ACCTG 439 Ch.7
The rule that management must approve all credit sales over $75,000 is an example of a(n) ____________ authorization.
specific
conversion cycle
storing materials, placing materials into production, assigning production costs to inventories, and accounting for cost of goods sold
If assessed level of control risk is high, the auditor should plan to perform more ___________ procedures.
substantive
Data analytics may be used _____________ to certain sampling tests a. neither as a supplement or alternative b. only as an alternative c. either a supplement or alternative d. only as a supplement
C. either a supplement or alternative
Rank the level of deficiencies based on severity from least to severe to most severe -Material weakness -Significant deficiency -Reasonable possibility to have a material misstatement -Less than significant deficiency
-Less than significant deficiency -Significant deficiency -Material Weakness -Reasonable possibility to have a material misstatement
Risk assessment is management's process for: -analyzing risk -controlling risk -ignoring risk -identifying risks
-analyzing risks -identifying risks
Factors that may indicate increased financial reporting risk include: -changes in personnel -consistent use of accounting information systems -new business models -consistent use of accounting principles
-changes in personnel -new business models
Segregation of duties is a control that does not leave documentary evidence so it should be tested by: -inspecting evidence of segregation of duties -inquiring as to who performed these duties -observing the client's employees performing the duties
-inquiring as to who performed these duties -observing the client's employees performing the duties
Procedures to obtain an understanding of internal control include: -performance of analytical procedures -inspection of documents and reports -inquiry of entity personnel -tracing of transactions through information system -confirmations with external parties
-inspection of documents and reports -inquiry of entity personnel -tracing of transactions through information system
Sarbanes-Oxley section 404 requires that: -management evaluate the effectiveness of internal control -management accept responsibility establishing internal control -auditors accept responsibility for the effectiveness of internal control
-management evaluate the effectiveness of internal control -management accept responsibility establishing internal control
Controls that may be most relevant in an audit include those that: -pertain to the reliability of financial reporting -affect efficiency and effectiveness of operations only -affect the reliability of data used to perform audit procedures
-pertain to the reliability of financial reporting -affect the reliability of data used to perform audit procedures
The Foreign Corrupt Practices Act was passed to: -require organizations to maintain an effective system of internal control -prevent payments of bribes and kick-backs to officials in foreign businesses -require organizations to report all bribes and kick-back payments made to foreign businesses
-require organizations to maintain an effective system of internal control -prevent payments of bribes and kick-backs to officials in foreign businesses
Compensating control
A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective (e.g., avoiding misstatements).
match the type of evaluation with its example. Separate
Audits by internal auditors
financing cycle
Authorizing, executing, and recording transactions involving bank loans, leases, bonds payable, and capital stock.
An integrated audit requires the auditors to test controls for all: a. financial statement assertions b. relevant assertions about major accounts c. relevant and financial statement assertions d. relevant assertions about all accounts.
B. Relevant assertions about major accounts
Complementary control
Controls that function together to achieve the same control objective.
True or false: An advantage of systems flowcharts over internal control questionnaires is that flowcharts identify internal control weaknesses more prominently than questionnaires.
False
True or false: Auditors test the design of controls immediately after determining if they operate effectively.
False
payroll cycle
Hiring, terminating and determining pay rates; timekeeping, computing payroll, maintaining payroll records, and preparing and distributing paychecks.
Acquisition cycle
Initiating purchases of inventory, placing purchasing order, receiving goods, authorizing, and making payment to vendors
True or false: The general approach to increasing evidence from a test of control is to increase the extent of the test, except in the case of automated controls.
True
External auditors should assess the _____________ (proficiency and training based on education, experience, and professional certifications) and ________________________ (ability to perform their duties free from conflicting responsibilities or constraints) of the internal audit function before relying on their work.
competency objectivity
Avoidance (risk response)
exiting the activity that gives rise to the risk
The risk of misstatement is composed of ___________ risk and __________ risk.
inherent control
Sharing (risk response)
insurance, hedging and outsourcing
Reduction (risk response)
managing the risk or adding additional controls to process it
Because of cost considerations, internal control is designed to provide ______________, not absolute assurance.
reasonable
PCAOB
requires that annually some evidence regarding operating effectiveness should be obtained
AICPA and international auditing standards
requires that test of controls be performed at least every third audit
Acceptance (risk response)
taking no action
Examples of risk at the ____________ level include preparing the financial statements, selecting and applying accounting policies, and the control environment. a. financial statement b. relevant assertion c. existence assertion
A. financial statement
establishes accountability over assets
accounting department
The acceptable level of variation in performance relative to the achievement of objectives defines: a. risk sharing b. risk avoidance c. risk tolerance
c. risk tolerance
The planning of the internal control audit is coordinated with the planning of the financial statement audit in a(n) ______________ audit.
integrated
Processing services are offered to user entities by _________ ___________.
service organizations
When a organization has senior management and a board of directors that establish values and expectations regarding appropriate behavior and lead by example, it is said to have a strong: a. system of control activities b. tone at the top c. management and board
tone at the top
This document clearly describes the entity's methods of treating transactions which provides employees guidance that allows for proper and uniform handling of transactions. a. Manual of accounting policies and procedures b. Journals including general journals c. ledgers including general ledger d. chart of accounts
A. Manual of accounting policies and procedures
provides information needed for reporting
Accounting department
often designs and implements internal control
accounting department
In an audit of internal control, if one or more material weaknesses in internal control are identified a(n) ___________ opinion should be issued. a. qualified b. adverse c. disclaimer of
b. adverse
Redundant control
control that address the same financial statement assertion or control objective
Has custody of liquid assets
finance department
conducts financial activities
finance department
plans future cash requirements
finance department
under the direction of the treasurer
finance department
A symbolic representation of a series of procedures with each procedure shown in sequence is an example of a systems ______________.
flowchart
Deficiencies that are less than significant are generally communicated in a(n) ____________________ letter.
management
Revenue cycle
obtaining orders from customers, approving credit, shipping merchandise, billing customers, and collecting payment
The preliminary assessments of control risk are often referred to as the _____________ assessed level of control risk.
planned
Two controls that both address the existence of accounts receivable are referred to as ____________ controls.
redundant
Type 1 one service auditor report
A report on management's description of a service organization's system and the suitability of the design of controls.
The foundation for the other internal control components is: a. adherence to applicable laws and regulations b. the control environment c. the internal audit department
B. the control environment
match the type of evaluation with its example. Ongoing
Monitoring customer complaints
Type 2 two service auditor report
A report on management's description of a service organization's system and the suitability of the design and OPERATING EFFECTIVENESS OF CONTROLS.
Segregation of duties is a _________ control. a. preventive b. corrective c. detective
a. preventive
The difference between control objectives of internal control and management assertions is that: a. control objectives relate to operations, compliance, and financial reporting b. control objectives relate to financial reporting only c. management assertions relate to operations only d. management assertions relate to operations, compliance, and financial reporting
A. control objectives relate to operations, compliance, and financial reporting
In general, auditors want evidence on operating effectiveness throughout the audit, so they: a. sample throughout the year b. test all controls performed from the last month of the year c. sample only from the last month of the year d. test all controls performed throughout the year
A. sample throughout the year
when auditors consider internal control design to be strong, they need to determine whether the control has been implemented which normally involves: a. observing the procedure b. testing the control effectiveness c. inquiring about the internal control procedure
a. observing the procedure
To enhance the control environment, management should do all of the following except: a. develop job descriptions b. establish policies describing appropriate business practices c. clearly define authority and responsibility within the organization d. make sure one person authorizes transactions, records transactions, and has custody of assets
d. make sure one person authorizes transactions, records transactions, and has custody of assets. (duties need to be segregated)
Accounting estimates are particularly difficult for management to control and often have a high risk of material misstatement because: -estimates are easy to verify -assumptions needed to make estimate -complexity of estimate -subjective nature of estimate
-assumptions needed to make estimate -complexity of estimate -subjective nature of estimate
The audit committee -should have one member that is an officer of the organization -is directly responsible for the CPA firm performing public company audits -oversees development and performance of the organization's internal control -looks to senior management to resolve any differences with the auditing firm
-is directly responsible for the CPA firm performing public company audits -oversees development and performance of the organization's internal control
Internal control practices that can help strengthen internal control in small companies include: -using prenumbered checks -depositing all cash receipts monthly -only issuing checks after matching approved invoices with purchase orders and receiving reports -recording all cash receipts immediately -reconciling bank accounts once a year
-using prenumbered checks -only issuing checks after matching approved invoices with purchase orders and receiving reports -recording all cash receipts immediately
In an integrated audit, auditors use a ____________ approach in the internal control audit. a. top-down b. bottom-up c. sideways
A. top-down
The auditor's report on internal control under PCAOB standards expresses an opinion on whether the: a. financial statement present fairly, in all material respects, the financial position of the company b. company maintained, in all material respects, effective internal control over financial reporting c. the auditor identified any material weaknesses as of year-end
B. company maintained, in all material respects, effective internal control over financial reporting
the traditional method of describing internal control is to complete a(n). a. flowchart of internal control b. written narrative of internal control c. internal control questionnaire
C. Internal control questionnaire
In comparison to financial statement audits, auditors who perform integrated audits typically a. perform no audit procedures directed toward testing the effectiveness of internal control b. perform less audit procedures directed toward testing the effectiveness of internal control c. perform more audit procedures directed toward testing the effectiveness of internal control d. perform more substantive procedures than tests of control
C. perform more audit procedures directed toward testing the effectiveness of internal control
Establishes customer credit policies
Finance department
records financial transactions
accounting department
under the direction of the controller
accounting department
Policies and procedures that help mitigate the risk that the organization's objectives are not met are called control _____________.
activities
A checklist, standard form, or computer program that help auditors make a particular decision by ensuring they consider all relevant information is called a(n) ___________ _________ aid.
audit decision aid
The organizational structure of an organization should separate responsibilities for _________________ of transactions, record keeping for transactions and ____________________ of assets
authorization custody
Auditors understanding of internal control should include not only the design of controls but also whether they: a. are operating effectively b. have been implemented c. are in place at other companies
b. have been implemented
Before performing test of controls to determine whether they are operating effectively, auditors must first: a. perform substantive procedures on the controls b. identify the controls likely to prevent or detect material misstatements c. perform analytical procedures on the controls likely to prevent or detect material misstatements
b. identify the controls likely to prevent or detect material misstatements
Most internal control questionnaires are designed so that a _______________ answer to a question indicates a weakness in internal control a. not applicable b. no c. yes
b. no
The existence of _________ that serve(s) as the standards or benchmarks to measure and present the subject matter is essential to performing an attest engagement. a. strong internal control b. suitable criteria c. integrated data d. management support
b. suitable criteria
When assessing the risk of material misstatement, auditors rely on the __________ effectiveness of internal control. a. desired b. actual c. expected
c. expected
Further audit procedures consist of test of __________ and _________ procedures.
controls substantive
Proper segregation of duties should be applied to: a. departments only b. management and non-management c. individuals only d. departments and individuals
d. departments and individuals
When auditors assess risk at the _____________ assertion level instead of the financial statement level, they consider both the design of the control and its implementation.
relevant
After documenting internal control, auditors typically perform a ______________________-________________, which traces one or two transactions through each step in the cycle.
walk-through