SB HW Ch 7 Auditing IC over FR
True or false: In planning an integrated audit, the auditor should design separate tests of controls to accomplish the objectives of the audit of ICFR and the audit of financial statements. True False
False
Entity-level controls that require specific evaluation by the auditor are the ______. control environment management compensation and evaluation processes interim financial reporting process period-end financial reporting process
control environment period-end financial reporting process
An unqualified opinion regarding the effectiveness of the entity's ICFR provides ______ assurance that the entity's controls are designed and operating effectively in all material respects as of the balance sheet date. absolute reasonable limited
reasonable
The fact that no system of internal controls is perfect and that there is a remote likelihood that material misstatement will not be prevented or detected in a timely matter even with effective controls is the concept of _____ assurance.
reasonable
Audit evidence supporting effective internal control must be obtained at the level of ______. reasonable assurance risk-based assurance absolute assurance substantial completion
reasonable assurance
The auditor traces a transaction from origination through the entity's processes and information system until it is reflected in the entity's financial reports when performing a(n) _____
walkthrough
When the auditor issues an adverse opinion on internal control, ______ be issued on the financial statement audit. a disclaimer of opinion must an adverse opinion must an unqualified opinion may at least a qualified opinion must
an unqualified opinion may
After auditing the effectiveness of an entity's internal control, an auditor issues a(n) _____ opinion if the entity's internal control is designed and operating effectively in all material respects.
unqualified
Test data ______. should include both valid and invalid data is not used to test processing logic controls is a time-effective method of testing ensures the accuracy of computer processing of transactions
should include both valid and invalid data ensures the accuracy of computer processing of transactions
A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a ______ deficiency. possible reasonable remote significant
significant
A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a(n) _____deficiency.
significant
The work performed by internal auditors, entity personnel, and third parties hired by management or the audit committee ______ be used by the auditor. cannot should must can
can
Match the type of evidence with the most appropriate description. Direct tests of controls Ongoing monitoring Performed by objective individuals Performed by people using controls
Direct tests of controls matches Performed by objective individuals Ongoing monitoring matches Performed by people using controls
Management's assessment of the entity's ICFR must be based on ______. a recognized control framework the PCAOB framework a framework consistent with industry peers prior year's deficiencies
a recognized control framework
To identify significant accounts and disclosures and their relevant assertions, the auditor assesses risk factors including ______. account size and composition target earnings per share range of values nature of the disclosure susceptibility to misstatement
account size and composition nature of the disclosure susceptibility to misstatement
Once key controls have been identified, the auditor starts with evaluating their _____ effectiveness, which may also provide some evidence about _____ effectiveness.
blank 1: design blank 2: operating
If the auditor fails to obtain written representations from management, the auditor ______ opinion of ICFR. cannot issue an unqualified must issue an adverse must disclaim an
cannot issue an unqualified
The best way to identify potential sources of misstatements is often ______. performing walkthroughs using professional judgment to assess management's controls testing entity-level controls identifying controls management has implemented to address misstatements
performing walkthroughs
Audit documentation related to the audit of internal controls must include ______. the evaluation of deficiencies discovered the scope of testing the extent of reliance on work performed by others a discussion of PCAOB documentation standards
the evaluation of deficiencies discovered the scope of testing the extent of reliance on work performed by others
Because they can have a pervasive effect on the entity's ability to meet the COSO control criteria, the auditor must test the effectiveness of _____ - _____ controls.
blank 1: entity blank 2: level
If the work of others is to be used, the auditor should assess the _____ and _____ of the persons whose work will be used.
blank 1: objectivity blank 2: competence
When auditors want to perform specific audit tasks, _____ audit software is generally written.
custom
Written representations from management related to the audit of ICFR include management ______. conclusion about the effectiveness of the entity's ICFR as of a specified date reliance on the work of the auditor in forming its assessment of ICFR effectiveness disclosure to the audit committee of all design and operational deficiencies responsibility for establishing and maintaining effective ICFR
conclusion about the effectiveness of the entity's ICFR as of a specified date responsibility for establishing and maintaining effective ICFR
The auditor's report on the effectiveness of internal control must ______. contain the basis of the auditor's opinion be addressed to the shareholders and board of directors provide an opinion on whether the entity maintained effective ICFR throughout the financial statement audit period be issued as a separate report from the financial statement audit report
contain the basis of the auditor's opinion be addressed to the shareholders and board of directors
Advantages of GAS include ______. entire populations can be examined ease of use auditing can be done as the entity processes data limited IT expertise is required
entire populations can be examined ease of use limited IT expertise is required
Disadvantages of GAS include ______. it provides limited ability to verify programming logic data that is audited must be available in electronic form the time required to develop the application is usually short it requires advance programming skills
it provides limited ability to verify programming logic data that is audited must be available in electronic form
In evaluating the risk of material misstatement due to fraud and the risk of management override of controls, the auditor should consider controls over ______. recurring transactions that are recorded monthly journal entries and adjustments made in the period-end financial close significant, unusual transactions resulting in unusual journal entries
journal entries and adjustments made in the period-end financial close significant, unusual transactions resulting in unusual journal entries
If a misstatement is detected by substantive procedures, the auditor should consider whether the control deficiency might affect the _____ on the audit of ICFR.
opinion
In assessing financial reporting risks, management must evaluate whether there planned controls internal audit department management other pervasive elements of ICFR entity-level controls
other pervasive elements of ICFR entity-level controls
The auditor's report on the effectiveness of internal control must ______. provide an opinion on effective ICFR as of the specified date be addressed to the management of the company contain the basis of management's opinion on the effectiveness of ICFR have the same date as the financial statement audit report
provide an opinion on effective ICFR as of the specified date have the same date as the financial statement audit report
The auditor's report on the effectiveness of internal control must ______. provide an opinion on effective ICFR as of the specified date be addressed to the management of the company contain the basis of management's opinion on the effectiveness of ICFR have the same date as the financial statement audit report
provide an opinion on effective ICFR as of the specified date have the same date as the financial statement audit report
To identify significant accounts and disclosures and their relevant assertions, the auditor assesses risk factors including ______. related party transactions gains from asset disposals changes from prior periods volume of activity reporting complexities
related party transactions changes from prior periods volume of activity reporting complexities
When an entity has a material weakness, it should take steps to correct it, which is referred to as _____
remediation
Prior to the issuance of the auditor's report on ICFR, the auditor must communicate in writing to both management and the audit committee identified ______. control deficiencies significant deficiencies material weaknesses compensating controls
significant deficiencies material weaknesses
Unless a longer period of time is required, PCAOB standards require the auditor to retain audit documentation for the ICFR and financial statement audit for ______ years. 5 10 3 7
7
Which of the following statements is correct? A single set of audit procedures should be used to test both the design and operating effectiveness of controls. Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness. Evidence about the operating effectiveness of controls should never be based on procedures used to test design effectiveness.
Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness.
Which of the following statements is correct? Evidence about the operating effectiveness of controls should never be based on procedures used to test design effectiveness. Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness. A single set of audit procedures should be used to test both the design and operating effectiveness of controls.
Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness.
Which of the following statements are correct? Auditors are required to evaluate the severity of each control deficiency. The assessment of the significance of a control deficiency depends on whether or not a misstatement has occurred. The severity of a control deficiency depends on its likelihood and magnitude.
Auditors are required to evaluate the severity of each control deficiency. The severity of a control deficiency depends on its likelihood and magnitude.
Which of the following statements are true about the financial statement and ICFR audits? They have different objectives. Tests of controls should be done separately for the audits. Work must be planned to achieve both objectives. They must be performed at different times.
They have different objectives. Work must be planned to achieve both objectives.
If one or more unremediated material weaknesses is identified, the auditor issues a(n) ______ opinion on the entity's internal control. disclaimer of qualified adverse unqualified
adverse
The presence of a material weakness in ICFR at the end of the period necessitates a(n) ______ assessment by management and a(n) ______ opinion by the auditor. adverse, qualified qualified, adverse qualified, qualified adverse, adverse
adverse, adverse
If a significant deficiency or material weakness exists because of the audit committee's ineffective oversight, the auditor must communicate the specific deficiency or weakness, in writing, directly to the ______. appropriate regulatory agency board of directors company CEO internal audit department
board of directors
Evidence on the operating effectiveness of a control may be obtained from ______. neither direct testing nor ongoing monitoring direct testing of the control only both direct testing and ongoing monitoring ongoing monitoring only
both direct testing and ongoing monitoring
When companies use service organizations to process transactions, ______. both management and the auditor must consider the service organization activities the auditor cannot express an opinion about the effectiveness of operating controls an audit opinion only can only be expressed if the auditor performs tests of controls at the service organization the service organization is considered part of the information and communication component of the entity's ICFR
both management and the auditor must consider the service organization activities the service organization is considered part of the information and communication component of the entity's ICFR
If a material weakness cannot be corrected and/or properly tested before the "as of" date, ______. management should issue a report that the ICFR is not operating effectively and the auditor should disclaim an opinion neither management nor the auditor should issue a report on the effectiveness of ICFR the auditor should issue a report that the ICFR is not operating effectively and the management should not issue an opinion both management and the auditor should issue a report that the ICFR is not operating effectively
both management and the auditor should issue a report that the ICFR is not operating effectively
The auditor's report on the effectiveness of internal control must ______. provide an opinion on whether the entity maintained effective ICFR throughout the financial statement audit period contain the basis of the auditor's opinion be addressed to the shareholders and board of directors be issued as a separate report from the financial statement audit report
contain the basis of the auditor's opinion be addressed to the shareholders and board of directors
In addition to material weaknesses and significant deficiencies, the auditor should communicate, in writing, to management all _____ deficiencies identified during the audit.
control
If the scope of the auditor's work is limited because of circumstances beyond the control of management or the auditor, the auditor's option are to ______. disclaim an opinion issue an unqualified opinion withdraw from the engagement issue an adverse opinion
disclaim an opinion withdraw from the engagement
Test data can be used to check ______. error detection routines the exclusion of transactions in records, files, and reports arithmetic calculations data validation controls
error detection routines arithmetic calculations data validation controls
In assessing material weaknesses in ICFR management must ______. centralize processing of controls evaluate evidence about the operating effectiveness of ICFR notify the auditor of locations to include in the evaluation identify financial reporting risks and related controls consider which locations to include in the evaluation
evaluate evidence about the operating effectiveness of ICFR identify financial reporting risks and related controls consider which locations to include in the evaluation
The auditor's report on the effectiveness of internal control must ______. be addressed to the management of the company have the same date as the financial statement audit report contain the basis of management's opinion on the effectiveness of ICFR provide an opinion on effective ICFR as of the specified date
have the same date as the financial statement audit report provide an opinion on effective ICFR as of the specified date
The risk that a misstatement could result in a material misstatement of the financial statements is called a(n) _____ _____ risk.
financial reporting
The phrase "All material respects" means that the entity's ICFR ______. is free of any material weakness has prevented and/or detected all material errors does not have any significant deficiencies
is free of any material weakness
The severity of a control deficiency depends on ______. likelihood and magnitude number of misstatements and magnitude likelihood and number of misstatements
likelihood and magnitude
The difference between a control deficiency, a significant deficiency, and a material weakness is determined solely based on ______. (Enter only one word per blank.) likelihood management judgment auditor judgment magnitude
magnitude
Evidence about the operating effectiveness of controls at service organizations that are relevant to management's assessment and the auditor's opinion ______. must be obtained from a service auditor's report on the design and operating effectiveness of controls in operation at the service organization must be obtained by performing tests of the user organization's controls over the activities of the service organization may be obtained by performing tests or obtaining a service auditor's report must be obtained by performing tests of controls at the service organization
may be obtained by performing tests or obtaining a service auditor's report
The failure of a preventive control (such as inventory tags) to safeguard assets ______ result in a significant deficiency or material weakness. will always will never may or may not
may or may not
A control issue does not rise to the level of control deficiency if the likelihood is ______. remote probable likely reasonably possible
remote
Written representations from management related to the audit of ICFR include management ______. responsibility for establishing and maintaining effective ICFR conclusion about the effectiveness of the entity's ICFR as of a specified date reliance on the work of the auditor in forming its assessment of ICFR effectiveness disclosure to the audit committee of all design and operational deficiencies
responsibility for establishing and maintaining effective ICFR conclusion about the effectiveness of the entity's ICFR as of a specified date
A major premise of AS 2201 is that _____ assessment underlies the entire audit of ICFR.
risk
AS2201 defines policies and procedures that "provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposal of the entity's assets that could have a material effect on the financial statements as the _____ of assets."
safeguarding
If circumstances beyond the control of management or the auditor limit the _____ of the auditor's work, the auditor should disclaim an opinion or withdraw from the engagement.
scope
When an entity's computer system is not compatible with the auditor's GAS, the auditor should ______. rely on the entity's computer software not use software to conduct testing write custom audit software
write custom audit software