ACCY131-Chpt 7
Management periodically evaluates the threats to preparting reliable financial statements.
Control component: Risk assessment Sub-control component: n/a
In an integrated audit, the planning of the internal control audit is ______ the planning of the financial statement audit.
coordinated with
Watch as a second person reviews the quantities, prices, extensions, and footing of each sales invoice.
Observation
Which of the following is least likely to be a test control?
Observation of confirmations
Under the direction of the treasurer, Has custody of liquid assets, Plans future cash requirements, Conducts financial activities
Finance department
Detective Controls
A requirement to prepare bank reconciliations controls designed to discover control problems that were not prevented
Which of the following is NOT a reason that internal control can only provide reasonable assurance from fraud and waste?
All designed controls to address fraud and waste are adopted.
Independence from management and proper oversight of the development and performance of the organization's internal control should be demonstrated by the board of directors and its __________ committee.
audit
Exiting an activity that gives rise to a risk is an example of risk ________________.
avoidance
Components included in the 2017 enterprise risk management framework include governance and ______________; ____________________ and objective-setting; and ____________.
culture strategy performance
Proper segregation of duties should be applied to ______.
departments and individuals
The goal to find a misstatement that has already been made is a type of ________ control.
detective control
When internal auditors provide direct assistance to external auditors in preparing working papers and performing certain audit procedures, external auditors should ______.
direct, supervise, review, and test the work
Internal control is a process designed to provide ______ assurance regarding the achievement of objectives relating to operations, reporting, and compliance.
reasonable
Monitoring
Ongoing and separate evaluations.
The difference between control objectives of internal control and management assertions is that ______.
control objectives relate to operations, compliance, and financial reporting
Which of the following is NOT one of the components of the 2017 risk management framework?
Profitability
___________ auditors are the auditors of a service organization.
Service
Auditors selected by a service organization to assess systems
Service Auditors
Flowchart
Documentation
COSO's definition of internal control emphasizes that it is a(n) ______________________, or a means to an end.
Process
What is the primary reason that auditor's assess internal control?
To determine the risk of misstatements of accounts
Preventive control
segregation of duties
The Sarbanes-Oxley Act of 2002 requires public companies to provide reports on internal control by ______.
management and auditors
Which of the following is not a limitation of interal control?
transaction controls
Integrated audit
Reporting on internal control and financial statements An audit of both financial statements and internal control over financial reporting, provided by the external auditor. Required for public companies.
Controls over the authorization and processing of payroll are _______________ controls.
application
exiting the activity that gives rise to the risk
avoidance
Section 404 of the Sarbanes-Oxley Act requires public companies to provide reports on internal control by ______.
management external auditors
In an audit of a small company, the auditor typically performs ______ internal control.
more substantive procedures because of the absence of strong
Further audit procedures
Substantive procedures and tests of controls. The additional procedures that are performed based on the results of the auditors' risk assessment procedures. Such procedures include additional tests of controls (if needed) and substantive tests of account balances, classes of transactions, and disclosures.
Less severe than a material weakness
significant deficiency
For public companies, auditors are required to perform a(n) ____________
audit that addresses both the financial statements and internal control
Purchasing an insurance policy to protect assets is an example of risk ______.
sharing
managing the risk or adding additional controls to process it
reduction
A report that documents a service organization's controls and documents their suitability
Type 1 Report
Data analytics may be used ______ to certain sampling tests.
either as a supplement or an alternative
Management has developed and distributed a code of conduct.
Control component: Control environment Sub-control component: integrity and ethical values
The accounting department uses a manual of accounting policies and procedures.
Control component: Accounting information and communication system Sub-control component: n/a
entry into the warehouse is strictly controlled by security personnel
Control component: Control activities Sub-control component: Physical controls
For the control environment component, professional standards require auditors should obtain sufficient knowledge about the company's ______.
antifraud program
True or false: The auditors should obtain an understanding of the client's processes for eliminating business risks.
False
When the auditors are performing a first-time internal control audit in accordance with the Sarbanes-Oxley Act and PCAOB standards, they should:
Test controls for all significant accounts. In an audit of internal control performed under PCAOB standards, the auditors must test controls for all significant accounts.
Type 2 reports address operating _______; type 1 do not.
effectiveness
A deficiency in internal control such that there is a reasonable possiblity that a material misstatement will not be prevented or detected on a timely basis.
Material weakness in internal control
Factors that may indicate increased financial reporting risk include ______. Multiple select question. consistent use of accounting information systems new business models changes in personnel consistent use of accounting principles
new business models changes in personnel
Sarbanes-Oxley Section 404 requires that ______ internal control. Multiple select question. management accept responsibility establishing management evaluate the effectiveness of auditors accept responsibility for the effectiveness of
management accept responsibility establishing management evaluate the effectiveness of
Controls that assess whether other transaction control activities are operating properly and are usually focused on high risk transactions are called ______ controls.
supervisory
Management is committed to hiring employees with appropriate levels of education, experience, and evidence of integrity and ethical behavior.
Attracting, developing, and retaining competent employees.
performance review
Comparison of actual performance to expectations
The human resources department investigates the educational background of prospective employees.
Control component: Control environment Sub-control component: Commitment to attract, develop and retain competent employees
Management has prepared and distributed an organizational chart.
Control component: Control environment Sub-control component: Effective structure, reporting lines, and authority and responsibility.
____________________ controls come into play when a misstatement is found.
Corrective
A situation in which a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis.
Deficiency in internal control.
A well designed structure provides a basis for planning, directing, and controlling operations.
Effective organizational structure
True or false: The division of responsibilities between finance and accounting illustrates how accounting is involved in the financial operations of the business but separated from the custody of assets.
False
True or false: The division of responsibilities between finance and accounting illustrates how accounting is involved in the financial operations of the business but separated from the custody of assets.
False
True or false: The COSO definition of internal control emphasizes that internal control is an end in and of itself
False
The organization must hold individuals accountable for their internal control responsibilities.
Individual accountability
Risk Assessment Procedures
Inquiries, analytical procedures, observation audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control, to identify and assess the risks of material misstatement
Talk to client personnel about the control policy requiring a second person to review the quantities, prices, extensions, and footing of each sales invoice.
Inquiry
Corrective Controls
Maintaining backups of data
This component of internal control assesses the quality of internal control performance over time.
Monitoring
Monitoring customer complaints
Ongoing
Compare the quantity from sales invoice to related shipping document, compare unit price to client's price list, and verify extensions and footings.
Reperformance
Control activities
Risk responses policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out
Perform data processing/computer/IT services, like payroll processing, for various clients
Service Organization
An auditor may compensate for a weakness in internal control by increasing the extent of:
Substantive tests of details. An increase in the substantive procedures will decrease detection risk, and thereby compensate for the increased level of control risk due to a weakness in internal control. Answer (1) is incorrect because if the weakness exists, increasing the extent of tests will only provide more evidence on the weakness—not evidence that compensates for the weakness. Answers (2) and (4) are incorrect because a decrease in detection risk or inherent risk, not an increase, would compensate. Also, in the case of inherent risk, it may not be possible to change the assessment since it is a function of the firm's environment.
A report that documents a service organization's controls and documents their suitability and effectiveness
Type 2 Report
The sequence of procedures applied by the client in processing a particular type of recurring transaction
Walk-through
Auditors use their understanding of internal control to do all of the following except ______.
assess detection risk for use in the audit risk model
Controls that rely on segregation of duties may be circumvented by _____________________ among employees.
collusion
Internal control addresses the achievement of objectives in the following areas except ______.
company profitability and growth
External auditors should assess the _________________ (proficiency and training based on education, experience, and professional certifications) and __________________ (ability to perform their duties free from conflicting responsibilities or constraints) of the internal audit function before relying on their work.
compentency and objectivity
A control that functions together with another control to achieve the same control objective
complimentary control
To enhance the control environment, management develops job __________.
descriptions
To enhance the control environment, management should do all of the following except ______.
make sure one person authorizes transactions, records transactions, and has custody of assets
In an internal control audit, tests of the ______________________of controls are used to determine whether the controls function as designed and if the individuals performing the controls possess the necessary authority and qualifications.
operating effectiveness
Management needs to assess risks that threaten their ability to meet their objectives in the areas of ______.
operations, reporting, and compliance
In general, auditors want evidence on operating effectiveness throughout the audit, so they ______ the year.
sample throughout
Regarding deficiencies and weaknesses in internal control, auditing standards require auditors to communicate in writing ______. Multiple select question. internal control deficiencies significant deficiencies material weaknesses
significant deficiencies material weaknesses
If employees lack ________, they may be ineffective in performing their duties.
skills
The rule that management must approve all credit sales over $75,000 is an example of a(n) _______________ authorization.
specific
When an organization has senior management and a board of directors that establish values and expectations regarding appropriate behavior and lead by example, it is said to have a strong ______.
tone at the top
There are ________ types of reports that auditors of service organizations (service auditors) can provide.
two
The requirement to _________ journal entries is an example of a preventive control.
approve
The extent of independence of this group is critical
Effective board of directors
A form of insurance in which an insurance company agrees to reimburse an employee for losses attributable to employee theft is referred to as _______________________
fidelity bonds
The development of significant accounting estimates and preparation of the notes and selection and application of significant accounting policies are examples of risks at the ____________________ ________________ level.
financial statement
Specific authorization occurs when transactions are authorized on an individual basis while _______________ authorization occurs when management establishes criteria for acceptance of a certain type of transaction.
general
Transaction-level controls may be broken down into two categories:
general and application control activities
Segregation of duties is a control that does not leave documentary evidence so it should be tested by ______. Multiple select question. inspecting evidence of segregation of duties observing the client's employees performing the duties inquiring as to who performed these duties
observing the client's employees performing the duties inquiring as to who performed these duties
Control Risk
the likelihood that the client's internal control policies and procedures fail to prevent or detect a material misstatement
Tests of controls are generally performed ______.
throughout the year
All of the following are examples of control activities except ______.
tone at the top
Walk-through
Follow a transaction through the system
A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with:
knowledge to determine the nature, timing, and extent of further audit procedures.
When auditors assess risk at the ______________________ assertion level instead of the financial statement level, they consider both the design of the control and its implementation.
relevant
The two broad categories of information processing controls are ____________________ and application controls.
general controls
When auditors consider internal control design to be strong, they need to determine whether the control has been implemented which normally involves ______.
observing the procedure
insurance, hedging, and outsourcing
sharing
Choice taking no action
acceptance
The auditors of a service organization, known as service auditors, may review the controls at the organization and issue a report that may be relied upon by __________.
user
A clearly articulated statement of ethical values
Commitment to integrity and ethical values
A supplement or alternative to certain sampling tests is the use of data _______________.
analytics
True or false: Auditors test the design of controls immediately after determining if they operate effectively.
False
Under the direction of the controller, Often designs and implements internal control, Records financial transactions, Establishes accountability over assets
Accounting department
All of the following are possible responses to a pervasive weakness in internal control except:
Adding an element of unpredictability to the procedures performed.
A client's _______ environment includes such components as management philosophy and operating style, and organizational structure
Control
performance reviews are an integral part of which component of internal control?
Control activities
Management compares actual performance budgets and forecasts.
Control component: Control activities Sub-control component: performance reviews
Invoices are reviewed for accuracy before they are mailed to customers.
Control component: Control activities Sub-control component: transaction processing (or application) control.
Management surveys customers about their satisfaction with the company's service.
Control component: Monitoring Sub-control component: Ongoing
The internal auditors periodically evaluate the controls in the various departments of the company.
Control component: Monitoring Sub-control component: Ongoing
Select a sample of sales invoices and look for initials of a second person who reviewed the quantities, prices, extensions, and footing of each sales invoice.
Inspection
A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with:
Knowledge necessary to determine the nature, timing, and extent of further audit procedures.
_____________should develop a statement of ethical values.
Senior management
Audits by internal auditors
Separate
The preliminary assessments of control risk are often referred to as:
The planned assessed level of control risk
True or false: When obtaining an understanding of the control environment, it is important that auditors focus on the substance of controls, rather than their form.
True
A type ____________report assesses the controls and their suitability
Type 1
A type ____________report assesses the controls and their suitability and effectiveness
Type 2
Test of controls are designed to determine all of the following, except:
Whether the contro was overridden
In a small company, it is not always practical to segregate duties. To strengthen internal control to prevent or detect the concealment of fraud or errors ______.
active participation by the owner is needed
Policies and procedures that help mitigate the risk that the organization's objectives are not met are called control _______________
activities
Auditors should identify and assess the risks of material misstatement:
both the financial statement level and the relevant assertion level for account balances.
All of the following are appropriate tests of controls except ______.
confirmation of control with third party
Auditors identify the company's control objectives and risks in each financial reporting area and then identify relevant controls that satisfy each control objective when testing design ____________________.
effectiveness
Auditors understanding of internal control should include not only the design of controls but also whether they ______.
have been implemented
Before performing tests of controls to determine whether they are operating effectively, auditors must first ______.
identify the controls likely to prevent or detect material misstatements
Risk assessment is management's process for ______. Multiple select question. identifying risks analyzing risks controlling risks ignoring risks
identifying risks analyzing risks
The goal of segregation of duties is not to allow an individual to have ______________
incompatible
Procedures to obtain an understanding of internal control include ______. Multiple select question. performance of analytical procedures inquiry of entity personnel inspection of documents and reports tracing of transactions through information system
inquiry of entity personnel inspection of documents and reports tracing of transactions through information system
The three categories of objectives of ________________ (internal/external) control are reporting, operations, and compliance
internal
In making a judgment about the extent of the understanding of ___________________ necessary, auditors should realize the information will be used to identify types of potential misstatements and consider factors that affect the risks of material misstatement.
internal control
After assessing the risks of material misstatement, auditors should design further audit procedures such as substantive procedures and tests of controls if planned assessed level of control risk is ______.
low
When the auditor has performed tests of controls and they are operating effectively a ______ risk is appropriate.
lower assessed level of control
A deficiency in internal control over financial reporting (or combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis is a(n) _______________________ __________________________.
material weakness
Regarding deficiencies and weaknesses in internal control, auditing standards require auditors to communicate in writing ______.
material weaknesses significant deficiencies
In comparison to financial statement audits, auditors who perform integrated audits typically perform ______.
more audit procedures directed toward testing the effectiveness of internal control
Organizational structure provides a basis for planning, directing, and controlling __________________
operations
The three categories of objectives of internal control are reporting, _____________, and _________________ .
operations and compliance
Controls that may be most relevant in an audit include those that ______. Multiple select question. Select all that apply pertain to the reliability of financial reporting affect efficiency and effectiveness of operations only affect the reliability of data used to perform audit procedures
pertain to the reliability of financial reporting affect the reliability of data used to perform audit procedures
The preliminary assessments of control risk are often referred to as the _________________ assessed level of control risk.
planned
Segregation of duties is a control aimed at ____________ misstatement.
preventing
External auditors can use the work of internal auditors to ______. Multiple select question. provide direct assistance to the external auditors review the work of external audit staff supervise the work of external audit staff provide audit evidence based on their normal internal audit work
provide direct assistance to the external auditors provide audit evidence based on their normal internal audit work
A well-designed organizational structure ______. Multiple select question. provides a basis for planning, directing, and controlling operations is based upon centralized management decision making ensures appropriate segregation of duties
provides a basis for planning, directing, and controlling operations ensures appropriate segregation of duties
Preparing bank _________ can help detect misstatements that have been made.
reconciliations
The overall response of the auditor to financial statement risks might include all of the following except ______.
reducing the overall scope of audit procedures
An integrated audit requires the auditors to test controls for all ______.
relevant assertions about major accounts
The controls that are most relevant to an audit are those that pertain to the ______.
reliability of financial reporting
One feature of well-designed forms and documents that can be used to control the number of documents issued and account for sequence of documents is ______.
serial numbers
Which of the following is not a COSO component of internal control?
Board Oversight Explanation: Coso framework is developed to align the internal control process with the Business process. It enable the business to give assurance that the business is running according to set standard .
True or false: If the auditors do an extensive job of identifying and assessing risk of material misstatement at the relevant assertion level, it is not necessary to assess risk at the financial statement level.
False
The audit committee should be composed of directors who are not _______________ of the organization.
employees
The audit committee ______. Multiple select question. is directly responsible for the CPA firm performing public company audits looks to senior management to resolve any differences with the auditing firm oversees development and performance of the organization's internal control should have one member that is an officer of the organization
is directly responsible for the CPA firm performing public company audits oversees development and performance of the organization's internal control