Audit Chapter 8
1) A system of internal control consists of policies and procedures designed to provide management with A) reasonable assurance that the company achieves its objectives. B) assurance that fraud will be prevented. C) reasonable assurance that fraud will be detected. D) assurance that the firm's resources will be used in the optimal way.
A
1) If an external auditor's client has used a service organization during the year for some of its payroll processing and accounting, which of the following steps should the external auditor take if he or she decides to use the service organization auditor's report as audit evidence that the entity's controls are operating effectively for certain assertions? A) Consider the sufficiency and appropriateness of the evidence provided by the service organization auditor's report about the effectiveness of controls intended to prevent or detect material misstatements in the particular assertions. B) Double-date the audit report to show the date of the service organization's audit and the date of the client's audit. C) The auditor should make reference to the report of the service auditor as a basis, in part, for his or her own opinion on the entity's financial statements. D) Re-perform each of the audit tests used by the service organization auditor.
A
1) When the auditor identifies opportunities for the client to make operational improvements in the internal control system, it will be communicated to the client's audit committee in the A) management letter. B) reportable conditions letter. C) engagement letter. D) audit report.
A
13) An essential characteristic of the persons performing internal check procedures is A) independence from the original data preparer. B) a thorough knowledge of accounting. C) an analytical and inquisitive mind. D) competence in data entry skills.
A
2) A secondary objective of the auditor's study and evaluation of internal control is that the study and evaluation provide A) a basis for constructive suggestions concerning improvements in internal control. B) a basis for reliance on the accounting system. C) an assurance that the records and documents have been maintained in accordance with existing company policies and procedures. D) an indication that management and employees are trustworthy.
A
2) Management assesses risks as a part of designing and operating internal controls to minimize fraud and errors. Auditors assess risks to A) decide the evidence needed in the audit. B) fully implement the audit risk model. C) enable them to assess the completeness of internal controls. D) make sure that the company will continue to operate over the next year.
A
2) Narratives, flowcharts, and internal control questionnaires are three commonly used methods of A) documenting the auditor's understanding of internal controls. B) testing internal controls. C) designing the audit manual and procedures. D) documenting the auditor's understanding of client's organizational structure.
A
2) The control environment consists of actions, policies, and procedures that A) reflect the overall attitudes of top management, the directors, and the owners of an entity about control and its importance. B) govern access to particular applications, such as how employees use passwords to change master file payroll rates. C) are recorded on the web site (for example, access policies to data). D) help implement the ethical attitudes at the organization, such as a computer usage policy.
A
3) The board of directors is essential for effective corporate governance because it has ultimate responsibility to A) make sure management implements proper internal control and financial reporting processes. B) assist management in the preparation of the financial statements. C) test internal controls and ensure they are working properly. D) provide a report to the auditor confirming that internal controls are working properly.
A
4) Which of the following best describes the inherent limitations that should be recognized by an auditor when considering the potential effectiveness of an accounting system? A) Procedures whose effectiveness depends on segregation of duties can be circumvented by collusion. B) The competence and integrity of client personnel provides an environment conducive to accounting control and provides assurance that effective control will be achieved. C) Procedures designed to assure the execution and recording of transactions in accordance with proper authorizations are effective against irregularities perpetrated by management. D) The benefits expected to be derived from an effective accounting system usually do not exceed the costs of such control.
A
5) When a compensating control exists, a weakness in the system A) is no longer a concern because the potential for misstatement has been sufficiently reduced. B) is reduced but not removed; therefore, it is still of concern to the auditor. C) could cause a material loss, so it must be tested using substantive procedures. D) is magnified and must be removed from the sampling process and examined in its entirety.
A
5) When planning the audit, the auditor's decision on the appropriate assessed level of control risk to use is A) an economic issue, trading off the costs of testing controls against the cost of testing balances. B) calculated by using the audit risk model. C) calculated by using a standard formula. D) determined by using actuarial tables.
A
6) To comply with auditing standards, the auditor need not be concerned with all areas of internal control that apply to management. The auditor's primary concerns are with the system's ability to A) maintain reliable control systems pertaining to financial transactions. B) promote efficiency and encourage adherence to policy. C) prevent and detect financial statement fraud and error. D) provide reliable data and safeguard assets.
A
8) Which of the following is an example of a general authorization? A) The highest credit limit allowed for accounts receivable is $50 000. B) ABC Company has a credit limit of $25 000. C) Each supervisory wage rate must be approved by the executive manager. D) Grocery supervisors approve each transaction reversal over five dollars.
A
1) Once an understanding of internal controls is obtained that is sufficient for audit planning, then the auditor must first assess A) whether a lower level of control risk could be supported. B) whether the financial statements are auditable. C) the level of control risk supported by the understanding obtained. D) the level of control risk to use.
B
1) The auditor may identify some risks that cannot be effectively tested by substantive tests alone. For example, when there are paperless transactions (perhaps using EDI — electronic data interchange). To address these risks, the auditor is required to A) assess the design effectiveness of relevant controls and test them. B) obtain an understanding of the controls and test them if reliance is intended. C) obtain an understanding of the controls and assess their design effectiveness. D) test the controls that address the paperless aspects of the transactions.
B
10) The operational responsibility and the recording of transactions are normally kept separate A) to centralize activities in order to be more cost efficient. B) to ensure unbiased information is recorded. C) because operational personnel rarely have the necessary accounting skills to record transactions. D) to avoid confusion of responsibilities and duplication of efforts.
B
14) An example of general computer control systems that provide reasonable assurance of authorization of application systems is A) operations and information systems support. B) systems, acquisition, development, and maintenance controls. C) organization and management controls. D) application system control procedures.
B
15) FiddleWare Limited uses a purchased software package to handle the processing of its transactions. An important control that management should implement with respect to information systems is the A) use of a formal systems development methodology. B) evaluation of potential new systems against organizational objectives. C) use of appropriate checkpoints and milestones during development. D) tracking of routine program maintenance changes.
B
2) Carrie is the manager of the Bay Street Pharmacy. Carrie is considering implementing a security tag system to reduce the losses related to stolen goods at their store. The system Carrie is looking at currently costs $60 000 and is expected to be effective for 5 years. In order to justify the implementation of the security tag system, average theft per year should be at least A) $1000. B) $12 000. C) $60 000. D) Theft should be prevented at all costs.
B
2) Effective internal control in a small company that has an insufficient number of employees to permit proper division of responsibilities can best be enhanced by A) employment of temporary personnel to aid in the segregation of duties. B) direct participation by the owner of the business in the record-keeping activities of the business. C) engaging a public accountant to perform monthly "write-up" work. D) delegation of full, clear-cut responsibility to each employee for the functions assigned to each.
B
2) The procedures to test effectiveness of control policies and procedures in support of a reduced assessed control risk are called A) tests of details of balances. B) tests of controls. C) analytical procedures. D) a walk-through.
B
3) A procedure that would most likely be used by an auditor in performing tests of control procedures that involve segregation of functions and that leave no transaction trail is A) inspection. B) observation. C) reperformance. D) reconciliation.
B
3) Each key control that the auditor intends to rely on must be supported by sufficient A) tests of details of balances. B) tests of controls. C) analytical review procedures. D) reperformance procedures.
B
4) Jenny is the information technology support manager at CMH. Jenny is considered to be a super-user at CMH since she can circumvent normal controls. In order to address the risk of super-users, management should A) remove the super-user. B) establish effective compensating controls. C) update the background check on the super-user on a yearly basis. D) ensure that the super-user is familiar with the code of conduct of the company.
B
5) A well-designed organizational structure at an entity A) has operations and programming personnel tasks combined. B) clearly defines authority and responsibility assignments. C) requires that wage rates are recorded and tracked by the human resources department. D) has the internal audit department report to the Chief Financial Officer.
B
5) An act of two or more employees to work together to misstate records is called A) malfeasance. B) collusion. C) defalcation. D) felony.
B
6) The methods that management uses to supervise the entity's activities are called A) personnel practices. B) management control methods. C) methods of assigning authority and responsibility. D) management's operating style.
B
7) It is important for the public accountant to consider the competence of the audit clients' employees because their competence bears directly and importantly upon the A) cost/benefit relationship of internal controls. B) achievement of the objectives of the system of internal control. C) comparison of recorded accountability with assets. D) timing of the tests to be performed.
B
9) Management safeguards assets by A) having the internal auditors conduct periodic counts of physical assets. B) controlling access and by comparing physical items to records. C) requiring the external auditors to do surprise audits. D) having management sign a management representation letter.
B
1) After considering a client's internal controls, an auditor has concluded that it is well designed and is functioning as intended. Under these circumstances, the auditor would most likely A) perform tests of controls to the extent outlined in the audit program. B) determine the control procedures that should prevent or detect errors and irregularities. C) use a combined audit approach that includes tests of controls and substantive tests. D) determine whether transactions are recorded to permit preparation of financial statements in accordance with generally accepted accounting principles.
C
1) The first step for management in the risk assessment process is to identify factors that may increase risk, for example failure to meet prior objectives. Then, management will A) assess the likelihood of the risk occurring. B) make sure that procedures are developed to eliminate the risk. C) estimate the significance of that risk. D) develop specific actions to reduce the risk to an acceptable level.
C
1) Which one of the following is an example of a specific authorization? A) The computer systems automatically reorder inventory when quantities fall below the economic order quantity. B) The highest credit limit allowed for accounts receivable customers is $100 000. C) Each sales transaction that exceeds the credit limit of a customer must be approved by the controller. D) Grocery sales clerks may approve returns of goods less than ten dollars in value.
C
12) An important type of protective measure for safeguarding assets and records is A) adequate segregation of duties among personnel. B) proper authorization of transactions. C) the use of physical precautions. D) adequate documentation.
C
16) Bravo Design had IMB consulting design a custom software system to record the job costs and sales in progress. What acquisition process did Bravo design follow? A) in-house development B) systems acquisition C) turnkey software development D) outsourcing
C
17) Which of the following controls would be of concern to management but not to the auditor? A) controls over the collection of accounts receivable amounts B) controls over the entry of payroll wage rates into the computer systems C) controls over the distribution of promotional information to potential clients D) controls over the cost of inventory items as recorded in the perpetual inventory system
C
3) Paul is in the process of performing procedures to obtain the necessary understanding of the client's internal controls. As part of this process, Paul received from the client completed narratives, flowcharts, and internal control questionnaires. Paul can use this information from the client A) if the entity-level controls and tone at the top were found to be effective. B) if there has not been any significant change in the internal controls since the prior year. C) as long as any subsequent reliance on controls is adequately substantiated with testing. D) since it was prepared by management, which is unbiased.
C
4) Ideally, tests of controls should be applied to controls A) at the balance sheet date. B) at each quarterly interim period. C) for the entire period under audit. D) at the beginning of the fiscal period.
C
7) The accuracy of the results of the accounting system (account balances) is heavily dependent upon the A) knowledge and skills of the auditor. B) adequacy of the entity-level controls. C) accuracy of the inputs and processing (transactions). D) training provided to the personnel.
C
1) A major control available in a small company, which might not be feasible in a large company, is A) a wider segregation of duties. B) use of sequentially numbered documents. C) fewer transactions to process. D) the owner-manager's personal interest in and close relationship with personnel.
D
1) Management's objectives with respect to internal control include A) having reasonable assurance that the financial statements are in accordance with IFRS or ASPE. B) ensuring that all policies and procedures are clearly documented to reduce employee training costs. C) preventing fraud and illegal activities at all costs. D) providing reasonable assurance that the goals and objectives important to the entity have been met.
D
1) The Sarbanes Oxley Act has had consequences for many areas of corporate activities, including the following impact on the work of the auditor: A) The auditor is now required to report all fraudulent activities he/she uncovers directly to the Securities and Exchange Commission. B) The auditor must prepare a report verifying the information in the financial statements. C) The auditor must monitor how well management is carrying out its financial reporting responsibilities. D) The auditor is specifically required to evaluate the internal controls used by management to prepare financial information.
D
1) The essence of an effectively controlled organization lies in the A) effectiveness of its auditor. B) effectiveness of its internal auditor. C) attitude of its employees. D) attitude of its management.
D
11) Why is it important to separate systems development (or acquisition) and program maintenance activities from accounting? A) Accounting personnel have the expertise to evaluate program changes that have been implemented. B) Custody of media is important to help ensure ongoing operations. C) This allows accounting to reconcile transaction totals to transaction details. D) Lack of separation could result in unauthorized changes to programs and systems.
D
18) The chart of accounts is an important control because it provides the framework for determining the information presented to management and other financial statement users. What type of error is the chart of accounts helpful in preventing? A) errors of occurrence B) errors of completeness C) errors of accuracy D) errors of classification
D
19) External auditor Mary Smith may not rely on the work of internal auditor Ray Jones unless A) Jones is certified (CA, CGA, or CMA). B) Jones is independent of the client. C) Jones is supervised by Smith. D) Smith obtains evidence that supports the competence, integrity, and objectivity of Jones.
D
2) Control risk is a measure of the auditor's expectation that internal controls will A) prevent material misstatements from occurring. B) detect and correct material misstatements. C) either prevent material misstatements or detect and correct them. D) neither prevent material misstatements nor detect and correct them.
D
2) When the auditor attempts to determine the operation of the accounting system by tracing one or a few transactions through the accounting system, this is referred to as A) tracing. B) vouching. C) tests of controls. D) a walk-through.
D
3) Internal controls can never be regarded as completely effective. Even if systems personnel could design an ideal system, its effectiveness depends on the A) adequacy of the computer system. B) proper implementation by management. C) ability of the internal audit staff to maintain it. D) competency and dependability of the people using it.
D
3) Which of the following duties would indicate a weakness in internal controls? A) The accounting function is under the controller. B) The custodianship of cash is the responsibility of the treasurer's function. C) The internal auditor reports to the board of directors. D) The custodianship of buildings and equipment is the responsibility of the controller's function.
D
4) To help with corporate governance and a positive "tone at the top," the board of directors and its committees, such as the audit committee, should A) rubber-stamp the financial statements once per year. B) consist of all members of executive management. C) follow the policies and procedures approved by management. D) take an active role in overseeing the company.
D