Audit Final Exam

What are the different types of information technology systems:

- LANs - WANs - ERPs - database mgmt systems

What are the PCAOB general standards?

- adequate training and proficiency - independence in mental attitude - due professional care

What are the 6 categories of general controls that have an entity wide effect on all IT functions

- administration of the IT duties - separation of IT duties - systems development - physical and online security - backup and contingency planning - hardware controls

What are examples of related parties?

- affiliated companies - principal owners of the client - any other party with which the client deals - a party who can influence mgmt or client policies

What is the purpose of audit documentation?

- aid auditor in providing reasonable assurance that an adequate audit was conducted in accordance with GAAS - record of procedure performed, relevant evidence, and conclusions reached - source of info for deciding whether sufficient evidence obtained to justify report given - basis for review by supervisors and partners

Auditing standards define 3 levels of the absence of internal controls, what are they

- control deficiency - significant deficiency - material weakness

What are the 5 components of COSO

- control environment - risk assessment - control activities - information and communication - monitoring

what are the 2 things auditors are primarily concerned with when it comes to internal controls

- controls over the reliability of financial reporting - controls over classes of transactions

What are the 2 key aspects of management's assessment of internal controls over financial reporting

- evaluate the design of internal control over financial reporting - test the effectiveness of those controls

Specific Fraud Risk Areas: Misappropriation of receipts involving revenue include:

- failure to record a sale - theft of cash receipts after a sale is recorded

Specific Fraud Risk Areas: revenue and A/R fraud risks - 3 main types of revenue manipulation include:

- fictitious revenues - premature revenue recognition - manipulation of adjustments to revenue

What are the 3 "other areas of fraud risk"

- fixed assets - intangible assets - payroll expenses

Auditing standards describe 2 categories of controls for IT systems:

- general controls - application controls

What are the components of a risk matrix

- identify audit objectives - identify existing controls - associate controls with related audit objectives

A 5 step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses;

- identify existing controls - identify the absence of key controls - consider the possibility of compensating controls - decide whether there is significant deficiency or material weakness - determine potential misstatements that could result

what are the 3 areas of the fraud triangle?

- incentives / pressures - opportunities - attitudes / rationalization

Application controls may be manual or automated and they include:

- input controls - processing controls - output controls

Management letters are prepared for the client to communicate:

- less significant internal control related issues - opportunities to make operational improvements

The auditor is likely to use 4 types of procedures to support the operating effectiveness of internal controls:

- make inquiries of appropriate client personnel - examine documents, records, and reports - observe control-related activities - Reperform client procedures

Specific Fraud Risk Areas: Inventory fraud risks include:

- manipulation by managers who want to achieve certain financial reporting objectives - misappropriation because it is usually readily sale-able

What are the 3 types of commonly used documents to obtain and document the auditors understanding of the design of internal control

- narratives - flowcharts - internal control questionnaire

what are the 3 factors that affect IR

- nature of client's business - culture - audit experience

An unqualified opinion willy only be issued when these 2 conditions are met:

- no identified material weaknesses as of the end of the fiscal year - no restrictions on the scope of the auditor's work

What do standards require to be described in the engagement letter?

- objectives - responsibilities of auditor and mgmt - schedules and fees

when it comes to understanding the internal controls, auditors are required to:

- obtain an understanding of the internal control relevant to the audit on every audit engagement - report on the effectiveness of internal control over financial reporting if the client is an accelerated filer

What are the 4 steps for auditors to obtain and document their understanding of the internal controls

- obtain and document understanding of internal control design and operation - assess control risk - design, perform, and evaluate tests of controls - decide PDR and substantive tests

what are the 5 PCAOB assertions

- occurence - completeness - valuation or allocation - rights and obligations presentation + disclosure

Auditors are more likely to accumulate evidence for companies who are:

- publicly held - have extreme indebtedness - likely to be sold

What are the 2 key concepts that underlie management's design and implementation of internal controls

- reasonable assurance - inherent limitations

Management typically has 3 broad objectives in designing an effective internal control system, what are they

- reliability of reporting - efficiency and effectiveness of operations - compliance with laws and regulations

What are the 4 specific fraud risk areas?

- revenue and A/R - misappropriation of receipts involving revenue - inventory - Purchases and A/P

Auditors use the following methods to evaluate whether the controls are implemented:

- system walkthrough - make inquiries of client personnel - inspect documents and records - observe entity activities and operations

match the four terms below with the definitions provided below: a. Control environment b. Control activities c. General authorization d. Internal control 1. A process designed to provide reasonable assurance regarding the achievement of management's objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and regulations 2. Company-wide policies for the approval of all transactions within stated limits 3. The actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about control and its importance to the entity. 4. Policies and procedures that help ensure necessary actions are taken to address risks in the achievement of the entity's objectives.

1. D 2. C 3. A 4. B

What are the 4 steps under client acceptance and initial planning?

1. evaluate if the client is acceptable to the firm 2. identify clients reasons for the audit 3. obtain an understanding with the client 4. develop overall audit strategy

what are the 4 stages in how the audit obj are met

1. plan and design an audit approach based on risk assessment 2. perform tests of controls and transactions 3. perform analytical procedures and tests of details of balances 4. complete the audit and issue a report

What are the 5 steps in determining materiality

1. set materiality as a whole for the F.S 2. determine performance materiality 3. estimate total misstatement for a segment 4. estimate the combined misstatement 5. compare combined estimate with preliminary materiality

what are the 3 categories in the setting audit objectives

1. transactions are properly recorded 2. balances are properly recorded 3. presentations and disclosures are properly recorded

What are the 4 audit evidence decisions needed to create an audit program

1. what audit procedures to use 2. what sample size to select for a given procedure 3. what items to select from the pop. 4. when to perform the procedures (timing)

Qualified or Disclaimer of Opinion

A scope limitation requires the auditor to express a qualified or disclaimer of opinion

Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements?

A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting.

what are critical audit matters?

Any matter arising from audit that was communicated to the Audit Committee that relates to material FS accounts/disclosures & involved especially challenging, subjective, or complex auditor judgement

Evidence is considered persuasive when it is:

Appropriate and sufficient

Inherent risk is directly related to

Evidence

T or F: accounting and auditing standards provide specific materiality guidelines

False

The auditors primary concern is the risk of _____________ in the F.S

Material misstatements

Inherent risk is inversely related to

Planned detection risk

What is control activities? (COSO)

Policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives

What is control risk?

Risk that a material misstatement in an assertion will not be prevented or detected on a timely basis by the company's internal control.

What is inherent risk?

The likelihood of material misstatement before considering the effects of internal control

What is planned detection risk

The risk that the audit evidence for an audit objective will fail to detect misstatements that could be material

T or F: Audit programs are developed for each segment of an audit

True

T or F: Internal controls are only audited for public companies

True

T or F: evidence is not unique to only auditors

True

T or F: performance materiality represents the maximum amount the FS can be misstated and still not affect a reasonable users' decision

True

T or F: public companies have higher audit risk than private companies

True

True of false: Application controls are designed for each software application

True

True or false: Auditors need to understand the design and implementation of controls that are relevant to the audit to identify and assess the risks of MM

True

True or false: If control risk is high, and deemed ineffective, then there is no need to test them

True

True or false: Management must establish and maintain the entity's internal controls

True

True or false: Many auditors use a control risk matrix to assist in the control risk assessment process at the transaction level

True

True or false: The auditor uses the control risk assessment and results of tests of controls to determine PDR and related substantive tests for the audit of the FS

True

What is an Acceptable audit risk?

a measure of how willing the auditor is to accept that the F.S may be materially misstated after the audit is completed and an unqualified opinion has been issued

What is a preliminary assessment of control risk

a measure of the auditor's expectation that internal controls will prevent MM from occurring or detect and correct them if they have occurred

Which of the following is the correct definition of "control deficiency?" a. A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis. b. A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably. c. A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements. d. None of the above is a correct definition.

a. A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.

Which of the following statements is most correct regarding errors and fraud? a. An error is unintentional, whereas fraud is intentional. b. Frauds occur more often than errors in financial statements. c. Errors are always fraud and frauds are always errors. d. Auditors have more responsibility for finding fraud than errors.

a. An error is unintentional, whereas fraud is intentional.

Which of the following statements best describes the auditor's responsibility with respect to illegal acts that do not have a material effect on the client's financial statements? a. Generally, the auditor is under no obligation to notify parties other than personnel within the client's organization. b. Generally, the auditor is under an obligation to inform the PCAOB. c. Generally, the auditor is obligated to disclose the relevant facts in the auditor's report. d. Generally, the auditor is expected to compel the client to adhere to requirements of the Foreign Corrupt Practices Act.

a. Generally, the auditor is under no obligation to notify parties other than personnel within the client's organization.

In connection with the annual audit, which of the following is not a "subsequent events" procedure? a. Review available interim financial statements. b. Read available minutes of meetings of stockholders, directors, and committees and, for meetings where minutes are not available, inquire about matters dealt with at such meetings. c. Make inquiries with respect to the financial statements covered by the auditor's previously issued report if new information has become available during the current examination that might affect that report. d. Discuss with officers the current status of items in the financial statements that were accounted for on the basis of tentative, preliminary, or inconclusive data.

a. Review available interim financial statements.

After general audit objectives are understood, specific audit objectives for each account balance on the financial statements can be developed. Which of the following statements is true? a. There should be at least one specific objective for each relevant general objective. b. There will be only one specific objective for each relevant general objective. c. There will be many specific objectives developed for each relevant general objective. d. There must be one specific objective for each general objective.

a. There should be at least one specific objective for each relevant general objective.

Which of the following is not one of the three main reasons why the auditor should properly plan engagements? a. To enable proper on-the-job training of employees. b. To enable the auditor to obtain sufficient appropriate evidence. c. To avoid misunderstandings with the client. d. To help keep audit costs reasonable.

a. To enable proper on-the-job training of employees.

SAS No. 59 requires auditors to evaluate whether there is a substantial doubt about a client's ability to continue as a going concern. One of the most important types of evidence to assess the going concern question is: a. analytical procedures. b. confirmations of creditors. c. statistical sampling procedures. d. inquiries of client and its legal counsel.

a. analytical procedures.

To determine that user ID and password controls are functioning, an auditor would most likely: a. attempt to sign on to the system using invalid user identifications and passwords. b. write a computer program that simulates the logic of the client's access control software. c. extract a random sample of processed transactions and ensure that the transactions were appropriately authorized. d. examine statements signed by employees stating that they have not divulged their user identifications and passwords to any other person.

a. attempt to sign on to the system using invalid user identifications and passwords.

Auditors generally allocate the preliminary judgment about materiality to the: a. balance sheet only. b. income statement only. c. income statement and balance sheet. d. statement of cash flows.

a. balance sheet only.

The most important general ledger account included in and affecting several cycles is the: a. cash account. b. inventory account. c. income tax expense and liability accounts. d. retained earnings account.

a. cash account.

An act of two or more employees to steal assets or misstate records is frequently referred to as: a. collusion. b. a material weakness. c. a control deficiency. d. Any of the above.

a. collusion.

A control that relates to all parts of the IT system is called a(n): a. general control. b. systems control. c. universal control. d. applications control.

a. general control.

If planned detection risk is reduced, the amount of evidence the auditor accumulates will: a. increase. b. decrease. c. remain unchanged. d. be indeterminate.

a. increase.

A benefit obtained from comparing the client's data with industry averages is that it provides a(n): a. indication of the likelihood of financial problems. b. indication where errors exist in the statements. c. benchmark to be used in evaluating a client's budgets. d. comparison of "what is" with "what should be.

a. indication of the likelihood of financial problems.

It is easier and more common to implement increased evidence accumulation for inherent risk than for acceptable audit risk because: a. inherent risk can usually be isolated to specific accounts. b. inherent risk applies to the entire audit. c. acceptable audit risk and sample sizes are set statistically. d. acceptable audit risk does not impact on the amount of evidence which must be accumulated.

a. inherent risk can usually be isolated to specific accounts.

Controls which are designed to assure that the information processed by the computer is authorized, complete, and accurate are called: a. input controls. b. processing controls. c. output controls. d. general controls.

a. input controls.

If it is probable that the judgment of a reasonable person would have been changed or influenced by the omission or misstatement of information, then that information is, by definition of FASB Statement No. 2: a. material. b. insignificant. c. significant. d. relevant.

a. material.

When setting a preliminary judgment about materiality: a. more evidence is required for a low dollar amount than for a high dollar amount. b. less evidence is required for a low dollar amount than for a high dollar amount. c. the same amount of evidence is required for either low or high dollar amounts. d. there is no relationship between it and the dollar amount of evidence needed.

a. more evidence is required for a low dollar amount than for a high dollar amount.

Refusal by a client to prepare and sign the representation letter would require a(n): a. qualified opinion or a disclaimer. b. adverse opinion or a disclaimer. c. qualified or an adverse opinion. d. unqualified opinion with an explanatory paragraph.

a. qualified opinion or a disclaimer.

Tests of details of balances are specific procedures intended to: a. test for monetary errors in the financial statements. b. prove that the accounts with material balances are classified correctly. c. prove that the trial balance is in balance. d. identify the details of the internal control system.

a. test for monetary errors in the financial statements.

An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as: a. time tickets with invalid job numbers. b. overtime not approved by supervisors. c. deductions not authorized by employees. d. payroll checks with unauthorized signatures.

a. time tickets with invalid job numbers.

Match the terms below with their definition: a. Sufficiency of evidence b. Audit procedures c. Reliability of evidence d. Analytical procedures Use of comparisons and relationships to assess the reasonableness of account balances. Detailed instructions for the collection of a type of audit evidence. The degree to which evidence can be considered believable or trustworthy. This is determined by the amount of evidence obtained.

a: This is determined by the amount of evidence obtained. b: Detailed instructions for the collection of a type of audit evidence. c: The degree to which evidence can be considered believable or trustworthy. d: Use of comparisons and relationships to assess the reasonableness of account balances.

Control risk is directly related to

accumulation of substantive evidence

What is nature of evidence?

any information used by the auditor to determine whether the info being audited is in accordance with GAAP

What does the SEC do?

assist in providing investors with reliable info upon which to make investment decisions

If Inherent risk is high, you will need more

auditors assigned and more evidence accumulated

Where in the audit report is materiality referenced

auditors responsibility section

Which of the following statements regarding analytical procedures is not correct? a. Analytical tests emphasize a comparison of client internal controls to GAAP. b. Analytical procedures are required on all audits. c. Analytical procedures can be used as substantive tests. d. For certain accounts with small balances, analytical procedures alone may be sufficient evidence.

b. Analytical procedures are required on all audits.

Which of the following procedures might be useful in discovering a contingent liability for a lawsuit that management is intentionally neglecting to disclose? a. Inquiries (orally and in writing) of management. b. Analyzing legal expense and review invoices and statements from outside legal counsel. c. Reviewing current and previous years' internal revenue agent reports. d. Obtaining a letter of representation from management that it is aware of no undisclosed contingent liabilities.

b. Analyzing legal expense and review invoices and statements from outside legal counsel.

With whom should the auditor communicate whenever he or she determines that senior management fraud may be present, even if the matter might be considered inconsequential? a. PCAOB b. Audit committee c. An appropriate level of management that is at least one level above those involved d. The internal auditors

b. Audit committee

Which of the following statements is correct with respect to separation of duties? a. Employees should not have temporary and permanent custody of assets. b. Employees who authorize transactions should not have custody of related assets. c. It is permissible to allow an employee to open cash receipts and record those receipts. d. Employees who authorize transactions should have recording responsibility for these transactions.

b. Employees who authorize transactions should not have custody of related assets.

Which of the following is a factor that relates to incentives or pressures to commit fraudulent financial reporting? a. Significant accounting estimates involving subjective judgments. b. Excessive pressure for management to meet debt repayment requirements. c. Management's practice of making overly aggressive forecasts. d. High turnover of accounting, internal audit, and information technology staff.

b. Excessive pressure for management to meet debt repayment requirements.

Which of the following statements is not true? a. Inherent risk is inversely related to detection risk. b. Inherent risk is inversely related to evidence. c. Inherent risk is the susceptibility of the financial statements to material error, assuming no internal controls. d. Inherent risk is the auditor's assessment of the likelihood that errors exceeding a tolerable amount exist in a segment before considering the effectiveness of internal controls.

b. Inherent risk is inversely related to evidence.

Cloud computing: a. Is only used by businesses with sales over $100 million. b. Permits companies to use offsite data storage and computation services. c. Has no security issues. d. Is not subject to power outages.

b. Permits companies to use offsite data storage and computation services.

Initial audit planning involves four matters. Which of the following is not one of these? a. Develop an overall audit strategy. b. Request that bank balances be confirmed. c. Schedule engagement staff and audit specialists. d. Identify the client's reason for the audit.

b. Request that bank balances be confirmed.

Which of the following statements is not correct? a. The effectiveness of the client's internal control has a significant effect on the reliability of most types of evidence. b. Since the auditor performs analytical procedures, these will be reliable even if internal controls provide inaccurate data. c. Both physical examination and mechanical accuracy are likely to be highly reliable if the internal control is effective. d. A specific type of evidence is rarely sufficient by itself to provide reliable evidence to satisfy any audit objective.

b. Since the auditor performs analytical procedures, these will be reliable even if internal controls provide inaccurate data.

Which of the following statements is true regarding the distinction between general audit objectives and specific audit objectives for each account balance? a. The specific audit objectives are applicable to every account balance on the financial statements. b. The general audit objectives are applicable to every account balance on the financial statements. c. The general audit objectives are stated in terms tailored to the engagement. d. For any given class of transactions, usually only one audit objective must be met to conclude the transactions are properly recorded.

b. The general audit objectives are applicable to every account balance on the financial statements.

Which of the following statements is not correct? a. Materiality is a relative rather than an absolute concept. b. The most important base used as the criterion for deciding materiality is total assets. c. Qualitative factors as well as quantitative factors affect materiality. d. Given equal dollar amounts, frauds are usually considered more important than errors.

b. The most important base used as the criterion for deciding materiality is total assets.

To be considered reliable evidence, confirmations must be controlled by: a. a client employee responsible for accounts receivable. b. a financial statement auditor. c. a client's internal audit department. d. any of the above.

b. a financial statement auditor.

A measure of how willing the auditor is to accept that the financial statements may be materially misstated after the audit is completed and an unqualified opinion has been issued is the: a. inherent risk. b. acceptable audit risk. c. statistical risk. d. financial risk.

b. acceptable audit risk.

Calculating the gross margin as a % of sales and comparing it with previous periods is what type of evidence? a. physical examination b. analytical procedures c. observation d. inquiry

b. analytical procedures

The responsibility for adopting sound accounting policies and maintaining adequate internal control rests with the: a. board of directors. b. company management. c. financial statement auditor. d. company's internal audit department.

b. company management.

which of the following forms of evidence is most reliable? a. general ledger account balances b. confirmations of A/R balance received from a customer c. internal memo explaining the issuance of a credit memo d. copy of month end adjusting entries

b. confirmations of A/R balance received from a customer

The purpose of an engagement letter is to: a. document the CPA firm's responsibility to external users of the audited financial statements. b. document the terms of the engagement in writing to minimize misunderstandings. c. notify the audit staff of an upcoming engagement so that personnel scheduling can be facilitated. d. all of the above.

b. document the terms of the engagement in writing to minimize misunderstandings.

Narratives, flowcharts, and internal control questionnaires are three common methods of: a. testing the internal controls. b. documenting the auditor's understanding of internal controls. c. designing the audit manual and procedures. d. documenting the auditor's understanding of a client's organizational structure.

b. documenting the auditor's understanding of internal controls.

Rather than maintain an internal IT center, many companies use ________ to perform many basic functions such as payroll. a. external general service providers b. external application service providers c. internal control service providers d. internal auditors

b. external application service providers

The purpose of the requirement in SAS No. 84 of having communication between the predecessor and successor auditor is to: a. allow the predecessor to disclose information which would otherwise be confidential. b. help the successor auditor to evaluate whether to accept the engagement. c. help the client by facilitating the change of auditors. d. ensure the predecessor collects all unpaid fees prior to a change in auditor

b. help the successor auditor to evaluate whether to accept the engagement.

Significant deficiencies are matters that come to an auditor's attention and should be communicated to an entity's audit committee because they represent: a. material frauds perpetrated by high-level management. b. internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably. c. flagrant violations of the entity's documented conflict-of-interest policies. d. intentional attempts by client personnel to limit the scope of the auditor's field work

b. internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably.

The preliminary judgment about materiality is the amount by which the auditor believes the statements could be misstated and still not affect the decisions of reasonable users. a. minimum b. maximum c. mean average d. median average

b. maximum

Auditors are _____ to decide on the combined amount of misstatements in the financial statements that they would consider material early in the audit. a. permitted b. required c. not allowed d. strongly encouraged

b. required

An auditor's flowchart of a client's system is a graphical representation that depicts the auditor's: a. program for tests of controls. b. understanding of the system. c. understanding of the types of errors that are probable given the present system. d. documentation of the study and evaluation of the system.

b. understanding of the system.

Which of the following is not one of the 4 decisions about what evidence to gather and how much of it to accumulate? a. which audit procedures to use b. what accounts must agree to the GL c. when to perform the procedures d. what sample size to select for a given procedure

b. what accounts must agree to the GL

In testing for cutoff, the objective is to determine: a. whether all of the current period's transactions are recorded. b. whether transactions are recorded in the correct accounting period. c. a and b are correct. d. neither a nor b is correct.

b. whether transactions are recorded in the correct accounting period.

Which of the following is not likely to be a related party? a. Affiliated companies. b. A major stockholder of the company. c. A warehouse employee. d. The chief executive officer.

c. A warehouse employee.

Which of the following is not one of the subcomponents of the control environment? a. Management's philosophy and operating style. b. Organizational structure. c. Adequate separation of duties. d. Commitment to competence.

c. Adequate separation of duties.

Which of the following is a category of fraud? a. Fraudulent financial reporting b. Misappropriation of assets c. Both a and b d. Neither a nor b

c. Both a and b

Fraudulent financial reporting is most likely to be committed by whom? a. Line employees of the company. b. Outside members of the company's board of directors. c. Company management. d. The company's auditors.

c. Company management.

______ tests determines that every field in a record has been completed. a. Validation b. Sequence c. Completeness d. Programming

c. Completeness

Which of the following is not an example of a contingent liability: a. Pending litigation for patent infringement b. Product warranties c. Extinguished guarantee arrangements d. Unused balances of letters of credit

c. Extinguished guarantee arrangements

Which of the following is not a primary consideration when assessing inherent risk? a. Nature of client's business. b. Existence of related parties. c. Frequency and intensity of management's review of accounting transactions and records. d. Susceptibility to defalcation.

c. Frequency and intensity of management's review of accounting transactions and records.

Which of the following is not a category of an application control? a. Processing controls. b. Output controls. c. Hardware controls. d. Input controls.

c. Hardware controls.

Which of the following parties is responsible for implementing internal controls to minimize the likelihood of fraud? a. External auditors b. Audit committee members c. Management d. Committee of Sponsoring Organizations

c. Management

Who is most likely to perpetrate fraudulent financial reporting? a. Members of the board of directors b. Production employees c. Management of the company d. Each of the above is likely to perpetrate fraudulent financial reporting.

c. Management of the company

Which of the following is not a factor that relates to opportunities to commit fraudulent financial reporting? a. Lack of controls related to the calculation and approval of accounting estimates. b. Ineffective oversight of financial reporting by the board of directors. c. Management's practice of making overly aggressive forecasts. d. High turnover of accounting, internal audit, and information technology staff.

c. Management's practice of making overly aggressive forecasts.

Which of the following auditing procedures is ordinarily performed last? a. Reading minutes of the board of directors' meetings. b. Confirming accounts payable. c. Obtaining a client representation letter. d. Testing the purchasing function.

c. Obtaining a client representation letter.

Which of the following is a category of general controls? a. Processing controls. b. Output controls. c. Physical and online security. d. Input controls.

c. Physical and online security.

Which of the following is an incorrect combination of the "likelihood of occurrence" and financial statement treatment? a. Remote - no disclosure. b. Probable (amount is estimable) - financial statements are adjusted. c. Reasonably possible (amount is estimable) - financial statements are adjusted. d. Probable (amount is not estimable) - footnote disclosure is required.

c. Reasonably possible (amount is estimable) - financial statements are adjusted.

Which of the following statements best describes the auditor's responsibility regarding the detection of fraud? a. The auditor is responsible for the failure to detect fraud only when such failure clearly results from nonperformance of audit procedures specifically described in the engagement letter. b. The auditor must extend auditing procedures to actively search for evidence of fraud in all situations. c. The auditor must extend auditing procedures to actively search for evidence of fraud where the examination indicates that fraud may exist. d. The auditor is responsible for the failure to detect fraud only when an unqualified opinion is issued.

c. The auditor must extend auditing procedures to actively search for evidence of fraud where the examination indicates that fraud may exist.

A client has a calendar year-end. Listed below are four events that occurred after December 31. Which one of these subsequent events might result in adjustment of the December 31 financial statements? a. Sale of a major subsidiary. b. Adoption of accelerated depreciation methods. c. Write-off of a substantial portion of inventory as obsolete. d. Collection of 90% of the accounts receivable existing at December 31.

c. Write-off of a substantial portion of inventory as obsolete.

Auditors frequently refer to the terms audit assurance, overall assurance, and level of assurance to refer to ________. a. detection risk b. audit report risk c. acceptable audit risk d. none of the above

c. acceptable audit risk

Two determinants of the persuasiveness of evidence are: a. competence and sufficiency. b. relevance and reliability. c. appropriateness and sufficiency. d. independence and effectiveness.

c. appropriateness and sufficiency.

Many clients have outsourced the IT functions. The difficulty the independent auditor faces when a computer service center is used is to: a. gain the permission of the service center to review their work. b. find compatible programs that will analyze the service center's programs. c. determine the adequacy of the service center's internal controls. d. try to abide by the Code of Professional Conduct to maintain the security and confidentiality of client's data.

c. determine the adequacy of the service center's internal controls.

The least effective method of identifying related parties for a public company would be a(n): a. inquiry of management. b. review of SEC filings. c. distribution of the engagement letter to all stockholders. d. examination of stockholders' listings to identify principal stockholders.

c. distribution of the engagement letter to all stockholders.

To issue a report on internal control over financial reporting for a public company, an auditor must: a. evaluate management's assessment process. b. independently assess the design and operating effectiveness of internal control. c. evaluate management's assessment process and independently assess the design and operating effectiveness of internal control. d. test controls over significant account balances.

c. evaluate management's assessment process and independently assess the design and operating effectiveness of internal control.

A document which the auditor receives from the client, but was prepared by someone outside the client's organization is a(n) a. confirmation b. internal document c. external document d. inquiry

c. external document

Two key concepts that underlie management's design and implementation of internal control are: a. costs and materiality. b. absolute assurance and costs. c. inherent limitations and reasonable assurance. d. collusion and materiality.

c. inherent limitations and reasonable assurance.

Evidence is generally considered appropriate when: a. it has been obtained by random selection. b. there is enough of it to afford a reasonable basis for an opinion on financial statements. c. it has the qualities of being relevant, objective, and free from known bias. d. it consists of written statements made by managers of the enterprise under audit.

c. it has the qualities of being relevant, objective, and free from known bias.

An official record of meetings of the board of directors and stockholders is included in the corporate: a. bylaws. b. charter. c. minutes. d. license.

c. minutes.

Sarbanes-Oxley requires auditors of public companies to maintain audit documentation for what period of time? a. not less than 3 years b. not less than 5 years c. not less than 7 years d. none of the above

c. not less than 7 years

When the auditor suspects that fraud may be present, SAS No. 99 requires the auditor to: a. terminate the engagement with sufficient notice given to the client. b. issue an adverse opinion or a disclaimer of opinion. c. obtain additional evidence to determine whether material fraud has occurred. d. all of the above.

c. obtain additional evidence to determine whether material fraud has occurred.

Given the economic constraints in which auditors collect evidence, the auditor normally gathers evidence that is: a. irrefutable. b. conclusive. c. persuasive. d. completely convincing.

c. persuasive.

under an AAR, zero risk means

certainty

under an AAR, 100% risk means

complete uncertainty

What is control environment? (COSO)

consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and the owners of an entity about internal control and its importance to the entity

Which of the following is not a factor that relates to opportunities to misappropriate assets? a. Inadequate internal controls over assets. b. Presence of large amounts of cash on hand. c. Inappropriate segregation of duties or independent checks on performance. d. Adverse relationships between management and employees.

d. Adverse relationships between management and employees.

Which of the following would be least likely to occur in assessing a client's business risk? a. Evaluating management controls. b. Obtaining an understanding of the client's industry. c. Assess risks of material misstatements. d. All of the above are equally likely to occur.

d. All of the above are equally likely to occur.

Which of the following is not a type of audit evidence? a. Auditor discussion with client employees. b. Examination of credit memos issued at the end of the year. c. Recalculation of discounts issued on sales invoices. d. All of the above are types of audit evidence.

d. All of the above are types of audit evidence.

Which of the following is not one of the three primary objectives of effective internal control? a. Reliability of financial reporting b. Efficiency and effectiveness of operations c. Compliance with laws and regulations d. Assurance of elimination of business risk.

d. Assurance of elimination of business risk.

Which of the following is not one of the major types of analytical procedures? a. Compare client with industry averages. b. Compare client with prior year. c. Compare client with budget. d. Compare client with SEC averages

d. Compare client with SEC averages

Which of the following is not one of the conditions for fraud described in SAS No. 99? a. Attitudes/rationalization b. Opportunities c. Incentives/pressures d. Each of the above is a condition for fraud

d. Each of the above is a condition for fraud

Which of the following statements relating to the competence of evidential matter is always true? a. Evidence from outside an enterprise is always reliable. b. Accounting data developed under satisfactory conditions of internal control are more relevant than data developed under unsatisfactory internal control conditions. c. Oral representations made by management are not reliable evidence. d. Evidence must be both reliable and relevant to be considered appropriate.

d. Evidence must be both reliable and relevant to be considered appropriate.

In describing the cycle approach to segmenting an audit, which of the following statements is not true? a. All general ledger accounts and journals are included at least once. b. Some journals and general ledger accounts are included in more than one cycle. c. The "capital acquisition and repayment" cycle is closely related to the "acquisition of goods and services and payment" cycle. d. The "inventory and warehousing" cycle may be audited at any time during the engagement since it is unrelated to the other cycles.

d. The "inventory and warehousing" cycle may be audited at any time during the engagement since it is unrelated to the other cycles.

Which of the following is not a condition for a contingent liability to exist? a. There is a potential future payment to an outside party that would result from a current condition. b. There is uncertainty about the amount of the future payment. c. The outcome of an uncertainty will be resolved by some future event. d. The amount of the future payment is reasonably estimable.

d. The amount of the future payment is reasonably estimable.

Auditors usually obtain information about general and application controls through: a. interviews with IT personnel. b. examination of systems documentation. c. reading program change requests. d. all of the above methods.

d. all of the above methods.

A tour of the client's facilities is helpful in obtaining an understanding of the operations because: a. the auditor will be able to assess the physical safeguards over assets. b. the auditor may be better able to assess certain inherent risks. c. the auditor obtains a broader perspective about the company as a whole. d. all of the above.

d. all of the above.

As part of the brainstorming sessions, auditors are directed to emphasize: a. areas where fraud may occur. b. the need for professional skepticism. c. the audit team's response to potential fraud risks. d. all of the above.

d. all of the above.

Sources of information gathered to assess fraud risks include: a. analytical procedures b. inquiries of management c. communication among audit team members d. all of the above.

d. all of the above.

At the completion of the audit, management is asked to make a written statement that it is not aware of any undisclosed contingent liabilities. This statement would appear in the: a. management letter. b. letter of inquiry. c. letters testamentary. d. letter of representation.

d. letter of representation.

When planning the audit, if the auditor has no reason to believe that illegal acts exist, the auditor should: a. include audit procedures which have a strong probability of detecting illegal acts. b. still include some audit procedures designed specifically to uncover illegalities. c. ignore the issue. d. make inquiries of management regarding their policies for detecting and preventing illegal acts and regarding their knowledge of violations, and then rely on normal audit procedures to detect errors, irregularities, and illegalities.

d. make inquiries of management regarding their policies for detecting and preventing illegal acts and regarding their knowledge of violations, and then rely on normal audit procedures to detect errors, irregularities, and illegalities.

Old and new systems operating simultaneously in all locations is a test approach known as: a. pilot testing. b. horizontal testing. c. integrative testing. d. parallel testing.

d. parallel testing.

SAS No. 99 and SAS No. 54 require the auditor to communicate all frauds and illegal acts to the audit committee: a. only if the act is immaterial. b. only if the act is material. c. only if the act is highly material. d. regardless of materiality.

d. regardless of materiality.

The auditor has a responsibility to review transactions and activities occurring after the year-end to determine whether anything occurred that might affect the statements being audited. The procedures required to verify these transactions are commonly referred to as the review for: a. contingent liabilities. b. subsequent year's transactions. c. late unusual occurrences. d. subsequent events.

d. subsequent events.

The auditor typically does not assess control risk and inherent risk for: a. each audit objective. b. each cycle. c. each account. d. the overall audit.

d. the overall audit.

When auditors allocate the preliminary judgment about materiality to account balances, the materiality allocated to any given account balance is referred to as: a. the materiality range. b. the error range. c. tolerable materiality. d. tolerable misstatement.

d. tolerable misstatement.

What is monitoring? (COSO)

deal with ongoing or periodic assessment of the quality of internal control by management to determine that controls are operating as intended and that they are modified as appropriate for changes in conditions

if client set unreasonable objectives or if performance measurement objectives are aggressive, there is a _________ inherent risk

greater

a high control risk results in a _____ PDR

high

What is an audit program

includes a list of the audit procedures the auditor considers necessary - sample sizes - items to select - timing of tests

What are the moderately costly types of evidence

inspection analytical procedures reperformance

What is risk assessment? (COSO)

involves a process for identifying and analyzing risks that may prevent the organization from achieving its objectives

If PDR is high, you will need _____ evidence

less

when AAR is high, the ____ amount of misstatements

less

a low control risk results in a _____ PDR

low

The auditor obtains an understanding of the design and implementation of internal control to:

make a preliminary assessment of control risk

Who establishes the strategies and processes followed by clients business

management

Corporate Governance Oversight to Reduce Fraud Risk: management is responsible for implementing corporate governance and control procedures to

minimize risk of fraud, can be reduced with a combo of: - prevention - deterrence - detection measures

If PDR is low, you will need _____ evidence

more

The lower the $ amount of preliminary judgement, the ________ evidence is required

more

when AAR is low, the ____ amount of misstatements

more

Specific Fraud Risk Areas: Purchases and A/P fraud risks include:

most common fraud in the acquisitions area - perpetrator issues payments to fictitious vendors and deposit cash in fictitious accounts

What are the least costly types of evidence

observation inquiries to the client recalculation

What are the 2 most costly types of evidence

physical examination and confirmations

Control risk is inversely related to

planned detection risk

the audit risk model is used when determining what risk

planned detection risk

what phase does the evaluation of Inherent risk start in

planning phase

A system of internal controls consists of

policies and procedures designed to provide mgmt with reasonable assurance that the company achieves its objectives and goals

_______ is used to set and apply materiality guidelines

professional judgement

What is the purpose of using a control risk matrix

provides a convenient way to organize assessing control risk for each audit objective

What are the 4 things the PCAOB does?

provides oversight for auditors, establishes auditing and quality control standards, inspects the quality controls, and requires annual inspections of companies with more than 100 issuers (every 3 years for companies under 100)

What is audit documentation?

record of the audit procedures performed, relevant audit evidence, and conclusions the auditor reached

Is materiality a relative or absolute concept?

relative

what is one of the most fraudulent areas in the FS

revenue recognition

Many auditors use _______ to generate audit programs

software packages

What are tests of controls

the procedures to test effectiveness of controls in support of a reduced assessed control risk

A combination of Control risk and Inherent risk is known as

the risk of material misstatement

What is engagement risk?

the risk that the auditor or firm will suffer harm because of a client relationship, even though the audit report was correct

What is business risk?

the risk that the client does not meet objectives

What is information and communication? (COSO)

to initiate, record, process, and report the entity's transactions and to maintain accountability for the related assets

Adverse Opinion

when one or more material weaknesses exist