Chapter 5 Auditing and Assurance Smartbook

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

COSO internal control categories include______of financial reporting and______with applicable laws and regulations.

reliability compliance

True or false: Document examination alone is never considered an adequate test of controls.

false

True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness.

false

An audit team's assessment of control risk as low ______.

may limit the use of substantive tests of details allows auditors to use smaller sample sizes implies controls are effective

Duties that should be separated are ______.

reconciliation recording authorization custody

The final assessment of control risk should ______.

assist in determining the list of substantive procedures required be coordinated with the final audit plan

Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls.

entity

The risk of material misstatement is composed of_____ risk and____ risk.

inherent control

An opinion of the entity's financial statements and a second opinion on management's assessment of the effectiveness of the entity's internal control over financial reported are issued as part of a(n)______

integrated audit

Regarding a client's internal control system, external auditors are ______.

primarily concerned with the financial reporting category

For all relevant assertions for each significant account and disclosure, the audit team begins by examining _____ -_____ controls that are pervasive to the internal control system and reliability of the financial statements as a whole

entity level

When audit teams reach the third phase of an evaluation of internal control they ______.

have set an acceptable rate of compliance for an activity to be considered effective have identified controls on which they intend to rely

Section 302 of the Sarbanes-Oxley Act ______.

makes managers responsible for establishing a control environment requires management to assess the risks it wishes to control

Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ______testing.

exception

Flowcharts ______.

involve considerable time and effort have become a popular documentation method for auditors help the audit team assess the key control points in the process

All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as_____ , that can prevent the organization from achieving it objectives.

business risks

Generally a reassessment of control risk ______.

can only go upwards

Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.

exception

The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion ______.

is equivalent to assessing control risk at 100%

After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because ______.

it is less time consuming to conduct substantive tests the internal control system is too ineffective to rely on the cost of obtaining a low control risk assessment is high

Separation of duties ______.

prevents fraud that do not involve collusion prevents incompatible responsibilities forces different people or departments to deal with different facets of transactions

A well-functioning internal control environment requires ______.

supportive human resource policies and practices support as shown by management's philosophy and operating style competent individuals in financial reporting and oversight roles

If the audit-team decides an entity-level control sufficiently reduces a specific risk ______.

transaction-level controls related to that risk may not be needed

True or false: In today's environment, it is essential that organizations have a robust set of cyber security control activities in place and operating effectively.

true

According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______.

always required

COSO developed a(n) ______ framework to facilitate the assessment and mitigation of business risks a company faces.

enterprise risk management

Performance reviews ______.

include the study of budget variances with follow up actions require management's active participation in the supervision of operations can help lower the risk of material misstatements

Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are _______ responsibilities

incompatible

An account's significance is based on its ______ risk.

inherent

The least persuasive type of control test evidence is _____

inquiry

Duties of the audit committee include ______.

oversight of the public accounting firm conducting the entity's audit overseeing the anonymous fraud hotline engaging legal council in the event of management fraud

When documenting their understanding of the internal control system, the audit team should consider questions related to ______

policies and procedures documentation and communicaiton information technology integration with the risk assessment process selection and development of control activities

In some sense, all controls can be thought of as ______ controls.

preventive

The key difference between document examination and _____ is that the former provides evidence employees completed the activity and the later provides evidence it was done correctly.

reperformance

The most persuasive type of control test evidence is

reperformance

A key factor in audit sampling is that, for a sample to be considered , all items in a population must have an opportunity to be selected.

representative

Internal control questionnaires ______.

tend to be inflexible make it less likely for the audit team to forget to cover an important point should be used in combination with other methods

In order to assess control risk below the maximum ______.

tests of controls must be performed

Controls that pertain to specific classes of entries, account balances and disclosures are called ______ - level controls.

transaction

The audit team identifies _____ - ____ controls that pertain to specific classes of entries, account balances and disclosures.

transaction level

A combination of personnel inquiry, operation observation and document examination while tracing a single transaction through the entire audit trail is a(n) _____

walkthrough

Physical access should be limited to authorized personnel. This limitation should include:

inventory payroll records securities

The acceptable rate of compliance for an internal control to be considered effective ______.

is a matter of professional judgment may be based on internal firm guidelines

Section 302 of the Sarbanes-Oxley Act ______.

is designed to ensure the proper "tone at the top" makes management responsible for monitoring, supervising and maintaining control activities allows managers to make their own judgments about the necessity of specific controls

Narrative descriptions tend to be ______.

most efficient for audits of small businesses

Tests of controls ______.

must be performed to obtain evidence that controls can be relied on

The audit committee ______.

must have one member who is a financial expert members must all be financially literate is a subcommittee of the board of directors

A method for documenting the audit team's understanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) _____

narrative description

Internal control questionnaires ______.

are somewhat unique for each organization can be useful in detecting internal control weaknesses help the auditing team obtain evidence about the control environment

The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is ______.

moderate

Flowcharts ______.

should flow from left to right and top to bottom must be understandable to an audit supervisor should include narrative explanations

Gaining an understanding of internal controls should start by identifying _____accounts and disclosures and their_____ .

significant relevant assertions

A well-functioning internal control environment requires ______.

appropriate assignment of authority and responsibility top management with sound integrity and ethical values clear and unambiguous reporting lines

Duties of the audit committee include ______.

approving nonaudit services provided by the external auditor appointing the public accounting firm conducting the entity's audit compensating the public accounting firm conducting the entity's audit

Flowcharts ______.

are easy to evaluate after they are completed can be helpful in identifying missing controls are time-consuming to construct

Duties that should be separated are the _____to execute _____transactions,____ transactions, _____of assets involved in the transactions and periodic ____ of existing assets to recorded amounts.

authority recording custody reconciling

When testing controls, the audit team often uses ______ about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed

inquiry

The four methods of testing controls are ____ , ____ ,document examination and _____

inquiry observation reperformance

External auditors complete an audit on the financial statements and one on internal control as part of a(n)

integrated audit

Section 404 of the Sarbanes-Oxley Act requires an entity's annual report to include a statement that ______.

management is responsible for establishing and maintaining adequate internal control over financial reporting identifies the framework used as a benchmark for evaluating the entity's internal control effectiveness

The risk assessment element of the COSO framework is ______ responsibility.

management's

When gaining an understanding of internal controls, assertions should ______.

only be considered if they are relevant

Whether a control is working as designed and whether the person performing the control has the authority and qualifications to perform the control is referred to as _____

operating effectiveness

Internal control is a set of policies and procedures designed to achieve management objectives in three different categories. Maintaining a good business reputation and increasing market share are objectives of the_____ category.

operations

True or false: An understanding of the design of controls or how they are intended to function provides the audit team complete evidence as to the operating effectiveness of controls.

false

The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the _____, _____, and ______of further audit procedures to be conducted for the financial statement audit.

nature time extent

Which of the following statements are correct?

For a sample to be representative, all items in the population have an opportunity to be selected. Tests of controls should be applied to samples executed throughout the period under audit.

Which of the following statements are correct?

If a control activity has high risk, more persuasive evidence is needed. It may be more efficient for the auditor to choose not to rely on controls.

Which of the following statements are correct?

Spreadsheet "errors" can pose risks to an entity's internal control system. Using and accounting for prenumbered documents helps support the completeness assertion.

Specific actions a client's management and employees take to help ensure management's directives are carried out are called _____

control activities

Integrity, ethical values and competence of the entity's people are all________ factors

control environment

The foundation for all other components of internal control is the____

control environment

Whether the controls over financial reporting, if operating as they should, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements is determined by ______

design effectiveness

When a single audit test produces both control testing and substantive testing evidence, it is called a(n) _____ test

dual purpose

An audit procedure that selects recorded payroll entries to vouch payroll to time cards and calculate the correct dollar amount of payroll is an example of a ______.

dual-purpose test

COSO internal control categories include ____and____ of operations

effectiveness efficiency

When documenting their understanding of the internal control system, the auditor should consider if the client has taken full advantage of their existing technological platform by using ______ control activities whenever it is efficient and effective.

entirely automated

True or false: Periodic management reviews are critically important to demonstrate that controls are operating in an effective manner.

false

The professional standards require the auditor to gain an understanding of the client's risk assessment process related to ______.

financial reporting risks fraud risk

Each member of the audit committee must be financially _____ and one member must be a financial ______

literate expert

After understanding and documenting internal control, the audit team should be able to ______.

make a preliminary assessment of control risk

Management may not be able to conclude that the entity's internal controls over financial reporting is effective if any _______exist.

material weaknesses

The preliminary assessment of control risk ______.

may be made after understanding and documenting internal control includes identifying activities explicitly designed to support reliable financial statement reporting

Procedures that prevent misstatements before they occur are ____ controls which are preferable to _____ controls that find misstatements after they occur.

preventive detective

To be considered appropriate audit evidence, an audit sample must be ______.

representative of the population being sampled from a population that covers the entire period of reliance

The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) ______assessment, (3) _____activities, (4) and (5) information and _____.

risk control monitoring communication


Kaugnay na mga set ng pag-aaral

Asepsis & Infection Control Practice Questions

View Set

Chapter 16 Nursing Management During the Postpartum Period

View Set

Med Surg PrepU- Fluid and Electrolyte balance, Fluid and Electrolyte Review

View Set

Ryon - Algebra 1 EOC Review 16-17

View Set

Chapter 9 PrepU Questions - Teaching and Counseling

View Set