Audit exam 2
An example of an access control is a: A) Password. B) Read only memory. C) Test facility. D) Check digit.
A
The most reliable form of documentary evidence generally is considered to be documents created by the client.
FALSE
The professional standards consider calculating depreciation expense a "routine" transaction.
FALSE
Most advanced computer systems do not have audit trails.
FASLE
A schedule set up to combine similar general ledger accounts, the total of which appears on the working trial balance as a single amount, is referred to as a: A) Lead schedule. B) Reconciling schedule. C) Corroborating schedule. D) Supporting schedule.
A
Analytical procedures are required at the risk assessment stage and as: A) Procedures near the end of the audit. B) Tests of internal control. C) Substantive procedures. D) Computer generated procedures.
A
In auditing an asset valued at fair value, which of the following potentially provides the auditor with the strongest evidence? A) A price for a similar asset obtained from an active market. B) Management's judgment of the cost to purchase an equivalent asset. C) An appraisal obtained discounting future cash flows. D) The historical cost of the asset.
A
The auditors' understanding established with a client should be confirmed through a(an): A) Written communication with the client. B) Written or oral communication with the client. C) Oral communication with the client. D) Completely detailed audit plan.
A
The effectiveness of controls is not generally tested by: A) Performance of analytical procedures. B) Inquiries of appropriate client personnel. C) Observation of the application of accounting policies and procedures. D) Inspection of documents and reports.
A
The inspection of a vendor's invoice by the auditors is: A) Documentary evidence about occurrence of a transaction. B) Direct evidence about occurrence of a transaction. C) Physical evidence about occurrence of a transaction. D) Part of the client's accounting system.
A
The provision of the Foreign Corrupt Practices Act that require implementing an internal control system apply to: A) All corporations under the jurisdiction of the SEC. B) All U.S. corporations. C) All U.S. partnerships and corporations. D) All U.S. corporations that engage in foreign operations.
A
The risk of a material misstatement occurring in an account, assuming an absence of internal control, is referred to as: A) Inherent risk. B) Detection risk. C) Account risk. D) Control risk.
A
This organization developed a set of criteria that provide management with a basis to evaluate controls not only over financial reporting, but also over the effectiveness and efficiency of operations and compliance with laws and regulations: A) Committee of Sponsoring Organizations. B) Financial Accounting Standards Board. C) Foreign Corrupt Practices Corporation. D) Cohen Commission.
A
To be effective, analytical procedures performed near the end of the audit should be performed by A) A manager or partner who has a comprehensive knowledge of the client's business and industry. B) A beginning staff accountant who has had no other work related to the engagement. C) The partner performing the quality review of the audit. D) The CPA firm's quality control manager.
A
What is a potential successor auditor's responsibility for communicating with the predecessor auditors when dealing with a prospective new client? A) The successor auditors should obtain permission from the prospective client to contact the predecessor auditors. B) The successor auditors need not contact the predecessors if the successors are aware of all available relevant facts. C) The successor auditors have no responsibility to contact the predecessor auditors. D) The successor auditors should contact the predecessors regardless of whether the prospective client authorizes contact.
A
When a client uses a service organization to process certain transactions (e.g., its employee benefit plan), the auditor is least likely to obtain an understanding relating to these transactions by A) Sending a confirmation request to the service organization. B) Contacting the service organization to obtain specific information. C) Visiting the service organization and performing procedures. D) Obtaining and reading a Type 1 or Type 2 report from the service organization.
A
Which of the following is an advantage of describing internal control through the use of a standardized questionnaire? A) Questionnaires highlight weaknesses in the system. B) Questionnaires usually identify situations in which internal control weaknesses are compensated for by other strengths in the system. C) Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing internal control. D) Questionnaires are more flexible than other methods of describing internal control.
A
Which of the following is correct with respect to control deficiencies discovered during an audit? A) All material weaknesses in internal control must be reported to the audit committee in writing. B) All control deficiencies are also significant deficiencies. C) All such matters must be communicated to the audit committee and regulatory agencies. D) Auditors must communicate and recommend corrections relating to all material weaknesses in internal control to management.
A
Which of the following is least likely to be considered a risk assessment procedure relating to internal control? A) Counting marketable securities at year-end. B) Inspecting documents and reports. C) Inquiries of client personnel. D) Observing the application of specific controls.
A
Which of the following is not a basic procedure used in an audit? A) Tests of direct evidence. B) Tests of controls. C) Risk assessment procedures. D) Substantive procedures.
A
Which of the following is not a distinctive characteristic of advanced IT systems? A) Batch processing of transactions. B) Distributive data processing. C) Data communication. D) Integrated database.
A
Which of the following is not a general objective for the audit of asset accounts? A) Establishing proper liabilities relating to assets. B) Establishing existence of assets. C) Establishing proper valuation of assets. D) Establishing the completeness of assets.
A
Which of the following personnel is responsible for the proper functioning of the security features built into the operating system? A) The systems programmer. B) The computer operator. C) The application programmer. D) The telecommunications specialist.
A
Which of the following procedures is not performed as a part of planning an audit engagement? A) Verifying cutoff procedures. B) Designing an audit plan. C) Reviewing the working papers of the prior year. D) Developing an overall audit strategy.
A
Which of the following statements is correct concerning the understanding of internal control needed by auditors? A) The auditors must have a sufficient understanding to assess the risks of material misstatement. B) The auditors must understand the information system, not the accounting system. C) The auditors must understand the control environment, risk assessment, and all control activities. D) The auditors must understand monitoring and all preliminary accounting controls.
A
Which situation would most likely require special audit planning by the auditors? A) The investment portfolio has several complex financial instruments, such as derivatives. B) Some items of factory and office equipment do not bear identification numbers. C) Assets costing less than $500 are expensed even though the expected life exceeds one year. D) Depreciation methods used on the client's tax return differ from those used on the books.
A
A CPA wishes to use a representation letter as a substitute for performing other audit procedures. Doing so: A) Is acceptable, but should only be done when cost justified. B) Violates professional standards. C) Is acceptable and desirable under all conditions. D) Is acceptable, but only for non-public clients.
B
A control feature in a computer application program that involves comparing a customer number to the customer database: A) Authorization test. B) Validity test. C) Check digit test. D) Limit test.
B
After obtaining an understanding of internal control and arriving at a preliminary assessed level of control risk, an auditor decided to perform tests of controls. The auditor most likely decided that: A) An increase in the assessed level of control risk is justified for certain financial statement assertions. B) It would be efficient to perform tests of controls that would result in a reduction in planned substantive procedures. C) Additional evidence to support a reduction in the assessed level of control risk is not available. D) There were many internal control deficiencies that would allow misstatements to enter the accounting system.
B
An audit client outsources portions of its IT system to a cloud service provider. Which type of report would a report on management's description of the service organizations system and operating effectiveness of controls? A) Type 1 report. B) Type 2 report. C) Change request report. D) OE report.
B
An auditor may decide not to perform tests of controls related to the control activities within the computer portion of the client's internal control. Which of the following would not be a valid reason for choosing to omit such test? A) The time and dollar costs of testing exceed the time and dollar savings in substantive testing if the tests show the controls to be operative. B) The controls appear adequate. C) The controls duplicate operative controls existing elsewhere. D) There appear to be major weaknesses that would preclude reliance on the stated procedure.
B
Comparing the current-year gross margin with the prior-year gross margin to determine if cost of sales is reasonable during an audit would be a type of: A) Test of transactions. B) Analytical procedure. C) Test of details. D) Test of controls.
B
In a financial statement audit performed following AICPA Professional Standards, how frequently must an auditor test operating effectiveness of controls that appear to function as they have in past years and on which the auditor wishes to rely upon in the current year? A) Monthly. B) At least every third audit. C) Each audit. D) At least every second audit.
B
Tests for unrecorded assets typically involve tracing from: A) Recorded journal entries to documents. B) Source documents to recorded journal entries. C) Source documents to observations. D) Recorded journal entries to observations.
B
The Sarbanes-Oxley Act of 2002 requires that the audit committee: A) Review the level of management compensation. B) Be directly responsible for the appointment, compensation, and oversight of the work of the CPA firm. C) Require that the company's CPA firm rotate the partner in charge of the audit. D) Annually reassess control risk using information from the CPA firm.
B
Various computing devices (e.g., desktops, laptops, tablets, phones) have resulted in a(n): A) Decreased concern over the accuracy of computerized processing. B) Decentralization of data processing activities. C) Increase for general computer control activities. D) Decrease in the number of local area networks.
B
Which is most likely when the assessed level of control risk increases? A) Use the maximum number of dual purpose tests. B) Use larger sample sizes for substantive procedures. C) Perform substantive procedures directed inside the entity rather than tests directed toward parties outside the entity. D) Change from performing substantive procedures at year-end to an interim date.
B
Which of the following is a basic approach often used by auditors to evaluate the reasonableness of accounting estimates? A) Confirmation. B) Reviewing subsequent events or transactions. C) Analyzing corporate organizational structure. D) Observation.
B
Which of the following is correct concerning requirements about auditor communications about fraud? A) The auditor has no responsibility to disclose fraud outside the entity under any circumstances. B) Fraud that involves senior management should be reported directly to the audit committee regardless of the amount involved. C) Fraud with a material effect on the financial statements should ordinarily be disclosed by the auditor through use of an "emphasis of a matter" paragraph added to the audit report. D) All fraud with a material effect on the financial statements should be reported directly by the auditor to the Securities and Exchange Commission.
B
Which of the following is not a component of the control environment? A) Organizational structure. B) Risk assessment. C) Integrity and ethical values. D) Commitment to attracting, developing, and retaining competent employees
B
Which of the following is not a data communication control? A) Parity check. B) Distributed data processing. C) Data encryption. D) Message acknowledgment techniques.
B
Which of the following is not a primary procedure auditors use to obtain sufficient knowledge about the design of the relevant controls and to determine whether they have been implemented (placed in operation)? A) Previous experience with the entity. B) Performance of substantive procedures. C) Inspection of document and records. D) Inquiries of appropriate management personnel.
B
Which of the following is true about analytical procedures? A) Performing analytical procedures results in the most reliable form of evidence. B) Analytical procedures are used in risk assessment, as a substantive procedure for specific accounts, and near the completion of the audit of the audited financial statements. C) Analytical procedures are used for planning, but they should not be used to obtain evidence as to the reasonableness of specific account balances. D) Analytical procedures are tests of controls used to evaluate the quality of a client's internal control.
B
Which of the following procedures would an entity most likely include in its disaster recovery plan? A) Maintain a program to prevent illegal activity. B) Store duplicate copies of files in a location away from the computer center. C) Develop an auxiliary power supply to provide uninterrupted electricity. D) Convert all data from external formats to an internal company format.
B
Which of the following situations would cause a CPA to not accept a new audit engagement? A) The CPA is unable to review the predecessor auditor's working papers due to a major fire that destroyed both hard and soft copy documentation. B) The prospective client is unwilling to make financial records available to the CPA. C) The prospective client has fired its prior auditor. D) The CPA lacks a thorough understanding of the prospective client's operations and industry.
B
Which of the following would be least likely to be considered a desirable attribute of a database management system? A) Control of users' identification numbers and passwords. B) Data redundancy. C) Logging of terminal activity. D) Quick response to users' request for information.
B
For good internal control, programmers should not be given access to program documentation for the programs they work on.
FALSE
A network security system that monitors and controls the incoming and outgoing network access and data based on predetermined security criteria is referred to as a A) cloud approach. B) test data approach. C) firewall. D) method of data encryption.
C
After documenting the client's prescribed internal control, the auditors will often perform a walk-through of each transaction cycle. An objective of a walk-through is to: A) Identify weaknesses to be communicated to management in the management letter. B) Replace tests of controls. C) Verify that the controls have been implemented (placed in operation). D) Evaluate the major strengths and weaknesses in the client's internal control
C
An auditor is performing an analytical procedure that involves comparing a client's ratios with other companies in the same industry. This technique is referred to as: A) Horizontal analysis. B) Vertical analysis. C) Cross-sectional analysis. D) Comparison analysis.
C
General controls over IT systems are typically tested using: A) Generalized audit software. B) Test data. C) Observation, inspection, and inquiry. D) Program analysis techniques.
C
In their consideration of a client's IT controls, the auditors will encounter general controls and application controls. Which of the following is an application control? A) Control over program changes. B) Systems documentation. C) Hash total. D) The operations manual.
C
Software that is designed to disable or damage computer systems or data is referred to as: A) Malfeasance. B) Cloud. C) Malware. D) Improper programming intelligence
C
Tests of controls do not ordinarily address: A) How a control was applied. B) By whom a control was applied. C) The cost effectiveness of the way a control was applied. D) The consistency with which a control was applied.
C
The auditors are least likely to "audit around the computer" when: A) Input transactions are batched and system logic is straightforward. B) Outputs are in hard copy form. C) Processing is primarily online and updating is real-time. D) Processing primarily consists of sorting the input data and updating the master file sequentially.
C
The auditors are planning an audit engagement for a new client. The business of the client is unfamiliar to the auditors. Which of the following would be the most useful source of information for the auditors when they are trying to obtain a general understanding of audit problems that could be encountered? A) AICPA Industry Audit Guides. B) Client manuals of accounts and charts of accounts. C) Prior-year working papers of the predecessor auditors. D) Latest annual and interim financial statements issued by the client.
C
When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level of control risk will: A) Equal the actual control risk. B) Be less than the preliminary assessed level of control risk. C) Equal the preliminary assessed level of control risk. D) Be less than the actual control risk.
C
Generalized audit software is effective for substantive procedures, but not for tests of controls.
FALSE
Which of the following is generally true about the sufficiency of audit evidence? A) When evidence is appropriate with respect to an account it is also sufficient. B) The amount of evidence concerning a particular account varies inversely with the inherent risk of the account. C) The amount of evidence that is sufficient varies directly with the acceptable risk of material misstatement. D) The amount of evidence concerning a particular account varies inversely with the materiality of the account.
C
Which of the following is not a financial statement assertion relating to account balances? A) Rights and obligations. B) Completeness. C) Recorded value and discounts. D) Existence.
C
Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee? A) Management's failure to renegotiate unfavorable long-term purchase commitments. B) Management's current plans to reduce its ownership equity in the entity. C) Evidence of a lack of objectivity by those responsible for accounting decisions. D) Recurring operating losses that may indicate going concern problems.
C
Which of the following situations would heighten an auditor's concern about the risk of fraudulent financial reporting A) Financial management's participation in the initial selection of accounting principles. B) Low growth and profitability as compared to other entity's in the same industry. C) An overly complex organizational structure involving unusual lines of authority. D) Large amounts of liquid assets that are easily convertible into cash.
C
Which of the following statements is correct regarding the auditor's determination of materiality for a public company audit? A) The amount used for the planning should equal that used for evaluation. B) Auditors may use various rules of thumb to arrive at an evaluation level of materiality, but not for determining the planning level of materiality. C) The auditors' planning level of materiality may be disaggregated into smaller "tolerable misstatements" for the various accounts. D) The planning level of materiality should normally be the larger of the amount considered for the balance sheet versus the income statement
C
Which statement is correct concerning the relevance of various types of controls to a financial statement audit? A) All controls are ordinarily relevant to an audit. B) Controls over safeguarding assets and liabilities are of primary importance, while controls over the reliability of financial reporting may also be relevant. C) Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls may also be relevant. D) An auditor may ordinarily ignore the consideration of controls when a substantive audit approach is used.
C
Internal auditors should preferably report to the chief accounting officer of the company.
FALSE
Applying substantive tests to the details of asset and liability accounts as of an interim date, rather than as of the balance sheet date: A) Should be especially considered when there are rapidly changing economic conditions. B) Eliminates the use of certain statistical sampling methods that would otherwise be available. C) Presumes that the auditor will reperform the tests as of the balance sheet date. D) Potentially increases the risk that errors which exist at the balance sheet date will not be detected.
D
Audit documentation is intended to allow ________ to understand the audit work performed, the evidence obtained, and the significant conclusions. A) a certified public accountant B) the general public C) the controller at the company being audited D) an experienced auditor
D
During financial statement audits, auditors seek to restrict which type of risk? A) Control risk. B) Account risk. C) Inherent risk. D) Detection risk.
D
During financial statement audits, the auditors' consideration of their clients' internal control is integral to both assess the risk of material misstatement and to: A) Provide a reasonable basis for an opinion on compliance with applicable laws. B) Assess compliance with the Foreign Corrupt Practices Act. C) Assess inherent risk. D) Design further audit procedures.
D
If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll computer application? A) Total debits and total credits. B) Net pay. C) Hours worked. D) Department numbers.
D
In a client/server environment, the "client" is most likely to be the: A) Supplier of the computer system. B) Computer that contains the networks software and provides services to a server. C) Database administrator. D) Computers of various users.
D
The risk that the auditors' procedures will lead them to conclude that a material misstatement does not exist in an account balance when in fact such a misstatement does exist is referred to as: A) Inherent risk. B) Control risk. C) Account risk. D) Detection risk.
D
When conducting fieldwork for a physical inventory, an auditor is least likely to perform which of the following steps using a generalized audit software package? A) Recalculating balances in inventory reports. B) Analyzing data resulting from inventory. C) Selecting sample items of inventory. D) Observing inventory.
D
Which of the following components may not use a network as part of the information systems architecture? A) Printers. B) Enterprise resource planning (ERP) systems. C) The operating system. D) Off-the-shelf accounting software.
D
Which of the following is least likely to be required on an audit? A) Review accounting estimates for biases. B) Test appropriateness of journal entries and adjustments. C) Evaluate the business rationale for significant, unusual transactions. D) Make a legal determination of whether fraud has occurred.
D
Which of the following is least likely to render a quantitatively small misstatement material? A) Affects the registrant's compliance with regulatory requirements. B) Masks a change in earnings or other trends. C) The transaction involves a related party. D) Arises from an item not capable of precise measurement.
D
Which of the following is not a basic approach often used by auditors to evaluate the reasonableness of accounting estimates? A) Review of management's process of development. B) Independent development of an estimate. C) Review of subsequent events. D) Observation of procedures.
D
Which of the following is not a factor that is considered a part of the client's overall control environment? A) Management philosophy and operating style. B) The organizational structure. C) Board of directors. D) The information system.
D
Which of the following is not a function of working papers? A) Provide support for the auditors' report. B) Aid partners in planning and conducting future audits. C) Document staff compliance with generally accepted auditing standards. D) Provide support for the accounting records.
D
Which of the following is not an assertion relating to classes of transactions? A) Classification. B) Accuracy. C) Cutoff. D) Adequacy.
D
Which of the following is not an example of a likely adjustment in the auditors' overall audit approach when significant risk is found to exist? A) Apply increased professional skepticism about material transactions. B) Assign personnel with particular skill to areas of high risk. C) Obtain increased evidence about the appropriateness of management's selection of accounting principles. D) Increase the assessed level of detection risk.
D
Which of the following is not considered to be an analytical procedure? A) Comparisons of financial statement amounts with comparable prior year amounts. B) Comparisons of financial statement amounts with budgeted amounts. C) Comparisons of financial statement amounts with nonfinancial data. D) Comparisons of financial statement amounts with source documents.
D
Which of the following is not one of the assertions made by management about an account balance? A) Existence. B) Valuation. C) Rights and obligations. D) Relevance.
D
Which of the following is not programmed as a processing control? A) Self-checking numbers. B) Limit tests. C) Validity tests. D) Private lines.
D
Which of the following topics is not normally included in an engagement letter? A) Limitations on the scope of the engagement. B) The auditors' estimate of the fee for the engagement. C) A description of responsibility for the detection of fraud. D) The auditors' level of materiality in planning the audit.
D
Which of the following would be least likely to be regarded as a test of a control? A) Comparisons of the signatures on cancelled checks to the authorized check signer list. B) Tests of signatures on purchase orders. C) Recalculation of payroll deductions. D) Tests of the additions to property by physical inspection.
D
Which of the following would not generally be considered a program control? A) Limit tests. B) Allowed character tests. C) Missing data tests. D) Segregation of duties controls
D
Preliminary arrangements with clients should be set forth in the management letter
FALSE
The auditors' tests of controls are designed to substantiate the fairness of specific financial statement accounts.
FALSE
A limit test is a general computer control built into the software.
FALSE
Analytical procedures are seldom used during the risk assessment stage of an audit engagement because they are substantive procedures.
FALSE
Decentralized data processing eliminates the need for data security
FALSE
A vendor's invoice is an example of documentary evidence created by a third party and held by the client.
TRUE
Generalized audit software may be used for substantive procedures or for tests of controls
TRUE
In performing analytical procedures, the auditors may use dollar amounts, physical quantities, or percentages.
TRUE
The Foreign Corrupt Practices Act prohibits American companies to make payments to foreign officials to obtain business.
TRUE
The completeness of recording of assets is generally verified by tracing from the source documents to the recorded entry.
TRUE
The operating system is an example of system software.
TRUE
Vouching the acquisition of assets is an audit procedure that is often performed to establish the existence of the assets.
TRUE
Well-designed internal control can be circumvented by collusion.
TRUE