Chapter 6

Which of the following statements are correct? The auditor must learn about each business process that affects all account balances in the financial statements. The auditor should understand the control procedures used by the entity to provide financial statement assurance. Understanding the information system requires knowing how IT is involved in data processing.

Understanding the information system requires knowing how IT is involved in data processing. The auditor should understand the control procedures used by the entity to provide financial statement assurance.

Which of the following statements are correct? Violations of control activities by senior management are easy to detect with normal audit procedures. Senior management may override an entity's internal controls. Violations of internal control raise serious questions about management integrity.

Senior management may override an entity's internal controls. Violations of internal control raise serious questions about management integrity.

Factors that can impact the effectiveness of the board of directors or audit committee include - experience of members - nature and extent of interactions with auditors - compensation packages - information availability - stock performance

experience of members nature and extent of interactions with auditors information availability

Large public companies are required to engage an _______ auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting

external

True or false: An entity's external auditor does not need to be concerned about the internal control system at service organizations used by the entity.

false

On a flowchart, the movement of documents, records or information is shown using ______. flow arrows online storage display annotation

flow arrows

From the auditor's perspective, a(n) __________ is a diagrammatic representation of the entity's accounting system.

flowchart

the auditor's understanding of an entity's internal control over financial reporting are documented using diagrammatic representation known as a(n)

flowchart

These provide a diagrammatic representation of the entity's accounting system procedures manuals organizational charts internal control questionnaires flowcharts

flowcharts

Controls that relate to the overall information processing environment, have a pervasive effect on the entity's computer operation and are sometimes referred to as supervisory, management or information technology controls are called __________ controls

general

the two broad categories of information systems controls are ________ controls and _________ controls

general, application

Important components of effective internal controls for an entity include _________ - having an effective board of directors - a strong internal audit function - removing performance dependent rewards - setting unrealistic performance targets

having an effective board of directors a strong internal audit function removing performance dependent rewards

An effective accounting system establishes methods and records that will ______. present transaction and disclosures in a manner than ensures profitability for the entity describe transactions in sufficient detail to permit proper classification identify and record all valid transactions determine the proper time period in which transactions occurred

identify and record all valid transactions describe transactions in sufficient detail to permit proper classification determine the proper time period in which transactions occurred

An effective accounting system establishes methods and records that will ______. identify and record all valid transactions determine the proper time period in which transactions occurred present transaction and disclosures in a manner than ensures profitability for the entity describe transactions in sufficient detail to permit proper classification

identify and record all valid transactions determine the proper time period in which transactions occurred describe transactions in sufficient detail to permit proper classification

In order to set control risk below a high level, the auditor must ______. rely upon the work of the internal audit function identify specific controls that will be relied upon conclude on the achieved level of control risk confer with the audit committee perform test of the identified controls

identify specific controls that will be relied upon perform test of the identified controls conclude on the achieved level of control risk

The auditor may decide to follow a substantive strategy for some or all assertions because ______. implemented controls do not pertain to the assertion under consideration tests of controls have been used to assess control risk implemented controls are assessed as ineffective testing the operating effectiveness of the controls would be inefficient

implemented controls do not pertain to the assertion under consideration implemented controls are assessed as ineffective testing the operating effectiveness of the controls would be inefficient

A deficiency, or combination of deficiencies, in internal controls, such that there is a reasonable possibility that a material misstatement of the entity's financial statement will not be prevented, or detected and corrected on a timely basis is a ______. significant deficiency material weakness control deficiency

material weakness

Auditors ______. should only rely on controls that affect an individual assertion should only rely on controls that have a pervasive effect on many assertions may rely on any control likely to prevent or detect and correct material misstatements

may rely on any control likely to prevent or detect and correct material misstatements

assessing the quality of internal control performance overt time is the intention of _____ of controls creation monitoring enforcement communication

monitoring

When audit risk is low and the risk of material misstatement is high, substantive tests should be performed ______. consistently thought the year at interim dates and year end mostly at year-end mostly at interim dates throughout the year

mostly at year-end

If an entity's accounting system has control weaknesses that result in a high level of assessed control risk, substantive procedures will probably ______. only be conducted at interim dates be conducted at both interim dates and year end not be conducted at interim dates

not be conducted at interim dates

A direct relationship exists between __________ which reflect what an entity is trying to achieve, ___________ which represent what the entity needs to do to achieve them, and the _________ of the entity

objectives, components, structure

Data capture controls are concerned primarily with the ______ assertions. accuracy completeness occurrence authorization reliability

occurrence completeness accuracy

What should be used when it is necessary to show the movement of a document or report back to a previous function? Communication link Off-page connector On-page connector Off-line storage

on-page connector

Tests of controls directed toward __________ ___________ are concerned with assessing how the control was applied, the consistency with which it was applied during the audit period and by whom it was applied

operating effectiveness

An effective system of internal controls allows management to focus on _______ while maintaining compliance with relevant laws and minimizing surprises - operations - compensation maximization - financial performance goals - stock price fluctuations

operations financial performance goals

How authority and responsibility are delegated and monitored and the framework within which the entity's activities for achieving entity wide objectives are planned, executed, controlled and reviewed are defined by the entity's __________ __________

organizational structure

Report distribution logs, transmittal sheets, reasonableness reviews and reconciliations to control or batch totals are examples of ______ controls. error processing output data validation

output

The main concern of ______ controls is that computer reports, checks, documents or other printed or displayed information may be distributed or displayed to unauthorized users. processing output data validation error

output

Commonly categorized control activities include - segregation of duties - performance reviews - physical controls - fraud controls - risk identification controls - information processing controls

performance reviews physical controls segregation of duties information processing controls

Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are examples of ______. risk identification controls segregation of duties controls fraud controls information processing controls physical controls

physical controls

flowcharting systems are divided into three groups: input/output symbols, ________ symbols, and ___________ flow and ________ symbols

processing, data, storage

An internal control questionnaire ______. is generally used for entities with a relatively simplistic internal control structure is one of many types of questionnaires used by auditors contains questions about the five internal control components provides a systematic means to investigate internal control

provides a systematic means to investigate internal control is one of many types of questionnaires used by auditors contains questions about the five internal control components

An internal control __________ is generally used for entities with a relatively complex internal control structure.

questionnaire

Information that is capable of making a difference in use decisions has the characteristic of

relevance

The two fundamental qualitative characteristics for external financial reporting are __________ - comparability - relevance - faithful representation - understandability - timeliness

relevance faithful representation

The controls that are of most direct relevance to a financial statement audit are those that contribute to financial statement _______________ - reliability - accuracy - transparency - timeliness - effectiveness

reliability timeliness transparency

When a service organization provides accounting services to an entity and those services affect the entity's accounting records, ______. control risk must be assessed at high the entity's external auditor must be concerned with the internal control system at the service organization the entity's external auditor must rely on the control assessment provided by the service organization's auditor they are considered part of the entity's information system

they are considered part of the entity's information system the entity's external auditor must be concerned with the internal control system at the service organization

True of false: an entity's mix of manual and automated controls varies with the nature and complexity of the entity's use of IT

true

True or false: Auditors need to understand how management considers risks because many types of risk can impact financial reporting objectives.

true

Output documents from the application that are used as source documents in later processing are called

turnaround

In order to provide evidence to support the lower level of control risk when using a reliance strategy, the auditor performs

test of controls

The auditor uses the combination of the achieved level of ___________ risk and the assessed level of __________ risk to determine the required level of _____________ risk needed to bring audit risk to an acceptably low level.

control, inherent, detection

Ensuring the completeness and accuracy of transaction processing, authorization, and validity is the goal of

application

The process of evaluating the effectiveness of an entity's internal control in preventing, or detecting and correcting, material misstatements in the financial statements is called ________ control risk

assessing

How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ______. auditors the CFO audit committee board of directors

auditors

After planned tests of controls have been completed, the auditor should reach a conclusion on the ______ level of control risk. appropriate achieved planned assessed

achieved

Data capture controls must ensure that ______. every transaction entered has appropriate source documentation transactions are only recorded once rejected transactions are identified, controlled, corrected and reentered all transactions are recorded in the application system

all transactions are recorded in the application system transactions are only recorded once rejected transactions are identified, controlled, corrected and reentered

Controls that are part of the computer programs used in the accounting system are ________ controls.

application

Data capture, data validation, processing, output and errors controls are all categories of ___________ controls.

application

When deciding whether substantive procedures are to be performed at an interim date, the auditor should consider the ______. purpose of the substantive procedures desired risk of material misstatement nature of the relevant assertions control environment

control environment purpose of the substantive procedures nature of the relevant assertions

People that significantly influence the control consciousness of the entity and must take their fiduciary responsibilities seriously and actively oversee the entity's accounting and reporting policies and procedures include the ______. - internal auditors - board of directors - audit committee - external auditors

board of directors audit committee

People that significantly influence the control consciousness of the entity and must take their fiduciary responsibilities seriously and actively oversee the entity's accounting and reporting policies and procedures include the _______ - board of directors - external auditors - audit committee - internal auditors

board of directors audit committee

Within an entity, there is always a risk of the fraud of __________ between individuals will destroy the effectiveness of segregation of duties

collusion

In determining whether an IT specialist is needed, the auditor should consider the ______. existence of the entity's participation in electronic commerce entity's use of existing, common IT technologies extent to which data are shared among systems total revenue the entity generates in a typical year complexity of the IT systems and controls and how they are used

complexity of the IT systems and controls and how they are used existence of the entity's participation in electronic commerce extent to which data are shared among systems

In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems ______. accuracy complexity effectiveness sophistication

complexity, sophistication

Assignment of authority and responsibility for operating activities and the establishment of reporting relationships and authorization hierarchies are part of the ___________ environment principles control financial detection risk

control

Based upon risk assessment, management determines which relevant business processes require

control activities

This exists in internal controls when the design or operation of a control does not allow management or employees to prevent, detect or correct misstatements on a timely basis. material weakness significant deficiency control deficiency

control deficiency

To understand management's and the board of directors' attitudes, awareness, and actions concerning it, the auditor should gain sufficient knowledge about the

control environment

The components of internal controls are defined by the COSO Framework are _________ - information and communication - control environment - monitoring activities - detection activities - entity's risk assessment

control environment entity's risk assessment information and communication monitoring activities

Controls over data preparation, work flow control and library functions are included in ______ controls. processing output access security data center and network

data center and network

Rotation of duties and mandatory vacations, review of the operating system log and regular updates of anti-virus software are examples of ______ controls.

data center and network

Controls that can be applied at various stages and are mainly concerned with the accuracy assertion are ______ controls. data capture data validation output processing

data validation

The level of _________ risk is used to determine the nature, timing, and extent of substantive tests.

detection

The integrity and ethical values of management personnel heavily influence the ______ of an entity's internal controls. efficiency effectiveness accuracy suffciciency

effectiveness

The integrity and ethical values of management personnel heavily influence the __________ of an entity's internal controls effectiveness sufficiency accuracy efficiency

effectiveness

Knowledge of the information system is important to understand the related accounting records when they are electronic electronic or manual manual

electronic or manual

The infrastructure, software, people, procedures and data used to support the functioning of internal control is known as

information system

The extent of an entity's use of ______ can affect internal controls because this function affects the way transactions are initiated, authorized, recorded, processed and reported. internal auditors industry specialists information technology managerial estimates

information technology

Symbols used in flowcharts are divided into ______ symbols. data flow and storage input/output error correction processing

input/output processing data flow and storage

To obtain an understanding of an entity's internal controls auditors may use ______. inspection of entity documents and reports reperformance of control activities inquiry of appropriate personnel observation of entity activities and operations recalculation of account balances

inquiry of appropriate personnel inspection of entity documents and reports observation of entity activities and operations

Auditors may test controls at a(n) ___________ date because the assertion being tested may not be significant, the control has been effective in prior audits, or it may be more efficient to conduct the tests at that time

interim

The auditor's understanding of ______ is used to identify the controls that are likely to prevent, or detect and correct, material misstatement in specific assertions. fraudulent activities the control environment internal controls management objectives

internal controls

Monitoring of internal controls - is intended to assess quality of performance over time - should be done to determine operating effectiveness - has received decreased attention in recent years - may identify the need for control redesign

is intended to assess quality of performance over time may identify the need for control redesign should be done to determine operating effectiveness

When audit risk is low and the risk of material misstatement is high, detection risk will be set at ______. moderate high low

low

If the auditor determines that internal controls are properly designed or not implemented the auditor will ______. set the level of control risk at high make an assessment of control risk based on the result of tests of controls perform tests of controls to obtain audit evidence that controls are operating effectively use substantive procedures to reduce the risk of material misstatement to an acceptable level

make an assessment of control risk based on the result of tests of controls perform tests of controls to obtain audit evidence that controls are operating effectively

Interim tests of controls give auditors time to inform the ______ so that likely misstatements can be located and corrected before the rest of the audit is performed. internal auditors audit committee board of directors management

management

The auditor should gain sufficient knowledge about the control environment to understand the attitudes, awareness, and actions concerning the control environment of the ______. non-management employees internal auditors management board of directors

management board of directors

According to COSO, a system of internal controls is designed to provide reasonable assurance about the achievement of entity objectives in which of the following categories? - effectiveness and efficiency of operations - reliability, timeliness and transparency of internal and external financial and non-financial reporting - compliance with applicable laws and regulations - accuracy of internal and external financial and non-financial reporting - maximization of management compensation

reliability, timeliness and transparency of internal and external financial and non-financial reporting effectiveness and efficiency of operations compliance with applicable laws and regulations

The auditor intends to depend on the entity's controls and may need a more detailed understanding of internal controls to develop a preliminary or "planned" assessment of control risk when following a ______ strategy. reliance substantive differentiation benchmarking

reliance

When an auditor decides to follow a(n) __________ strategy, he or she has to understand the control activities that relate to assertions for which a lower level of control risk is expected.

reliance

when the auditor intends to depend on the entity's controls, a ________ strategy is chosen

reliance

As it relates to the external financial reporting objective, the entity's _____________ ______________ process should consider internal and external events and circumstances that may arise and adversely affect the entity's ability to initiate, authorize, record, process and report financial data consistent with management's financial statement assertions

risk assessment

The auditor should obtain sufficient information about the entity's _________ __________ process to understand how management considers risks relevant to financial reporting and decides on appropriate actions to address those risks.

risk assessment

The auditor should obtain sufficient information about the entity's __________ _________process to understand how management considers risks relevant to financial reporting and decides on appropriate actions to address those risks.

risk assessment

If the auditor determines that internal controls are not properly designed or not implemented the auditor will ______. set the level of control risk at high make an assessment of control risk based on the result of tests of controls perform tests of controls to obtain audit evidence that controls are operating effectively use substantive procedures to reduce the risk of material misstatement to an acceptable level

set the level of control risk at high use substantive procedures to reduce the risk of material misstatement to an acceptable level

When an auditor decides to follow a ________ strategy, little work is done on understanding specific control activities

substantive

When the auditor has decided not to rely on the entity's controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a(n) _____________ audit strategy.

substantive

Processing steps and computer processing are included in a ______ flowchart. document systems program

systems

Processing steps and computer processing are included in a ______ flowchart. systems program document

systems