Auditing Chapter 10
Which of the following statements is MOST CORRECT with respect to separation of duties?
Employees who authorize transactions should not have custody of related assets.
In performing an audit of internal control over financial reporting, which of the following is the auditor required to do?
Form an opinion on the effectiveness of internal for financial reporting.
Which of the following best describes the purpose of control activities?
The policies and procedures that help ensure that necessary actions are taken to address risks tot he achievement of the entity's objectives.
When planning an audit, the auditor's assessed level of control risk is:
a judgment issue, based on auditor knowledge.
Internal controls are not designed to provide reasonable assurance that:
all frauds will be detected
The Sarbanes-Oxly Act requires:
all public companies to issue reports on internal controls.
Which of the following is MOST correct for audits on non-public companies?
an audit of internal controls is not required.
When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:
assess control risk
To promote operational efficiency, the internal audit department would ideally report to:
audit committee
Significant deficiencies and material weaknesses in internal control of a PUBLIC company must be reported in writing to which of the following?
audit committee of the company's board of directors
Proper segregation of functional responsibilities calls for separation of:
authorization, recording, and custody
The primary emphasis by auditors is on controls over:
classes of transactions.
An act of two or more employees to steal assets and cover their theft by misstating the accounting records is:
collusion
Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:
competency and dependability of the people using it.
Policies and procedures that help ensure that necessary actions are taken to address risks in the achievement of the entity's objectives.
control activities
The actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity.
control environment
Audit evidence concerning proper segregation of duties normally is best obtained by:
direct personal observation of the employee who applies control procedures
Which of the following is correct regarding management's documentation of internal controls?
documentation needs to have some focus on controls designed to detect fraud.
Narratives, flowcharts, and internal control questionnaires are three common methods of:
documenting the auditor's understanding of internal controls
To issue a report on internal control over financial reporting for a public company, an auditor must:
evaluate management's assessment process and independently assess the design and operating effectiveness of internal control.
Which of the following is the correct definition of "control deficiency"?
exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
Company-wide policies for the approval of all transactions within stated limits.
general authorization
Management must disclose material weaknesses in internal control in its audit report:
if the weakness exists at the end of the year.
When one material weakness is present at the end of the year, management of a public company must conclude that internal control over financial reporting is:
ineffective
Significant deficiencies are matters that come to an auditor's attention and should be communicated to an entity's audit committee because they represent:
internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably.
A process designed to provide reasonable assurance regarding the achievement of management's objectives in the following categories: 1. reliability of financial reporting 2. effectiveness and efficiency of operations 3. compliance with laws and regulations
internal controls
When a compensating control exists, the absence of a key control:
is no longer a concern because there is no longer a significant deficiency or material weakness.
Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal controls?
limited resources
Which of the following activities would be LEAST likely to strengthen a company's internal controls?
maintaining insurance for fire and theft.
Which of the following groups establishes and maintains the company's internal controls?
management
Even with the most effectively designed internal control, the auditor must obtain audit evidence, beyond testing the controls, for every:
material financial statement account
Management's ongoing and periodic assessment of the quality on internal control performance to determine that controls are operating as intended and are modified when needed.
monitoring
After considering a client's internal controls, an auditor has concluded that it is well designed and is functioning as intended. Under these circumstances the auditor would most likely:
not increase the extent of predetermined substantive tests.
An audit procedure that would most likely be used by an auditor in performing test of control procedures in which the segregation of functions and that leaves no "audit" trail is:
observations
when the auditor attempts to understand the operation of the accounting system by tracing a few transactions though the accounting system, the auditor is said to be:
performing a walk-through
Which of management's assertions with respect to implementing internal controls is the auditor primarily concerned?
reliability of financial reporting
The PCAOB states the reasonable assurance allows a:
remote likelihood that material misstatements will not be prevented or detected by internal control.
The auditor's consideration of a private company's internal control is:
required by GAAS
Management's identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework.
risk assessment
Which of the following is responsible for establishing a private company's internal control?
senior management
Segregation of the following activities in an organization: custody of assets, accounting, authorization, and operational responsibility.
separation of duties
In performing the audit of internal control over financial reporting, the auditor emphasizes internal control over class of transactions because:
the accuracy of accounting system outputs depends heavily of inputs and processing.
Which of the following is MOST CORRECT regarding the requirements under Section 404 of the Sarbanes Oxley Act?
the audits of internal control and the financial statements provide reasonable assurance as to misstatements.
An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:
the design and implementation of the controls.
A control available in a small company, which my be necessitated because of lack of competent personnell, is:
the owner-manager's direct involvement in the control process.
The auditors primary purpose in auditing the client's system of internal control over financial reporting is:
to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.