Audit Ch. 6 LS
The purpose of the ______ Framework is to help management better control the organization and to provide boards of directors an added ability to oversee internal control.
COSO
Controls that are part of the computer programs used in the accounting system are _____ controls.
application
Ensuring the completeness and accuracy of transaction processing, authorization, and validity is the goal of ______ controls.
application
The tone of a organization is set an the control consciousness of its people is influenced by the ______,
control environement
The tone of an organization is set and the foundation for implementing the entity's system of internal control is established by the _____ _____.
control environment
The two broad categories of information systems controls are ______ controls and _______ controls.
general and application
When the auditor intends to depend on the entity's controls, a(n) ______ strategy is chosen.
reliance
Less severe than a material weakness, a(n) _____ _____ is still important enough to merit attention by those charged with governance.
significant deficiency
Assessing the quality of internal control performance over time is the intention of ______ of controls.
monitoring
General controls play an important role in providing assurance about the quality of _____ controls.
processing
The proper execution of transactions is ensured by ______ controls.
processing
An internal control ________ is generally used for entities with a relatively complex internal control structure.
questionaire
Which of the following communicate policies and procedures to the entity's personnel? - Accounting manuals - Personnel manuals - Memoranda - Policy manuals
- Accounting manuals - Memoranda - Policy manuals
The components of internal controls as defined by the COSO Framework are ______. - control environment - information and communication - detection activities - monitoring activities - entity's risk assessment
- control environment - information and communication - monitoring activities - entity's risk assessment
The auditor may decide to follow a substantive strategy for some or all assertions because ______. - implemented controls are assessed as ineffective - tests of controls have been used to assess control risk - testing the operating effectiveness of the controls would be inefficient - implemented controls do not pertain to the assertion under consideration
- implemented controls are assessed as ineffective - testing the operating effectiveness of the controls would be inefficient - implemented controls do not pertain to the assertion under consideration
The auditor should gain sufficient knowledge about the control environment to understand the attitudes, awareness, and actions concerning the control environment of the ______. - management - non-management employees - board of directors - internal auditors
- management - board of directors
When deciding whether substantive procedures are to be performed at an interim date, the auditor should consider the ______. - desired risk of material misstatement - nature of the relevant assertions - purpose of the substantive procedures - control environment
- nature of the relevant assertions - purpose of the substantive procedures - control environment
True or false: An entity's external auditor does not need to be concerned about the internal control system at service organizations used by the entity. True false question. True
False
True or false: The application systems acquisition, development and maintenance controls are critical for ensuring the reliability of information processing.
True
The process of evaluating the effectiveness of an entity's internal control in preventing, or detecting and correcting, material misstatements in the financial statements is called _____ control risk.
assessing
How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ______.
auditors
Within an entity, there is always a risk of the fraud of ______ between individuals will destroy the effectiveness of segregation of duties.
collusion
Controls that may be relevant to the audit when they have an impact on data the auditor uses to apply audit procedures include ______ controls. - planning - management decision - compliance - operations
compliance operations
Approvals, authorizations, verifications, reconciliations, review of operating performance, and segregation of duties are all examples of ______ activities.
control
Rotation of duties and mandatory vacations, review of the operating system log and regular updates of anti-virus software are examples of ______ controls.
data center and network
Controls that can be applied at various stages and are mainly concerned with the accuracy assertion are ______ controls.
data validation
Knowledge of the information system is important to understand the related accounting records when they are ______.
electronic or manual
Large public companies are required to engage a(n) _____ auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting.
external
True or false: All communication regarding matters affecting the functioning of internal control within an organization should be internal.
false
Controls that relate to the overall information processing environment, have a pervasive effect on the entity's computer operation and are sometimes referred to as supervisory, management or information technology controls are called ______ controls.
general
Auditors may test controls at a(n) ______ date because the assertion being tested may not be significant, the control has been effective in prior audits, or it may be more efficient to conduct the tests at that time.
interim
The auditor's understanding of ______ is used to identify the controls that are likely to prevent, or detect and correct, material misstatement in specific assertions.
internal controls
Interim tests of controls give auditors time to inform the ______ so that likely misstatements can be located and corrected before the rest of the audit is performed.
management
Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded, and that the entity's information system generates information that is reliable for decision making?
management
A deficiency, or combination of deficiencies, in internal controls, such that there is a reasonable possibility that a material misstatement of the entity's financial statement will not be prevented, or detected and corrected on a timely basis is a ______.
material weakness
When audit risk is low and the risk of material misstatement is high, substantive tests should be performed ______.
mostly at year-end
If an entity's accounting system has control weaknesses that result in a high level of assessed control risk, substantive procedures will probably ______.
not be conducted at interim dates
A direct relationship exists between _____ which reflect what an entity is trying to achieve_____, which represent what the entity needs to do to achieve them, and the ______ of the entity.
objectives; components; structure
Tests of controls directed toward ______ ______ are concerned with assessing how the control was applied, the consistency with which it was applied during the audit period and by whom it was applied.
operating effectiveness
An effective system of internal controls allows management to focus on _____ while maintaining compliance with relevant laws and minimizing surprises. - operations - financial performance goals - compensation maximization - stock price fluctuations
operations financial performance goals
Report distribution logs, transmittal sheets, reasonableness reviews and reconciliations to control or batch totals are examples of ______ controls.
output
The main concern of ______ controls is that computer reports, checks, documents or other printed or displayed information may be distributed or displayed to unauthorized users.
output
A rule or guideline that calls for certain activities to take place in certain circumstances is knowns as a(n) _______.
policy
A policy might call for two people to sign all checks over a certain dollar amount and the _____ is the action of having two people sign a check.
procedure
The auditor intends to depend on the entity's controls and may need a more detailed understanding of internal controls to develop a preliminary or "planned" assessment of control risk when following a ______ strategy.
reliance
As it relates to the external financial reporting objective, the entity's _____ _____ process should consider internal and external events and circumstances that may arise and adversely affect the entity's ability to initiate, authorize, record, process and report financial data consistent with management's financial statement assertions.
risk assessment
The auditor should obtain sufficient information about the entity's ______ ______ process to understand how management considers risks relevant to financial reporting and decides on appropriate actions to address those risks.
risk assessment
Small to midsize entities ______.
sometimes use alternative approaches to achieve effective internal control
The last step in the decision process is performing ______ procedures.
substantive
The risk that material misstatements are present in financial statements may be increased by conducting ______ procedures only at an interim date.
substantive
When the auditor has decided not to rely on the entity's controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a(n) ______ audit strategy.
substantive
The extent of an auditor's understanding of control activities is a function of ______.
the audit strategy
True or false: A substantive strategy requires the auditor to have a sufficient understanding of the entity's internal controls to know whether they are properly designed and implemented.
true
According to COSO, a system of internal controls is designed to provide reasonable assurance about the achievement of entity objectives in which of the following categories? - Maximization of management compensation - Reliability, timeliness and transparency of internal and external financial and non-financial reporting - Compliance with applicable laws and regulations - Accuracy of internal and external financial and non-financial reporting - Effectiveness and efficiency of operations
- Reliability, timeliness and transparency of internal and external financial and non-financial reporting - Compliance with applicable laws and regulations - Effectiveness and efficiency of operations
The policies and procedures that help ensure that management's directives are carried out and implemented to address risks identified in the risk assessment process are ______ activities.
control
An internal control questionnaire ______. - contains questions about the five internal control components - provides a systematic means to investigate internal control - is generally used for entities with a relatively simplistic internal control structure - is one of many types of questionnaires used by auditors
- provides a systematic means to investigate internal control - contains questions about the five internal control components - is one of many types of questionnaires used by auditors
Data capture controls must ensure that ______. - rejected transactions are identified, controlled, corrected and reentered - transactions are only recorded once - every transaction entered has appropriate source documentation - all transactions are recorded in the application system
- rejected transactions are identified, controlled, corrected and reentered - transactions are only recorded once - all transactions are recorded in the application system
To obtain an understanding of the entity's internal controls which helps identify key controls, recognize types of potential misstatements and design test of controls and substantive procedures, auditors use _____ _____ procedures.
risk assessment
Which of the following statements are correct? - Auditors are mainly concerned that program changes are properly authorized, tested and implemented. - Good documentation is an important component of managing controls. - The external auditor should not be involved in the system acquisition or development process.
- Auditors are mainly concerned that program changes are properly authorized, tested and implemented. - Good documentation is an important component of managing controls.
Which of the following statements are correct? - Most transaction errors are identified by processing or output controls. - Errors must be corrected and resubmitted at the correct point in processing. - Proper segregation of duties is important in preventing errors from processing. - Errors can be identified at any point in the system.
- Errors must be corrected and resubmitted at the correct point in processing. - Proper segregation of duties is important in preventing errors from processing. - Errors can be identified at any point in the system.
Which of the following statements are correct? - The auditor must learn about each business process that affects all account balances in the financial statements. - Understanding the information system requires knowing how IT is involved in data processing. - The auditor should understand the control procedures used by the entity to provide financial statement assurance.
- Understanding the information system requires knowing how IT is involved in data processing. - The auditor should understand the control procedures used by the entity to provide financial statement assurance.
Which of the following statements are correct? - Violations of internal control raise serious questions about management integrity. - Senior management may override an entity's internal controls. - Violations of control activities by senior management are easy to detect with normal audit procedures.
- Violations of internal control raise serious questions about management integrity. - Senior management may override an entity's internal controls.
Communication with external parties regarding matters affecting the functioning of internal control ______. - can assist in meeting outside requirements and expectations - should only be done between the entity and its external auditors - enables inbound receipt of relevant information
- can assist in meeting outside requirements and expectations - enables inbound receipt of relevant information
An effective accounting system establishes methods and records that will ______. - determine the proper time period in which transactions occurred - describe transactions in sufficient detail to permit proper classification - identify and record all valid transactions - present transaction and disclosures in a manner than ensures profitability for the entity
- determine the proper time period in which transactions occurred - describe transactions in sufficient detail to permit proper classification - identify and record all valid transactions
In determining whether an IT specialist is needed, the auditor should consider the ______. - extent to which data are shared among systems - existence of the entity's participation in electronic commerce - complexity of the IT systems and controls and how they are used - total revenue the entity generates in a typical year - entity's use of existing, common IT technologies
- extent to which data are shared among systems - existence of the entity's participation in electronic commerce - complexity of the IT systems and controls and how they are used
To obtain an understanding of an entity's internal controls auditors may use ______. - inspection of entity documents and reports - inquiry of appropriate personnel - reperformance of control activities - observation of entity activities and operations - recalculation of account balances
- inspection of entity documents and reports - inquiry of appropriate personnel - observation of entity activities and operations
Monitoring of internal controls ______. - has received decreased attention in recent years - is intended to assess quality of performance over time - should be done to determine operating effectiveness - may identify the need for control redesign
- is intended to assess quality of performance over time - should be done to determine operating effectiveness - may identify the need for control redesign
Internal communication within an organization related to internal control ______. - should always be made by senior management either orally or in writing - is provided by policy manuals - provides clear messages about the importance of how control responsibilities are to be performed - involves providing and understanding of roles and responsibilities
- is provided by policy manuals - provides clear messages about the importance of how control responsibilities are to be performed - involves providing and understanding of roles and responsibilities
If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will ______. - set the level of control risk at high - make an assessment of control risk based on the result of tests of controls - use substantive procedures to reduce the risk of material misstatement to an acceptable level - perform tests of controls to obtain audit evidence that controls are operating effectively
- make an assessment of control risk based on the result of tests of controls - perform tests of controls to obtain audit evidence that controls are operating effectively
When a service organization provides accounting services to an entity and those services affect the entity's accounting records, ______. - they are considered part of the entity's information system - the entity's external auditor must rely on the control assessment provided by the service organization's auditor - the entity's external auditor must be concerned with the internal control system at the service organization - control risk must be assessed at high
- they are considered part of the entity's information system - the entity's external auditor must be concerned with the internal control system at the service organization
If the auditor determines that internal controls are not properly designed or not implemented the auditor will ______. - use substantive procedures to reduce the risk of material misstatement to an acceptable level - perform tests of controls to obtain audit evidence that controls are operating effectively - set the level of control risk at high - make an assessment of control risk based on the result of tests of controls
- use substantive procedures to reduce the risk of material misstatement to an acceptable level - set the level of control risk at high
Data capture controls are concerned primarily with the ______ assertions. - completeness - occurrence - authorization - reliability - accuracy
- completeness - occurrence - accuracy
True or false: An entity's mix of manual and automated controls varies with the nature and complexity of the entity's use of IT.
True
True or false: Auditors need to understand how management considers risks because many types of risk can impact financial reporting objectives.
True
Locked doors to prevent unauthorized entry, preventing programmers from entering the computer room and an operational disaster recovery plan are examples of ______ controls.
access and security
The physical protection of computer equipment, software and data as well as loss of assets and information through theft or unauthorized use is the concern of ______ controls.
access and security
After planned tests of controls have been completed, the auditor should reach a conclusion on the ______ level of control risk.
achieved
When an employee who receives cash receipts from customers conspires with another employee who records those receipts in the customers' records to steal cash from the entity, this is known as ______.
collusion
Controls over data preparation, work flow control and library functions are included in ______ controls.
data center and network
The extent of an entity's use of ______ can affect internal controls because this function affects the way transactions are initiated, authorized, recorded, processed and reported.
info tech
The infrastructure, software, people, procedures and data used to support the functioning of internal control is known as a(n) ______ ______
information system
When audit risk is low and the risk of material misstatement is high, detection risk will be set at ______.
low
In order to provide evidence to support the lower level of control risk when using a reliance strategy, the auditor performs ______ ______ ______.
tests of controls
Output documents from the application that are used as source documents in later processing are called _____ documents.
turnaround