Audit ch. 5
Auditors are not responsible for accounting estimates with respect to a. Making the estimates. b. Determining the reasonableness of estimates. c. Determining that estimates are presented in conformity with GAAP. d. Determining that estimates are adequately disclosed in the financial statements.
A. Correct Management is responsible for making the estimates in the first place, just as management is primarily responsible for all the financial statement elements.
Which of the following statements are correct regarding internal control communications to public entities?
All deficiencies must be communicated in writing to management, the auditors' report must be in writing
_________with applicable laws and regulations
Compliance
IC components (COSO) CRIME
Control environment, risk assessment, information and communication, monitoring activities, existing control activities
Under separation of duties, Segregation is CRAP
Custody of assets involved in transactions Recording Transactions Authorization to execute transactions Periodic reconciliation of existing assets to recorded amounts.
A________is a problem relating to either a necessary control that is missing or an existing control that is so poorly designed that it fails to satisfy the controls objective
Design deficiency
If the auditors encounter a significant scope limitation in evaluating an issuer's internal control over financial reporting, a _________ on the effectiveness of the company's internal control over financial reporting would be appropriate.
Disclaimer opinion
___________and efficiency of operations
Effectiveness
Policies and procedures established to ensure that management objectives are carried out are called_______
Existing control activities
_________ focuses on authorization, segregation of duties (CRAP), safeguarding of assets, and asset accountability. prevent and/ or detect
Existing control activities
__________ includes 8 procedures, or "paid tips"
Existing control activities
True or false: An understanding of the design of controls or how they are intended to function provides the audit team complete evidence as to the operating effectiveness of controls.
False
True or false: Document examination alone is never considered an adequate test of controls.
False
True or false: Professional standards do not require the audit team to evaluate the sufficiency of management's control activities.
False
Which of the following statements are correct?
For a sample to be representative, all items in the population have an opportunity to be selected. Tests of controls should be applied to samples executed throughout the period under audit.
Which of the following statements are correct?
If a control activity has high risk, more persuasive evidence is needed, it may be more efficient for the auditor to choose not to rely on controls
Which of the following statements are correct?
If a control activity has high risk, more persuasive evidence is needed. It may be more efficient for the auditor to choose not to rely on controls.
________ are methods used to classify and report transactions, and to communicate roles and responsibilities.
Information and communication systems
the focus of ______ includes initiating, authorizing, recording, processing, and reporting entity transactions, conditions and events. Also communicating roles and responsibilities
Information and communication systems
________is a process effected by an entities board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in three areas
Internal control
________is a condition when design or operation of a control does not allow detection or prevent of misstatements
Internal control deficency
_______is a deficiency that results in reasonable possibility that material misstatement would not be prevented or detected on a timely basis
Material weakness
An ________ occurs when a properly designed control is either ignored or inappropriately applied
Operating deficiency
____________of financial control
Reliability
COSO internal control categories include ____and____ of operations
Reliability Compliance
____________ is designed to help the organization achieve effective internal control
Separation of duties
A______ is a deficiency in internal control that is less sever than material weakness but important enough to merit attention of those charged with governance (audit committee)
Significant deficiencies
Which of the following statements are correct?
Spreadsheet "errors" can pose risks to an entity's internal control system. Using and accounting for prenumbered documents helps support the completeness assertion.
__________ in a GAAS audit are required for obtaining evidence about the operating effectiveness of client control activities.
Tests of controls
True or false: Control activities designed to promote a culture of honest and ethical behavior should be evaluated in response to fraud risks identified during the planning stage.
True
True or false: In some sense, all controls can be thought of as preventative controls.
True
Which of the following statements are correct?
Using and accounting for prenumbered documents helps support the completeness assertion, spreadsheet "errors" can pose risks to an entity's internal control system
It is acceptable under generally accepted auditing standards for an audit team to a. Assess risk of material misstatement at high and achieve an acceptably low audit risk by performing extensive substantive tests. b. Assess control risk at zero and perform a minimum of detection work. c. Assess inherent risk at zero and perform a minimum of detection work. d. Decide that audit risk can be 40 percent.
a. Correct. The objective is to perform a quality audit and keep audit risk low.
The risk of material misstatement is composed of which audit risk components? a. Inherent risk and control risk. b. Control risk and detection risk. c. Inherent risk and detection risk. d. Inherent risk, control risk, and detection risk.
a. Correct. The risk of material misstatement is composed of inherent risk and control risk.
An external auditor recommends an internal control to a client that will improve the system. After doing a cost-benefit analysis, the client rejects the suggestion. The auditor should
accept the client's decision under the concept of reasonableness assurance
According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______.
always required
Performing procedures at ______ is less effective than performing them at ________.
an interim date; year end
A well-functioning internal control environment requires ______.
appropriate assignment of authority and responsibility top management with sound integrity and ethical values clear and unambiguous reporting lines
Duties of the audit committee include ______.
approving nonaudit services provided by the external auditor appointing the public accounting firm conducting the entity's audit compensating the public accounting firm conducting the entity's audit
Flowcharts ______.
are easy to evaluate after they are completed can be helpful in identifying missing controls are time-consuming to construct
Internal control questionnaires ______.
are somewhat unique for each organization can be useful in detecting internal control weaknesses help the auditing team obtain evidence about the control environment
The final assessment of control risk should ______.
assist in determining the list of substantive procedures required be coordinated with the final audit plan
The final assessment of control risk should:
assist in determining the list of substantive procedures required, be coordinated with the final audit plan
Duties that should be separated are the _____to execute _____transactions,____ transactions, _____of assets involved in the transactions and periodic ____ of existing assets to recorded amounts.
authority recording custody reconciling
An audit strategy memorandum contains a. Specifications of auditing standards relevant to the financial statements being audited. b. Specifications of procedures the auditors believe appropriate for the financial statements under audit. c. Documentation of the assertions under audit,the evidence obtained,and the conclusions reached. d. Reconciliation of the account balances in the financial statements with the account bal- ances in the client's general ledger.
b. Correct. An audit strategy contains specifications of procedures the auditors believe appropriate for the financial statements under audit.
Which of the following matters relating to an entity's operations would an auditor most likely consider as an inherent risk factor in planning an audit? a. The entity's fiscal year ends on June 30. b. The entity enters into significant derivative transactions as hedges. c. The entity's financial statements are generated at an outside service center. d. The entity's financial data is available only in computer-readable form.
b. Correct. By their very nature, derivative transactions are designed to be used as hedges for exposure on existing contracts are quite complex. The accounting rules that provide the basis for GAAP in this area are also complex. As a result of this complexity, the inherent risk of material misstatement is higher.
The auditors assessed risk of material misstatement at 0.50 and said they wanted to achieve a 0.05 risk of failing to express a correct opinion on financial statements that were materially misstated. What detection risk do the auditors plan to use for planning the remainder of the audit work? a. 0.20. b. 0.10. c. 0.75. d. 0.00.
b. Correct. DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.
Which of the following circumstances would most likely cause an audit team to perform extended procedures? a. Supporting documents are produced when requested. b. The client made several large adjustments at or near year-end. c. The company has recently hired a new chief financial officer after the previous one retired. d. The company maintains several different petty cash funds.
b. Correct. If the client made several large adjustments at year-end (a red flag), extended procedures would be considered necessary to ensure that fraud was not taking place.
One of the typical characteristics of management fraud is a. Falsification of documents in order to misappropriate funds from an employer. b. Victimization of investors through the use of materially misleading financial statements. c. Illegal acts committed by management to evade laws and regulations. d. Conversion of stolen inventory to cash deposited in a falsified bank account.
b. Correct. Management fraud is victimization of investors through the use of materially misleading financial statements.
Under the Private Securities Litigation Reform Act (the Act), independent auditors are required to first a. Report in writing all instances of noncompliance with the Act to the client's board of directors. b. Report to the SEC all instances of noncompliance with the Act they believe have a material effect on financial statements if the board of directors does not first report to the SEC. c. Report clearly inconsequential noncompliance with the Act to the audit committee of the client's board of directors. d. Resign from the audit engagement and report the instances of noncompliance with the Act to the SEC.
b. Correct. Once informed, the board of directors has the first responsibility to report to the SEC. If the board does not report these items to the SEC, the law then requires the auditors to do so.
When evaluating whether accounting estimates made by management are reasonable, audi- tors would be most interested in which of the following? a. Key factors that are consistent with prior periods. b. Assumptions that are similar to industry guidelines. c. Measurements that are objective and not susceptible to bias. d. Evidence of a conservative systematic bias.
b. Correct. Once informed, the board of directors has the first responsibility to report to the SEC. If the board does not report these items to the SEC, the law then requires the auditors to do so.
When auditors become aware of noncompliance with a law or regulation committed by cli- ent personnel, the primary reason that the auditors should obtain a better understanding of the nature of the act is to a. Recommend remedial actions to the audit committee. b. Evaluate the effect of the noncompliance on the financial statements. c. Determine whether to contact law enforcement officials. d. Determine whether other similar acts could have occurred.
b. Correct. The audit team's first concern is the effect of the noncompliance on the financial statements.
When a company that sells its products with a positive gross profit increases its sales by 15 percent and its cost of goods sold by 7 percent, the cost of goods sold ratio will a. Increase. b. Decrease. c. Remain unchanged. d. Not be able to be determined with the information provided.
b. Correct. The numerator (cost of goods sold) increases relatively less than the denominator (sales) increases.
Auditors perform analytical procedures in the planning stage of an audit for the purpose of a. Deciding the matters to cover in an engagement letter. b. Identifying unusual conditions that deserve more auditing effort. c. Determining which of the financial statement assertions are the most important for the client's financial statements. d. Determining the nature,timing,and extent of further audit procedures for auditing the inventory.
b. Correct. This is the "attention directing" purpose.
All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as __, that can prevent the organization from achieving it objectives.
business risks
All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as_____ , that can prevent the organization from achieving it objectives.
business risks
Failure to meet company objectives is a result of a. Information risk. b. Audit risk. c. Business risk. d. Inherent risk.
c. Correct This is the definition of business risk.
If tests of controls induce the audit team to change the assessed level of control risk for fixed assets from 0.4 to 1.0 and audit risk (0.05) and inherent risk remain constant, the acceptable level of detection risk is most likely to a. Change from 0.1 to 0.04. b. Change from 0.2 to 0.3. c. Change from 0.25 to 0.1. d. Be unchanged.
c. Correct This solution is both mathematically and practically correct.
An audit committee is a. Composed of internal auditors. b. Composed of members of the audit team. c. Composed of members of a company's board of directors who are not involved in the day-to-day operations of the company. d. A committee composed of persons not associating in anyway with the client or the board of directors.
c. Correct. An audit committee is composed of members of a company's board of directors who are not involved in the day-to-day operations of the company.
Analytical procedures are generally used to produce evidence from a. Confirmations mailed directly to the auditors by client customers. b. Physical observation of inventories. c. Relationships among current financial balances and prior balances, forecasts, and nonfi- nancial data. d. Detailed examination of external, external-internal, and internal documents.
c. Correct. Analytical procedures incorporate information from a variety of sources.
Which of the following statements best describes auditors' responsibility for detecting a client's noncompliance with a law or regulation? a. The responsibility for detecting noncompliance exactly parallels the responsibility for errors and fraud. b. Auditors must design tests to detect all material noncompliance that indirectly affects the financial statements. c. Auditors must design tests to obtain reasonable assurance that all noncompliance with direct material financial statement effects is detected. d. Auditors must design tests to detect all noncompliance that directly affects the financial statements.
c. Correct. Auditors must design tests to obtain reasonable assurance that all noncompliance with direct material financial statement effects is detected.
Which of the following risk types increase when an auditor performs substantive analytical audit procedures for financial statement accounts at an interim date? a. Inherent. b. Control. c. Detection. d. Sampling.
c. Correct. The decision to perform substantive analytical procedures (as compared to a test of details) at interim (as compared to the balance sheet date) would increase detection risk.
What is the primary objective of the fraud brainstorming session? a. Determine audit risk and materiality. b. Identify whether analytical procedures should be applied to the revenue accounts. c. Assess the potential for material misstatement due to fraud. d. Determine whether the planned procedures in the audit plan will satisfy the general audit objectives.
c. Correct. The fraud brainstorming session is primarily focused on fraud risk assessment, which is the potential for material misstatement due to fraud in the financial statements. This is the primary objective of the session, according to professional standards (i.e., SAS No. 99).
Which of the following is a specific audit procedure that would be completed in response to a particular fraud risk in an account balance or class of transactions? a. Exercising more professional skepticism. b. Carefully avoiding conducting interviews with people in areas that are most susceptible to fraud. c. Performing procedures such as inventory observation and cash counts on a surprise or unannounced basis. d. Studying management's selection and application of accounting principles more carefully.
c. Correct. This is a specific procedural response mentioned in audit standards.
Generally a reassessment of control risk ______.
can only go upwards
A strong system of controls __ guarantee that errors will not occur.
cannot
Separation of duties cannot prevent __ which is two or more people working together to circumvent the internal control system.
collusion
The audit team:
communicates internal control issues to help management carry out internal control monitoring responsibilities, must communicate significant deficiencies and material weakness identified during the audit
Specific actions a client's management and employees take to help ensure management's directives are carried out are called _____
control activities
Once the auditor detects a __________, she must first evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion.
control deficiency
In the component________ the focus is on several things including organizational structure, assignment of responsibility, and human resource policies
control environment
Integrity, ethical values and competence of the entity's people are all________ factors
control environment
The foundation for all other components of internal control is the __.
control environment
The foundation for all other components of internal control is the____
control environment
_____________ sets the tone of the organization. Focuses on Integrity, Competence, participation of those charged with governance, management philosophy
control environment
The auditor should assess ___________for each relevant assertion by evaluating the evidence obtained from all sources, including the auditor's testing of controls for the audit of internal control on an issuer.
control risk
The risk that the auditors' own testing procedures will lead to the decision that material mis- statements do not exist in the financial statements when in fact such misstatements do exist is a. Audit risk. b. Inherent risk. c. Control risk. d. Detection risk.
d. Correct This is the definition of detection risk.
Auditing standards do not require auditors of financial statements to a. Understand the nature of errors and frauds. b. Assess the risk of occurrence of errors and frauds. c. Design audits to provide reasonable assurance of detecting errors and frauds. d. Report all errors and frauds found to police authorities.
d. Correct. Auditors are not required to report all finding of errors and frauds to police authorities.
If sales were overstated by recording a false credit sale at the end of the year, where could you find the false "dangling debit"? a. Inventory. b. Cost of goods sold. c. Bad debt expense. d. Accounts receivable
d. Correct. In (fictitious) credit sales and (fictitious) receivables.
Analytical procedures can be used in which of the following ways? a. As a means of overall review near the end of the audit. b. As "attention-directing" methods when planning an audit at the beginning. c. As substantive audit procedures to obtain evidence during an audit. d. All of the above.
d. Correct. The answer is all of the above. Analytical procedures can be used when planning the audit, when performing substantive procedures
A primary objective of analytical procedures used in the final review stage of an audit is to a. Identify account balances that represent specific risks relevant to the audit. b. Gather evidence from tests of details to corroborate financial statement assertions. c. Detect fraud that may cause the financial statements to be misstated. d. Assist the auditor in evaluating the overall financial statement presentation.
d. Correct. This is the correct answer. At the final review stage, analytical review procedures are designed to provide an overall test of reasonableness about the financial statements being reviewed, in light of all available evidence.
The likelihood that material misstatements may have entered the accounting system and not been detected and corrected by the client's internal control is referred to as a. Inherent risk. b. Control risk. c. Detection risk. d. Risk of material misstatement.
d. Correct. This is the definition of the risk of material misstatement.
Analytical procedures used when planning an audit should concentrate on a. Weaknesses in the company's internal control activities. b. Predictability of account balances based on individual significant transactions. c. Management assertions in financial statements. d. Accounts and relationships that can represent specific potential problems and risks in the financial statements.
d. Correct. With preliminary analytical procedures, the auditors are looking for signs of accounts and relationships that may represent specific potential problems and risks in the financial statements.
An employee knowingly doing something to bypass the internal control system is an act of
deliberate circumvention
Whether the controls over financial reporting, if operating as they should, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements is determined by __.
design effectiveness
Whether the controls over financial reporting, if operating as they should, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements is determined by ______
design effectiveness
AS 2201 requires testing for ________
design effectiveness and operating effectiveness.
The primary purpose for obtaining an understanding of internal control during the audit of a nonissuer is to:
determine the nature, timing, and extent of further audit tests to be performed.
______________ produce direct and material effects on the financial statements. law is identified with a specific account or disclosure
direct-effect non compliance
The reporting option when a scope limitation exists is a _______
disclaimer of opinion.
When a single audit test produces both control testing and substantive testing evidence, it is called a(n) _____ test
dual purpose
When a single audit test produces both control testing and substantive testing evidence, it is called a(n) __-__ test.
dual-purpose
An audit procedure that selects recorded payroll entries to vouch payroll to time cards and calculate the correct dollar amount of payroll is an example of a
dual-purpose test
An audit procedure that selects recorded payroll entries to vouch payroll to time cards and calculate the correct dollar amount of payroll is an example of a ______.
dual-purpose test
COSO internal control categories include __ and __ of operations.
effectiveness, efficiency
COSO developed a(n) __ framework to facilitate the assessment and mitigation of business risks a company faces.
enterprise risk management
COSO developed a(n) ______ framework to facilitate the assessment and mitigation of business risks a company faces.
enterprise risk management
The idea behind ERM or __, is that management, boards, and employees have to be constantly thinking about what could go wrong with the business and how to prevent it.
enterprise risk management
When documenting their understanding of the internal control system, the auditor should consider if the client has taken full advantage of their existing technological platform by using ______ control activities whenever it is efficient and effective.
entirely automated
Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls.
entity
For all relevant assertions for each significant account and disclosure, the audit team begins by examining _____ -_____ controls that are pervasive to the internal control system and reliability of the financial statements as a whole
entity level
Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called __ controls.
entity-level
Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of __ testing.
exception
Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.
exception
Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ______testing.
exception
True or false: An understanding of the design of controls or how they are intended to function provides the audit team complete evidence as to the operating effectiveness of controls.
false
True or false: Document examination alone is never considered an adequate test of controls.
false
True or false: Periodic management reviews are critically important to demonstrate that controls are operating in an effective manner.
false
True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness.
false
When completing the audit of internal controls for an issuer, the PCAOB requires the audit team to audit internal controls over_______
financial reporting
The professional standards require the auditor to gain an understanding of the client's risk assessment process related to ______.
financial reporting risks fraud risk
The professional standards require the auditor to gain an understanding of the client's risk assessment process related to:
financial reporting risks, fraud risk
Segregation of duties:
forces different people or departments to deal with different facets of transactions, prevents fraud that do not involve collusion, prevents incompatible responsibilities
To be considered appropriate audit evidence, an audit sample must be:
from a population that covers the entire period of reliance, representative of the population being sampled
When audit teams reach the third phase of an evaluation of internal control they:
have identified controls on which they intend to rely, have set an acceptable rate of compliance for an activity to be considered effective
When audit teams reach the third phase of an evaluation of internal control they ______.
have set an acceptable rate of compliance for an activity to be considered effective have identified controls on which they intend to rely
Flowcharts:
help the audit team assess the key control points in the process, involve considerable time and effort, have become a popular documentation method for auditors
The higher the assessment of control risk, the __ the assessment of risk of material misstatement.
higher
The purpose of separating the duties of _______ and distributing payroll checks is to separate the authorization of transactions from the custody of related assets.
hiring personnel
An audit team's assessment of control risk as high:
implies controls cannot be relied upon, implies controls are ineffective
Performance reviews ______.
include the study of budget variances with follow up actions require management's active participation in the supervision of operations can help lower the risk of material misstatements
Combinations of duties that place a single person in a position to create and conceal misstatement due to errors or frauds in his or her normal job are __ responsibilities.
incompatible
Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are _______ responsibilities
incompatible
___________are not related to specific accounts or disclosures on the financial statements.. it's the auditors responsibility to follow up
indirect-effect noncompliance
An account's significance is based on its __ risk.
inherent
An account's significance is based on its ______ risk.
inherent
The risk of material misstatement is composed of_____ risk and____ risk.
inherent control
The risk of material misstatement is composed of __ risk and __ risk.
inherent, control
The least persuasive type of control test evidence is _____
inquiry
When testing controls, the audit team often uses ______ about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed
inquiry
The four methods of testing controls are ____ , ____ ,document examination and _____
inquiry observation reperformance
The four methods of testing controls are __, __, document examination and __.
inquiry, observation, reperformance
An opinion of the entity's financial statements and a second opinion on management's assessment of the effectiveness of the entity's internal control over financial reported are issued as part of a(n)______
integrated audit
External auditors complete an audit on the financial statements and one on internal control as part of a(n)
integrated audit
External auditors complete an audit on the financial statements and one on internal control as part of a(n) __.
integrated audit
The ________ is a device for collecting evidence in the form of answers to control questions.
internal control questionnaire
The efficiency of a management interview can be improved by using a(n)
internal control questionnaire
The emphasis of the Sarbanes-Oxley Act is on the ___ as an important means to prevent or detect material misstatements in the financial statements due to fraud.
internal control system
Physical access should be limited to authorized personnel. This limitation should include:
inventory payroll records securities
Physical access should be limited to authorized personnel. This limitation should include:
inventory, payroll records, securities
Flowcharts ______.
involve considerable time and effort have become a popular documentation method for auditors help the audit team assess the key control points in the process
The acceptable rate of compliance for an internal control to be considered effective ______.
is a matter of professional judgment may be based on internal firm guidelines
Section 302 of the Sarbanes-Oxley Act ______.
is designed to ensure the proper "tone at the top" makes management responsible for monitoring, supervising and maintaining control activities allows managers to make their own judgments about the necessity of specific controls
The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion ______.
is equivalent to assessing control risk at 100%
The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion:
is equivalent to assessing control risk at 100%
After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because ______.
it is less time consuming to conduct substantive tests the internal control system is too ineffective to rely on the cost of obtaining a low control risk assessment is high
After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because:
it is less time consuming to conduct substantive tests, the internal control system is too ineffective to rely on, the cost of obtaining a low control risk assessment is high
Each member of the audit committee must be financially _____ and one member must be a financial ______
literate expert
Each member of the audit committee must be financially __ and one member must be a financial __.
literate, expert
After understanding and documenting internal control, the audit team should be able to ______.
make a preliminary assessment of control risk
After understanding and documenting internal control, the audit team should be able to:
make a preliminary assessment of control risk
Section 302 of the Sarbanes-Oxley Act:
makes management responsible for monitoring, supervising and maintaining control activities, allows managers to make their own judgements about the necessity of specific controls, is designated to ensure the proper "tone at the top"
Section 302 of the Sarbanes-Oxley Act ______.
makes managers responsible for establishing a control environment requires management to assess the risks it wishes to control
Under the Sarbanes-Oxley Act who is responsible for evaluating the effectiveness of an organization's internal control system?
management and external auditors
Section 404 of the Sarbanes-Oxley Act requires an entity's annual report to include a statement that ______.
management is responsible for establishing and maintaining adequate internal control over financial reporting identifies the framework used as a benchmark for evaluating the entity's internal control effectiveness
Although not required by auditing standards, audit teams often issue a(n) __ containing commentary and suggestions on a variety of matters in addition to internal control matters.
management letter
The risk assessment element of the COSO framework is ______ responsibility.
management's
Management may not be able to conclude that the entity's internal controls over financial reporting is effective if any _______exist.
material weaknesses
A __________ is a situation in which it is reasonably possible that a material misstatement would not be detected on a timely basis.
material weakness
Management may not be able to conclude that the entity's internal controls over financial reporting is effective if any __ exist.
material weaknesses
The preliminary assessment of control risk ______.
may be made after understanding and documenting internal control includes identifying activities explicitly designed to support reliable financial statement reporting
An audit team's assessment of control risk as low ______.
may limit the use of substantive tests of details allows auditors to use smaller sample sizes implies controls are effective
The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is ______.
moderate
The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is:
moderate
_____ includes procedures established to assess the quality of internal performance over time. The focus is on internal audit function, regular management and supervisory activities, and small procedures.
monitoring
In most audits of large entities, control risk assessment contributes to audit efficiency, which means that auditors will be able to reduce the cost of substantive procedures by an amount ______
more than the control evaluation costs.
Narrative descriptions tend to be ______.
most efficient for audits of small businesses
Narrative descriptions tend to be:
most efficient for audits of small businesses
Tests of controls ______.
must be performed to obtain evidence that controls can be relied on
The audit committee ______.
must have one member who is a financial expert members must all be financially literate is a subcommittee of the board of directors
A method for documenting the audit team's inderstanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) __.
narrative description
A method for documenting the audit team's understanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) __.
narrative description
A method for documenting the audit team's understanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) _____
narrative description
The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the _____, _____, and ______of further audit procedures to be conducted for the financial statement audit.
nature time extent
The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the __, __, and __ of further audit procedures to be conducted for the financial statement audit.
nature, timing, extent
An auditor can
never rely on information produced by the company's information system without investigation
When gaining an understanding of internal controls, assertions should ______.
only be considered if they are relevant
Whether a control is working as designed and whether the person performing the control has the authority and qualifications to perform the control is referred to as _____
operating effectiveness
Internal control is a set of policies and procedures designed to achieve management objectives in three different categories. Maintaining a good business reputation and increasing market share are objectives of the_____ category.
operations
Duties of the audit committee include ______.
oversight of the public accounting firm conducting the entity's audit overseeing the anonymous fraud hotline engaging legal council in the event of management fraud
Duties of the audit committee include:
oversight of the public accounting firm conducting the entity's audit, engaging legal counsel in the event of management fraud, overseeing the anonymous fraud hotline
When documenting their understanding of the internal control system, the audit team should consider questions related to ______
policies and procedures documentation and communicaiton information technology integration with the risk assessment process selection and development of control activities
When documenting their understanding of the internal control system, the audit team should consider questions related to:
policies and procedures documentation and communication, selection and development of control activities, integration with the risk assessment process, information technology
Separation of duties between the payroll and personnel departments is a ______________
preventative control
In some sense, all controls can be thought of as ______ controls.
preventive
Procedures that prevent misstatements before they occur are ____ controls which are preferable to _____ controls that find misstatements after they occur.
preventive detective
Separation of duties ______.
prevents fraud that do not involve collusion prevents incompatible responsibilities forces different people or departments to deal with different facets of transactions
External auditors are:
primarily concerned with a client's internal control system as it relates to the financial reporting category
Regarding a client's internal control system, external auditors are ______.
primarily concerned with the financial reporting category
Internal control provides __ assurance that management's objectives will be achieved.
reasonable
The COSO definition states that internal control is designed to provide __ regarding the achievement of objectives in three categories.
reasonable assurance
The COSO definition states that internal control is designed to provide _________ regarding the achievement of objectives in three categories.
reasonable assurance
Duties that should be separated are ______.
reconciliation recording authorization custody
Duties that should be segregated are:
reconciliation, recording, authorization, custody
When an auditor plans to __________and rely on controls to reduce substantive testing, they must make sure that the controls have been designed and are operating effectively in order to feel comfortable relying on such controls.
reduce control risk below the maximum
COSO internal control categories include______of financial reporting and______with applicable laws and regulations.
reliability compliance
COSO internal control categories include __ of financial reporting and __ with applicable laws and regulations.
reliability, compliance
The key difference between document examination and _____ is that the former provides evidence employees completed the activity and the later provides evidence it was done correctly.
reperformance
The most persuasive type of control test evidence is
reperformance
A key factor in audit sampling is that, for a sample to be considered , all items in a population must have an opportunity to be selected.
representative
A key factor in audit sampling is that, for a sample to be considered __, all items in a population must have an opportunity to be selected.
representative
To be considered appropriate audit evidence, an audit sample must be ______.
representative of the population being sampled from a population that covers the entire period of reliance
Performance reviews:
require management's active participation in the supervision of operations, can help lower the risk of material misstatements, include the study of budget variances with follow up actions
The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) ______assessment, (3) _____activities, (4) and (5) information and _____.
risk control monitoring communication
Identification by management of the risks relevant to the preparation of the financial statements that are generally related to changes is considered__________ which tries to weed out lying, stealing and cheating
risk assessment
The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) __ assessment, (3) __ activities, (4) __ and (5) information and __.
risk, control, monitoring, communication
Common monitoring controls include:
self-assessments by management regarding the tone they set, analysis of and follow up items that might be indicative of a control failure, quality assurance review of the internal audit department
Internal control questionnaires:
should be used in combination with other methods, make it less likely for the audit team to forget to cover an important point, tend to be inflexible, are somewhat unique for each organization, help the auditing team obtain evidence about the control environment, should include questions about each relevant assertion
Flowcharts ______.
should flow from left to right and top to bottom must be understandable to an audit supervisor should include narrative explanations
Flowcharts:
should flow from left to right and top to bottom, should include narrative explanations, must be understandable to an audit supervisor
Gaining an understanding of internal controls should start by identifying _____accounts and disclosures and their_____ .
significant relevant assertions
The information system produces an audit trail that begins with __ documents and proceeds through to the financial reports.
source
A well-functioning internal control environment requires:
support as shown by management's philosophy and operating style, competent individuals in financial reporting and oversight roles, supportive human resource policies and practices
A well-functioning internal control environment requires ______.
supportive human resource policies and practices support as shown by management's philosophy and operating style competent individuals in financial reporting and oversight roles
Internal control questionnaires ______.
tend to be inflexible make it less likely for the audit team to forget to cover an important point should be used in combination with other methods
When the audit team members document their understanding of management's control activities, a positive assessment may result in
testing control activities for reliance
In order to assess control risk below the maximum ______.
tests of controls must be performed
In order to assess control risk below the maximum:
tests of controls must be performed
Obtaining an understanding of the information system relevant to financial reporting includes understanding:
the nature of the underlying accounting records, information and accounts used to execute a transaction, how the information system captures events and conditions other than transactions significant to the financial statements
Professional standards recognize that to make effective decisions, managers must have access to __, __ and __ information.
timely, reliable, relevant
Controls that pertain to specific classes of entries, account balances and disclosures are called ______ - level controls.
transaction
The audit team identifies _____ - ____ controls that pertain to specific classes of entries, account balances and disclosures.
transaction level
The audit team identifies __-__ controls that pertain to specific classes of entries, account balances and disclosures.
transaction-level
If the audit-team decides an entity-level control sufficiently reduces a specific risk ______.
transaction-level controls related to that risk may not be needed
True or false: In today's environment, it is essential that organizations have a robust set of cyber security control activities in place and operating effectively.
true
A combination of personnel inquiry, operation observation and document examination while tracing a single transaction through the entire audit trail is a(n)
walkthrough
A combination of personnel inquiry, operation observation and document examination while tracing a single transaction through the entire audit trail is a(n) _____
walkthrough