ACCT 402 CH 7 HW
7-35 l) When the auditors are performing a first-time internal control audit in accordance with the Sarbanes-Oxley Act and PCAOB standards, they should: 1) Modify their report for any significant deficiencies identified 2) Use a "bottom-up" approach to identify controls to test 3) Test controls for all significant accounts 4) Perform a separate assessment of controls over operations
3) Test controls for all significant accounts
7-35 i) Which of the following is not an advantage of establishing an enterprise risk management system within an organization? 1) Reduces operational surprises 2) Provides integrated responses to multiple risks 3) Eliminates all risks 4) Identifies opportunities
3) Eliminates all risks
7-35 d) An auditor may compensate for a weakness in internal control by increasing the extent of: 1) Tests of controls 2) Detection risk 3) Substantive tests of details 4) Inherent risk
3) Substantive tests of details
7-35 g) When a CPA decides that the work performed by internal auditors may have an effect on the nature, timing, and extent of the CPA's procedures, the CPA should consider the competence and objectivity of the internal auditors. Relative to objectivity, the CPA should: 1) Consider the organizational level to which the internal auditors report the results of their work 2) Review the internal auditors' work 3) Consider the qualifications of the internal audit staff 4) Review the training program in effect for the internal audit staff
1) Consider the organizational level to which the internal auditors report the results of their work
7-35 k) To have an adequate basis to issue a management report on internal control under Section 404 (a) of the Sarbanes-Oxley Act, management must do all of the following, except: 1) Establish internal control with no material weakness 2) Accept responsibility for the effectiveness of internal control 3) Evaluate the effectiveness of internal control using suitable control criteria 4) Support the evaluation with sufficient evidence
1) Establish internal control with no material weakness
7-35 j) Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes? 1) Checklist 2) Confirmation 3) Flowchart 4) Questionnaire
2) Confirmation
7-35 a) Which of the following would be least likely to be considered an objective of internal control? 1) Checking the accuracy and reliability of accounting data 2) Detecting management fraud 3) Encouraging adherence to managerial policies 4) Safeguarding assets
2) Detecting management fraud
7-35 b) An entity's ongoing monitoring activities often include: 1) Periodic audits by internal auditors 2) The audit of the annual financial statements 3) Approval of cash disbursements 4) Management overview
4) Management overview
7-35 f) Which of the following symbols indicate that a file has been consulted? 1) rectangle ---> trapezoid 2) odd rectangle ---> triangle 3) <--- diamond ---> 4) trapezoid <--->triangle
4) trapezoid <--->triangle
7-18) How is the auditors' understanding of the client's internal control documented in the audit working papers?
Documentation is usually in the form of flowcharts, questionnaires, or written narratives of the system.
7-1) What is internal control?
Internal control is a process, effected by the entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the categories of (1) operations, (2) reporting, and (3) compliance.
7-6) Describe what is meant by the risk assessment component of internal control and how it contributes to internal control.
The risk assessment component of internal control relates to the factors that affect the risk that the organization's reporting objectives will not be achieved. An awareness of this component contributes to internal control because management's consideration of the possibility that reports (including financial statements) may be misstated decreases the likelihood of misstatement.
7-35 c) A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with: 1) Knowledge necessary to determine nature, timing, and extent of further audit procedures 2) Audit evidence to use in reducing detection risk 3) A basis for modifying tests of controls 4) An evaluation of the consistency of application of management policies
1) Knowledge necessary to determine nature, timing, and extent of further audit procedures
7-35 h) Effective internal control in a small company that has an insufficient number of employees to permit proper separation of responsibilities can be improved by: 1) Employment of temporary personnel to aid in the separation of duties 2) Direct participation by the owner in key record-keeping and control activities of the business 3) Engaging a CPA to perform monthly write-up work 4) Delegation of full, clear-cut responsibility for a separate major transaction cycle to each employee
2) Direct participation by the owner in key record-keeping and control activities of the business
7-35 e) Controls over financial reporting are often classified as preventative, detective, or corrective. Which of the following is an example of a detective control? 1) Segregation of duties over cash disbursements 2) Requiring approval of purchase transactions 3) Preparing bank reconciliations 4) Maintaining backup copies of key transactions
3) Preparing bank reconciliations
7-9) One basic concept of internal control is that no one employee should handle all aspects of an transaction. Assuming that a general category of transactions has been authorized by top management, how many employees (or departments) should participate in each transaction, as a minimum, to achieve strong internal control? Explain in general terms the function of each of these employees.
Assuming that the general category of transaction has already been authorized by top management, at least three employees or departments should usually participate in each transaction to achieve strong internal control. One employee approves the transaction after determining that the details conform to company policies, another employee records the transaction in the accounting records, and the third employee executes the transaction by releasing and/or taking custody of the related assets. (Note: the approval function may be omitted in an extremely simple transaction such as a cash sale not involving a check).
7-19) What is a management letter? What is the letter's significance?
During their consideration of internal control, the auditors will inevitably encounter some deficiencies that should be brought to the attention of management. A management letter is the written report to the client describing such deficiencies, along with the auditors' recommendations for corrective action. This report serves as a useful reference document for management in implementing improvements in internal control and may also serve to limit the auditors' liability to the client in the event the control deficiencies subsequently give rise to defalcations or other losses.
7-17) Under what circumstances are tests of controls efficient audit procedures?
Tests of controls are efficient auditing procedures when the reduction in the substantive procedures that results from a lower assessed level of control risk exceeds the amount of work involved in performing the tests of controls.
7-11) What consideration, if any, may external auditors give to the work of a client's internal audit staff?
The external auditors should consider the work of the internal auditors as a portion of the control environment of internal control. After evaluating the competence, objective, and disciplined approach of the internal auditors, the external auditors will determine the extent to which the work of the internal auditors may be used in determining the nature, timing, and extent of their testing.
7-2) Identify the five components of an organization's internal control.
The five basic components of an organization's internal control are (1) control environment; (2) risk assessment; (3) control activities; (4) (accounting) information and communication and (5) monitoring.
7-10) Compare the objectives of the internal auditors with those of the independent auditors.
The primary objective of the internal auditor is to aid corporate management in efficient administration by investigating and reporting upon compliance with company policies, reliability of accounting and statistical records and reports, adequacy of internal control, efficiency of operating procedures, and effectiveness of performance in all areas of operation. The primary objective of the external (independent) auditors is to determine whether the financial statements fairly reflect the financial position, operating results, and cash flows of the business. The external auditors have a responsibility to stockholders, creditors, and the public as well as to management.
7-3) List the principles related to an organization's control environment.
The principles related to the control environment include commitment to integrity and ethical values; board of directors independence and exercise of oversight; establishment of effective structure, including reporting lines and appropriate authorities and responsibilities; commitment to attract, develop, and retain competent employees; holding employees accountable for internal control responsibilities.
7-22) Distinguish between the two subsections of Section 404 of the Sarbanes-Oxley Act of 2002.
The two subsections of Section 404 of the Sarbanes-Oxley Act are 404a and 4040b. Section 404a requires each annual report filed with the SEC to include a report in which management (1) acknowledges its responsibility for establishing and maintaining adequate internal control over financial reporting, and (2) provides an assessment of internal control effectiveness as of the end of the most recent fiscal year. Section 404b requires auditors of certain companies to attest to, and report on, internal control over financial reporting.