Audit Ch 5 Multiple Choice

Which of the following factors are included in an entity's control environment? Audit Committee/ Internal Audit Function/ Management Tone at the Top A. Yes/Yes/No B. Yes/No/Yes C. No/Yes/Yes D. Yes/Yes/Yes Option D Option C Option A Option B

Option D

Effectiveness of audit procedures would be reduced by Performing audit procedures at the fiscal year-end date as opposed to the interim period. Selecting larger sample sizes for audit. Deciding to obtain external evidence instead of internal evidence. Performing procedures during the interim period as opposed to at the fiscal year-end date.

Performing procedures during the interim period as opposed to at the fiscal year-end date.

Which of the following are considered components of an internal control structure according to the COSO framework? Use of prenumbered documents Performance indicators Segregation of duties Risk assessment

Risk assessment

Which of the following is a preventive control? Reconciliation of a bank account. Separation of duties between the payroll and personnel departments. Detailed fluctuation analysis completed by the CFO for revenue. Recalculation of a sample of payroll entries by internal auditors.

Separation of duties between the payroll and personnel departments.

Which of the following best describes why an auditor is always required to document the auditor's understanding of internal controls? To lower control risk To avoid performing substantive procedures To document the basis for risk assessment To support the auditor's opinion

To document the basis for risk assessment

When completing the audit of internal controls for an issuer, AS 2201 requires auditors to test A Operating effectiveness only. B Design effectiveness only. C Both operating and design effectiveness. D Neither operating nor design effectiveness

c. Correct AS 2201 requires testing for design effectiveness and operating effectiveness.

Which of the following is a preventive control? A Reconciliation of a bank account. B Recalculation of a sample of payroll entries by internal auditors. C Separation of duties between the payroll and personnel departments. D Detailed fluctuation analysis completed by the CFO for revenue

c. This is a preventive control. The others are detective controls.

Matters that could affect the necessary extent of testing for a control activity as it related to the degree of auditor reliance on a control activity would not include the following: A The frequency of the performance of the control by the company during the period being audited. B The length of time that the auditor is planning to rely on the operating efficiency of the control activity. C The expected rate of deviation for a control activity. D The relevance and reliability of the audit evidence to be obtained to test the operating effectiveness of a control activity.

d. Correct The relevance and reliability of the evidence to be obtained would not have an impact on the extent of testing to be completed. The extent of testing required should be determined and then the necessary evidence should be gathered.

If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must A Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance. B Assess control risk at less than the maximum for all relevant assertions. C Perform only substantive procedures. D Provide additional examples of responses to assessed fraud risks relating to fraudulent financial reporting.

.a. Correct When an auditor plans to reduce control risk below the maximum and rely on controls to reduce substantive testing, they must make sure that the controls have been designed and are operating effectively in order to feel comfortable relying on such controls. The auditor cannot take the client's word that the controls are operating effectively. Rather, they must test the controls.

Which internal control documentation method provides the auditor with the best visual understanding of a system and can be used as a means for analyzing complex operations? A flowcharting approach. A questionnaire approach. A detailed narrative approach. A matrix approach.

A flowcharting approach.

What objectives of internal controls are of primary interest to an auditor performing a financial statement audit? Prevention or detection and timely correction of errors and fraud Effective and efficient operations Compliance with applicable laws and regulations Accurate and reliable financial reporting

Accurate and reliable financial reporting

Identify the correct statement regarding integrated audits that are required after Sarbanes-Oxley. Evaluating internal controls is often a vital part of an integrated audit. The term 'integrated audit' refers to the cooperation between internal and external auditors in preparing audited financial statements. The AICPA began requiring integrated audits in response to accounting scandals such as Enron. An integrated audit involves providing an opinion on the financial statements and the internal control effectiveness of a company.

An integrated audit involves providing an opinion on the financial statements and the internal control effectiveness of a company.

In most audits of large entities, control risk assessment contributes to audit efficiency, which means that The cost of control evaluation work will exceed the cost of substantive procedures. Auditors will be able to reduce the cost of substantive procedures by an amount less than the cost of tests of controls. The cost of substantive procedures will exceed the cost of control evaluation work. Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs.

Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs.

When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on: A Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure. B Whether the account has a history of errors. The magnitude of the potential misstatement resulting from the deficiency or the deficiencies. C Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure. D All of the choices are correct.

C Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure.

Which of the following would be a potential internal control deficiency because of a lack of segregation of duties? A The person who reconciles the bank accounts is also responsible for reconciling the accounts receivable subsidiary ledger to the control account in the general ledger. B The person responsible for maintaining the accounts receivable subsidiary ledger is also responsible for maintaining the accounts payable subsidiary ledger. C The person who is responsible for ordering equipment is also responsible for inspecting the equipment when it is received before it is released to the shop floor. D The person who is responsible for receiving inventory ordered is also responsible for custody of the inventory and releasing it to the factory as authorized requisitions are received.

C The person who is responsible for ordering equipment is also responsible for inspecting the equipment when it is received before it is released to the shop floor.

According to the COSO Integrated Framework, reviews of business performance are an example of which of the five components of internal control? Control environment Monitoring Control activities Risk assessment

Control activities

Internal controls are designed to provide reasonable assurance that A Management's planning, organizing, and directing processes are properly evaluated. B The internal auditing department's guidance and oversight of management's performance is accomplished effectively and efficiently. C Management's plans have not been circumvented by worker collusion. D Material errors or fraud would be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties.

D Material errors or fraud would be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties.

Which report would not be appropriate for a public accounting firm to provide on financial reporting controls? Disclaimer of opinion—significant deficiencies exist. Unqualified—no material weaknesses found. Disclaimer of opinion—unable to perform all necessary procedures. Adverse—material weaknesses exist.

Disclaimer of opinion—significant deficiencies exist.

Which report would not be appropriate for a public accounting firm to provide on financial reporting controls? Disclaimer of opinion—unable to perform all necessary procedures. Unqualified—no material weaknesses found. Disclaimer of opinion—significant deficiencies exist. Adverse—material weaknesses exist.

Disclaimer of opinion—significant deficiencies exist.

An entity's internal control consists of the policies and procedures established to provide reasonable assurance that specific entity objectives will be achieved. Only some of these objectives, policies, and procedures are relevant to a financial statement audit. Which one of the following would most likely be considered for testing in a financial statement audit? Maintenance of control over unused checks. Maintenance of statistical production analyses. Timely reporting and review of quality control results. Marketing analysis of sales generated by advertising projects.

Maintenance of control over unused checks.

The primary responsibility for establishing and maintaining internal controls rests with The Public Company Accounting Oversight Board. Management. The external auditors. The internal auditors.

Management

Which organization developed the framework most commonly used by the auditing profession for benchmarking internal controls of non-issuers? The Public Company Accounting Oversight Board The AICPA The Financial Reporting Council The Committee of Sponsoring Organizations (COSO) of the Treadway Commission

The Committee of Sponsoring Organizations (COSO) of the Treadway Commission

When planning the audit of internal controls for an issuer, the audit team should A Identify significant accounts, locations, and relevant assertions. B Conduct a walkthrough of the internal control process. C Make inquiries of employees regarding the existence of control activities. D Reperform control activities performed by client employees to determine their effectiveness.

a. Correct The audit team identifies significant accounts, locations, and assertions in the planning stage of an audit of internal controls. b. Incorrect The audit team conducts a walkthrough of the internal control process when gaining an understanding of the company's internal control. c. Incorrect The audit team makes inquiries of employees regarding the existence of control activities when gaining an understanding of the company's internal control. d. Incorrect The audit team reperforms control activities performed by client employees to determine their effectiveness when testing the effectiveness of the company's internal control.

The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the A Authorization of transactions from the custody of related assets. B Operational responsibility from the record-keeping responsibility. C Human resources function from the controllership function. D Administrative controls from the internal accounting controls. (AICPA adapted)

a. Correct This is an example of effective separation of duties. Separation of duties is designed to help the organization achieve effective internal control. To accomplish separation of duties, the payroll function should be divided into its authorization, recording, and custody functions. Authorization of hiring, wage rates, and deductions is typically completed by the human resources department. Authorization of hours worked is typically completed by the production department (or the department where the work was completed). Based on these authorizations, the accounting department would then calculate and record the payroll in the accounting system. Based on the calculated amounts, the treasurer would then prepare and distribute payroll checks.

Once the auditor detects a control deficiency, which of the following steps must he or she take first? A Perform tests of other controls related to the same assertion as the control deemed ineffective. B Evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion. C Modify the planned substantive procedures as a result of the deficiency. D Test the deficient control, assuming a maximum level of risk.

a. Incorrect An auditor may perform tests of other controls related to that same assertion. However, the first step would be to evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion (response b). b. Correct The first step an auditor is likely to take after detecting a control deficiency is to determine the impact of the severity of the deficiency on the auditor's control risk assessment for that assertion. The additional steps to be taken will depend in large part on this determination. c. Incorrect An auditor may modify the planned substantive procedures as a result of the deficiency. However, before doing so, the auditor would have to evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion (response b). d. Incorrect Once the control is deemed deficient by the auditor, there is no need to conduct additional testing on that control. The auditor knows that the control is not operating effectively already.

When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on A Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure. B Whether a misstatement has actually occurred as a result of the deficiency. C The magnitude of the potential misstatement resulting from the deficiency or the deficiencies. D Both a and c are correct. E All of the above are correct.

a. Incorrect Both (a) and (c) are factors in determining the severity of a deficiency. b. Incorrect Severity does not depend upon whether a misstatement has actually occurred. c. Incorrect Both (a) and (c) are factors in determining the severity of a deficiency. d. Correct Both (a) and (c) are factors. e. Incorrect Whether a misstatement has occurred does not matter. Thus, (b) is not a factor.

The most important foundational component of an entity's internal control system is: . A Effectiveness and efficiency of operations. B The control environment. C Reliability of financial reporting. D Compliance with applicable laws and regulations.

a. Incorrect Effectiveness and efficiency is an objectives category, not a foundational component. b. Correct The control environment is is the most important foundational component of the internal control system. All other components are dependent, in part, on the effectiveness of the control environment. c. Incorrect Reliability of financial reporting is an objectives category, not a foundational component. d. Incorrect Compliance with laws and regulations is an objectives category, not a foundational component.

Which of the following does not accurately summarize auditors' requirements regarding internal control? A table shows auditor's requirements with respect to issuer, and non-issuer. Issuer/Non-issuer a. Understanding Yes/Yes b. Documenting Yes/Yes c. Evaluating control risk Yes/Yes d. Test controls Yes/Yes

a. Incorrect Gaining an understanding is required for audits of both types of entities. b. Incorrect Documenting the understanding is required for audits of both types of entities. c. Incorrect Evaluating control risk is required for audits of both types of entities. d. Correct Testing controls is required only for audits of issuers under AS 2201.

Effectiveness of audit procedures would be reduced by A Selecting larger sample sizes for audit. B Performing audit procedures at the fiscal year-end date as opposed to the interim period. C Deciding to obtain external evidence instead of internal evidence. D Performing procedures during the interim period as opposed to at the fiscal year-end date.

a. Incorrect Larger sample sizes expand audit procedures. b. Incorrect Performing procedures at year‑end instead of at interim generally represents stricter application. c. Incorrect External evidence represents stricter application. d. Correct Performing procedures at an interim date is less effective.

The primary purpose for obtaining an understanding of internal control during the audit of a non-issuer is to A Provide a basis for making constructive suggestions in a management letter. B Determine the nature, timing, and extent of further audit tests to be performed. C Provide the rationale for the inherent risk assessment at the financial statement assertion level. D Provide information for a communication of internal control-related matters to management.

a. Incorrect Management letter suggestions are a secondary purpose. b. Correct These are the auditors' responsibilities under GAAS. c. Incorrect This does not relate only to internal control. d. Incorrect Communication of control related matters is a secondary purpose.

Tests of controls in a GAAS audit are required for A Obtaining evidence about the financial statement assertions. B Accomplishing control over the occurrence of recorded transactions. C Applying analytical procedures to financial statement balances. D Obtaining evidence about the operating effectiveness of client control activities.

a. Incorrect Substantive procedures produce evidence about financial statement assertions. b. Incorrect Company control activities accomplish a company's management objectives. c. Incorrect Analytical review is not accomplished with test of control activities. d. Correct Tests of controls produce the evidence about actual operation of company control activities.

In most audits of large entities, control risk assessment contributes to audit efficiency, which means that A The cost of substantive procedures will exceed the cost of control evaluation work. B Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs. C The cost of control evaluation work will exceed the cost of substantive procedures. D Auditors will be able to reduce the cost of substantive procedures by an amount less than the cost of tests of controls

a. Incorrect The absolute amount of cost is irrelevant. Year‑end substantive work usually costs more than control evaluation work. b. Correct The cost savings of substantive testing exceeds the control evaluation cost. c. Incorrect Whether the cost of control work exceeds (or does not exceed) the cost of year‑end work is irrelevant. Efficiency relates to the cost that can be saved as a result of control evaluation work. d. Incorrect Efficiency is not achieved by reducing cost of substantive procedures to less than control work cost.

According to the PCAOB, during the audit of internal controls for an issuer, the ultimate objective of testing the design effectiveness of internal controls is to A Determine whether the company's controls are processing company data effectively. B Determine that the company's controls will satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed. C Determine that the company's employees are processing the controls according to the policy and procedures manuals at the company. D None of the above.

a. Incorrect The issue of whether the company's controls are processing data relates to the testing of operating effectiveness, not design effectiveness. b. Correct The testing of design effectiveness relates primarily to whether the control has been properly put in place to prevent or detect errors or fraud. In AS5, this is exactly the objective of testing the design effectiveness of a control as per paragraph 42 of the standard. c. Incorrect The issue of whether the company's employees are processing the controls in accordance with procedures relates to the testing of operating effectiveness, not design effectiveness. d. Incorrect Letter b is the correct answer.

A material weakness is a situation in which A It is probable that an immaterial financial statement misstatement would not be detected in a timely basis. B There is a remote likelihood that a material misstatement would be detected on a timely basis. C It is reasonably possible that a material misstatement would not be detected on a timely basis. D It is reasonably possible that an immaterial misstatement would not be detected on a timely basis.

a. Incorrect The misstatement must be material. b. Incorrect The possibility cannot be remote. c. Correct By definition, a material weakness in internal control is defined as a deficiency, or combination of deficiencies that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis. d.IncorrectThe misstatement must be material

Which of the following is a device designed to help the audit team obtain evidence about the accounting and control activities of an audit client? A A narrative memorandum describing the control system. B An internal control questionnaire. C A flowchart of the documents and procedures used by the company. D All of the above.

a. Incorrect The narrative is the documentation result of obtaining evidence. b. Correct The internal control questionnaire is a device for collecting evidence in the form of answers to control questions. c. Incorrect A flowchart is the documentation result of obtaining evidence. d. Incorrect Only the internal control questionnaire aids in obtaining the evidence.

If the auditors encounter a significant scope limitation in evaluating an issuer's internal control over financial reporting, which of the following types of opinions on the effectiveness of the company's internal control over financial reporting would be appropriate? A Unqualified opinion or adverse opinion. B Qualified opinion or adverse opinion. C Unqualified opinion or disclaimer of opinion. D Disclaimer of opinion.

a. Incorrect The reporting option when a scope limitation exists is a disclaimer of opinion. b. Incorrect A qualified opinion is not a valid reporting option for a scope limitation, and an adverse opinion would be issued only when one or more material weakness(es) is identified. c. Incorrect While a disclaimer of opinion is one possible reporting option, it is not appropriate to issue an unqualified opinion if a significant scope limitation exists. d. Correct The reporting option when a scope limitation exists is a disclaimer of opinion.

A transaction-level internal control activity is best described as A An action taken by auditors to obtain evidence. B An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company. C A method for recording, summarizing, and reporting financial information. D The functioning of the board of directors in support of its audit committee.

a. Incorrect This describes an audit procedure. b. Correct This is one way to describe the purpose of a transaction-level control activity. c. Incorrect This is a definition of an accounting process or system. d. Incorrect This is a description of one of the elements of the control environment.

To test the operating effectiveness of a control, an audit team might use a combination of each of the following tests except for A Inquiry of client personnel. B Observation of company operations. C Confirmation of balances. D Inspection of documentation.

a. Incorrect When testing the operating effectiveness of a control, the auditor should use a combination of inquiry, observation, inspection, and reperformance. b. Incorrect When testing the operating effectiveness of a control, the auditor should use a combination of inquiry, observation, inspection, and reperformance. c. Correct This is a substantive test, not a test of a control's operating effectiveness. d. Incorrect When testing the operating effectiveness of a control, the auditor should use a combination of inquiry, observation, inspection, and reperformance.

A material weakness is a situation in which a It is reasonably possible that an immaterial misstatement would not be detected on a timely basis. b It is reasonably possible that a material misstatement would not be detected on a timely basis. c There is a remote likelihood that a material misstatement would be detected on a timely basis. d It is probable that an immaterial financial statement misstatement would not be detected on timely basis.

b It is reasonably possible that a material misstatement would not be detected on a timely basis.

Which report would not be appropriate for a public accounting firm to provide on financial reporting controls? A Unqualified—no material weaknesses found. B Disclaimer of opinion—unable to perform all necessary procedures. C Disclaimer of opinion—significant deficiencies exist. D Adverse—material weaknesses exist.

c. Correct A disclaimer is used when the auditor's scope is limited but not when significant deficiencies exist, so it is not an appropriate report.

When completing the audit of internal controls for an issuer, the PCAOB requires the audit team to audit internal controls over A Operations. B Compliance with regulations. C Financial reporting. D All of the above.

c. Correct AS 2201 applies to financial reporting controls only.

When completing the audit of internal controls for an issuer, AS 2201 requires auditors to report on Mgmt's Report on Internal Control/An Audit of Internal Control a. No/No b. Yes/No c. No/Yes d. Yes/Yes

c. Correct AS 2201 requires auditors to issue a report on the audit of internal controls.

The auditor should assess control risk for each relevant assertion by evaluating the evidence obtained from all sources, including A The auditor's testing of controls for the audit of internal control on a public company. B Misstatements detected during the financial statement audit. C Any control deficiencies identified during the audit. D All of the above

d. Correct Evidence obtained during the test of controls would be relevant to the assessment of control risk (response a); misstatements detected during the audit (response b); and control deficiencies detected during the audit (response c) would all be relevant. As a result, the correct answer is all of the above.

Which of the following would probably not be considered an indication of a material weakness? A Evidence of a material misstatement. B Ineffective oversight by the audit committee. C Immaterial fraud committed by senior management. D Overproduction by the manufacturing plant.

d. Correct This does not directly relate to a material misstatement of the financial statements but is an operational issue. Other choices indicate possible material weakness.

When testing a control activity's operating effectiveness, procedures the auditor performs to test operating effectiveness would likely include A Inquiry of appropriate personnel. B Reading over the company's code of conduct. C Reperformance of the control activity. D Both a and c are correct.

d. Correct When testing the operating effectiveness of a control, the auditor should use a combination of inquiry, observation, inspection, and reperformance. Thus, response (a) and response (c) are appropriate responses. Thus, this is the correct answer.

The primary purpose for obtaining an understanding of internal control during the audit of a nonissuer is to: A provide the rationale for the inherent risk assessment at the financial statement assertion level. B determine the nature, timing, and extent of further audit tests to be performed. C provide information for a communication of internal control-related matters to management. D provide a basis for making constructive suggestions in a management letter.

determine the nature, timing, and extent of further audit tests to be performed.