Auditing Ch 6
After completing the preliminary phase of the review of internal control, the auditor decides not to rely on the system to restrict substantive procedures. Documentation may be limited to the auditor's
Understanding of the internal control.
In planning an audit of a new client, an auditor most likely would consider the methods used to process accounting information because such methods
Influence the design of internal controls.
As opposed to a manual control, an automated control
Should function consistently in the absence of program changes.
In a properly designed internal control system, the same employee may be permitted to
Sign checks and also cancel supporting documents.
The control environment component of internal control includes all of the following except
Access to computer programs
It is important for the CPA to consider the competence of the entity's employees because their competence bears directly and importantly upon the
Achievement of the objectives of the system of internal control.
If auditors conduct substantive procedures as of 10/31 for an entity with a 12/31 year-end
Additional tests likely will be performed in the remaining period
An auditor's primary consideration regarding an entity's internal controls is whether the policies and procedures
Affect the financial statement assertions.
In the audit of financial statements, an auditor's primary consideration regarding an internal control policy or procedure is whether the policy or procedure
Affects management's financial statement assertions.
The documentation of an auditor's understanding of internal controls
Can include any combination of narratives, questionnaires, or flowcharts.
Where computer processing is used in significant accounting applications, internal control activities may be defined by classifying control activities into two types: general and
Application
Before applying substantive procedures to the details of asset and liability accounts at an interim date, the auditor should
Assess the difficulty in controlling achieved audit risk for the remainder of the period.
Reports on service organizations typically
Assess whether the service organization's controls are suitably designed to achieve internal control objectives.
Which of the following statements concerning control risk is correct?
Assessing control risk and obtaining an understanding of an entity's internal controls may be performed concurrently.
A high detection risk strategy includes all of the following except
Audit work only completed at year-end.
Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of
Authorization, recording, and custody.
Of the following statements about an internal control system, which one is correct?
Because of the cost/benefit relationship, tests of controls may be applied on a test basis in some circumstances.
A customer intended to order 100 units of product Z96014, but incorrectly ordered 100 units of a nonexistent product Z96015. Which of the following controls most likely would detect this error?
Check digit verification.
Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission?
Check digit.
A field test is a
Check on a field to ensure that it contains either all numeric or all alphabetic characters.
An auditor is least likely to test the internal controls that provide for
Classification of revenue and expense transactions by product line
Information and communication includes all of the following except:
Communicating price changes to customers
Assessing control risk at a lower level involves all of the following except:
Concluding that controls are ineffective.
Before applying substantive procedures to the details of accounts at an interim date (a date prior to the balance sheet date), an auditor should
Consider the availability of information at a later date that will be necessary for the auditor's procedures (e.g., electronic data).
An effective control environment
Creates a commitment to competence
General controls include all of the following except
Data validation controls.
The program flowcharting symbol representing a decision is a
Diamond.
Effective internal control in a small company that has an insufficient number of employees to permit proper division of responsibilities can best be enhanced by
Direct participation by the owner of the business in the recordkeeping activities of the business.
Audit evidence concerning proper segregation of duties ordinarily is best obtained by
Direct personal observation of the employees who apply the control activities.
In an audit of financial statements of a private company in accordance with generally accepted auditing standards, an auditor is required to
Document the auditor's understanding of the entity's internal control
Internal controls are not designed to provide reasonable assurance that
Embezzlement will be eliminated
An organizational structure is important for all of the following reasons except:
Ensuring a proper commitment to controls.
An auditor would most likely be concerned with internal control policies and procedures that provide reasonable assurance about the
Entity's ability to accurately process and summarize financial data.
In evaluating internal control, the auditor is basically concerned that the system provides reasonable assurance that
Errors and fraud have been prevented, or detected and corrected.
When an auditor increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increase the
Extent of tests of details.
An entity's control activities include all of the following except:
External auditor's tests of controls.
A reliance strategy is used when control risk has been set at high. (T/F)
FALSE
Internal control consists of six components. (T/F)
FALSE
Once a level of control risk has been established, it cannot be changed. (T/F)
FALSE
The auditor must understand internal control before assessing inherent risk. (T/F)
FALSE
Auditors are most likely to gather audit evidence solely using substantive procedures
For nonrecurring, unusual transactions
An entity's IT infrastructure refers to
Hardware components.
Assessing control risk at a lower level most likely would involve
Identifying specific internal controls relevant to specific assertions.
The auditor's communication of material weaknesses in internal control for a nonpublic company is
Incidental to the auditor's objective of forming an opinion as to the fair presentation of the financial statements.
Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal controls?
Incompatible duties.
A substantive strategy differs from a reliance strategy in that a substantive strategy includes
Increased implementation of detailed tests of transactions and balances.
Based on a study and evaluation completed at an interim date, the auditor concludes that no significant internal control weaknesses exist. The records and procedures would most likely be tested again at year-end if
Inquiries and observations lead the auditor to believe that conditions within the internal control system have changed.
To obtain evidential matter about control risk, an auditor selects tests from a variety of techniques including
Inquiry.
Which of the following procedures most likely would be included as part of an auditor's tests of controls?
Inspection.
All of the following are significant deficiencies except:
Inventory is highly subject to obsolescence
Factors that the auditor should consider as increasing the effectiveness of the audit committee include all of the following except whether:
It is comprised almost exclusively of members of management, ensuring detailed knowledge of the company's operations.
After obtaining an understanding of internal controls and assessing control risk of an entity, an auditor decided not to perform tests of controls for purposes of the audit. The auditor most likely decided that
It would be inefficient to perform tests of controls that would result in a reduction in planned substantive procedures.
Management philosophy and operating style most likely would have a significant influence on an entity's control environment when
Management is dominated by one individual.
Management's attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity's control environment when
Management is dominated by one individual.
A primary purpose of internal controls is to
Meet objectives of maintaining reliable documents and records and accurate financial reporting.
Potential benefits of an entity's controls in an IT environment include all of the following except:
More accurate accounting estimates
For a complex IT system, auditors are least likely to use which of the following when documenting their understanding of internal controls?
Narratives.
For certain controls, such as segregation of duties, documentary evidence may not exist. An auditor would most likely test the procedures by
Observation and inquiry.
A procedure that would most likely be used by an auditor in performing tests of control activities that involve segregation of functions but which leave no transaction trail is
Observation.
Which of the following procedures most likely would provide an auditor with evidence about whether an entity's internal control is suitably designed to prevent or detect material misstatements?
Observing the entity's personnel applying the controls.
As part of gaining an initial understanding of internal control, an auditor is required to do all of the following except:
Obtain knowledge about the operating effectiveness of the internal control.
Assume that an auditor estimates that 10,000 checks were issued during the accounting period. If an IT application control which performs a limit check for each check request is to be subjected to the auditor's test data approach, the sample should include
One transaction
A well-prepared flowchart should make it easier for the auditor to
Perform walkthroughs.
An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts
Provide a visual depiction of the entity's activities.
The basic concept of internal control that recognizes the cost of internal control should not exceed the benefits expected to be derived is known as
Reasonable assurance.
Walkthroughs usually involve all of the following audit procedures except:
Reperformance.
A flowchart is most frequently used by an auditor in connection with the
Review of the entity's internal controls.
The auditor should consider all of the following when deciding whether substantive procedures will be performed at an interim date except:
Scheduling conflicts in the audit firm that make interim testing more convenient.
During consideration of internal control in a financial statement audit of a nonpublic company, an auditor is not obligated to
Search for significant deficiencies in the operation of internal control.
In obtaining an understanding of an entity's internal control in a financial statement audit of a nonpublic company, an auditor is not obligated to
Search for significant deficiencies in the operation of the internal control
Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent
Significant design flaws in internal controls or poor implementation of internal controls.
When documenting an entity's internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a
Symbolic representation of a system or series of sequential processes.
Which of the following is a general control that would most likely assist an entity whose systems analyst left the entity in the middle of a major project?
Systems documentation.
A substantive strategy is used when control risk has been set at high. (T/F)
TRUE
Internal control includes monitoring of controls. (T/F)
TRUE
One of the risks associated with internal control from IT is potential loss of data. (T/F)
TRUE
Tests of controls must be performed if control risk is set at a lower level. (T/F)
TRUE
The concept of internal control includes IT systems and manual systems. (T/F)
TRUE
The extent of an entity's use of IT can affect any of the components of internal control. (T/F)
TRUE
The independent auditor selects several transactions in each functional area and traces them through the entire system, paying special attention to evidence about whether or not the control activities are in operation. This is an example of a(n)
Test of controls.
A limit test is a
Test to ensure that a numerical value does not exceed some predetermined value.
Which of the following audit tests would be regarded as a test of controls?
Tests of the signatures on canceled checks to the board of directors' authorizations
After the auditor has prepared a flowchart of the internal controls surrounding sales and evaluated the design of the system, the auditor would perform tests of controls on all control activities
That the auditor plans to rely on.
The concept of reasonable assurance in the context of an entity's internal controls recognizes that
The costs of some controls may be too high to implement in relation to potential benefits.
The risk assessment component of internal control refers to
The entity's identification and analysis of risks relevant to achievement of its objectives
Proper monitoring within an internal control framework may include all of the following except:
The internal revenue service.
Which of the following is not a characteristic of a batch processed computer system?
The posting of a transaction, as it occurs, to several files, without intermediate printouts
When communicating internal control-related matters noted in an audit of a nonpublic company, an auditor's report issued on significant deficiencies should indicate that
The purpose of the audit was to report on the financial statements and not to provide assurance on internal control.
While substantive procedures may support the accuracy of underlying records, these tests frequently provide no affirmative evidence of segregation of duties because
The records may be accurate even though they are maintained by persons having incompatible functions.
An IT specialist is least likely to be necessary when
The system has not changed from the prior year.
The independent auditor should acquire an understanding of the internal audit function as it relates to the assessment of control risk because
The work performed by internal audit personnel may be a factor in determining the nature, timing, and extent of the independent auditor's procedures
As the acceptable level of detection risk increases, an auditor may change the
Timing of substantive procedures from year-end to an interim date.
The normal sequence of documents and operations on a well-prepared systems flowchart is
Top to bottom and left to right.