ACC 4110 Chapter 6: Internal Control in a Financial Statement Audit
What are application controls?
apply to the processing of individual application to ensure the occurrence, completeness and accuracy of transactions.
An effective accounting system establishes methods and records that will ______. Multiple select question. 1. describe transactions in sufficient detail to permit proper classification 2. determine the proper time period in which transactions occurred 3. identify and record all valid transactions 4. present transaction and disclosures in a manner than ensures profitability for the entity
1, 2 and 3
Identify the fraud risk factors that organizations must consider in assessing risks to the achievement of objectives. Multiple select question. 1. Rationalization 2. Opportunities 3. Threats 4. Morality 5. Incentives
1, 2 and 5
The components of internal controls as defined by the COSO Framework are ______. Multiple select question. 1. information and communication 2. control environment 3. detection activities 4. entity's risk assessment 5. monitoring activities
1, 2, 4, and 5
Which of the following communicate policies and procedures to the entity's personnel? Multiple select question. 1. Policy manuals 2. Memoranda 3. Accounting manuals 4. Personnel manuals
1, 2, and 3
Monitoring of internal controls ______. Multiple select question. 1. is intended to assess quality of performance over time 2. should be done to determine operating effectiveness 3. has received decreased attention in recent years 4. may identify the need for control redesign
1,2 and 4
Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded, and that the entity's information system generates information that is reliable for decision making?
Management
According to COSO's Internal control - integrated framework, a system of internal control is designed and carried out to accomplish what 3 things?
1. Reliability, timeliness, and transparency of internal and external financial and nonfinancial reporting. 2. Effectiveness and Efficiency of Operations, including safeguarding of assets 3. Compliance with applicable laws and regulations
The auditor intends to depend on the entity's controls and may need a more detailed understanding of internal controls to develop a preliminary or "planned" assessment of control risk when following a ______ strategy. Multiple choice question. A. differentiation B. substantive C. benchmarking D. reliance
D.
How does an entity's use of information technology affect internal control?
It affects the way transactions are initiated, authorized, recorded, processed and reported.
True or false: An entity's risk assessment process should consider the possibility of events that threaten the achievement of objectives. True false question. True False
T
Based upon its risk assessment, management determines which relevant business processes require ________ __________.
control activities
What aspect of risk assessment process is most directly relevant to auditors?
how management identifies risks relevant to the preparation of financial statements and then estimates their significance, assesses the likelihood of their occurrence, and then decides on how to manage them.
The infrastructure, software, people, procedures and data used to support the functioning of internal control is known as a(n) _______________ _______________.
information system
The approach to taking and monitoring business risks and attitudes and actions toward financial reporting are characteristics that may signal important information to the auditor about management's ______________and ____________ values.
integrity and ethical
A policy might call for two people to sign all checks over a certain dollar amount and the _____________ is the action of having two people sign a check.
procedure
As it relates to the external financial reporting objective, the entity's _______________ _____________ process should consider internal and external events and circumstances that may arise and adversely affect the entity's ability to initiate, authorize, record, process and report financial data consistent with management's financial statement assertions.
risk assessment
The possibility of events that threaten the achievement of objectives should be considered in an entity's __________ __________process.
risk assessment
What are control activities?
the actions established by policies and procedures that help ensure that management directives to mitigate risks to the achievement of objectives are carried out.
Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are examples of ______. A. Multiple choice question. B. physical controls C. segregation of duties controls D. fraud controls E. information processing controls F. risk identification controls
B.
Internal Control as defined by COSO Framework consists of which 5 components?
Control Environment Entity Risk Assessment Process Control Activities Information and Communication Monitoring Activities
Information that is capable of making a difference in user decisions has the characteristic of _______________.
Relevance
Based upon its risk assessment, management determines which relevant business processes require _____________ ___________.
control activities
An effective internal control system allows management to do what?
focus on operations and financial performance goals with maintaining compliance with relevant laws and minimizing surprises.
The assessment of ___________ _________includes consideration of incentives and pressures, opportunities and how personnel might rationalize or justify inappropriate actions
fraud risk
Controls over network operations are included as part of ____________ controls which relate to the overall information processing environment.
general
What is risk assessment?
involves a dynamic and iterated process for identifying and analyzing risks to achieve the entity's objectives. It forms the basis for determining how risks should be managed.
Information that is capable of making a difference in user decisions has the characteristic of ___________.
Relevance
Fundamental qualitative characteristics include which two?
Relevance and Faithful representation
The information gathered by performing risk assessment procedures is used to evaluate the __________________ of controls and to determine whether they have been _________________.
design, implemented
In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems ______. Multiple select question. 1. sophistication 2. complexity 3. effectiveness 4. accuracy
1 and 2
Communication with external parties regarding matters affecting the functioning of internal control ______. Multiple select question. 1. enables inbound receipt of relevant information 2. should only be done between the entity and its external auditors 3. can assist in meeting outside requirements and expectations
1 and 3
The two fundamental qualitative characteristics for external financial reporting are ______. Multiple select question. 1. relevance 2. understandability 3. faithful representation 4. timeliness 5. comparability
1 and 3
Factors that can impact the effectiveness of the board of directors or audit committee include ______. Multiple select question. 1. nature and extent of interactions with auditors 2. information availability 3. stock performance 4. compensation packages 5. experience of members
1, 2, and 5
Internal communication within an organization related to internal control ______. Multiple select question. 1. involves providing and understanding of roles and responsibilities 2. should always be made by senior management either orally or in writing 3. provides clear messages about the importance of how control responsibilities are to be performed 4. is provided by policy manuals
1,3, and 4
People that significantly influence the control consciousness of the entity and must take their fiduciary responsibilities seriously and actively oversee the entity's accounting and reporting policies and procedures include the ______. Multiple select question. 1. external auditors 2. board of directors 3. internal auditors 4. audit committee
2 and 3
If the auditor determines that internal controls are not properly designed or not implemented the auditor will ______. Multiple select question. 1. make an assessment of control risk based on the result of tests of controls 2. perform tests of controls to obtain audit evidence that controls are operating effectively 3. set the level of control risk at high 4. use substantive procedures to reduce the risk of material misstatement to an acceptable level
3 and 4
Commonly categorized control activities include ______. Multiple select question. 1. fraud controls 2. risk identification controls 3. physical controls 4. performance reviews 5. information processing controls 6. segregation of duties
3, 4, 5, and 6
The controls that are of most direct relevance to a financial statement audit are those that contribute to financial statement ______. Multiple select question. 1. effectiveness 2. accuracy 3. timeliness 4. transparency 5. reliability
3, 4, and 5
The competence level for a particular job should be specified and translated into a job description that details the specific knowledge and skills required. This task should be done by ______. A. management B. the audit committee C. internal auditors D. external auditors
A
If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will ______. Multiple select question. A. perform tests of controls to obtain audit evidence that controls are operating effectively B. use substantive procedures to reduce the risk of material misstatement to an acceptable level C. make an assessment of control risk based on the result of tests of controls D. set the level of control risk at high
A and C
Assessing the quality of internal control performance over time is the intention of ______ of controls. Multiple choice question. A. monitoring B. enforcement C. communication D. creation
A.
The tone of a organization is set an the control consciousness of its people is influenced by the ______, Multiple choice question. A. control environment B. monitoring of controls C. risk assessment procedures D. COSO Framework
A.
These apply to the processing of individual applications and help ensure the occurrence, completeness and accuracy of transaction processing. Multiple choice question. A. Application controls B. Control activities C. General controls
A.
The quality of internal control is directly related to the ______ of the personnel operating the system. Multiple choice question. A. experience B. age C. quality D. gender
C
The two fundamental qualitative characteristics for external financial reporting are ______. Multiple select question. A. comparability B. relevance C. understandability D. faithful representation E. timeliness
B and D
Assignment of authority and responsibility for operating activities and the establishment of reporting relationships and authorization hierarchies are part of the ______ environment principle. Multiple choice question. A. financial B. control C. detection D. risk
B.
In many entities, this produces much of the knowledge used in monitoring. Multiple choice question. A. Accounting system B. Information system C. Control environment D. Report manuals
B.
Monitoring ______. Multiple choice question. a. must be included in ongoing activities to be effective b. can be done through ongoing activities or separate evaluations c. should only be done through separate evaluations
B.
Setting an audit strategy ______. Multiple choice question. A. helps the auditor determine how to evaluate internal controls B. requires a detailed understanding of the entity's internal controls C. should be done based upon the scope of the engagement
B.
Monitoring the operating effectiveness of internal controls ______. Multiple choice question. A. should involve the external auditors B. should only be done by management C. may be done by internal auditors
C.
These apply to the processing of individual applications and help ensure the occurrence, completeness and accuracy of transaction processing. Multiple choice question. a. General controls b. Control activities c. Application controls
C.
How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ______. Multiple choice question. A. board of directors B. the chief financial officer C. audit committee D. auditors
D.
True or false: All communication regarding matters affecting the functioning of internal control within an organization should be internal.
False
True or false: Monitoring is an effective component of internal control, whether or not deficiencies are communicated to those with oversight responsibilities in a timely manner.
False; if not communicated, not effective
The extent of an entity's use of ______ can affect internal controls because this function affects the way transactions are initiated, authorized, recorded, processed and reported.
Information Technology
How does information and control fit into the components of control?
Information is necessary for the entity to carry out internal responsibilities in support of achievement of it's objectives. Communication occurs both internally and externally and provides the org with the information needed to carry out the day to day internal control activities.
Why does management has a responsibility to design and maintain a system of control?
It provides reasonable assurance that assets and records are properly safeguarded and that the entity's information systems generates information that is reliable for decision making.
The third principle underlying the components of internal control is? This principle is related to which component? Explain.
Management establishes, with board oversight, structures, reporting lines and appropriate authorities and responsibilities in the pursuit of objectives. Related to the Control Environment This is related because since the control environment represents the policies that structure that set the basis for carrying out internal controls. This specific structure is needed in order carry out these policies.
A direct relationship exists between ______________which reflect what an entity is trying to achieve, ______________which represent what the entity needs to do to achieve them, ______________and the of the entity.
Objectives, components, structure
Controls that may be relevant to the audit when they have an impact on data the auditor uses to apply audit procedures include ______ controls. management decision operations planning compliance
Operations and compliance; These directly impact the reliability of the financial statements
The fifth principle underlying the components of internal control is? This principle is related to which component? Explain.
Organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. Related to control environment component Polices are no good is there is no accountability. The tone set at the top by managers can only be effective with sound accountability.
How authority and responsibility are delegated and monitored and the framework within which the entity's activities for achieving entity wide objectives are planned, executed, controlled and reviewed are defined by the entity's _____________ ____________.
Organizational Structure
To obtain an understanding of the entity's internal controls which helps identify key controls, recognize types of potential misstatements and design test of controls and substantive procedures, auditors use_____________ procedures.
Risk Assessment
The second principle underlying the components of internal control is? This principle is related to which component? Explain.
The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. Related to the control environment component This is related because the board of directors and audit committee have a large influence upon the control consciousness of the entity.
The fourth principle underlying the components of internal control is? This principle is related to which component? Explain.
The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Relates to the control environment The quality of your people directly correlates with the ability to effectively execute policies that outline your control environment
The sixth principle underlying the components of internal control is? This principle is related to which component? Explain.
The organization specifies specific objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives. The risk assessment component Without specific objectives, there can be no effective measurement of risk
What are monitoring controls?
These are ongoing evaluations that are used to determine if the 5 components of internal control are present and functioning.
The first principle underlying the components of internal control is ____________________? This principle is related to which component? Why?
a commitment to integrity and ethical values It is related to the control environment component Since the control environment is the foundation of of all internal control, this bedrock foundation of integrity and ethical values is naturally related.
What is a substantive audit strategy?
auditor has decided not to rely on entities internal controls and instead use substantive procedures as the main source of evidence about the assertions in the financial statements.
What is a reliance strategy?
auditor intends to rely on the entity's controls.
Large public companies are required to engage a(n) ____________ or _____________auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting.
external or independent
Allowing the individual who opens mail and receives cash payments to have access to the accounts receivable subsidiary ledger is a violation of the _____________ ______________ __________principle.
segregation of duties
When the auditor has decided not to rely on the entity's controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a(n) ___________ audit strategy.
substantive
Which controls are directly relevant to the auditors? Why are they relevant?
the controls that contribute to the reliability, timeliness and transparency of external financial reporting. These are directly relevant because they help prevent, detect and correct material misstatements in the entity's financials
General Controls relate to what?
the overall information processing environment and include controls over data center and network operations; system software acquisition, change and maintenance; access security; and application system acquisition, development and maintenance.
What is the control environment?
this is the set of standards, processes and structures that is the basis for carrying out internal control across the organization. The board of directors and management set the tone at the top regarding these standards.