise of the key audit findings C. being similar to a flowchart but including little detail D. being completed by the client and the auditor upon conclusion of the audit
C. being similar to a flowchart but including little detail
An effective and robust system of internal control ________. A. will guarantee that the entity will meet its objectives B. will eliminate all risks related to entity objectives C. can only provide an entity with reasonable assurance in achieving its financial reporting objectives D. should be carefully examined to see if the benefits outweigh the costs of providing such a system
C. can only provide an entity with reasonable assurance in achieving its financial reporting objectives
Risks related to the prelisting of cash receipts and remittance advices relate to ________. A. cash sales may not be recorded B. errors may be made in journalizing cash receipts C. checks received may not agree with prelist of cash D. receipts may be posted to the wrong customer account
C. checks received may not agree with prelist of cash
When the computer system checks the validity of a customer number or whether a customer has reached their credit limit is an example of a(an) _____. A. internal audit control B. internal system control C. computer application control D. systems application control
C. computer application control
When the auditor identifies internal control strengths, ________. A. inherent risk is increased B. control risk is unaffected C. control risk is decreased D. there is no relationship between strength of internal control and inherent risk
C. control risk is decreased
When the auditor identifies internal control weaknesses, ________. A. inherent risk is increased B. control risk is unaffected C. control risk is increased D. there is no relationship between strength of internal control and inherent risk
C. control risk is increased
The most common forms of documentation that auditor uses to signify their understanding of the system of internal control include ________. A. audit plan B. only flowcharts C. flowcharts, narratives, and logic diagrams D. logic diagrams only
C. flowcharts, narratives, and logic diagrams
A major benefit of an IT system is ________. A. elimination of mistakes B. elimination of the need for personnel C. greater consistency in processing than manual systems D. increased workload created by exception reports
C. greater consistency in processing than manual systems
The management letter discusses ________. A. all issues that management wishes to bring to the attention of the auditor B. all current and pending litigation against the client C. internal control weaknesses and other matters discovered during the course of the audit D. management's disagreements with the auditors regarding certain accounting principles
C. internal control weaknesses and other matters discovered during the course of the audit
Internal control ________. A. relates only to a client's IT systems B. relates to the efficiency of the internal audit function C. is a very broad concept and can encompass all of the elements of an organization D. is unrelated to the audit
C. is a very broad concept and can encompass all of the elements of an organization
An entity's risk assessment process ________. A. should be reevaluated every five years to respond to changing market conditions and threats B. should only solicit feedback from and be crafted by top management C. is its process for identifying and responding to risks that an organization will not achieve its objectives D. is the same as the auditor's consideration of risk
C. is its process for identifying and responding to risks that an organization will not achieve its objectives
A management letter is sometimes also referred to as a ________. A. representation letter B. audit letter C. letter of recommendations D. confirmation
C. letter of reccomendations
An important outcome of understanding the client's system of internal control is the auditor's ability to ________. A. guarantee there are no misstatements in the financial statements B. make recommendations on costs savings related to internal control C. make observations, draw conclusions and offer recommendations regarding the strengths and weaknesses observed D. ensure an unqualified audit opinion in regard to the financial statements
C. make observations, draw conclusions, and offer recommendations regarding the strengths and weaknesses observed
A report sent to each customer showing the beginning receivable balance, transactions during the month, and the ending receivable balance is best described as ________. A. a statement of cash receipts B. an aging of accounts receivable C. monthly statements of receivable balances D. a general ledger receivables report
C. monthly statements of receivable balances
Documents and files relating to recording sales would be ________. A. bill of lading and sales database B. sales invoice and sales database C. sales invoice, sales cycle database, and monthly statements of receivables balances D. bill of lading and monthly receivables balances
C. sales invoice, sales cycle database, and monthly statements of receivables balances
The control environment ________. A. describes the auditor's system of internal control B. refers to both the financial statements of the client and the audit work being conducted C. sets the foundation for effective internal control, and provides discipline and structure D. speaks to the ability of the client to gain funding in capital markets
C. sets the foundation for effective internal control, and provides discipline and structure
Computer general controls pertain to ________. A. only the IT environment B. only IT activities C. the IT environment and all IT activities D. individual IT applications
C. the IT environment and all IT activities
One disadvantage of flowcharts is they ________. A. are technically complex and thus misunderstood B. are too simplistic C. usually take longer to prepare than narratives or checklists D. are more expensive to prepare due to the number of audit hours involved
C. usually take longer to prepare than narratives or checklists
The auditor's understanding of the client's system of internal control should be ________. A. discussed among audit team members only B. submitted to the client's internal audit function for agreement/approval C. well documented so it can be referred back to at any time D. in documentary form only and submitted to the client's attorneys for risk assessment
C. well documented so it can be referred back to at any time
The external auditor's primary concern should be ________. A. adequately controlling the entities operations and its financial reporting B. adequately supervising the internal audit function C. with the reporting objective and the operations objectives related to safeguarding of assets D. ensuring management is immediately made aware of any errors regardless of size
C. with the reporting objective and the operations objectives related to safeguarding of assets
Those charged with governance of an organization ________. A. should always be sure to look out for their own interests as well as those of the company B. cannot be legally held responsible for the actions of the company C. should rely on the auditors for guidance D. have an obligation to be concerned with the entity's financial reporting to shareholders and the investing public
D. have an obligation to be concerned with the entity's financial reporting to shareholders and the investing public
PCAOB Audit Standard No. 2201 requires that ________. A. an auditor issues a qualified opinion on all accounts that were not tested in their entirety B. the audit partner should solely make the determination as to whether any material weaknesses have been identified as part of the audit C. all companies with a market capitalization of $75,000,000 or more file documentation with the Securities and Exchange Commission (SEC) detailing all deficiencies identified as part of the audit D. in an audit of ICFR, material weaknesses are reported to the public in the auditor report on ICFR
D. in an audit of ICFR material weaknesses are reported to the public in the auditor report on ICFR
One of the key functions of a management letter is to ________. A. provide management with some idea as to the audit opinion they will likely receive B. advise management of the auditor's requirements with respect to filing reports with the Securities and Exchange Commission (SEC) C. attempt to resolve differences of opinion on accounting estimated used by management in which the auditor disagrees D. inform those charged with governance of the auditor's recommendations for improving its internal controls
D. inform those charged with governance of the auditor's recommendations for improving its internal controls
What group or groups of application controls are widely recognized? A. Input, timing, and service controls B. Timing, service, and processing controls C. Processing, output, and service controls D. Input, processing, and output controls
D. input, processing, and output controls