Chapter 5 Auditing
After obtaining an understanding of the entity's internal control and assessing control risk, an auditor of a non-public company decided not to perform additional tests of controls. The auditor most likely concluded that the: A) additional evidence to support a further reduction in control risk was not cost beneficial. B) assessed level of inherent risk exceeded the assessed level of control risk. C) internal control structure was properly designed and justifiably may be relied on. D) evidence obtainable through tests of controls would not support an increased level of control risk.
A
An audit team's responsibility would not include: A) designing client's internal controls. B) documentation of understanding of a client's internal controls. C) communicating internal control deficiencies. D) assessing the effectiveness of a client's internal controls.
A
When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate? A) Test the operating effectiveness of such controls in the current audit. B) Document that reliance and proceed with the original audit strategy. C) Inquire of management as to the effectiveness of the controls. D) Report the reliance in the report on internal controls.
A
Which of the following is a definition of control risk? A) The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls. B) The risk that the auditor will not detect a material misstatement. C) The risk that the auditor's assessment of internal controls will be at less than the maximum level. D) The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.
A
A set of characteristics that helps to define a seriousness about employees' attitudes about the control activities in a company is referred to as: A) management assertions. B) the control environment. C) control risk assessment. D) functional responsibilities.
B
An auditor is concerned about a policy of management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor's concern? A) Matching purchase orders to accounts payable. B) Verifying that approved spending limits are not exceeded. C) Tracing sales orders to the revenue account. D) Reviewing minutes of board meeting.
B
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been: A) authorized. B) implemented. C) tested. D) monitored.
B
Which of the following factors is most likely to affect the extent of the documentation of the auditor's understanding of a client's system of internal controls? A) The industry and the business and regulatory environments in which the client operates. B) The degree to which information technology is used in the accounting function. C) The relationship between management, the board of directors, and external stakeholders. D) The degree to which the auditor intends to use internal audit personnel to perform substantive tests.
B
Which of the following outcomes is a likely benefit of information technology used for internal control? A) Processing of unusual or nonrecurring transactions. B) Enhanced timeliness of information. C) Potential loss of data. D) Recording of unauthorized transactions.
B
Which of the following statements is correct regarding internal control? A) A well-designed internal control environment ensures the achievement of an entity's control objectives. B) An inherent limitation to internal control is the fact that controls can be circumvented by management override. C) A well-designed and operated internal control environment should detect collusion perpetrated by two people. D) Internal control is a necessary business function and should be designed and operated to detect all errors and fraud.
B
An auditor is evaluating a client's internal controls. Which of the following situations would be the most difficult internal control issue for an auditor to detect? A) The accounting staff neglects the control, due to increased transactions to be processed. B) The technology department writes a program that does not properly implement the control, due to a lack of understanding. C) Two employees, who work in different departments, are circumventing an internal control. D) Someone erroneously disables edit checks in a software program designed to identify control exceptions.
C
Each of the following types of controls is considered to be an entity-level control, except those: A) relating to the control environment. B) pertaining to the company's risk assessment process. C) regarding the company's annual stockholder meeting. D) addressing policies over significant risk management practices.
C
Regardless of the assessed level of control risk, an auditor of a non-public company would perform some: A) tests of controls to determine the effectiveness of internal control policies. B) analytical procedures to verify the design of internal control activities. C) substantive tests to restrict detection risk for significant transaction classes. D) dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
C
The "obtaining an understanding" work phase (Phase 1) of internal control evaluation would not give auditors an overall acquaintance with the client's: A) control environment. B) information and communication system. C) control activity effectiveness. D) monitoring activities.
C
Which of the following is not a component of internal controls? A) Control environment. B) Control activities. C) Inherent risk. D) Monitoring.
C
Which of the following procedures is considered a test of controls? A) An auditor reviews the entity's check register for unrecorded liabilities. B) An auditor evaluates whether a general journal entry was recorded at the proper amount. C) An auditor interviews and observes appropriate personnel to determine segregation of duties. D) An auditor reviews the audit workpapers to ensure proper sign-off.
C
Which of the following should an auditor do when control risk is assessed at the maximum level? A) Perform fewer substantive tests of details. B) Perform more tests of controls. C) Document the assessment. D) Document the control structure more extensively.
C
Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks? A) The relevant internal control components are not well documented. B) The internal auditor already has tested the relevant controls and found them effective. C) Testing the operating effectiveness of the relevant controls would not be efficient. D) The cost of substantive procedures will exceed the cost of testing the relevant controls.
C
Control activities intended to ensure that transactions are recorded in the right period are designed to achieve the ASB assertion of: A) occurrence. B) accuracy. C) valuation or allocation. D) cutoff.
D
Sound internal control can be described as separating all of the following duties and responsibilities except for: A) transaction authorization. B) recordkeeping. C) custody of, or direct access to, assets. D) hiring of employees.
D
The appropriate separation of duties does not include: A) authorization to execute transactions. B) recording of transactions. C) custody of assets involved in the transactions. D) data preparation.
D
Which of the following activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud? A) Distributing paychecks directly to department store employees. B) Setting the pay rate for departmental employees. C) Hiring employees and authorizing them to be added to payroll. D) Approving a summary of hours each employee worked during the pay period.
D
Which of the following is a factor in the control environment? A) Segregation of duties. B) Information processing. C) Performance reviews. D) Management's philosophy and operating style.
D
Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization? A) Disclosing lack of segregation of duties to the external auditors during the annual review. B) Replacing personnel every three or four years. C) Requiring accountants to pass a yearly background check. D) Allowing for greater management oversight of incompatible activities.
D
Which of the following payroll control activities would most effectively ensure that payment is made only for work performed? A) Require all employees to record arrival and departure by using the time clock. B) Have a payroll clerk recalculate all time cards. C) Require all employees to sign their time cards. D) Require employees to have their direct supervisors approve their time cards.
D