audit 2 practice

recording responsibility authorization

Access to accounts receivable records gives an individual ______,

employee fraud

missappropriation of assets is another term for

material weakness

The focus of AS 2201 is to determine whether a(n)____ exists at the end of the year being reported on. If it does, the entity's internal control over financial reporting cannot be considered effective.

walkthrough

The identification of IT applications and systems typically occurs during the______ of each financial reporting process

passwords

The most common form of control related to access is the use of

subsequent cash receipts

The most effective alternative procedure to confirmations to ensure existence is examining ______.

pprogram change

the objectives ___ parallel are to provide reasonable assurances regarding modifications to existing programs

true

True or false: When a user entity employs a service organization for specialized processing, the user entity's auditors must still evaluate controls related to the service organization's computerized processing for the user entity.

usually involves some type of falsification generally includes a cover-up is also called misappropriation of assets

employee fraud

are a type of insurance policy may include employee background checks are often recommended by auditors

fidelity bonds

always required

According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______.

existence rights and obligations

Accounts receivable confirmation is a substantive procedure designed to obtain evidence of the _____and rights & obligations of customers' balances directly from the

voucher

Cash disbursements are typically authorized by an accounts payable department's assembly of supporting documents which is called a(n)____

computer abuse computer fraud

Experts have two definitions related to computer chicanery

customer master file

For current status, including up-to-date credit limit information, auditors may test a sample of the

internal controls

For each relevant assertion identified by the auditor, professional standards require auditors to first gain an understanding of the ______ that have been designed to mitigate the risk of material misstatement.

never handle the cash

The accountant who record cash receipts and credits to customer accounts should ______.

systematic processing input

In an information technology environment, audit teams need to be concerned with ______ errors.

timely/reliable/relevant

Professional standards recognize that to make effective decisions, managers must have access to ________ and ___ information

moderate

The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is ______.

inherent/ control

The risk of material misstatement is a combination of ___ risk and __ risk

F

True or false: Auditing standards recommend but generally do not require the use of confirmations for accounts receivable.

errors will result in all similar transactions between processed incorrectly

When computerized processing is used ______.

possibility of temporary transactions trails potential for errors and frauds potential for increased management supervision

When evaluating tests of controls within an IT environment, auditors need to consider the ______.

the same as

When companies process payments electronically, the required separation of duties is ______ for companies that write paper checks.

customer invoice evidence of shipment customer sales order

Which of the following documents should be matched before recording revenue?

significant deficiency

A deficiency in internal controls that is less severe than a material weakness yet important enough to merit attention from those charged with governance is a(n)

packing slip

A description of the goods being shipped as well as the quantity shipped is found on the ______.

business risks

All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as___that can prevent the organization from achieving it objectives.

inherent

An account's significance is based on its ______ risk.

implies controls are ineffective implies controls cannot be relied upon

An audit team's assessment of control risk as high ______.

implies controls are effective allows auditors to use smaller sample sizes may limit the use of substantive tests of details

An audit team's assessment of control risk as low ______.

fidelity bond

An insurance policy that covers most kinds of cash embezzlement losses is called a(n)

enterprise risk management

COSO developed a(n) ______ framework to facilitate the assessment and mitigation of business risks a company faces.

make it difficult for a fraudster to steal cash detect fraudulent activity if it occurs prevent or detect misappropriations of cash

Control activities over cash disbursements are designed to ______.

automated application controls

Controls applied to specific business activities within an accounting information system to achieve financial reporting objectives are called

audit risk

Detection risk is set based on the level of _______and risk of material misstatement.

-help the audit team assess the key control points in the process -involve considerable time and effort -have become a popular documentation method for auditors -are time-consuming to construct -are easy to evaluate after they are completed -can be helpful in identifying missing controls

Flowcharts ______.

entity-level

For all relevant assertions for each significant account and disclosure, the audit team begins by examining___-___controls that are pervasive to the internal control system and reliability of the financial statements as a whole.

working late drinking too much irritability defensiveness working standing up inability to relax

Fraudsters behaviors often include ______.

the risk of material misstatement increases fraud may or may not exist auditors need to design substantive procedures related to control failure

If a control is missing or ineffective ______.

must still review the account for collectability

If a customer confirms that an account exists, the auditor ______.

substantive

If controls are not in place or personnel are not performing control activities effectively, auditors need to design____procedures to try to detect whether control failures have produced material misstatements in the financial statements.

revenue recognition

Sales must be realized or realizable and earned in order to be recorded under the accounting standards related to

-prevents incompatible responsibilities -prevents fraud that do not involve collusion -forces different people or departments to deal with different facets of transactions

Separation of duties ______.

control activities

Specific actions a client's management and employees take to help ensure management's directives are carried out are called

audit risk

When a material misstatement is not prevented or detected by the client's internal controls or auditors' substantive procedures,_____ has been manifested

operating deficiency

When a properly designed control is either ignored or inappropriately applied, a(n) ______ has occurred.

alternative audit procedures may be warranted a written response still needs to be requested

When an auditor receives an oral response to a confirmation ______.

inquiry

When testing controls, the audit team often uses----- about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed.

Automated application

Which of the following is NOT a category of general controls?

generally acting alone socially conforming attended college some type of religious affiliation no arrest record

a typical white collar criminal is

cash receipts journal

all the debits to the cash accounts are found in the

programmers - computer operators

an important general control is the separation of duties erformed by system analysts ____ and ___

custody authorization, reconciliaiton

proper separation of duties involves different people and departments handling______ of checks, cash disbursement ____ record keeping for payments and bank ___

general IT controls

A safe and secure computing environment that allows the operating controls to operate effectively is provided by the

realized or realizable

According to accounting standards, to be recognized, revenue must be __ and earned

rights & obligations existence

Accounts receivable confirmation is a substantive procedure designed to obtain evidence of the ______ of customers' balances directly from the customer.

-the internal control system is too ineffective to rely on -it is less time consuming to conduct substantive tests -the cost of obtaining a low control risk assessment is high

After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because ______.

make a preliminary assessment of control risk

After understanding and documenting internal control, the audit team should be able to ______.

deliberate circumvention

An employee knowingly doing something to bypass the internal control system is an act of ______.

because not all fraud schemes can be thwarted or detected

An entity's auditors, accountants and security personnel must be acquainted with the basics of fraud awareness ______.

computer operations

Having an appropriate disaster recovery plan to ensure files are secured and protected from loss is a major objective of_____

Blank 1: completeness Blank 2: occurrence

Prenumbered documents are important in testing the ___ and the ___ assertion

always performed in the revenue cycle

Substantive procedures are ______.

reasonable assurance

The COSO definition states that internal control is designed to provide ___regarding the achievement of objectives in three categories.

entity-level controls

The audit team's first step in gaining an understand of the client's internal control system should focus on ______.

cutoff

The auditors' information source for validating the bank reconciliation is typically a(n)_____ bank statement

cutoff

Tracing shipping documents before and after year-end to the sales journal and vouching credit memos for returns after year end to receiving reports are done to test the

false

True or false: A walkthrough can be used to provide evidence of whether the client's control activities were operating effectively during the period under audit.

false Reason: A six character lower case alphabetic password of 6 characters can be hacked in 10 minutes.

True or false: All passwords should be at least six characters long to make hacking by computer-generated algorithms difficult.

collusion

Two or more people working together to circumvent the internal control system is called____ and it cannot be prevented by separation of duties.

Run-to-run totals ^ its a processing control

Which of the following is NOT an input control?

There is always a presumptive risk of fraud. It consists of routine transactions. Tests of controls often support a reduction in control risk.

Which of the following statements regarding the revenue cycle are correct?

Computer forensics

"The science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media" is the FBI definition of

output

Reasonable assurance that only authorized persons have access to files produced by the system is one concern of______

review merchandise returns continually review revenues and compare them to budgeted and forecasts scrutinize total write-offs of accounts receivables

Regarding the revenue process, management should ______.

Confirming a specific transaction may be more effective than confirming the account balance. Confirmation returned as "undeliverable" are always a red flag.

Which of the following statements are correct?

For a sample to be representative, all items in the population have an opportunity to be selected. Tests of controls should be applied to samples executed throughout the period under audit.

Which of the following statements are correct?

control environment

Integrity, ethical values and competence of the entity's people are all___factors The foundation for all other components of internal control

valuation assertion

Reviewing accounts for collectability and determining the adequacy of the allowance for doubtful accounts is done in support of the

data entry and formatting

Standardized formats and screens are examples of ______ controls.

-requires management to assess the risks it wishes to control -makes managers responsible for establishing a control environment -makes management responsible for monitoring, supervising and maintaining control activities -is designed to ensure the proper "tone at the top" -allows managers to make their own judgments about the necessity of specific controls

section 302 of the sarbanes-oxley act

input

Controls that provide the opportunity for entity personnel to correct and resubmit data initially rejected as erroneous are called

representative

A key factor in audit sampling is that, for a sample to be considered____ all items in a population must have an opportunity to be selected

reasonable / possibility

A material weakness is a deficiency that results in a(n)_____ ___ that a material misstatement would not be prevented or detected on a timely basis.

design deficiency

A problem relating to either a necessary control that is missing or an existing control so poorly constructed that it fails to satisfy the control's objective is called a(n) ______.

overall review by management

A strong entity-level control in the revenue process is ______.

competence/objectivity

AS 2201 encourages the audit team to use the work of internal auditors but the audit team must evaluate their___ and ___

receipts disbursements

Adjusting and correcting entries that result from bank reconciliations are found in the cash ______ journal.

relevant

An assertion that has a reasonable possibility of containing a material misstatement is considered to be a(n) ____assertion.

an independent employee

At the end of each day a copy of the check listing, a report of payments recorded in accountants receivable and a copy of the bank deposit slip should be received by ______.

-possibility of input errors -possibility of inappropriate access -to computer files and programs lack of an audit trail

Audit considerations in an IT environment include ______.

entity

Audit professionals generally categorize------- level controls as either general controls or application controls.

document that understanding in the workpapers

Auditors must gain an understanding of internal controls that are in place to mitigate assessed fraud risk and, at a minimum,______.

completeness

Auditors review items in the pending order file for evidence of the_____ of recorded sales and accounts receivable

input processing output

Automated application controls are organized under three categories,

may

Because of the nature of cash, auditors ______ need to expand substantive audit procedures to ensure the cash balance is not materially misstated and to identify possible fraudulent activities.

effectiveness/efficiency

COSO internal control categories include ______and_____ of operations.

reliability/compliance

COSO internal control categories include_____ of financial reporting and _____ with applicable laws and regulations.

incompatible

Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are___ responsibilities

-self-assessments by boards regarding the effectiveness of their oversight -supervisory review of controls -periodic evaluation of controls by internal audit -self-assessments by management regarding the tone they set -quality assurance review of the internal audit department -analysis of and follow up items that might by indicative of a control failure

Common monitoring controls include ______.

observation inquiry

Common procedures used in tests of controls are_____, inspection and reperformance

used in automated processing are appropriate can be reconstructed from earlier versions of processing information are appropriately secured and protected from loss

Computer operations controls are implemented for files and data used in processing with the major objectives of ensuring files ______.

entity

Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls.

output

Which type of controls are concerned with detecting rather than preventing errors?

change in customer base changing economic conditions revised credit policies Need help? Review these concept resources.Read About the Concept Feedback

Difficulties in estimating the allowance for doubtful accounts can be due to ______.

rarely

Due to the lack of predictability of the cash balance, auditors ______ use substantial analytical procedures to test cash.

should be subject to standard approval procedures after they are made require appropriate documentation should be migrated by appropriate individuals

Emergency change requests and the migration of new programs into operations, ______.

credit limits are appropriate files are accurate

It is important to maintain an up-to-date customer master file to ensure ______.

preventive controls

Errors and frauds are kept from entering the system by

-are somewhat unique for each organization -can be useful in detecting internal control weaknesses -help the auditing team obtain evidence about the control environment

Gaining an understanding of internal controls should start by identifying

significant / relevant assertions

Gaining an understanding of internal controls should start by identifying___ accountd and disclosures and their ___ ___

transaction-level controls related to that risk may not be needed

If the audit-team decides an entity-level control sufficiently reduces a specific risk ______.

substantive audit procedures

If the internal control activities over cash are not operating effectively, auditors may need to expand ______.

computer forensics

Impeaching a president, terrorist tracking and child pornographer prosecution have all been helped by

requires proper permissions

In a computerized environment, proper separation of duties ______.

dependent on proper password controls

In a computerized environment, proper separation of duties is ______.

audit trail

In an IT environment, a chain of evidence and documentation known as a(n) ----- does not exist

dependency

In determining whether an audit team can rely on IT controls, auditors must determine the scope of the IT testing plan completed by carefully identifying each of the IT

remittance advices should be sent to the controller's office for recording cash should be deposited daily and intact two people should open the mail checks should be endorsed immediately Need help? Review these concept resources.Read About the Concept Feedback Next Question Reading

In many situations an employee initially receives cash and thus has custody. Because this cannot be avoided, good control dictates that ______.

administrative

Individuals employed by the entity and limitations or limits on the nature and scope of activities they perform are the focus of

confirmations would be ineffective other procedures provide sufficient, competent evidence receivables are not material

Justifications for not using confirmations may include ______.

-the nature of the underlying accounting records, information and accounts used to execute a transaction -how the information system captures events and conditions other than transactions significant to the financial statements

Obtaining an understanding of the information system relevant to financial reporting includes understanding ______.

computer operation

Providing reasonable assurance that processing failures do not affect or delay the processing of other transactions is one objective of

far more expensive

Procedures related to internal control in an integrated audit performed under AS 2201 are ______ than those in a GAAS audit for a nonpublic entity.

data entry

Restrictions on access to input devices and standard screens and computer prompting are examples of _____ controls in end-user computing environments

always be performed

Substantive procedures over cash will ______.

true

True or false: Prenumbered documents are an example of an internal control.

is equivalent to assessing control risk at 100%

The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion ______.

top-down

The audit team's focuses on threats to the integrity of the external financial reporting process by taking a _____- approach to evaluating the effectiveness of the internal control system over financial reporting.

walkthrough

The auditor selects examples of a transaction and traces them from initial receipt to the recording in the accounting records when performing a(n)

helps search for unrecorded liabilities verifies the existence of year-end deposits in transit qualifies as external evidence

The cutoff bank statement ______.

1 control environment 2 risk assessment 3 control activities 4 monitoring 5 information and communication

The five basic components of a properly designed internal control system as defined by COSO are:

bill of lading

The form the carrier signs to verify goods are shipped is a(n) ______.

inquiry/ observation/reperformance

The four methods of testing controls are ___ ___ document examination and ___

material weakness and significant deficiency

The magnitude of the potential misstatement that could occur and would not be detected on a timely basis is the primary difference between a(n) ______.

determining the scope of the IT testing plan by identifying each IT dependency testing the IT controls understanding the IT controls and processes that need to be tested

The major phases that need to be completed in order to determine whether an audit team can rely on IT controls are ______

may be made after understanding and documenting internal control includes identifying activities explicitly designed to support reliable financial statement reporting

The preliminary assessment of control risk ______.

bank reconciliation

The primary document used to test the cash balance in the financial statements is the company's

false Reason: While it is true these functions are not always separated, it often occurs because of a lack of resources, not indifference.

True or false: Small entities often fail to separate the functions of programming and operations due to indifference with respect to internal control.

true

True or false: The bank reconciliation is an opportunity for management to monitor the separation of duties between cash receipts and disbursements.

computer abuse or computer fraud

The use of information technology by a perpetrator to achieve a gain at the expense of a victim is called

cutoff tests

To ensure sales are recorded in the proper period, auditors use sales

false they are as of the end of the fiscal year

True or false: For audits of internal control, the audit team must understand and evaluate internal controls for the entire period.

false Reason: Companies come in many different sizes and there are also differences between industries.

True or false: There is no such thing as a typical revenue and collection cycle.

false The components work in an integrated manner

True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness.

false ^ perfection is not an option, settle for effective

True or false: When doing a WCGW analysis, the question the auditor should ask is, "Has the client designed and implemented a control that, if operating perfectly, would mitigate the identified risk of material misstatement?"

exception

Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ___ testing Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.

cutoff

Verifying the dates on sales documents helps reduce the risk of misstatement related to the____ assertion of revenue

sampling

When control activities do not lend themselves to automated testing, the audit team is likely to use audit____ to test the population

existence

When customers are not willing or able to return confirmations, examining subsequent cash receipts, sales orders, invoices, and shipping documents, and correspondence files for past-due accounts are alternative procedures that may be performed to ensure

deficiency

When either the design or operation of the control under consideration does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion an internal control___ exits

key control activities being relied on the mitigate the RMM

When scoping the IT audit procedures that need to be completed, auditors need to be concerned with ______

rely exclusively on tests of detail

When testing cash, auditors typically ______.

valuation

When the auditor evaluates the reasonableness of the allowance for doubtful accounts,___________is a high risk assertion.

Purchasing raw materials

Which of the following is NOT a basic activity in the revenue and collection cycle for a typical manufacturing company?

Programs and software support the entity's financial reporting requirements.

Which of the following is NOT a computer operations control?

Transaction logs

Which of the following is NOT a data entry control in end-user computing environments?

Separation of programming and operations functions

Which of the following is NOT a typical end-user computing environment control issue that audit teams must consider?

Access control software and passwords

Which of the following is NOT an administrative level control?

Someone without access to check-writing should perform the recording function. Individuals outside of normal cash operations should prepare bank reconciliations.

Which of the following statements are correct?

Tests of controls over cash often support a reduction in control risk. Most audit clients have strong controls over cash.

Which of the following statements are correct?

input

Which type of controls are designed to provide reasonable assurance that data received for processing by the computer department have been properly authorized and accurately entered or converted for processing?

entity level controls

Within a client's IT environment, there are essential, general IT controls that apply to all applications that are called

-tend to be inflexible -should be used in combination with other methods -make it less likely for the audit team to forget to cover an important point -can be useful in detecting internal control weaknesses -are somewhat unique for each organization -help the auditing team obtain evidence about the control environment

internal control questionnaires

significant/material/weakness

serious internal control deficiencies can be categotized as either ____ decifiencies or __ __

communicates internal control issues to help management carry out internal control monitoring responsibilities must communicate significant deficiencies and material weaknesses identified during the audit

the audit team

service organizations

user entities may outsource specialized data processing to other companies referred to as