ACCT 4123 Chapter 5

Nonroutine Transactions

- Financial statement close - Depreciation - Physical inventory - LIFO calculation

Common monitoring controls include ______.

- analysis of and follow up items that might by indicative of a control failure - quality assurance review of the internal audit department - self-assessments by management regarding the tone they set - periodic evaluation of controls by internal audit - self-assessments by boards regarding the effectiveness of their oversight - supervisory review of controls

Flowcharts ______.

- are easy to evaluate after they are completed - are time-consuming to construct - can be helpful in identifying missing controls - must be understandable to an audit supervisor - should include narrative explanations - should flow from left to right and top to bottom

The preliminary assessment of control risk ______.

- includes identifying activities explicitly designed to support reliable financial statement reporting - may be made after understanding and documenting internal control

Internal control questionnaires ______.

- make it less likely for the audit team to forget to cover an important point - should be used in combination with other methods - tend to be inflexible - can be useful in detecting internal control weaknesses - help the auditing team obtain evidence about the control environment - are somewhat unique for each organization

Section 302 of the Sarbanes-Oxley Act ______.

- makes managers responsible for establishing a control environment - requires management to assess the risks it wishes to control - makes management responsible for monitoring, supervising and maintaining control activities - is designed to ensure the proper "tone at the top" - allows managers to make their own judgments about the necessity of specific controls

Put the following planning steps of the audit internal control over financial reporting in the correct order.

1. Management's report on internal control 2. Plan the engagement 3. Use a top-down approach to identify controls to test 4. Test and evaluate design effectiveness 5. Test and evaluate operating effectiveness 6. Form an opinion on the effectiveness of internal control over financial reporting 7. Issue auditors' attestation report

Effective Organizational Structure

A well designed structure provides a basis for planning, directing, and controlling operations

Sound internal control can be described as separating all of the following duties and responsibilities except for: A. hiring of employees. B. recordkeeping. C. custody of, or direct access to, assets. D. transaction authorization.

A. hiring of employees.

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal controls? A. Management override. B. Incompatible duties. C. Collusion among employees. D. Mistakes in judgment.

B. Incompatible duties.

Which of the following client internal control activities is not usually performed in the treasurer's department? A. Canceling payment vouchers when paid. B. Verifying the accuracy of checks and vouchers. C. Controlling the mailing of checks to vendors. D. Approving vendors' invoices for payment.

D. Approving vendors' invoices for payment.

Attracting, Developing, and Retaining Competent Employees

Management is committed to hiring employees with appropriate levels of education, experience, and evidence of integrity and ethical behavior

Which of the following is a factor in the control environment?

Management's philosophy and operating style.

Which of the following audit procedures most likely would provide an auditor with the most assurance about the effectiveness of the operation of an entity's internal control?

Successful re-performance of the control activity.

Which of the following outcomes is a likely benefit of information technology used for internal control?

Enhanced timeliness of information.

Individual Accountability

The organization must hold individuals accountable for their internal control responsibilities

True or false: For audits of internal control, the audit team must understand and evaluate internal controls for the entire period.

False [Reason: This is true for financial statement audits. Internal control audits are as of the end of the fiscal year.]

Estimate Transactions

- Bad debt expense

Separation of duties ______.

- forces different people or departments to deal with different facets of transactions - prevents fraud that do not involve collusion - prevents incompatible responsibilities

Commitment to Integrity and Ethical Values

A clearly articulated statement of ethical values

Which of the following is not an input control activity? A. Reasonableness tests. B. Hash totals. C. Financial totals. D. Record counts.

A. Reasonableness tests.

Corrective Control

Maintaining backups of data

Preventive Control

Segregation of duties

_____ should develop a statement of ethical values.

Senior management

Effective Board of Directors

The extent of independence of this group is critical

The requirement to _____ journal entries is an example of a preventative control.

approve

Evidence as to the design of internal control and its operating effectiveness should be considered ____________ the date specified in the assessment.

as of

After determining significance, the financial statement _____ come into determination.

assertions

Control strengths and weaknesses should be documented in audit documentation, sometimes called:

bridge working papers.

All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as _____ _____, that can prevent the organization from achieving it objectives.

business risks

AS 2201 encourages the audit team to use the work of internal auditors but the audit team must evaluate their _____and _____ and perform some tests of their work.

competence; objectivity

Management's evaluation process of internal control ____________ with the management report on internal control--the first step of the audit process.

concludes

An employee knowingly doing something to bypass the internal control system is an act of ______.

deliberate circumvention

To enhance the control environment, management develops job _____.

descriptions

A problem relating to either a necessary control that is missing or an existing control so poorly constructed that it fails to satisfy the control's objective is called a(n) ______.

design deficiency

The goal to find a misstatement that has already been made is a type of _____ control.

detective

COSO developed a(n) ______ framework to facilitate the assessment and mitigation of business risks a company faces.

enterprise risk management (ERM)

For all relevant assertions for each significant account and disclosure, the audit team begins by examining _____-_____ controls that are pervasive to the internal control system and reliability of the financial statements as a whole.

entity-level

The audit team's first step in gaining an understand of the client's internal control system should focus on ______.

entity-level controls

Accounting ______ involve management's judgment or assumptions.

estimates

Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.

exception

The higher the assessment of control risk, the ______ the assessment of risk of material misstatement.

higher

The risk of material misstatement is composed of _____ risk and _____ risk.

inherent; control

When testing controls, the audit team often uses _____ about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed.

inquiry

The four methods of testing controls are _____, _____, document examination and _____.

inquiry; observation; reperformance

The primary objective of procedures performed to obtain an understanding of the entity's internal control is to provide an auditor with:

knowledge necessary for audit planning.

The magnitude of the potential misstatement that could occur and would not be detected on a timely basis is the primary difference between a(n) ______.

material weakness and significant deficiency

When gaining an understanding of internal controls, assertions should ______.

only be considered if they are relevant

A key factor in audit sampling is that, for a sample to be considered _____, all items in a population must have an opportunity to be selected.

representative

When control activities do not lend themselves to automated testing, the audit team is likely to use audit _____ to test the population.

sampling

If employees lack _____, they may be ineffective in performing their duties.

skills

Regardless of the assessed level of control risk, an auditor of a non-public company would perform some:

substantive tests to restrict detection risk for significant transaction classes.

A set of characteristics that helps to define a seriousness about employees' attitudes about the control activities in a company is referred to as:

the control environment.

Professional standards recognize that to make effective decisions, managers must have access to _____, _____, and _____ information.

timely; reliable; relevant

Recalculate the arithmetic accuracy of the recorded sales invoices

Type of Audit Test: Dual purpose Assertion: Accuracy/Valuation

Select a sample of shipping documents from the shipping department file and trace shipments to recorded sales invoices

Type of Audit Test: Dual purpose Assertion: Completeness

Trace recorded sales invoices to posting in the general ledger control account and in the correct customer's account

Type of Audit Test: Dual purpose Assertion: Completeness

Compare the shipment date of recorded sales invoices with the invoice record date

Type of Audit Test: Dual purpose Assertion: Cut-off/completeness

Vouch recorded sales invoices to supporting shipping documents

Type of Audit Test: Dual purpose Assertion: Occurrence/existence

Vouch sales invoices and shipping documents

Type of Audit Test: Dual purpose Assertion: Occurrence/existence

Send confirmations to all customers regarding accounts receivable

Type of Audit Test: Substantive Test Assertion: Existence

Evaluate the adequacy of the allowance for doubtful accounts

Type of Audit Test: Substantive Test Assertion: Valuation

Obtain financial statements or credit reports on large past due accounts and inquire of the credit manager about collections

Type of Audit Test: Substantive Test Assertion: Valuation

Vouch recorded sales invoices prices to the approved price list

Type of Audit Test: Test of controls Assertion: Accuracy

Scan recorded sales invoices and shipping documents for missing numbers in sequence.

Type of Audit Test: Test of controls Assertion: Completeness

Inspect recorded sales invoices for credit approval

Type of Audit Test: Test of controls Assertion: Valuation, Occurrence

According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______.

always required

The _____ committee is especially important as it exercises oversight responsibility over the financial statements.

audit

Two or more people working together to circumvent the internal control system is called _____, and it cannot be prevented by separation of duties.

collusion

Specific actions a client's management and employees take to help ensure management's directives are carried out are called _____ _____.

control activities

Integrity, ethical values and competence of the entity's people are all _____ _____ factors.

control environment

The foundation for all other components of internal control is the _____ _____.

control environment

Efficient planning of the evaluation of internal control requires ____________ the financial statement audit.

coordination with

In an audit of financial statements of a non-public company in accordance with generally accepted auditing standards, an auditor is required to:

document the auditor's understanding of the entity's internal control.

COSO internal control categories include _____ and _____ of operations.

effectiveness; efficiency

The audit committee should be composed of directors who are not _____ of the organization.

employees

Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of _____ testing.

exception

Procedures related to internal control in an integrated audit performed under AS 2201 are ______ than those in a GAAS audit for a nonpublic entity.

far more extensive

Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are _____ responsibilities.

incompatible

After understanding and documenting internal control, the audit team should be able to ______.

make a preliminary assessment of control risk

A deficiency that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis is a(n) ______.

material weakness

Under Sarbanes-Oxley, an audit of the internal control system over financial reporting is required and ______.

must be integrated with the financial statement audit

When a properly designed control is either ignored or inappropriately applied, a(n) ______ has occurred.

operation deficiency

Organizational structure provides a basis for planning, directing, and controlling _____.

operations

The internal control in small business is highly dependent on the:

owner-manager's competence, as well as his/her ethics and integrity.

If auditors assess control risk at the maximum level, they will tend to:

perform a great deal of substantive testing during the audit.

Segregation of duties is a control aimed at _____ misstatement.

preventing

The COSO definition states that internal control is designed to provide _____ _____ regarding the achievement of objectives in three categories.

reasonable assurance

A material weakness is a deficiency that results in a(n) _____ _____ that a material misstatement would not be prevented or detected on a timely basis.

reasonable possibility

Preparing bank _____ can help detect misstatements that have been made.

reconciliations

Routine transactions are for _____ activities.

recurring

An assertion that has a reasonable possibility of containing a material misstatement is considered to be a(n) _____ assertion.

relevant

The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) _____ assessment, (3) _____ activities, (4) _____ and (5) information and _____.

risk; monitoring; control; communication

Tracing bills of lading to sales invoices provides evidence that:

shipments to customers were invoiced.

An account is ________ if there is a reasonable possibility that it could contain a misstatement that has a material effect on the financial statements.

significant

A deficiency in internal controls that is less severe than a material weakness yet important enough to merit attention from those charged with governance is a(n) _____ _____.

significant deficiency

Gaining an understanding of internal controls should start by identifying _____ accounts and disclosures and their _____ _____.

significant; relevant assertions

Auditors should use a _____ approach to assess controls.

top-down

If the audit-team decides an entity-level control sufficiently reduces a specific risk ______.

transaction-level controls related to that risk may not be needed

The significance of accounts should be considered _____ regard to internal control.

without

Detective Control

A requirement to prepare bank reconciliations

Which of the following procedures is considered a test of controls?

An auditor interviews and observes appropriate personnel to determine segregation of duties.

True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness.

False [Reason: The components work in an integrated manner.]

Generally accepted auditing standards (GAAS) give auditors considerable discretion to decide the amount of work required to satisfy auditing standards guiding internal control evaluation and related audit planning. Which of the descriptions below best expresses the minimum amount of work permitted by GAAS for nonpublic companies?

Obtain an understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances.

Calculate an estimate of the allowance for doubtful accounts using prior relations of write-offs and sales

Type of Audit Test: Substantive Test Assertion: Valuation

Routine Transactions

- Cash receipts - Payroll - Cash disbursements - Inventory costing

Obtaining an understanding of the information system relevant to financial reporting includes understanding ______.

- the nature of the underlying accounting records, information and accounts used to execute a transaction - how the information system captures events and conditions other than transactions significant to the financial statements

Which of the following is not an objective of internal controls over financial reporting as defined by the Sarbanes-Oxley Act? A. Policies and procedures that pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant. B. Policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the registrant's assets that could have a material effect on the financial statements. C. Policies and procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and receipts and expenditures of the registrant are being made only in accordance with authorizations of management and directors of the registrant. D. Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations.

D. Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations.

Which of the following is an information technology general control?

Separation of duties in the IT department.

Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks?

Testing the operating effectiveness of the relevant controls would not be efficient.