Audit ch. 5

Auditors are not responsible for accounting estimates with respect to a. Making the estimates. b. Determining the reasonableness of estimates. c. Determining that estimates are presented in conformity with GAAP. d. Determining that estimates are adequately disclosed in the financial statements.

A. Correct Management is responsible for making the estimates in the first place, just as management is primarily responsible for all the financial statement elements.

Which of the following statements are correct regarding internal control communications to public entities?

All deficiencies must be communicated in writing to management, the auditors' report must be in writing

_________with applicable laws and regulations

Compliance

IC components (COSO) CRIME

Control environment, risk assessment, information and communication, monitoring activities, existing control activities

Under separation of duties, Segregation is CRAP

Custody of assets involved in transactions Recording Transactions Authorization to execute transactions Periodic reconciliation of existing assets to recorded amounts.

A________is a problem relating to either a necessary control that is missing or an existing control that is so poorly designed that it fails to satisfy the controls objective

Design deficiency

If the auditors encounter a significant scope limitation in evaluating an issuer's internal control over financial reporting, a _________ on the effectiveness of the company's internal control over financial reporting would be appropriate.

Disclaimer opinion

___________and efficiency of operations

Effectiveness

Policies and procedures established to ensure that management objectives are carried out are called_______

Existing control activities

_________ focuses on authorization, segregation of duties (CRAP), safeguarding of assets, and asset accountability. prevent and/ or detect

Existing control activities

__________ includes 8 procedures, or "paid tips"

Existing control activities

True or false: An understanding of the design of controls or how they are intended to function provides the audit team complete evidence as to the operating effectiveness of controls.

False

True or false: Document examination alone is never considered an adequate test of controls.

False

True or false: Professional standards do not require the audit team to evaluate the sufficiency of management's control activities.

False

Which of the following statements are correct?

For a sample to be representative, all items in the population have an opportunity to be selected. Tests of controls should be applied to samples executed throughout the period under audit.

Which of the following statements are correct?

If a control activity has high risk, more persuasive evidence is needed, it may be more efficient for the auditor to choose not to rely on controls

Which of the following statements are correct?

If a control activity has high risk, more persuasive evidence is needed. It may be more efficient for the auditor to choose not to rely on controls.

________ are methods used to classify and report transactions, and to communicate roles and responsibilities.

Information and communication systems

the focus of ______ includes initiating, authorizing, recording, processing, and reporting entity transactions, conditions and events. Also communicating roles and responsibilities

Information and communication systems

________is a process effected by an entities board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in three areas

Internal control

________is a condition when design or operation of a control does not allow detection or prevent of misstatements

Internal control deficency

_______is a deficiency that results in reasonable possibility that material misstatement would not be prevented or detected on a timely basis

Material weakness

An ________ occurs when a properly designed control is either ignored or inappropriately applied

Operating deficiency

____________of financial control

Reliability

COSO internal control categories include ____and____ of operations

Reliability Compliance

____________ is designed to help the organization achieve effective internal control

Separation of duties

A______ is a deficiency in internal control that is less sever than material weakness but important enough to merit attention of those charged with governance (audit committee)

Significant deficiencies

Which of the following statements are correct?

Spreadsheet "errors" can pose risks to an entity's internal control system. Using and accounting for prenumbered documents helps support the completeness assertion.

__________ in a GAAS audit are required for obtaining evidence about the operating effectiveness of client control activities.

Tests of controls

True or false: Control activities designed to promote a culture of honest and ethical behavior should be evaluated in response to fraud risks identified during the planning stage.

True

True or false: In some sense, all controls can be thought of as preventative controls.

True

Which of the following statements are correct?

Using and accounting for prenumbered documents helps support the completeness assertion, spreadsheet "errors" can pose risks to an entity's internal control system

It is acceptable under generally accepted auditing standards for an audit team to a. Assess risk of material misstatement at high and achieve an acceptably low audit risk by performing extensive substantive tests. b. Assess control risk at zero and perform a minimum of detection work. c. Assess inherent risk at zero and perform a minimum of detection work. d. Decide that audit risk can be 40 percent.

a. Correct. The objective is to perform a quality audit and keep audit risk low.

The risk of material misstatement is composed of which audit risk components? a. Inherent risk and control risk. b. Control risk and detection risk. c. Inherent risk and detection risk. d. Inherent risk, control risk, and detection risk.

a. Correct. The risk of material misstatement is composed of inherent risk and control risk.

An external auditor recommends an internal control to a client that will improve the system. After doing a cost-benefit analysis, the client rejects the suggestion. The auditor should

accept the client's decision under the concept of reasonableness assurance

According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______.

always required

Performing procedures at ______ is less effective than performing them at ________.

an interim date; year end

A well-functioning internal control environment requires ______.

appropriate assignment of authority and responsibility top management with sound integrity and ethical values clear and unambiguous reporting lines

Duties of the audit committee include ______.

approving nonaudit services provided by the external auditor appointing the public accounting firm conducting the entity's audit compensating the public accounting firm conducting the entity's audit

Flowcharts ______.

are easy to evaluate after they are completed can be helpful in identifying missing controls are time-consuming to construct

Internal control questionnaires ______.

are somewhat unique for each organization can be useful in detecting internal control weaknesses help the auditing team obtain evidence about the control environment

The final assessment of control risk should ______.

assist in determining the list of substantive procedures required be coordinated with the final audit plan

The final assessment of control risk should:

assist in determining the list of substantive procedures required, be coordinated with the final audit plan

Duties that should be separated are the _____to execute _____transactions,____ transactions, _____of assets involved in the transactions and periodic ____ of existing assets to recorded amounts.

authority recording custody reconciling

An audit strategy memorandum contains a. Specifications of auditing standards relevant to the financial statements being audited. b. Specifications of procedures the auditors believe appropriate for the financial statements under audit. c. Documentation of the assertions under audit,the evidence obtained,and the conclusions reached. d. Reconciliation of the account balances in the financial statements with the account bal- ances in the client's general ledger.

b. Correct. An audit strategy contains specifications of procedures the auditors believe appropriate for the financial statements under audit.

Which of the following matters relating to an entity's operations would an auditor most likely consider as an inherent risk factor in planning an audit? a. The entity's fiscal year ends on June 30. b. The entity enters into significant derivative transactions as hedges. c. The entity's financial statements are generated at an outside service center. d. The entity's financial data is available only in computer-readable form.

b. Correct. By their very nature, derivative transactions are designed to be used as hedges for exposure on existing contracts are quite complex. The accounting rules that provide the basis for GAAP in this area are also complex. As a result of this complexity, the inherent risk of material misstatement is higher.

The auditors assessed risk of material misstatement at 0.50 and said they wanted to achieve a 0.05 risk of failing to express a correct opinion on financial statements that were materially misstated. What detection risk do the auditors plan to use for planning the remainder of the audit work? a. 0.20. b. 0.10. c. 0.75. d. 0.00.

b. Correct. DR = AR/ (IR x CR) = 0.05/0.50 = 0.10.

Which of the following circumstances would most likely cause an audit team to perform extended procedures? a. Supporting documents are produced when requested. b. The client made several large adjustments at or near year-end. c. The company has recently hired a new chief financial officer after the previous one retired. d. The company maintains several different petty cash funds.

b. Correct. If the client made several large adjustments at year-end (a red flag), extended procedures would be considered necessary to ensure that fraud was not taking place.

One of the typical characteristics of management fraud is a. Falsification of documents in order to misappropriate funds from an employer. b. Victimization of investors through the use of materially misleading financial statements. c. Illegal acts committed by management to evade laws and regulations. d. Conversion of stolen inventory to cash deposited in a falsified bank account.

b. Correct. Management fraud is victimization of investors through the use of materially misleading financial statements.

Under the Private Securities Litigation Reform Act (the Act), independent auditors are required to first a. Report in writing all instances of noncompliance with the Act to the client's board of directors. b. Report to the SEC all instances of noncompliance with the Act they believe have a material effect on financial statements if the board of directors does not first report to the SEC. c. Report clearly inconsequential noncompliance with the Act to the audit committee of the client's board of directors. d. Resign from the audit engagement and report the instances of noncompliance with the Act to the SEC.

b. Correct. Once informed, the board of directors has the first responsibility to report to the SEC. If the board does not report these items to the SEC, the law then requires the auditors to do so.

When evaluating whether accounting estimates made by management are reasonable, audi- tors would be most interested in which of the following? a. Key factors that are consistent with prior periods. b. Assumptions that are similar to industry guidelines. c. Measurements that are objective and not susceptible to bias. d. Evidence of a conservative systematic bias.

b. Correct. Once informed, the board of directors has the first responsibility to report to the SEC. If the board does not report these items to the SEC, the law then requires the auditors to do so.

When auditors become aware of noncompliance with a law or regulation committed by cli- ent personnel, the primary reason that the auditors should obtain a better understanding of the nature of the act is to a. Recommend remedial actions to the audit committee. b. Evaluate the effect of the noncompliance on the financial statements. c. Determine whether to contact law enforcement officials. d. Determine whether other similar acts could have occurred.

b. Correct. The audit team's first concern is the effect of the noncompliance on the financial statements.

When a company that sells its products with a positive gross profit increases its sales by 15 percent and its cost of goods sold by 7 percent, the cost of goods sold ratio will a. Increase. b. Decrease. c. Remain unchanged. d. Not be able to be determined with the information provided.

b. Correct. The numerator (cost of goods sold) increases relatively less than the denominator (sales) increases.

Auditors perform analytical procedures in the planning stage of an audit for the purpose of a. Deciding the matters to cover in an engagement letter. b. Identifying unusual conditions that deserve more auditing effort. c. Determining which of the financial statement assertions are the most important for the client's financial statements. d. Determining the nature,timing,and extent of further audit procedures for auditing the inventory.

b. Correct. This is the "attention directing" purpose.

All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as __, that can prevent the organization from achieving it objectives.

business risks

All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as_____ , that can prevent the organization from achieving it objectives.

business risks

Failure to meet company objectives is a result of a. Information risk. b. Audit risk. c. Business risk. d. Inherent risk.

c. Correct This is the definition of business risk.

If tests of controls induce the audit team to change the assessed level of control risk for fixed assets from 0.4 to 1.0 and audit risk (0.05) and inherent risk remain constant, the acceptable level of detection risk is most likely to a. Change from 0.1 to 0.04. b. Change from 0.2 to 0.3. c. Change from 0.25 to 0.1. d. Be unchanged.

c. Correct This solution is both mathematically and practically correct.

An audit committee is a. Composed of internal auditors. b. Composed of members of the audit team. c. Composed of members of a company's board of directors who are not involved in the day-to-day operations of the company. d. A committee composed of persons not associating in anyway with the client or the board of directors.

c. Correct. An audit committee is composed of members of a company's board of directors who are not involved in the day-to-day operations of the company.

Analytical procedures are generally used to produce evidence from a. Confirmations mailed directly to the auditors by client customers. b. Physical observation of inventories. c. Relationships among current financial balances and prior balances, forecasts, and nonfi- nancial data. d. Detailed examination of external, external-internal, and internal documents.

c. Correct. Analytical procedures incorporate information from a variety of sources.

Which of the following statements best describes auditors' responsibility for detecting a client's noncompliance with a law or regulation? a. The responsibility for detecting noncompliance exactly parallels the responsibility for errors and fraud. b. Auditors must design tests to detect all material noncompliance that indirectly affects the financial statements. c. Auditors must design tests to obtain reasonable assurance that all noncompliance with direct material financial statement effects is detected. d. Auditors must design tests to detect all noncompliance that directly affects the financial statements.

c. Correct. Auditors must design tests to obtain reasonable assurance that all noncompliance with direct material financial statement effects is detected.

Which of the following risk types increase when an auditor performs substantive analytical audit procedures for financial statement accounts at an interim date? a. Inherent. b. Control. c. Detection. d. Sampling.

c. Correct. The decision to perform substantive analytical procedures (as compared to a test of details) at interim (as compared to the balance sheet date) would increase detection risk.

What is the primary objective of the fraud brainstorming session? a. Determine audit risk and materiality. b. Identify whether analytical procedures should be applied to the revenue accounts. c. Assess the potential for material misstatement due to fraud. d. Determine whether the planned procedures in the audit plan will satisfy the general audit objectives.

c. Correct. The fraud brainstorming session is primarily focused on fraud risk assessment, which is the potential for material misstatement due to fraud in the financial statements. This is the primary objective of the session, according to professional standards (i.e., SAS No. 99).

Which of the following is a specific audit procedure that would be completed in response to a particular fraud risk in an account balance or class of transactions? a. Exercising more professional skepticism. b. Carefully avoiding conducting interviews with people in areas that are most susceptible to fraud. c. Performing procedures such as inventory observation and cash counts on a surprise or unannounced basis. d. Studying management's selection and application of accounting principles more carefully.

c. Correct. This is a specific procedural response mentioned in audit standards.

Generally a reassessment of control risk ______.

can only go upwards

A strong system of controls __ guarantee that errors will not occur.

cannot

Separation of duties cannot prevent __ which is two or more people working together to circumvent the internal control system.

collusion

The audit team:

communicates internal control issues to help management carry out internal control monitoring responsibilities, must communicate significant deficiencies and material weakness identified during the audit

Specific actions a client's management and employees take to help ensure management's directives are carried out are called _____

control activities

Once the auditor detects a __________, she must first evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion.

control deficiency

In the component________ the focus is on several things including organizational structure, assignment of responsibility, and human resource policies

control environment

Integrity, ethical values and competence of the entity's people are all________ factors

control environment

The foundation for all other components of internal control is the __.

control environment

The foundation for all other components of internal control is the____

control environment

_____________ sets the tone of the organization. Focuses on Integrity, Competence, participation of those charged with governance, management philosophy

control environment

The auditor should assess ___________for each relevant assertion by evaluating the evidence obtained from all sources, including the auditor's testing of controls for the audit of internal control on an issuer.

control risk

The risk that the auditors' own testing procedures will lead to the decision that material mis- statements do not exist in the financial statements when in fact such misstatements do exist is a. Audit risk. b. Inherent risk. c. Control risk. d. Detection risk.

d. Correct This is the definition of detection risk.

Auditing standards do not require auditors of financial statements to a. Understand the nature of errors and frauds. b. Assess the risk of occurrence of errors and frauds. c. Design audits to provide reasonable assurance of detecting errors and frauds. d. Report all errors and frauds found to police authorities.

d. Correct. Auditors are not required to report all finding of errors and frauds to police authorities.

If sales were overstated by recording a false credit sale at the end of the year, where could you find the false "dangling debit"? a. Inventory. b. Cost of goods sold. c. Bad debt expense. d. Accounts receivable

d. Correct. In (fictitious) credit sales and (fictitious) receivables.

Analytical procedures can be used in which of the following ways? a. As a means of overall review near the end of the audit. b. As "attention-directing" methods when planning an audit at the beginning. c. As substantive audit procedures to obtain evidence during an audit. d. All of the above.

d. Correct. The answer is all of the above. Analytical procedures can be used when planning the audit, when performing substantive procedures

A primary objective of analytical procedures used in the final review stage of an audit is to a. Identify account balances that represent specific risks relevant to the audit. b. Gather evidence from tests of details to corroborate financial statement assertions. c. Detect fraud that may cause the financial statements to be misstated. d. Assist the auditor in evaluating the overall financial statement presentation.

d. Correct. This is the correct answer. At the final review stage, analytical review procedures are designed to provide an overall test of reasonableness about the financial statements being reviewed, in light of all available evidence.

The likelihood that material misstatements may have entered the accounting system and not been detected and corrected by the client's internal control is referred to as a. Inherent risk. b. Control risk. c. Detection risk. d. Risk of material misstatement.

d. Correct. This is the definition of the risk of material misstatement.

Analytical procedures used when planning an audit should concentrate on a. Weaknesses in the company's internal control activities. b. Predictability of account balances based on individual significant transactions. c. Management assertions in financial statements. d. Accounts and relationships that can represent specific potential problems and risks in the financial statements.

d. Correct. With preliminary analytical procedures, the auditors are looking for signs of accounts and relationships that may represent specific potential problems and risks in the financial statements.

An employee knowingly doing something to bypass the internal control system is an act of

deliberate circumvention

Whether the controls over financial reporting, if operating as they should, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements is determined by __.

design effectiveness

Whether the controls over financial reporting, if operating as they should, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements is determined by ______

design effectiveness

AS 2201 requires testing for ________

design effectiveness and operating effectiveness.

The primary purpose for obtaining an understanding of internal control during the audit of a nonissuer is to:

determine the nature, timing, and extent of further audit tests to be performed.

______________ produce direct and material effects on the financial statements. law is identified with a specific account or disclosure

direct-effect non compliance

The reporting option when a scope limitation exists is a _______

disclaimer of opinion.

When a single audit test produces both control testing and substantive testing evidence, it is called a(n) _____ test

dual purpose

When a single audit test produces both control testing and substantive testing evidence, it is called a(n) __-__ test.

dual-purpose

An audit procedure that selects recorded payroll entries to vouch payroll to time cards and calculate the correct dollar amount of payroll is an example of a

dual-purpose test

An audit procedure that selects recorded payroll entries to vouch payroll to time cards and calculate the correct dollar amount of payroll is an example of a ______.

dual-purpose test

COSO internal control categories include __ and __ of operations.

effectiveness, efficiency

COSO developed a(n) __ framework to facilitate the assessment and mitigation of business risks a company faces.

enterprise risk management

COSO developed a(n) ______ framework to facilitate the assessment and mitigation of business risks a company faces.

enterprise risk management

The idea behind ERM or __, is that management, boards, and employees have to be constantly thinking about what could go wrong with the business and how to prevent it.

enterprise risk management

When documenting their understanding of the internal control system, the auditor should consider if the client has taken full advantage of their existing technological platform by using ______ control activities whenever it is efficient and effective.

entirely automated

Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls.

entity

For all relevant assertions for each significant account and disclosure, the audit team begins by examining _____ -_____ controls that are pervasive to the internal control system and reliability of the financial statements as a whole

entity level

Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called __ controls.

entity-level

Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of __ testing.

exception

Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.

exception

Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ______testing.

exception

True or false: An understanding of the design of controls or how they are intended to function provides the audit team complete evidence as to the operating effectiveness of controls.

false

True or false: Document examination alone is never considered an adequate test of controls.

false

True or false: Periodic management reviews are critically important to demonstrate that controls are operating in an effective manner.

false

True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness.

false

When completing the audit of internal controls for an issuer, the PCAOB requires the audit team to audit internal controls over_______

financial reporting

The professional standards require the auditor to gain an understanding of the client's risk assessment process related to ______.

financial reporting risks fraud risk

The professional standards require the auditor to gain an understanding of the client's risk assessment process related to:

financial reporting risks, fraud risk

Segregation of duties:

forces different people or departments to deal with different facets of transactions, prevents fraud that do not involve collusion, prevents incompatible responsibilities

To be considered appropriate audit evidence, an audit sample must be:

from a population that covers the entire period of reliance, representative of the population being sampled

When audit teams reach the third phase of an evaluation of internal control they:

have identified controls on which they intend to rely, have set an acceptable rate of compliance for an activity to be considered effective

When audit teams reach the third phase of an evaluation of internal control they ______.

have set an acceptable rate of compliance for an activity to be considered effective have identified controls on which they intend to rely

Flowcharts:

help the audit team assess the key control points in the process, involve considerable time and effort, have become a popular documentation method for auditors

The higher the assessment of control risk, the __ the assessment of risk of material misstatement.

higher

The purpose of separating the duties of _______ and distributing payroll checks is to separate the authorization of transactions from the custody of related assets.

hiring personnel

An audit team's assessment of control risk as high:

implies controls cannot be relied upon, implies controls are ineffective

Performance reviews ______.

include the study of budget variances with follow up actions require management's active participation in the supervision of operations can help lower the risk of material misstatements

Combinations of duties that place a single person in a position to create and conceal misstatement due to errors or frauds in his or her normal job are __ responsibilities.

incompatible

Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are _______ responsibilities

incompatible

___________are not related to specific accounts or disclosures on the financial statements.. it's the auditors responsibility to follow up

indirect-effect noncompliance

An account's significance is based on its __ risk.

inherent

An account's significance is based on its ______ risk.

inherent

The risk of material misstatement is composed of_____ risk and____ risk.

inherent control

The risk of material misstatement is composed of __ risk and __ risk.

inherent, control

The least persuasive type of control test evidence is _____

inquiry

When testing controls, the audit team often uses ______ about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed

inquiry

The four methods of testing controls are ____ , ____ ,document examination and _____

inquiry observation reperformance

The four methods of testing controls are __, __, document examination and __.

inquiry, observation, reperformance

An opinion of the entity's financial statements and a second opinion on management's assessment of the effectiveness of the entity's internal control over financial reported are issued as part of a(n)______

integrated audit

External auditors complete an audit on the financial statements and one on internal control as part of a(n)

integrated audit

External auditors complete an audit on the financial statements and one on internal control as part of a(n) __.

integrated audit

The ________ is a device for collecting evidence in the form of answers to control questions.

internal control questionnaire

The efficiency of a management interview can be improved by using a(n)

internal control questionnaire

The emphasis of the Sarbanes-Oxley Act is on the ___ as an important means to prevent or detect material misstatements in the financial statements due to fraud.

internal control system

Physical access should be limited to authorized personnel. This limitation should include:

inventory payroll records securities

Physical access should be limited to authorized personnel. This limitation should include:

inventory, payroll records, securities

Flowcharts ______.

involve considerable time and effort have become a popular documentation method for auditors help the audit team assess the key control points in the process

The acceptable rate of compliance for an internal control to be considered effective ______.

is a matter of professional judgment may be based on internal firm guidelines

Section 302 of the Sarbanes-Oxley Act ______.

is designed to ensure the proper "tone at the top" makes management responsible for monitoring, supervising and maintaining control activities allows managers to make their own judgments about the necessity of specific controls

The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion ______.

is equivalent to assessing control risk at 100%

The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion:

is equivalent to assessing control risk at 100%

After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because ______.

it is less time consuming to conduct substantive tests the internal control system is too ineffective to rely on the cost of obtaining a low control risk assessment is high

After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because:

it is less time consuming to conduct substantive tests, the internal control system is too ineffective to rely on, the cost of obtaining a low control risk assessment is high

Each member of the audit committee must be financially _____ and one member must be a financial ______

literate expert

Each member of the audit committee must be financially __ and one member must be a financial __.

literate, expert

After understanding and documenting internal control, the audit team should be able to ______.

make a preliminary assessment of control risk

After understanding and documenting internal control, the audit team should be able to:

make a preliminary assessment of control risk

Section 302 of the Sarbanes-Oxley Act:

makes management responsible for monitoring, supervising and maintaining control activities, allows managers to make their own judgements about the necessity of specific controls, is designated to ensure the proper "tone at the top"

Section 302 of the Sarbanes-Oxley Act ______.

makes managers responsible for establishing a control environment requires management to assess the risks it wishes to control

Under the Sarbanes-Oxley Act who is responsible for evaluating the effectiveness of an organization's internal control system?

management and external auditors

Section 404 of the Sarbanes-Oxley Act requires an entity's annual report to include a statement that ______.

management is responsible for establishing and maintaining adequate internal control over financial reporting identifies the framework used as a benchmark for evaluating the entity's internal control effectiveness

Although not required by auditing standards, audit teams often issue a(n) __ containing commentary and suggestions on a variety of matters in addition to internal control matters.

management letter

The risk assessment element of the COSO framework is ______ responsibility.

management's

Management may not be able to conclude that the entity's internal controls over financial reporting is effective if any _______exist.

material weaknesses

A __________ is a situation in which it is reasonably possible that a material misstatement would not be detected on a timely basis.

material weakness

Management may not be able to conclude that the entity's internal controls over financial reporting is effective if any __ exist.

material weaknesses

The preliminary assessment of control risk ______.

may be made after understanding and documenting internal control includes identifying activities explicitly designed to support reliable financial statement reporting

An audit team's assessment of control risk as low ______.

may limit the use of substantive tests of details allows auditors to use smaller sample sizes implies controls are effective

The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is ______.

moderate

The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is:

moderate

_____ includes procedures established to assess the quality of internal performance over time. The focus is on internal audit function, regular management and supervisory activities, and small procedures.

monitoring

In most audits of large entities, control risk assessment contributes to audit efficiency, which means that auditors will be able to reduce the cost of substantive procedures by an amount ______

more than the control evaluation costs.

Narrative descriptions tend to be ______.

most efficient for audits of small businesses

Narrative descriptions tend to be:

most efficient for audits of small businesses

Tests of controls ______.

must be performed to obtain evidence that controls can be relied on

The audit committee ______.

must have one member who is a financial expert members must all be financially literate is a subcommittee of the board of directors

A method for documenting the audit team's inderstanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) __.

narrative description

A method for documenting the audit team's understanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) __.

narrative description

A method for documenting the audit team's understanding of internal controls that describes all environmental elements, the accounting system and all control activities is called a(n) _____

narrative description

The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the _____, _____, and ______of further audit procedures to be conducted for the financial statement audit.

nature time extent

The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the __, __, and __ of further audit procedures to be conducted for the financial statement audit.

nature, timing, extent

An auditor can

never rely on information produced by the company's information system without investigation

When gaining an understanding of internal controls, assertions should ______.

only be considered if they are relevant

Whether a control is working as designed and whether the person performing the control has the authority and qualifications to perform the control is referred to as _____

operating effectiveness

Internal control is a set of policies and procedures designed to achieve management objectives in three different categories. Maintaining a good business reputation and increasing market share are objectives of the_____ category.

operations

Duties of the audit committee include ______.

oversight of the public accounting firm conducting the entity's audit overseeing the anonymous fraud hotline engaging legal council in the event of management fraud

Duties of the audit committee include:

oversight of the public accounting firm conducting the entity's audit, engaging legal counsel in the event of management fraud, overseeing the anonymous fraud hotline

When documenting their understanding of the internal control system, the audit team should consider questions related to ______

policies and procedures documentation and communicaiton information technology integration with the risk assessment process selection and development of control activities

When documenting their understanding of the internal control system, the audit team should consider questions related to:

policies and procedures documentation and communication, selection and development of control activities, integration with the risk assessment process, information technology

Separation of duties between the payroll and personnel departments is a ______________

preventative control

In some sense, all controls can be thought of as ______ controls.

preventive

Procedures that prevent misstatements before they occur are ____ controls which are preferable to _____ controls that find misstatements after they occur.

preventive detective

Separation of duties ______.

prevents fraud that do not involve collusion prevents incompatible responsibilities forces different people or departments to deal with different facets of transactions

External auditors are:

primarily concerned with a client's internal control system as it relates to the financial reporting category

Regarding a client's internal control system, external auditors are ______.

primarily concerned with the financial reporting category

Internal control provides __ assurance that management's objectives will be achieved.

reasonable

The COSO definition states that internal control is designed to provide __ regarding the achievement of objectives in three categories.

reasonable assurance

The COSO definition states that internal control is designed to provide _________ regarding the achievement of objectives in three categories.

reasonable assurance

Duties that should be separated are ______.

reconciliation recording authorization custody

Duties that should be segregated are:

reconciliation, recording, authorization, custody

When an auditor plans to __________and rely on controls to reduce substantive testing, they must make sure that the controls have been designed and are operating effectively in order to feel comfortable relying on such controls.

reduce control risk below the maximum

COSO internal control categories include______of financial reporting and______with applicable laws and regulations.

reliability compliance

COSO internal control categories include __ of financial reporting and __ with applicable laws and regulations.

reliability, compliance

The key difference between document examination and _____ is that the former provides evidence employees completed the activity and the later provides evidence it was done correctly.

reperformance

The most persuasive type of control test evidence is

reperformance

A key factor in audit sampling is that, for a sample to be considered , all items in a population must have an opportunity to be selected.

representative

A key factor in audit sampling is that, for a sample to be considered __, all items in a population must have an opportunity to be selected.

representative

To be considered appropriate audit evidence, an audit sample must be ______.

representative of the population being sampled from a population that covers the entire period of reliance

Performance reviews:

require management's active participation in the supervision of operations, can help lower the risk of material misstatements, include the study of budget variances with follow up actions

The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) ______assessment, (3) _____activities, (4) and (5) information and _____.

risk control monitoring communication

Identification by management of the risks relevant to the preparation of the financial statements that are generally related to changes is considered__________ which tries to weed out lying, stealing and cheating

risk assessment

The five basic components of a properly designed internal control system as defined by COSO are: (1) control environment, (2) __ assessment, (3) __ activities, (4) __ and (5) information and __.

risk, control, monitoring, communication

Common monitoring controls include:

self-assessments by management regarding the tone they set, analysis of and follow up items that might be indicative of a control failure, quality assurance review of the internal audit department

Internal control questionnaires:

should be used in combination with other methods, make it less likely for the audit team to forget to cover an important point, tend to be inflexible, are somewhat unique for each organization, help the auditing team obtain evidence about the control environment, should include questions about each relevant assertion

Flowcharts ______.

should flow from left to right and top to bottom must be understandable to an audit supervisor should include narrative explanations

Flowcharts:

should flow from left to right and top to bottom, should include narrative explanations, must be understandable to an audit supervisor

Gaining an understanding of internal controls should start by identifying _____accounts and disclosures and their_____ .

significant relevant assertions

The information system produces an audit trail that begins with __ documents and proceeds through to the financial reports.

source

A well-functioning internal control environment requires:

support as shown by management's philosophy and operating style, competent individuals in financial reporting and oversight roles, supportive human resource policies and practices

A well-functioning internal control environment requires ______.

supportive human resource policies and practices support as shown by management's philosophy and operating style competent individuals in financial reporting and oversight roles

Internal control questionnaires ______.

tend to be inflexible make it less likely for the audit team to forget to cover an important point should be used in combination with other methods

When the audit team members document their understanding of management's control activities, a positive assessment may result in

testing control activities for reliance

In order to assess control risk below the maximum ______.

tests of controls must be performed

In order to assess control risk below the maximum:

tests of controls must be performed

Obtaining an understanding of the information system relevant to financial reporting includes understanding:

the nature of the underlying accounting records, information and accounts used to execute a transaction, how the information system captures events and conditions other than transactions significant to the financial statements

Professional standards recognize that to make effective decisions, managers must have access to __, __ and __ information.

timely, reliable, relevant

Controls that pertain to specific classes of entries, account balances and disclosures are called ______ - level controls.

transaction

The audit team identifies _____ - ____ controls that pertain to specific classes of entries, account balances and disclosures.

transaction level

The audit team identifies __-__ controls that pertain to specific classes of entries, account balances and disclosures.

transaction-level

If the audit-team decides an entity-level control sufficiently reduces a specific risk ______.

transaction-level controls related to that risk may not be needed

True or false: In today's environment, it is essential that organizations have a robust set of cyber security control activities in place and operating effectively.

true

A combination of personnel inquiry, operation observation and document examination while tracing a single transaction through the entire audit trail is a(n)

walkthrough

A combination of personnel inquiry, operation observation and document examination while tracing a single transaction through the entire audit trail is a(n) _____

walkthrough