CH 6 MC
D. Affect the financial statement assertions.
6-12 An auditor's primary consideration regarding an entity's internal controls is whether they: A. Prevent management override. B. Relate to the control environment. C. Reflect management's philosophy and operating style. D. Affect the financial statement assertions.
D. The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.
6-13 Which of the following statements about internal control is correct? A. A properly maintained internal control system reasonably ensures that collusion among employees cannot occur. B. The establishment and maintenance of internal control is an important responsibility of the internal auditor. C. An exceptionally strong internal control system is enough for the auditor to eliminate substantive procedures on a significant account balance. D. The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.
D. All of the above are correct.
6-14 Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective? A. Effectiveness and efficiency of operations. B. Reliability of financial reporting. C. Compliance with applicable laws and regulations. D. All of the above are correct.
D. The independent auditor can serve as part of the entity's control environment and continuous monitoring.
6-15 Monitoring is a major component of the COSO Internal Control - Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component? A. Monitoring can be an ongoing process. B. Monitoring can be conducted as a separate evaluation. C. Monitoring and other audit work conducted by internal audit staff can reduce external audit costs. D. The independent auditor can serve as part of the entity's control environment and continuous monitoring.
A. Believes the internal controls are unlikely to be effective.
6-16 After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because he or she: A. Believes the internal controls are unlikely to be effective. B. Determines that the pertinent internal control components are not well documented. C. Performs tests of controls to restrict detection risk to an acceptable level. D. Identifies internal controls that are likely to prevent material misstatements.
C. Substantive procedures to restrict detection risk for significant transaction classes.
6-17 Regardless of the assessed level of control risk, an auditor would perform some: A. Tests of controls to determine the effectiveness of internal controls. B. Analytical procedures to verify the design of internal controls. C. Substantive procedures to restrict detection risk for significant transaction classes. D. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
B. Concluding that controls are ineffective.
6-18 Assessing control risk below high involves all of the following except: A. Identifying specific controls to rely on. B. Concluding that controls are ineffective. C. Performing tests of controls. D. Analyzing the achieved level of control risk after performing tests of controls.
B. Reperformance of the control by the auditor.
6-19 Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the operation of a control? A. Inquiry of entity personnel. B. Reperformance of the control by the auditor. C. Observation of entity personnel. D. Walkthrough.
B. Observation by the auditor of the employees performing control activities.
6-20 The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by: A. Inspection of documents prepared by a third party but which contain the initials of those applying entity controls. B. Observation by the auditor of the employees performing control activities. C. Inspection of a flowchart of duties performed and available personnel. D. Inquiries of employees who apply control activities.
D. Assess whether the service organization's controls are suitably designed and operating effectively.
6-21 SOC 1, Type 2 reports by the service organization's auditor typically: A. Provide reasonable assurance that their financial statements are free of material misstatements. B. Ensure that the entity will not have any misstatements in areas related to the service organization's activities. C. Ensure that the entity is billed correctly. D. Assess whether the service organization's controls are suitably designed and operating effectively.
C. Significant deficiencies in the design or operation of the internal control.
6-22 Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent: A. Disclosures of information that significantly contradict the auditor's going concern assumption. B. Material fraud or illegal acts perpetrated by high-level management. C. Significant deficiencies in the design or operation of the internal control. D. manipulation or falsification of accounting records or documents from which financial statements are prepared.
D. General controls.
6-23 An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus? A. Data capture controls. B. Application controls. C. Output controls. D. General controls.
B. Understanding of the system.
6-24 An auditor's flowchart of an entity's accounting system is a diagrammatic representation that depicts the auditor's: A. Program for tests of controls. B. Understanding of the system. C. Understanding the types of fraud that are probable, given the present system. D. Documentation of the study and evaluation of the system.
The control environment component of internal control includes all of the following except: Multiple Choice Management's philosophy and operating style. Access to computer programs. Organizational structure. Human resource policies and practices.
Access to computer programs.
Where computer processing is used in significant accounting applications, internal control activities may be defined by classifying control activities into two types: general and Multiple Choice Administrative. Specific. Application. Authorization.
Application.
B. National Association of State Boards of Accountancy (NASBA)
BME 4-1 Which of the following is not one of the sponsoring organizations comprising COSO? A. The Institute of Internal Auditors (IIA) B. National Association of State Boards of Accountancy (NASBA) C. The Institute of Management Accountants (IMA) D. The American Accounting Association (AAA) E. Financial Executives International (FEI)
D. Performance reviews.
BME 4-2 Which of the following is not specifically associated with an entity's "control environment" as presented in AICPA Professional Standards? A. Communication and enforcement of integrity and ethical values. B. Participation of those charged with governance. C. The entity's assignment of authority and responsibility. D. Performance reviews. E. Human resource policies and practices.
C. Believe that the costs associated with performing tests of controls would exceed any potential reduction in substantive testing associated with a reliance strategy.
BME 4-3 After obtaining an understanding of an entity's internal control system, the auditor may set control risk "at the maximum level" for some assertions because they: A. Determine that the relevant internal control components are well documented. B. Perform tests of controls to restrict detection risk to an acceptable level. C. Believe that the costs associated with performing tests of controls would exceed any potential reduction in substantive testing associated with a reliance strategy. D. Believe the internal controls are likely to be effective. E. Identify internal controls that are likely to prevent material misstatements.
An entity's control activities include all of the following except: Multiple Choice Performance reviews. Information processing. External auditor's tests of controls. Segregation of duties.
External auditor's tests of controls.
To obtain evidential matter about control risk, an auditor selects tests from a variety of techniques including: Multiple Choice Inquiry. Analytical procedures. Calculation. Confirmation.
Inquiry.
For a complex IT system, auditors are least likely to use which of the following when documenting their understanding of internal controls? Multiple Choice Narratives. Internal control questionnaires. Flowcharts. Organization charts.
Narratives.
A procedure that would most likely be used by an auditor in performing tests of control activities that involve segregation of functions but which leave no transaction trail is: Multiple Choice Inspection. Observation. Reperformance. Reconciliation.
Observation.
Which of the following procedures most likely would provide an auditor with evidence about whether an entity's internal control is suitably designed to prevent or detect material misstatements? Multiple Choice Scanning the journals produced by the internal control system. Performing analytical procedures using data aggregated at a high level. Vouching a sample of transactions directly related to the controls. Observing the entity's personnel applying the controls.
Observing the entity's personnel applying the controls.
The basic concept of internal control that recognizes the cost of internal control should not exceed the benefits expected to be derived is known as: Multiple Choice Reasonable assurance. Management responsibility. Limited liability. Management by exception.
Reasonable assurance.
The independent auditor selects several transactions in each functional area and traces them through the entire system, paying special attention to evidence about whether or not the control activities are in operation. This is an example of a(n): Multiple Choice Analytical procedure. Test of controls Substantive procedure. Functional test.
Test of controls.
Which of the following audit tests would be regarded as a test of controls? Multiple Choice Tests of the specific items making up the balance in a given general ledger account. Tests comparing inventory pricing to vendors' invoices. Tests of the signatures on canceled checks to the board of directors' authorizations. Tests of the additions to property, plant, and equipment by physical inspections.
Tests of the signatures on canceled checks to the board of directors' authorizations.
The risk assessment component of internal control refers to Multiple Choice The auditor's assessment of control risk. The auditor's assessment of client risk. The entity's identification and analysis of risks relevant to achievement of its objectives. The entity's monitoring of the potential for material misstatements.
The entity's identification and analysis of risks relevant to achievement of its objectives.
If auditors conduct substantive procedures as of 10/31 for an entity with a 12/31 year-end: Multiple Choice additional tests are seldom conducted for the remaining period. additional control tests are required in the remaining period. the entity's controls likely are ineffective. additional tests likely will be performed in the remaining period.
additional tests likely will be performed in the remaining period.
An entity's internal controls are most relevant to the auditor when the policies and procedures: Multiple Choice affect the financial statement assertions. relate to management's planning decisions. address management's operating decisions. reflect management's philosophy and operating style.
affect the financial statement assertions.
A high detection risk strategy includes all of the following except: Multiple Choice interim testing. reduced testing of transactions. heavy reliance on analytical procedures as substantive procedures. audit work only completed at year-end.
audit work only completed at year-end.
Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of: Multiple Choice authorization, execution, and payment. authorization, recording, and custody. custody, execution, and reporting. authorization, payment, and recording.
authorization, recording, and custody.
The documentation of an auditor's understanding of internal controls: Multiple Choice is optional. must be exclusively in narrative, questionnaires, or flowchart form. must include flowcharts. can include any combination of narratives, questionnaires, or flowcharts.
can include any combination of narratives, questionnaires, or flowcharts.
Assessing control risk at a lower level involves all of the following except: Multiple Choice identifying specific controls to rely on. concluding that controls are ineffective. performing tests of controls. analyzing the achieved level of control risk after performing tests of controls.
concluding that controls are ineffective.
Before applying substantive procedures to the details of accounts at an interim date (a date prior to the balance sheet date), an auditor should: Multiple Choice assess control risk at high for the assertions embodied in the accounts selected for interim testing. determine that the accounts selected for interim testing are not material to the financial statements taken as a whole. consider the availability of information at a later date that will be necessary for the auditor's procedures (e.g., electronic data). obtain written representations from management that all financial records and related data will be made available.
consider the availability of information at a later date that will be necessary for the auditor's procedures (e.g., electronic data).
Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent: Multiple Choice disclosures of information that significantly contradict the auditor's going concern assumption. material fraud or illegal acts perpetrated by high-level management. deficiencies in the design of controls or failures in the operation of internal controls. manipulation or falsification of accounting records or documents from which financial statements are prepared.
deficiencies in the design of controls or failures in the operation of internal controls.
Audit evidence concerning proper segregation of duties ordinarily is best obtained by: Multiple Choice preparation of a flowchart of duties performed by available personnel. inquiring whether control activities operated consistently throughout the period. reviewing job descriptions prepared by the Personnel Department. direct personal observation of the employees who apply the control activities.
direct personal observation of the employees who apply the control activities.
When an auditor increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increase the: Multiple Choice extent of tests of details. level of inherent risk. extent of tests of controls. level of detection risk.
extent of tests of details.
Assessing control risk at a lower level most likely would involve: Multiple Choice changing the timing of substantive procedures by omitting interim testing and performing the tests at year-end. identifying specific internal controls relevant to specific assertions. performing more extensive substantive procedures with larger sample sizes than originally planned. reducing inherent risk for most of the assertions relevant to significant account balances.
identifying specific internal controls relevant to specific assertions.
All of the following are significant deficiencies except: Multiple Choice inadequate design of internal control over a significant account or process. management override of controls. inadequate provisions for safeguarding assets. inventory is highly subject to obsolescence.
inventory is highly subject to obsolescence.
In evaluating internal control, the auditor is basically concerned that the system provides reasonable assurance that: Multiple Choice operational efficiency has been achieved in accordance with management plans. material misstatements have been prevented, or detected and corrected. controls have not been circumvented by collusion. management cannot override the system.
material misstatements have been prevented, or detected and corrected.
Walkthroughs usually involve all of the following audit procedures except: Multiple Choice Reperformance. Inquiry. Observation. Inspection.
reperformance
The auditor's communication of material weaknesses in internal control for a nonpublic company is: Multiple Choice required to enable the auditor to state that the examination has been made in accordance with generally accepted auditing standards. the principle reason for studying and evaluating the system of internal controls. required even though the financial statement audit for private companies does not require an audit of the entity's system of internal control. required to be included as part of the audit opinion.
required even though the financial statement audit for private companies does not require an audit of the entity's system of internal control.
The auditor should consider all of the following when deciding whether substantive procedures will be performed at an interim date except: Multiple Choice the control environment and other relevant controls. scheduling conflicts in the audit firm that make interim testing more convenient. the purpose of the substantive procedure. the assessed risk of material misstatement.
scheduling conflicts in the audit firm that make interim testing more convenient.
In obtaining an understanding of an entity's internal control in a financial statement audit of a nonpublic company, an auditor is not obligated to: Multiple Choice determine whether the control activities have been placed in operation. perform procedures to understand the design of the internal control policies. document the understanding of the entity's internal control components. search for significant deficiencies in the operation of the internal control.
search for significant deficiencies in the operation of the internal control.
In a properly designed internal control system, the same employee may be permitted to: Multiple Choice receive and deposit checks and also approve write-offs of customer accounts. approve vouchers for payment and also sign checks. reconcile the bank statements and also receive and deposit cash. sign checks and also cancel supporting documents.
sign checks and also cancel supporting documents.
Management philosophy and operating style most likely would have a significant influence on an entity's control environment when: Multiple Choice internal audit personnel have direct access to the board of directors and the entity's management. the entity does not have sound personnel policies for hiring, training, and evaluating competent individuals. accurate management job descriptions delineate specific duties. the audit committee actively oversees the financial reporting process.
the entity does not have sound personnel policies for hiring, training, and evaluating competent individuals.
As the acceptable level of detection risk increases, an auditor may change the: Multiple Choice assessed level of control risk from a lower level to a higher level. assurance provided by tests of controls by using a larger sample size than planned. timing of substantive procedures from year-end to an interim date. nature of substantive procedures from less effective to more effective procedures.
timing of substantive procedures from year-end to an interim date.
An auditor is least likely to test the internal controls that provide for: Multiple Choice approval of the purchase and sale of marketable securities. vouching a sample of sales transactions to make sure each one has an accompanying shipping document. segregation of the functions of recording disbursements and reconciling the bank account. comparison of receiving reports and vendors' invoices with purchase orders.
vouching a sample of sales transactions to make sure each one has an accompanying shipping document.