chapter 7 smartbook
After documenting internal control, auditors typically perform a(n)___ ___, which traces one or two transactions through each step in the cycle.
walk through
One feature of well-designed forms and documents that can be used to control the number of documents issued and account for sequence of documents is_____ numbers.
serial
Two controls that both address the existence of accounts receivable are referred to as _____ controls.
redundant
If the test of controls results indicate the controls are not operating as effectively as planned, the assessed level of control risk needs to be ______ the planned assessed level. Multiple choice question. the same as lower than higher than
higher than
Many CPA firms consider a(n) ______ to be more effective than the other methods for documenting their understanding of a client's accounting information system and related control activities. Multiple choice question. systems flowchart internal control questionnaire written narrative of internal control
systems flowchart
The foundation for the other internal control components is ______. Multiple choice question. the internal audit department the control environment adherence to applicable laws and regulations
the control environment
All of the following are examples of control activities except ______. Multiple choice question. tone at the top performance reviews physical controls authorizations verifications
tone at the top
Specific authorization occurs when transactions are authorized on an individual basis while _____authorization occurs when management establishes criteria for acceptance of a certain type of transaction.
general
The three categories of objectives of ___ _____are reporting, operations, and compliance
internal controls
Internal auditors are representatives of ______. Multiple choice question. external auditors the board of directors top management all company employees
top management
Internal control addresses the achievement of objectives in the following areas except ______. Multiple choice question. internal and external reporting effectiveness and efficiency of operations company profitability and growth compliance with laws and regulations
company profitability and growth
Controls that assess whether other transaction control activities are operating properly and are usually focused on high risk transactions are called_____controls.
supervisory
Independence from management and proper oversight of the development and performance of the organization's internal control should be demonstrated by the board of directors and its ____ ______
audit committee
In making a judgment about the extent of the understanding of _____ ______ necessary, auditors should realize the information will be used to identify types of potential misstatements and consider factors that affect the risks of material misstatement.
internal control
The traditional method of describing internal control is to complete a(n) ______. Multiple choice question. internal control questionnaire written narrative of internal control flowchart of internal control
internal control questionnaire
When an organization has senior management and a board of directors that establish values and expectations regarding appropriate behavior and lead by example, it is said to have a strong_____ at the_____
tone top
When an organization has senior management and a board of directors that establish values and expectations regarding appropriate behavior and lead by example, it is said to have a strong ______. Multiple choice question. tone at the top system of control activities management and board
tone at the top
True or false: To assist auditors with describing internal control in their working papers, auditors typically perform a walk-through of one or two transactions.
false
The development of significant accounting estimates and preparation of the notes and selection and application of significant accounting policies are examples of risks at the ___ ____ level.
financial statement
To increase the evidence from a test of control, the number of items tested should be increased for ______. Multiple choice question. automated controls only all controls non-automated controls only
non-automated controls only
If the assessed level of control risk is high, the auditor should plan to perform more ____ procedures.
substantive
True or false: The COSO definition of internal control emphasizes that internal control is an end in and of itself.
False
Factors that may indicate increased financial reporting risk include ______. Multiple select question. changes in personnel consistent use of accounting information system consistent use of accounting principles new business models
changes in personnel new business models
Most internal control questionnaires are designed so that a ______ answer to a question indicates a weakness in internal control. Multiple choice question. yes no not applicable
no
Auditors use their understanding of which internal control component to identify risks of material misstatement that relate directly to the recording of transactions such as the recording of routine transactions like revenue? Multiple choice question. Monitoring Control environment Control activities Information system
information system
Auditors should identify and assess the risks of material misstatement at both the financial ___ level and the ____ ____ level.
statement relevant assertion
True or false: The division of responsibilities between finance and accounting illustrates how accounting is involved in the financial operations of the business but separated from the custody of assets.
False
The acceptable level of variation in performance relative to the achievement of objectives is called ______. Multiple choice question. avoidable risk risk tolerance risk assessment
risk tolerance
One feature of well-designed forms and documents that can be used to control the number of documents issued and account for sequence of documents is ______. Multiple choice question. general authorization serial numbers segregation of duties copies of documents
serial numbers
True or false: If the auditors do an extensive job of identifying and assessing risk of material misstatement at the relevant assertion level, it is not necessary to assess risk at the financial statement level.
False
A deficiency in internal control over financial reporting (or combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis is a(n)___ ____
material weakness
When assessing the risk of material misstatement, auditors rely on the ______ effectiveness of internal control. Multiple choice question. actual desired expected
expected
The basic principles of the control environment include all of the following except a(n) ______. Multiple choice question. commitment to attract, develop, and retain competent employees commitment to integrity and ethical values effective risk assessment process effective board of directors
effective risk assessment process
True or false: When obtaining an understanding of the control environment, it is important that auditors focus on the substance of controls, rather than their form.
true
Procedures to obtain an understanding of internal control include ______. Multiple select question. inquiry of entity personnel performance of analytical procedures inspection of documents and reports tracing of transactions through information system
inquiry of entity personnel inspection of documents and reports tracing of transactions through information system
After assessing the risks of material misstatement, auditors should design further audit procedures such as substantive procedures and tests of controls if planned assessed level of control risk is ______. Multiple choice question. low high
low
The risk of misstatement is composed of _____ risk and _____ risk.
inherent control
Segregation of duties is a control that does not leave documentary evidence so it should be tested by ______. Multiple select question. inquiring as to who performed these duties inspecting evidence of segregation of duties observing the client's employees performing the duties
inquiring as to who performed these duties observing the client's employees performing the duties
This document clearly describes the entity's methods of treating transactions which provides employees guidance that allows for proper and uniform handling of transactions. Multiple choice question. Journals including general journals Manual of accounting policies and procedures Ledgers including general ledger Chart of accounts
Manual of accounting policies and procedures
Policies and procedures that help mitigate the risk that the organization's objectives are not met are called control ____
activities
Clear guidance that will allow proper and uniform handling of transactions and events is provided by an accounting information system's ______. Multiple select question. chart of accounts journals, ledgers, and other record-keeping devices policies and procedures manual
chart of accounts policies and procedures manual
Control activities designed to ensure separation of duties may be circumvented by _____ among two or more people.
collusion
Before performing tests of controls to determine whether they are operating effectively, auditors must first ______. Multiple choice question. identify the controls likely to prevent or detect material misstatements perform substantive procedures on the controls perform analytical procedures on the controls likely to prevent or detect material misstatements
identify the controls likely to prevent or detect material misstatements
The goal of segregation of duties is not to allow an individual to have ______ duties.
incompatible
Auditors typically use a management letter to communicate deficiencies that are ______ than significant. Multiple choice question. less more
less
Management needs to assess risks that threaten their ability to meet their objectives in the areas of ______. Multiple choice question. operations and reporting reporting and compliance operations, reporting, and compliance operations and compliance
operations, reporting, and compliance
The preliminary assessments of control risk are often referred to as the _____ assessed level of control risk.
planned
To obtain an understanding of internal control auditors use
risk assessment procedure
Auditors understanding of internal control should include not only the design of controls but also whether they ______. Multiple choice question. are operating effectively are in place at other companies have been implemented
have been implemented
Proper segregation of duties should be applied to ______. Multiple choice question. management and non-management departments only individuals only departments and individuals
departments and individuals
A policy requiring the preparation of a monthly bank reconciliation is an example of a ______ control. Multiple choice question. preventive detective corrective
detective
A symbolic representation of a series of procedures with each procedure shown in sequence is an example of a systems____
flowchart
To enhance the control environment, management should do all of the following except ______. Multiple choice question. establish policies describing appropriate business practices make sure one person authorizes transactions, records transactions, and has custody of assets clearly define authority and responsibility within the organization develop job descriptions
make sure one person authorizes transactions, records transactions, and has custody of assets
Deficiencies that are less than significant are generally communicated in a(n) ____ letter.
management
Internal control is a process designed to provide ______ assurance regarding the achievement of objectives relating to operations, reporting, and compliance. Multiple choice question. reasonable no minimal absolute
reasonable
When auditors assess risk at the ____ assertion level instead of the financial statement level, they consider both the design of the control and its implementation.
relevant
Controls that assess whether other transaction control activities are operating properly and are usually focused on high risk transactions are called ______ controls. Multiple choice question. application fraud prevention general supervisory
supervisory
Controls that assess whether other transaction control activities are operating properly and are usually focused on high risk transactions are called ______ controls. Multiple choice question. application general fraud prevention supervisory
supervisory
A service department Type ______ report addresses the suitability of the design of controls. Multiple choice question. 1 2
1
A service department Type ______ report addresses the operating effectiveness of controls. Multiple choice question. 2 1
2
The policies and procedures for processing a particular type of transactions is referred to as the transaction_____
cycle
Which of the following is NOT a reason that internal control can only provide reasonable assurance from fraud and waste? Multiple choice question. All designed controls to address fraud and waste are adopted. Mistakes may be made in the performance of controls. Employee collusion can circumvent segregation of duties. Errors in judgments in designing controls can occur.
All designed controls to address fraud and waste are adopted.
This component of internal control assesses the quality of internal control performance over time. Multiple choice question. Control environment Risk assessment Monitoring Control activities
Monitoring
Internal auditors monitor ______. Multiple select question. departments management external auditors branches
departments management branches
True or false: The general approach to increasing evidence from a test of control is to increase the extent of the test, except in the case of automated controls.
True
Controls that may be most relevant in an audit include those that ______. Multiple select question. affect the reliability of data used to perform audit procedures pertain to the reliability of financial reporting affect efficiency and effectiveness of operations only
affect the reliability of data used to perform audit procedures pertain to the reliability of financial reporting
Risk assessment is management's process for ______. Multiple select question. analyzing risks ignoring risks identifying risks controlling risks
analyzing risks identifying risks
For the control environment component, professional standards require auditors should obtain sufficient knowledge about the company's ______. Multiple choice question. antifraud program internal audit staff risk management program
antifraud program
The major difference between control objectives and management assertions is that control objectives ______. Multiple choice question. are narrower in scope relate only to financial reporting are broader in scope
are broader in scope
Auditors use their understanding of internal control to do all of the following except ______. Multiple choice question. consider factors that affect risks of material misstatements design tests of controls and substantive procedures identify types of potential misstatements assess detection risk for use in the audit risk model
assess detection risk for use in the audit risk model
The organizational structure of an organization should separate responsibilities for _____of transactions, record keeping for transactions, and _____ of assets.
authorization custody
Exiting an activity that gives rise to a risk is an example of risk___
avoidance
The company has one control that requires reconciliations of bank statements and another that requires all cash disbursements to be authorized. This is an example of ______ controls. Multiple choice question. complementary redundant compensating
complementary
While obtaining an understanding of the other control components, auditors generally obtain some knowledge about the client's ______. Multiple choice question. control environment control activities accounting information system risk assessment monitoring
control activities
The difference between control objectives of internal control and management assertions is that ______. Multiple choice question. management assertions relate to operations, compliance, and financial reporting management assertions relate to operations only control objectives relate to financial reporting only control objectives relate to operations, compliance, and financial reporting
control objectives relate to operations, compliance, and financial reporting
Auditors perform tests of controls to obtain evidence about operating _____ of controls
effectiveness
An accounting information system should ______. Multiple select question. ensure appropriate segregation of duties ensure transactions are recorded in the proper time period identify and record all valid transactions measure the proper value of transactions
ensure transactions are recorded in the proper time period identify and record all valid transactions measure the proper value of transactions
AICPA standards require that tests of controls be performed ______ audit. Multiple choice question. every every fourth every third every other
every third
True or false: The auditors should obtain an understanding of the client's processes for eliminating business risks.
false
A client uses a service organization to perform its payroll function. To obtain a sufficient understanding of the controls at the service organization, external auditors can do all of the following except ______. Multiple choice question. obtain and consider the report of a service auditor on the service organization's internal controls ignore the relevant controls at the service organization and only consider the controls in place at the client visit the service organization to review and possibly test relevant controls
ignore the relevant controls at the service organization and only consider the controls in place at the client
In addition to the typical journals, ledgers, and other record-keeping devices, a chart of accounts and manual of accounting policies and procedures should be included in an accounting___ ____
information system
The methods and records established to initiate, authorize, record, process, summarize, and report an entity's transactions and maintain accountability for assets, liabilities, and equity is an organization's accounting___ _____
information system
Regarding deficiencies and weaknesses in internal control, auditing standards require auditors to communicate in writing ______. Multiple select question. material weaknesses internal control deficiencies significant deficiencies
material weaknesses significant deficiencies
The three categories of objectives of internal control are reporting,_____ , and____
operations compliance
The audit committee ______. Multiple select question. should have one member that is an officer of the organization oversees development and performance of the organization's internal control looks to senior management to resolve any differences with the auditing firm is directly responsible for the CPA firm performing public company audits
oversees development and performance of the organization's internal control is directly responsible for the CPA firm performing public company audits
Segregation of duties is a ______ control. Multiple choice question. corrective detective preventive
preventive
Segregation of duties is a ______ control. Multiple choice question. corrective preventive detective
preventive
COSO's definition of internal control emphasizes that it is a(n)____ , or a means to an end.
process
A well-designed organizational structure ______. Multiple select question. provides a basis for planning, directing, and controlling operations ensures appropriate segregation of duties is based upon centralized management decision making
provides a basis for planning, directing, and controlling operations ensures appropriate segregation of duties
Risks at the financial statement level ______. Multiple select question. require considerable judgment for the auditor have no impact on the audit can easily be isolated and do not affect more than one account or assertion potentially affect many relevant assertions
require considerable judgment for the auditor potentially affect many relevant assertions
In general, auditors want evidence on operating effectiveness throughout the audit, so they ______ the year. Multiple choice question. test all controls performed from the last month of test all controls performed throughout sample throughout sample only from the last month of
sample throughout
Processing services are offered to user entities by____ _____
service organizations
Regarding deficiencies and weaknesses in internal control, auditing standards require auditors to communicate in writing ______. Multiple select question. significant deficiencies material weaknesses internal control deficiencies
significant deficiencies material weaknesses
The rule that management must approve all credit sales over $75,000 is an example of a(n) ______ authorization.
specific
Tests of controls address ______. Multiple select question. the consistency with which controls were applied how controls were applied by whom or by what means the controls were applied the design of the internal controls
the consistency with which controls were applied how controls were applied by whom or by what means the controls were applied
Tests of controls are generally performed ______. Multiple choice question. only at year-end only during the actual audit throughout the year
throughout the year