Audit Chapter 5
Which of the following organizations have COSO representatives? A) Institute of Management Accountants B) American Institute of Certified Public Auditors C) Institute of Internal Accountants D) International Accounting Standards Board
A) Institute of Management Accountants
When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate? A) Test the operating effectiveness of such controls in the current audit. B) Document that reliance and proceed with the original audit strategy. C) Inquire of management as to the effectiveness of the controls. D) Report the reliance in the report on internal controls.
A) Test the operating effectiveness of such controls in the current audit.
1) How does an auditor determine which test of internal controls approach to use? A) The approach depends on the nature of the control that is being tested along with the availability of data. B) The auditor should always test all items in the population. C) The auditor should always test from a sample of the population. D) Management decides which test of internal controls approach the auditor should use.
A) The approach depends on the nature of the control that is being tested along with the availability of data.
Which of the following is a definition of control risk? A) The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. B) The risk that the auditor will not detect a material misstatement. C) The risk that the auditor's assessment of internal controls will be at less than the maximum level. D) The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.
A) The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls.
After obtaining an understanding of the entity's internal control and assessing control risk, an auditor of a nonissuer decided not to perform additional tests of controls. The auditor concluded that the A) additional evidence to support a further reduction in control risk was not cost beneficial. B) assessed level of inherent risk exceeded the assessed control risk. C) internal control structure was properly designed and justifiably relied on. D) evidence obtainable through tests of controls
A) additional evidence to support a further reduction in control risk was not cost beneficial.
1) Which of the following is a common monitoring control? A) audit committee inquiries of internal and external auditors B) segregation of duties C) client generates reports with information used by management D) management establishes a "tone at the top" environment
A) audit committee inquiries of internal and external auditors
When two or more employees work together to circumvent the segregation of duties and commit fraud, the employees are committing__________. A) collusion B) human Error C) management Override D) segregation of duties
A) collusion
According to the COSO Framework, internal control is a process that is designed to achieve objectives in three different categories. Which of the following responses is not one of the objectives identified in the COSO Framework? A) compliance with laws and regulations B) faithful representation C) relevant financial reports D) effective and efficient operations
A) compliance with laws and regulations
1) An audit team's responsibility would not include A) designing client's internal controls. B) documentation of understanding of a client's internal controls. C) communicating internal control deficiencies. D) assessing the effectiveness of a client's internal controls.
A) designing client's internal controls.
In an audit of financial statements of a nonissuer in accordance with generally accepted auditing standards, an auditor is required to A) document the auditor's understanding of the entity's internal control. B) search for significant deficiencies in the operation of the internal controls. C) perform tests of controls to evaluate the effectiveness of the entity's accounting system. D) determine whether control activities are operating effectively to prevent or detect material misstatement
A) document the auditor's understanding of the entity's internal control.
According to the COSO Framework, internal control is a process that is designed to achieve objectives in three different categories. Which of the following responses is one of the objectives identified in the COSO Framework? A) effective and efficient operations B) financial statements free from bias C) comparability of financial information D) financial statements free from error
A) effective and efficient operations
When the audit team increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the audit team would most likely increase the A) extent of substantive tests of details. B) level of inherent risk. C) extent of tests of controls. D) level of detection risk.
A) extent of substantive tests of details.
Each member of a company's audit committee must be A) financially literate. B) a financial expert. C) involved in the entity's day-to-day management. D) independent of the entity's board of directors.
A) financially literate.
Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal controls? A) incompatible duties B) management override C) mistakes in judgment D) collusion among employees
A) incompatible duties
After obtaining an understanding of internal controls and assessing control risk on the audit of a nonissuer, an auditor decided to perform tests of controls. The auditor most likely decided that A) it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests. B) additional evidence to support a further reduction in control risk is not available. C) an increase in the assessed level of control risk is justified for certain financial statement
A) it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.
The primary objective of procedures performed to obtain an understanding of the entity's internal control is to provide an auditor with A) knowledge necessary for audit planning. B) evidential matter to use in assessing inherent risk. C) a basis for modifying tests of controls. D) an evaluation of the consistency of application of management's policies.
A) knowledge necessary for audit planning.
1) The audit committee must be comprised of how many financial experts? A) none B) one C) majority D) all
A) one
Which of the following are procedures that prevent misstatements before they occur? A) preventive controls B) detective controls C) corrective controls D) entity-level controls
A) preventive controls
The concept that recognizes that the costs of controls should not exceed the benefits that are expected from the controls is defined as __________. A) absolute assurance B) limitation of internal control C) control risk D) reasonable assurance
A) reasonable assurance
Tracing bills of lading to sales invoices provides evidence that A) shipments to customers were invoiced. B) shipments to customers were recorded as sales. C) recorded sales were shipped. D) invoiced sales were recorded as sales.
A) shipments to customers were invoiced.
1) Tests of controls, when performed, should be applied to samples of transactions and control activities executed A) throughout the period under audit. B) at the beginning of the period under audit. C) at the end of the period under audit. D) at different times depending on the type of test.
A) throughout the period under audit.
Which of the following is the least important audit reason for the auditor's obtaining an understanding of a company's internal control? A) to serve as a basis for constructive suggestions B) to plan subsequent substantive tests C) to identify types of possible misstatements that may occur D) to consider factors that may affect the risk of material misstatement
A) to serve as a basis for constructive suggestions
1) Which of the following statements is correct regarding internal control? A) A well-designed internal control environment ensures the achievement of an entity's control objectives. B) An inherent limitation to internal control is the fact that controls can be circumvented by management override. C) A well-designed and operated internal control environment should detect collusion perpetrated by two people. D) Internal control is a necessary business function
B) An inherent limitation to internal control is the fact that controls can be circumvented by management override.
1) Which of the following is the key difference between document examination and reperformance? A) Audit teams inspect documents for evidence that the auditors performed for document examination, while auditor reperformance provides indirect evidence on that the control activity was(was not) performed correctly by management. B) Audit teams inspect documents for evidence that employees performed for document examination, while auditor reperformance provides direct evidence on that the control a
B) Audit teams inspect documents for evidence that employees performed for document examination, while auditor reperformance provides direct evidence on that the control activity was(was not) performed correctly by management.
1) Which of the following is a limitation of the observation test of control? A) Observation can produce evidence of access controls such as the use of password-secured access to the computerized information system, locked doors, and security guards. B) Observation covers only one point in time, and what is observed at that point in time may not be representative of prior time periods. C) Observation is typically used when certain control activities, leave no documentary evidence for subsequent
B) Observation covers only one point in time, and what is observed at that point in time may not be representative of prior time periods.
Generally accepted auditing standards (GAAS) give auditors considerable discretion to decide the amount of work required to satisfy auditing standards guiding internal control evaluation and related audit planning. Which of the descriptions below best expresses the minimum amount of work permitted by GAAS for nonissuers? A) Do not obtain an understanding of client environment, accounting, or control activities. Do not document the decision to assess control risk at maximum. Perform 100% substan
B) Obtain an understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances.
An auditor is concerned about a policy of management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor's concern? A) Matching purchase orders to accounts payable. B) Verifying that approved spending limits arenot exceeded. C) Tracing sales orders to the revenue account. D) Reviewing minutes of board meeting.
B) Verifying that approved spending limits are not exceeded.
1) Audit Committees are comprised of A) a subset of the audit engagement team who consult on the client's business. B) a subset of the board of directors that is generally composed of three to six independent members. C) the full board of directors. D) the full audit engagement team.
B) a subset of the board of directors that is generally composed of three to six independent members.
Which of the following characteristics does not describe internal control? A) dynamic B) absolute C) process D) All characteristics describe internal control.
B) absolute
In an audit of financial statements, an auditor's primary consideration regarding an internal control policy or activity is whether the policy or activity A) reflects management's philosophy and operating style. B) affects management's financial statement assertions. C) provides adequate safeguards over access to assets. D) enhances management's decision-making processes.
B) affects management's financial statement assertions.
1) Which of the following types of risks addresses the factors, events, and conditions that can prevent organizations from achieving their business objective? A) control risk B) business risk C) inherent risk D) risk of material misstatement
B) business risk
1) According to the COSO framework, which component of internal controls has a pervasive effect on the effect on the reliability of financial reporting because it affects all other components of an organization's internal control system? A) control Activities B) control environment C) monitoring D) information and communication
B) control environment
Which of the following outcomes is a likely benefit of information technology used for internal control? A) processing of unusual or nonrecurring transactions B) enhanced timeliness of information C) potential loss of data D) recording of unauthorized transactions
B) enhanced timeliness of information
1) Which of the following types of controls are pervasive to the internal control system and the reliability of the financial statements taken as a whole? A) walkthrough controls B) entity-level controls C) transaction-level controls D) industry-level controls
B) entity-level controls
Obtaining an understanding of internal control involves evaluating the design of the control and determining whether the control has been A) authorized. B) implemented. C) tested. D) monitored.
B) implemented.
If auditors assess control risk at the maximum level, they will tend to A) perform a great deal of additional tests of controls. B) perform a great deal of substantive testing during the audit. C) perform substantive tests at an interim date. D) perform more audit procedures using internal evidence.
B) perform a great deal of substantive testing during the audit.
In testing control activities, an auditor ordinarily selects from a variety of techniques, including A) inquiry and analytical procedures. B) reperformance and observation. C) comparison and confirmation. D) inspection and verification.
B) reperformance and observation.
1) According to COSO, a well-functioning monitoring system is characterized by philosophies such as A) human resources. B) reporting deficiencies. C) information technology. D) organizational structure.
B) reporting deficiencies.
Which of the following areas can external auditors rely on internal auditors' work in auditing internal controls? A) evaluation of the auditing environment B) testing of low-risk internal control activities C) all testing of the operating effectiveness of internal control activities D) as providing the key evidential matter supporting the external auditors' opinion
B) testing of low-risk internal control activities
A set of characteristics that helps to define a seriousness about employees' attitudes about the control activities in a company is referred to as A) management assertions. B) the control environment. C) control risk assessment. D) functional responsibilities.
B) the control environment.
Which of the following factors is most likely to affect the extent of the documentation of the auditor's understanding of a client's system of internal controls? A) the industry and the business and regulatory environments in which the client operates B) the degree to which information technology is used in the accounting function C) the relationship between management, the board of directors, and stakeholders D) the degree to which the auditor intends to use internal audit to perform tests
B) the degree to which information technology is used in the accounting function
Which of the following is not an example of preventive controls? A) hiring competent people B) unrestricted access to the company's accounting software C) requiring approval for purchases and expenditures D) segregation of duties
B) unrestricted access to the company's accounting software
Which of the following procedures is considered a test of controls? A) An auditor reviews the entity's check register for unrecorded liabilities. B) An auditor evaluates whether a general journal entry was recorded at the proper amount. C) An auditor interviews and observes appropriate personnel to determine segregation of duties. D) An auditor reviews the audit workpapers to ensure proper sign-off.
C) An auditor interviews and observes appropriate personnel to determine segregation of duties.
Which of the following client internal control activities is not usually performed in the treasurer's department? A) Verifying the accuracy of checks and vouchers. B) Controlling the mailing of checks to vendors. C) Approving vendors' invoices for payment. D) Canceling payment vouchers when paid.
C) Approving vendors' invoices for payment.
1) Which of the following is not a duty of the audit committee? A) Oversight of the entity's internal audit function. B) Approval of non-audit services provided by the public accounting firm performing the audit engagement. C) Determining the nature, timing, and extent of further audit procedures. D) These are all duties of the audit committee
C) Determining the nature, timing, and extent of further audit procedures.
Which of the following should an auditor do when control risk is assessed at the maximum level? A) Perform fewer substantive tests of details. B) Perform more tests of controls. C) Document the assessment. D) Document the control structure more extensively.
C) Document the assessment.
The process applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite to provide reasonable assurance regarding the achievement of entity objectives is defined as A) Business strategy. B) Business risk. C) Enterprise risk management. D) Entity-level controls.
C) Enterprise risk management.
1) Which of the following is an example of the inspection test of control? A) Asking a client about the presence of fraud within the company. B) Observing a client count their inventory annually. C) Examining voided checks for an authorized signature. D) Recalculating a complex reserve balance.
C) Examining voided checks for an authorized signature.
1) Which of the following organizations do not have COSO representatives? A) American Institute of Certified Public Accountants B) Institute of Internal Auditors C) Financial Accounting Standards Board D) American Accounting Association
C) Financial Accounting Standards Board
Which of the following is a step in an auditor's decision to assess control risk below the maximum? A) Apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls. B) Perform tests of details of transactions and account balances to identify potential errors and fraud. C) Identify specific internal control policies and activities that are likely to detect or prevent material misstatements. D) Document that the additional
C) Identify specific internal control policies and activities that are likely to detect or prevent material misstatements.
1) When auditing financial statements of a nonissuer, the minimum work an auditor must perform in connection with a company's internal control is best described by? A) Perform exhaustive tests of accounting controls and evaluate the company's control system B) Determine whether the company's control policies are designed well enough C) Prepare auditing working papers that document the auditor's understanding of the company's internal control. D) Design procedures to search for signif
C) Prepare auditing working papers that document the auditor's understanding of the company's internal control.
Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks? A) The relevant internal control components arenot well documented. B) The internal auditor already has tested the relevant controls and found them effective. C) Testing the operating effectiveness of the relevant controls wouldnot be efficient. D) The cost of substantive procedures will exceed the cost of testing the relevant controls.
C) Testing the operating effectiveness of the relevant controls wouldnot be efficient.
An auditor is evaluating a client's internal controls. Which of the following situations would be the most difficult internal control issue for an auditor to detect? A) The accounting staff neglects the control B) The technology department writes a program that doesnot properly implement the control due to a lack of understanding. C) Two employees, who work in different departments, are circumventing an internal control. D) Someone erroneously disables edit checks
C) Two employees, who work in different departments, are circumventing an internal control.
1) According to the COSO framework, a well-functioning internal control environment is not characterized by which of the following philosophies? A) board of directors B) human resources C) auditor assessments D) financial reporting competencies
C) auditor assessments
1) Management's responsibility would not include A) designing internal controls. B) maintaining documentation of operating and design effectiveness of internal controls. C) communicating internal control deficiencies. D) ensuring proper monitoring of internal control activities.
C) communicating internal control deficiencies.
The "obtaining an understanding" work phase (Phase 1) of internal control evaluation would not give auditors an overall acquaintance with the client's A) control environment. B) information and communication system. C) control activity effectiveness. D) monitoring activities.
C) control activity effectiveness.
The overall attitude and awareness of an entity's board of directors concerning the importance of the client's internal control usually is reflected in its A) computer-based control activities. B) system of separation of duties. C) control environment. D) safeguards over access to assets.
C) control environment.
1) A dual-purpose test can produce A) control testing evidence. B) substantive testing evidence. C) control testing evidence and Substantive testing evidence. D) neither control testing evidence nor substantive testing evidence.
C) control testing evidence and Substantive testing evidence.
After obtaining an understanding of a client's financial reporting control activities, the auditor would next A) test the client's control activities. B) assess the final control risk. C) document the understanding obtained. D) plan the remainder of the audit work.
C) document the understanding obtained.
Which of the following most likely would be considered an inherent limitation of the potential effectiveness of an entity's internal controls? A) human error B) deliberate circumvention C) human error and deliberate circumvention D) neither human error not deliberate circumvention
C) human error and deliberate circumvention
Combinations of responsibilities that place a person alone in a position to create and conceal misstatements due to errors or frauds in her or his normal job are called? A) collusion B) human error C) incompatible responsibilities D) segregation of duties
C) incompatible responsibilities
Which of the following is not a component of internal controls? A) control environment B) control activities C) inherent risk D) monitoring
C) inherent risk
1) Which of the following is not a common monitoring control? A) audit committee inquiries of internal and external auditors B) quality assurance reviews of the internal audit department C) management establishes a "tone at the top" environment D) analysis of and appropriate follow-up of operating reports or metrics that might identify anomalies indicative of a control failure
C) management establishes a "tone at the top" environment
The internal control in small business is highly dependent on the A) separation of functional responsibilities. B) complexity of the client's internal controls. C) owner-manager's competence, as well as his/her ethics and integrity. D) bonding of employees.
C) owner-manager's competence, as well as his/her ethics and integrity.
1) Which of the following types of controls is considered to be an entity-level control? A) period-end financial reporting process B) controls related to management override C) period-end financial reporting process and controls related to management override. D) neither period-end financial reporting process nor controls related to management override.
C) period-end financial reporting process and controls related to management override.
Which of the following characteristics describe internal control? A) process B) dynamic C) process and dynamic D) neither process nor dynamic
C) process and dynamic
Each of the following types of controls is considered to be an entity-level control, except those A) relating to the control environment. B) pertaining to the company's risk assessment process. C) regarding the company's annual stockholder meeting. D) addressing policies over significant risk management practices.
C) regarding the company's annual stockholder meeting.
The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the A) factors that raise doubts about the auditability of the financial statements. B) operating effectiveness of internal control policies and procedures. C) risk that material misstatements exist in the financial statements. D) possibility that the nature and extent of substantive tests may be reduced.
C) risk that material misstatements exist in the financial statements.
Regardless of the assessed level of control risk, an auditor of a nonissuer would perform some A) tests of controls to determine the effectiveness of internal control policies. B) analytical procedures to verify the design of internal control activities. C) substantive tests to restrict detection risk for significant transaction classes. D) dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
C) substantive tests to restrict detection risk for significant transaction classes.
Which of the following audit procedures most likely would provide an auditor with the most assurance about the effectiveness of the operation of an entity's internal control? A) confirmation with outside parties B) inquiry of client personnel C) successful re-performance of the control activity D) observation of client personnel
C) successful re-performance of the control activity
1) According to professional standards, an auditor is required to perform audit procedures that are designed to A) test the controls that have been designed to ensure that the information is complete and accurate. B) test the completeness and accuracy of the information using substantive testing procedures. C) test the controls that have been designed to ensure that the information is complete and accurate and those that have been designed to ensure that the information is complete and accurate
C) test the controls that have been designed to ensure that the information is complete and accurate and those that have been designed to ensure that the information is complete and accurate
1) In order to obtain an understanding of the client's information system, the auditor must seek to understand A) the nature of the underlying accounting records. B) supporting information and the accounts that are used to fully execute a transaction. C) the nature of the underlying accounting records and supporting information and the accounts that are used to fully execute a transaction. D) neither the nature of the underlying accounting records nor supporting information nor the accounts t
C) the nature of the underlying accounting records and supporting information and the accounts that are used to fully execute a transaction.
According to the COSO framework, a well-functioning internal control environment is characterized by which of the following philosophies? A) organizational structure B) authority and responsibility C) integrity and ethical values D) All characterize a well-functioning control environment.
D) All characterize a well-functioning control environment.
1) The accounting process flowchart should communicate in visual form all relevant information and evidence about A) separation of duties. B) authorization. C) accounting and control activities in an understandable. D) All of these answer choices are correct.
D) All of these answer choices are correct.
A narrative description of each significant process within the internal control system is designed to describe A) all environmental elements. B) the process flow of transactions through the accounting system. C) All of the control activities that have been implemented. D) All of these answer choices are correct.
D) All of these answer choices are correct.
A robust ERM framework, at a minimum, will include some type of process where management takes the steps necessary to A) identify risks. B) estimate their significance and likelihood. C) consider how to manage the risks. D) All of these answer choices are correct.
D) All of these answer choices are correct.
Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization? A) Disclosing lack of segregation of duties to the external auditors during the annual review. B) Replacing personnel every three or four years. C) Requiring accountants to pass a yearly background check. D) Allowing for greater management oversight of incompatible activities.
D) Allowing for greater management oversight of incompatible activities.
Which of the following activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud? A) Distributing paychecks directly to department store employees. B) Setting the pay rate for departmental employees. C) Hiring employees and authorizing them to be added to payroll. D) Approving a summary of hours each employee worked during the pay period.
D) Approving a summary of hours each employee worked during the pay period.
The COSO framework is utilized as a benchmark to assess the internal control effectiveness by whom? A) Management and Analysts B) Analysts and Creditors C) Auditors and Analysts D) Management and Auditors
D) Management and Auditors
The COSO framework is utilized as a benchmark to assess the internal control effectiveness by whom? A) Creditors B) Analysts C) Creditors and Analysts D) Neither Creditors nor Analysts
D) Neither Creditors nor Analysts
Which of the following payroll control activities would most effectively ensure that payment is made only for work performed? A) Require all employees to record arrival and departure by using the time clock. B) Have a payroll clerk recalculate all time cards. C) Require all employees to sign their time cards. D) Require employees to have their direct supervisors approve their time cards.
D) Require employees to have their direct supervisors approve their time cards.
Which of the following is a duty of the audit committee? A) Appointment, compensation, and oversight of the public accounting firm conducting the entity's audit. B) Oversight of the anonymous fraud hotline that is designed to provide employees with a confidential and effective manner in which to report possible financial reporting issues. C) Authority to engage legal counsel in the event of management fraud. D) These are all duties of the audit committee.
D) These are all duties of the audit committee.
Which of the following is not a process or form of a client's internal control understanding? A) narrative description B) internal control questionnaire C) process flowchart D) Venn diagram
D) Venn diagram
Control activities intended to ensure that transactions are recorded in the right period are designed to achieve the ASB assertion of A) occurrence. B) accuracy. C) valuation or allocation. D) cutoff.
D) cutoff.
The appropriate separation of duties does not include A) authorization to execute transactions. B) recording of transactions. C) custody of assets involved in transactions. D) data preparation.
D) data preparation.
Sound internal control can be described as separating all of the following duties and responsibilities except for A) transaction authorization. B) recordkeeping. C) custody of, or direct access to, assets. D) hiring of employees.
D) hiring of employees.
Assessing control risk at below the maximum level most likely would involve A) performing more extensive substantive tests with larger sample sizes than originally planned. B) reducing inherent risk for most of the assertions relevant to significant account balances. C) changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end. D) identifying specific internal control activities that are relevant to specific financial statement assertions.
D) identifying specific internal control activities that are relevant to specific financial statement assertions.
Which of the following is a factor in the control environment? A) segregation of duties B) information processing C) performance reviews D) management's philosophy and operating style
D) management's philosophy and operating style
As part of understanding the internal control, an auditor is not required to A) consider factors that affect the risk of material misstatement. B) ascertain whether internal control policies and activities have been placed in operation. C) identify the types of potential misstatements that can occur. D) obtain knowledge about the operating effectiveness of the client's internal control activities.
D) obtain knowledge about the operating effectiveness of the client's internal control activities.
Proper separation of duties reduces the opportunities to allow persons to be in positions to both A) journalize entries and prepare financial statements. B) record cash receipts and cash disbursements. C) establish internal controls and authorize transactions. D) perpetrate fraud and then conceal it in the books.
D) perpetrate fraud and then conceal it in the books.
When obtaining an understanding of an entity's internal control in a financial statement audit at a nonissuer, an auditor is not obligated to A) determine whether the control activities have been placed in operation. B) perform procedures to understand the design of the internal control system. C) document the understanding of the company's internal control system. D) search for significant deficiencies in the operation of the internal control system.
D) search for significant deficiencies in the operation of the internal control system.
1) Transaction-level controls pertain to A) broad classes of transactions, account balances, and disclosures. B) broad disclosures and implications. C) unique merger and acquisition transactions. D) specific classes of transactions, account balances, and disclosures.
D) specific classes of transactions, account balances, and disclosures.