MT2 Ch12 Assessing Control Risk and Reporting on Internal Controls

What is a walkthrough of internal​ control? What is its​ purpose? What is a walkthrough of internal​ control? In a walkthrough of internal control, the ___ selects ___ document(s) for the initiation of a transaction type and traces them through ___ accounting process.

1) auditor 2) one or a few 3) the entire

What is its purpose? At each stage of processing, the auditor ___ and ___, in addition to examining completed documentation for the transaction or transactions selected. Walkthroughs conveniently combine ___, ___, and ___ to assure that the controls designed by management have been ___. PCAOB auditing standards require the auditor to perform at least one walkthrough for each major class of transactions.

1) make inquiries 2) observes activities 3) observation 4) inquiry 5) inspection 6) implemented

Distinguish a significant deficiency in internal control from a material weakness in internal control. How will the presence of one significant deficiency affect an​ auditor's report on internal control under PCAOB​ standards? How will the presence of one material weakness affect an​ auditor's report on internal control under PCAOB​ standards? A ___ exists of there are one or more control deficiencies that are less severe than a ___, but important enough to merit attention by those responsible for oversight of the company's financial reporting. A ___ exists if a deficiency, by itself or in combination with other deficiencies, results in a reasonable possibility that internal control will not prevent or detect material financial statement misstatements.

1) significant deficiency 2) material weakness 3) material weakness

If the auditor assesses control risk as high for a​ transaction-related audit​ objective, what does that imply for detection risk and the level of substantive​ testing? A) In order to maintain the desired level of audit​ risk, the auditor will need to set a lower level of detection risk. A lower level of detection risk in turn means more extensive substantive testing. B) In order to maintain the desired level of audit​ risk, the auditor will need to set a lower level of detection risk. A lower level of detection risk in turn means less extensive substantive testing. C) In order to maintain the desired level of audit​ risk, the auditor will need to set an even higher level of detection risk. A higher level of detection risk in turn means more extensive substantive testing. D) In order to maintain the desired level of audit​ risk, the auditor will need to set an even higher level of detection risk. A higher level of detection risk in turn means less extensive substantive testing.

A) In order to maintain the desired level of audit​ risk, the auditor will need to set a lower level of detection risk. A lower level of detection risk in turn means more extensive substantive testing.

A control can relate to ___ account-assertion(s). A) Multiple B) Only one

A) Multiple

Which of the following is true regarding the​ auditor's opinion on the effectiveness of internal​ control? A) The auditor is attesting to the effectiveness of internal controls as of the end of the fiscal year. B) A scope limitation requires the auditor to issues an adverse opinion. C) If the client remedies a material weakness before the end of the fiscal​ year, the auditor must still issue a qualified opinion or a disclaimer of opinion. D) Section 404 requires that the auditor design the audit to detect all deficiencies in internal control.

A) The auditor is attesting to the effectiveness of internal controls as of the end of the fiscal year.

How must significant deficiencies and material weaknesses be communicated to those charged with​ governance? A) Written communication is required. B) Written communication is required for material​ weaknesses, but oral communication is allowed for significant deficiencies. C) Either oral or written communication is acceptable. D) Oral communication is required.

A) Written communication is required.

Which deficiency exists if a necessary control is missing or not properly​ implemented? A) design B) significant C) operating D) control

A) design

An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be​ used? A) inspect design documents B) examine​ documents, records, and reports C) make inquiries of appropriate client personnel D) reperform client procedures

A) inspect design documents

The auditor should identify and include only​ ________ controls since they will be sufficient to achieve the​ transaction-related audit objectives and will also provide audit efficiency. A) key B) material C) significant D) compensating

A) key The auditor should identify and include only those controls that are expected to have the greatest effect on meeting the transaction-related audit objectives." (Pg 382; Identify Existing Controls)

The financial statement auditor relies on the work of the IT auditor to assess the design and implementation​ and, if taking a reliance​ strategy, to test the operating effectiveness of certain controls. Which of the following controls do not require the help of an IT​ auditor? A) ​Entity-level controls B) General IT controls C) Automated controls D) ​IT-dependent controls

A) ​Entity-level controls

How will the presence of one significant deficiency affect an​ auditor's report on internal control under PCAOB​ standards? A.) If the deficiency is not deemed to be a material​ weakness, the​ auditor's report would contain an adverse opinion. B) If the deficiency is not deemed to be a material​ weakness, the​ auditor's report would contain an unqualified opinion. C) If the deficiency is deemed to be a material​ weakness, the​ auditor's report would contain a qualified opinion. D) If the deficiency is deemed to be a material​ weakness, the​ auditor's report would contain an unqualified opinion.

B) If the deficiency is not deemed to be a material​ weakness, the​ auditor's report would contain an unqualified opinion. (Pg392; Types of Opinions)

For the audit of a large public​ company, the auditor intends to test operating effectiveness of controls. The​ auditor's goal is to obtain evidence that controls are operating​ effectively, allowing the reduction of control risk below the maximum. What is the name of this​ strategy? A) Minimum strategy B) Reliance strategy C) Substantive strategy D) Maximum strategy

B) Reliance strategy (Ch12 PPT; pg3)

How will the presence of one material weakness affect an​ auditor's report on internal control under PCAOB​ standards? A) The auditor can still express an unqualified opinion. B) The auditor must express an adverse opinion. C) The auditor must express a qualified opinion. D) The auditor must express a disclaimer of opinion.

B) The auditor must express an adverse opinion. (Pg392; Types of Opinions)

For financial statement​ audits, auditors need to understand controls that are relevant to the audit in order to A) perform preliminary analytical procedures. B) identify and assess the risks of material misstatements. C) assess inherent risk. D) detect fraud.

B) identify and assess the risks of material misstatements. "For financial statement audits, auditors need to understand the design and implementation of controls that are relevant to the audit to identify and assess the risks of material misstatements." (Pg377; Obtain and Document Understanding of Internal Control)

When testing manual or automated​ controls, A) automated controls cannot be altered by making a change to the software application. B) the extent of testing depends on whether it is a manual or automated control. C) when there are effective general controls and automated application​ controls, the auditor will need to select a larger sample size of transactions to verify. D) automated controls are always subject to random error or manipulation.

B) the extent of testing depends on whether it is a manual or automated control.

The auditor is required to obtain an understanding of the design and implementation of the​ client's controls for all audits. This includes identifying controls that address all 5 COSO components. Most of the​ auditor's time in these procedures is spent on controls related to which COSO​ component? A) Risk assessment B) Control environment C) Control activities D) Monitoring

C) Control activities

Which of the following represents a correct statement regarding internal control​ testing? A) The greater the​ risk, the less audit evidence the auditor should obtain that controls are operating effectively. B) Testing of internal controls can only be performed by the auditor at the end of the fiscal year. C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit. D) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior​ audits, auditing standards require tests of the​ controls' effectiveness at least every other year.

C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.

What type of report is issued when one or more material internal control weaknesses​ exist? A) unqualified opinion B) qualified opinion C) adverse opinion D) disclaimer of opinion

C) adverse opinion

When making a preliminary assessment of control​ risk, the starting point for most auditors is A) fraud controls. B) ​transaction-related controls. C) assessment of entity level controls. D) IT assessment controls.

C) assessment of entity level controls. "The starting point for most auditors is the assessment of entity-level controls. By their nature, entity-level controls, such as many of the elements contained in the control environment, risk assessment, and monitoring components, have an overarching impact on most major types of transactions in each transaction cycle." (Pg380; Determine Assessed Control Risk Supported by the Understanding Obtained)

The auditor will issue an unqualified opinion on internal control over financial reporting when A) there are no identified material weaknesses as of the end of the fiscal year. B) there have been no restrictions on the scope of the​ auditor's work. C) both a and b D) either a or b

C) both a and b

A(n) ________ control is a control elsewhere in the system that offsets the absence of a key control. A) significant B) alternate C) compensating D) design

C) compensating "A compensating control is one elsewhere in the system that offsets the absence of a key control." (Pg384; Identify Deficiencies, Significant Deficiencies, and Material Weakness.

When assessing control​ risk, A) all​ controls, including key​ controls, should be considered. B) each control can be used to satisfy only one audit objective. C) many auditors use a control risk matrix to assist in the control risk assessment process. D) many auditors use actuarial tables to assist in the control risk assessment process.

C) many auditors use a control risk matrix to assist in the control risk assessment process.

The auditor must identify​ ________ key​ control(s) for each​ account-assertion. A) All of the​ client's B) One C) Five D) At least one

D) At least one (Ch12 PPT, pg 5)

Tests of controls A) are used to support the ending balances in the balance sheet and income statement accounts. B) are designed to detect fraud. C) are performed at the end of the audit. D) are the procedures used to test the effectiveness of controls in support of a reduced assessed control risk.

D) are the procedures used to test the effectiveness of controls in support of a reduced assessed control risk.

Which type of evidence is not used by the auditor to obtain an understanding of the design and implementation of internal​ control? A) inspection B) inquiry C) observation D) confirmation

D) confirmation "At each stage of processing, the auditor makes inquiries, observes activities, and examines completed documents and records." (Pg377; Evaluating Internal Control Implementation)

Narratives, flowcharts, and internal control questionnaires are three common methods of A) testing the internal controls. B) designing the audit manual and procedures. C) documenting the​ auditor's understanding of a​ client's organizational structure. D) documenting the​ auditor's understanding of internal controls.

D) documenting the​ auditor's understanding of internal controls. "Auditors commonly use three types of documents to obtain and document their understanding of the design of internal control: narratives, flowcharts, and internal control questionnaires." (Pg 377; Obtain and Document Understanding of Internal Control Design)

A​ ________ exists if one or more control deficiencies exist that are less severe than a material​ weakness, but are important enough to merit attention by those responsible for oversight of the​ company's financial reporting. A) significant weakness B) potential misstatement C) fraud symptom D) significant deficiency

D) significant deficiency

T/F A significant internal control deficiency is always considered a material weakness.

F

T/F A​ company's size should have no impact on the nature of internal control and the controls that are implemented.

F

T/F Control risk is generally set at minimum for most private companies.

F

T/F Management's documentation is not a major source of information for auditors in gaining an understanding of the design of internal controls.

F

T/F A company requires the​ controller's e-approval for all fixed asset purchases in excess of​ $50,000. Audit software can be used to identify if there are any instances where a fixed asset purchase in excess of​ $50,000 lacked the​ controller's e-approval, instead of manual checking.

T

T/F The auditor obtains a sufficient understanding of internal control to assess the risk of material misstatement at the overall financial statement level and at the relevant assertion.

T

T/F To issue an unqualified opinion on internal control over financial​ reporting, there must be no identified material weaknesses and no restrictions on the scope of the audit.

T

T/F An adequate system flowchart should include the same characteristics required for system narratives.

T "An adequate flowchart includes the same four characteristics identified for narratives." (Pg377; Flowchart)

T/F Walkthroughs combine​ observation, inspection, and inquiry to assure that the controls designed by management have been implemented.

T "At each stage of processing, the auditor makes inquiries, observes activities, and examines completed documents and records." (Pg377; Evaluating Internal Control Implementation)

T/F As Section 404 of the​ Sarbanes-Oxley Act requires management to assess and to document the design effectiveness of internal controls over financial​ reporting, management may have already prepared narratives and flowcharts which the auditor can the use in documenting their understanding of the design of such internal controls.

T "Because Section 404 of the Sarbanes-Oxley Act requires management to assess and document the design effectiveness of internal control over financial reporting, they usually already prepared this documentation." (Pg377; Obtain and Document Understanding of Internal Control Design)