Audit Exam 2
Nonstatistical sample sizes are determined by
applying professional judgement, audit firm policy
Management asserts that ICFR is effective Blank
as of the end of the fiscal year
SOC 1, Type 2 reports issued by the service organization's auditor typically:
assess whether the service organization's controls are suitably designed and operating effectively
Estimating the portion of a population that possesses a specified characteristic is the basis of ______ sampling.
attribute
In applying attribute sampling to tests of controls, the auditor normally attempts to determine the operating ______ of a control in terms of deviations from a prescribed internal control.
effectiveness
The main cash account for most entities is called the ______ cash account
general
When an entity has a material weakness, it should take steps to correct it, which is referred to as
remediation
The mean misstatement per sampling item is calculated by dividing the known audit differences in the sample by the
sample size
To audit a payroll or branch bank account, the auditor uses a(n)
standard bank reconciliation, bank reconciliation, cutoff bank statement
When the auditor sets control risk at high, that control risk assessment is documented and ______ procedures are performed
substantive
The projection of the errors to the population is referred to as the ______ misstatement or likely error in IDEA.
projected
When an entity has a relatively complex internal control structure, an internal control _____ is generally used
questionnaire
Audit evidence supporting effective internal control must be obtained at the level of
reasonable assurance
Evidence on the operating effectiveness of a control may be obtained from
both direct testing and ongoing monitoring
An auditor calculated the mean misstatement per sampling item to be $3.12. If the total audit difference was $234.00, the sample size was
75
If you examine a sample of 100 transactions and find 8 with errors, this suggests a transaction error rate of
8
The purpose of the_______ Framework is to help management better control the organization and to provide boards of directors an added ability to oversee internal control
COSO
If a material weakness cannot be corrected and/or properly tested before the "as of" date,
both management and the auditor should issue a report that the ICFR is not operating effectively
True or false: An entity's mix of manual and automated controls varies with the nature and complexity of the entity's use of IT.
true
When an entity's computer system is not compatible with the auditor's GAS, the auditor should
write custom audit software
Once the desired confidence level is set, the appropriate sample size is determined by how much
tolerable error exceeds expected error
The risk of incorrect rejection is also commonly known as the risk of
underreliance, assessing control risk too high
Entity-level controls that require specific evaluation by the auditor are the
control environment, period end financial reporting process
True or false: Audit sampling is always appropriate, regardless of the level of risk.
false
Branch accounts can be operated as ______ accounts
general cash, imprest
Selection methods for nonstatistical sampling include
haphazard sampling, random sample. systematic sample (with random start)
Random-number selection is used in many statistical sampling applications because the auditor is required to be able to measure the ______ of selecting the sampling units selected.
probability
An internal control questionnaire
provides a systematic means to investigate internal control, is one of many questionnaires used by auditors, contains questions about the 5 internal control components
Common methods for projecting the amount of misstatement found in a nonstatistical sample are
ratio projection, difference projection
haphazard selection
selects items that will be representative of the population, allows the auditor to select items judgmentally
Examples of disclosure issues for cash include
cash balances restricted by foreign exchange contracts, an accounting policy for defining cash and cash equivalents, letters of credit
The difference between a control deficiency, a significant deficiency, and a material weakness is determined solely based on
magnitude
A deficiency in ICFR such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis is defined as a(n) ____________ by the PCAOB.
material weakness
An effective system of internal controls allows management to focus on ______ while maintaining compliance with relevant laws and minimizing surprises.
operations, financial performance goals
Major reconciling items in bank reconciliation working papers include
outstanding checks, deposits in transit, bank service charges
The COSO definition of ICFR is designed to provide _______ assurance regarding the reliability of financial reporting and GAAP financial statement presentation.
reasonable
True or false: Auditors need to understand how management considers applicable environmental risks.
true
True or false: In some instances, management may decide to accept the consequences of a possible risk.
true
Unless a longer period of time is required, PCAOB standards require the auditor to retain audit documentation for the ICFR and financial statement audit for ______ years.
7
Which of the following is a test of transactions for cash receipts to provide evidence regarding accuracy? -Trace a sample of remittance advices to the cash receipts journal and, if necessary, to deposit slips. -Examine a sample of remittance advices for proper account classification. -For a sample of days, example the signature on the deposit slip and check endorsements. -For a sample of weeks, foot the cash receipts journal and agree posting to the general ledger.
For a sample of weeks, foot the cash receipts journal and agree posting to the general ledger
Which of the following statements are correct? -A nonstatistical approach can involve random selection and a judgmental evaluation. -If a sample size is not statically derived, it cannot be statistically evaluated. -Haphazardly selected samples should not be formally evaluated statistically.
a nonstatistical approach can involve random selection and a judgmental evaluation, haphazardly selected samples should not be formally evaluated statistically
Which of the following statements is correct? -An auditor should not consider the size of the company when considering the company's internal control effectiveness. -A small, less-complex company may achieve control objectives differently than a large company. -The way a company achieves its control objectives is not affected by company size and complexity.
a small less complex company may achieve objectives differently than a large company
After planned tests of controls have been completed, the auditor should reach a conclusion on the ______ level of control risk.
achieved
If one or more unremediated material weaknesses is identified, the auditor issues a(n) ______ opinion on the entity's internal control.
adverse
An auditor's primary consideration regarding an entity's internal controls is whether they
affect the financial statement assertions
When considering financial reporting risks, management should generally include ______ business units.
all
Ensuring the completeness and accuracy of transaction processing, authorization, and validity is the goal of ______ controls
application
Which of the following statements is correct? -Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness. -A single set of audit procedures should be used to test both the design and operating effectiveness of controls. -Evidence about the operating effectiveness of controls should never be based on procedures used to test design effectiveness.
audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness
A major control that directly affects the audit of cash is the completion of a monthly ________________ to ensure the entity's books reflect the same balance as the bank's after required adjustments have been considered.
bank reconciliation
An auditor's use of substantive analytical procedures for auditing cash can include comparing the
cash balance with the prior year's balance, cash balance with the budgeted amounts
To understand management's and the board of directors' attitudes, awareness, and actions concerning it, the auditor should gain sufficient knowledge about the
control environment
Controls over data preparation, work flow control, and library functions are included in ______ controls.
data center and network
Rotation of duties and mandatory vacations, review of the operating system log, and regular updates of anti-virus software are examples of ______ controls.
data center and network
Symbols used in flowcharts are divided into ______ symbols.
data flow and storage, input/output, processing
Disadvantages of GAS include
data that is audited must be available in electronic form, it provides limited availability to verify programming logic
Once key controls have been identified, the auditor starts evaluating their
design effectiveness
Imprest accounts are frequently used for
disbursing payroll, disbursing payroll
If the auditor believes that additional management information in its report of ICFR contains a material misstatement of fact, the auditor should immediately
discuss the matter with management
Cash ______ a predictable relationship with other financial statement accounts.
does not have
In determining whether an IT specialist is needed, the auditor should consider the
extent to which data are shared among systems, existence of entity's participation in e-commerce, complexity of IT systems and control and how they are used
If management finds any significant control deficiencies or material weaknesses, they should be reported to the
external auditor, audit committee
An auditor might test controls at an interim date
for efficiency reasons, to inform management of deficiencies found in testing, to reassess control risk for ineffective controls
An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus? - data capture controls - application controls - output controls - general controls
general controls
The infrastructure, software, people, procedures, and data used to support the functioning of internal control is known as a(n)
information system
If management remediates a material weakness after the "as of" date, the auditor can provide a(n) _____ opinion.
interim
When considering important financial statement disclosures for cash, primary documents an auditor might review include
line of credit arrangements, minutes of board of directors' meetings, loan agreements
The auditor should gain sufficient knowledge about the control environment to understand the attitudes, awareness, and actions concerning the control environment of the
management, board of directors
Auditors
may rely on any control likely to prevent or detect and correct material misstatements
The fact that no system of internal controls is perfect and that there is a remote likelihood that material misstatement will not be prevented or detected in a timely manner even with effective controls is the concept of ______ assurance.
reasonable
Financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated are referred to as ______ assertions
relevant
The number of deviations found in the sample divided by the number of items in the sample is the ______ rate.
sample deviation
When sampling is used to estimate monetary misstatement, a confidence limit must be established as an allowance for
sampling risk
If the auditor determines that internal controls are not properly designed or not implemented, the auditor will
set the level of control risk at high, use substantive procedures to reduce the risk of material misstatement to an acceptable level
In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems
sophistication, complexity
Auditing standards recognize and permit both _________ and __________ methods of audit sampling
statistical, nonstatistical
True or false: The COSO definition of ICFR includes reasonable assurance regarding the safeguarding of assets.
true
True or false: When auditing the effectiveness of an entity's internal control, significant deficiencies do not require a departure from an unqualified opinion.
true
Which of the following make an approach nonstatistical? -A haphazard sample selection technique is used. -A random sample selection technique is used. -Judgment is used to determine the sample size. -Sample results are evaluated judgmentally.
a haphazard sample selection technique is used, judgement is used to determine the sample size, sample results are evaluated judgmentally
Management's assessment of the entity's ICFR must be based on
a recognized control framework
MUS is commonly used by auditors to test accounts such as
accounts receivable, inventory, loans receivable
To evaluate the characteristics of a population based on sample data, classical variables sampling uses _______ theory
classical variables
Nonstatistical audit sampling is ______ used in practice
commonly
Cash includes
currency on hand, certificates of deposit, savings accounts
When auditors want to perform specific audit tasks, _____ audit software is generally written.
custom
Test data
ensures the accuracy of computer processing of transactions, should include both valid and invalid data
Types of tests of controls include
inquiry, inspection, observation
ongoing monitoring is performed by
people using controls
In order to provide evidence to support the lower level of control risk when using a reliance strategy, auditors perform
test of controls
When a reliance strategy is chosen,
tests of controls are used to assess the achieved level of control risk
Reasons the audit testing of a payroll or branch account is less extensive than testing for the general account include
these types of accounts generally contain a minimal balance, the types of distributions from the account are homogeneous
The extent of an auditor's understanding of control activities is a function of
the audit strategy
When using nonstatistical sampling, the auditor may individually test any item that may contain potential misstatements that individually exceed _________ misstatement
tolerable
A common formula for a nonstatistical sample size is: Sampling population book value ÷ ( ____________ misstatement - __________ misstatement ) × __________ factor.
tolerable; expected; confidence
The controls that are of most direct relevance to a financial statement audit are those that contribute to financial statement ______
transparency, reliability, timeliness
Which of the following is an important control over cash disbursements? -Voucher packages are independently approved. -Checks are restrictively endorsed "For deposit only." -Daily preparation of a bank reconciliation. -Daily cash disbursements are reconciled with postings to the accounts receivable subsidiary ledger.
voucher packages are independently approved
The auditor traces a transaction from origination through the entity's processes and information system until it is reflected in the entity's financial reports when performing a(n)
walkthrough
Which of the following statements are true about the financial statement and ICFR audits? -Work must be planned to achieve both objectives. -They must be performed at different times. -Tests of controls should be done separately for the audits. -They have different objectives.
work must be planned to achieve both objectives, they have different objectives
When using probability-proportional-to-size sample selection, the probability that a customer with a zero balance will be selected using systematic selection of monetary values is
zero
Disadvantages of MUS include
zero balances are not automatically selected, overstatement of allowance of sampling risk, increased possibility of rejecting an acceptable book value
An account has a balance of $1.5 million. Individually significant items total $325,000. Tolerable misstatement is $40,000 and expected misstatement is $10,000. Given this information, and a confidence factor is 1.2, the nonstatistical sample size should be
47 ([1.5m-325k]/[40k-10k] *1.2)
If 3 deviations are found in a sample of 60, the sample deviation rate is _______ percent
5
The most common use of ______ sampling is for tests of controls.
attribute
If a significant deficiency or material weakness exists because of the audit committee's ineffective oversight, the auditor must communicate the specific deficiency or weakness, in writing, directly to the
board of directors
Management may include additional information in its report on ICFR. In regards to such information, the auditor should
disclaim an opinion
If the scope of the auditor's work is limited because of circumstances beyond the control of management or the auditor, the auditor's option are to
disclaim an opinion, withdraw from the engagement
The integrity and ethical values of management personnel heavily influence the ______ of an entity's internal controls.
effectiveness
The auditor has a responsibility to report on any changes in internal control that might affect financial reporting between the ______ and the date of the auditor's report.
end of the reporting period
Advantages of GAS include
entire populations can be examined, limited IT expertise is required, ease of use
Because they can have a pervasive effect on the entity's ability to meet the COSO control criteria, the auditor must test the effectiveness of __________ controls
entity level
The risk that a misstatement could result in a material misstatement of the financial statements is called a(n) _________ risk.
financial reporting
The approach followed by management in choosing which locations to include in its assessment of internal control is a function of
financial reporting risks at the locations, entity level controls
When it comes to ICFR documentation, management should
focus on controls deemed adequate to address financial reporting risk
Because this function affects the way transactions are initiated, authorized, recorded, processed, and reported, the extent of an entity's use of ______ can affect internal controls
information technology
Controls that are important to the auditor's conclusion about whether the entity's controls sufficiently address the assessed risk of misstatement are often referred to as _____ controls
key
Audit sampling for tests of controls is generally appropriate when the completion of a control procedure
leaves documentary evidence
Account balances sampled by auditors typically have ______ error rates.
low
When audit risk is low and the risk of material misstatement is high, detection risk will be set at
low
If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will
make an assessment of control risk based on the result of tests of controls, perform tests of controls to obtain audit evidence that controls are operating effectively
Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded and that the entity's information system generates information that is reliable for decision making?
management
A lower-level employee follows a directive that violates the entity's control policy out of fear of losing their job. This is most likely the result of
management override of internal controls
A deficiency, or combination of deficiencies, in internal controls, such that there is a reasonable possibility that a material misstatement of the entity's financial statement will not be prevented, or detected and corrected on a timely basis is a
material weakness
Prior to the issuance of the auditor's report on ICFR, the auditor must communicate in writing to both management and the audit committee identified
material weaknesses, significant deficiencies
AS 2201 specifies that the "size and complexity of the company, its business processes and business units, ______ affect(s) the way in which the company achieves many of its control objectives."
may
Evidence about the operating effectiveness of controls at service organizations that are relevant to management's assessment and the auditor's opinion
may be obtained by performing tests or obtaining a service auditor's report
When companies operate in multiple locations, branch accounts
may be used as imprest or general cash accounts
The failure of a preventive control (such as inventory tags) to safeguard assets ______ result in a significant deficiency or material weakness.
may or may not
Management's documentation of ICFR
may take many forms
When audit risk is low and the risk of material misstatement is high, substantive tests should be performed
mostly at year end
The auditor determines which items should be tested individually and which items should be subject to sampling in many __________ sampling applications
nonstatistical
direct tests of controls are performed by
objective individuals
What should be used when it is necessary to show the movement of a document or report back to a previous function?
on page connector
Unrestricted random sampling without replacement means
once an item is selected, it cannot be selected a second time
Classification of control deficiencies include ______ deficiencies.
operating, design
MUS can be used to test the assertion that no material misstatements exist in an account balance
or class of transactions or disclosure component of the financial statements
In assessing financial reporting risks, management must evaluate whether there are controls in place to address
other pervasive elements of ICFR, entity-level controls
Probability-proportional-to-size sampling approach is
particularly appropriate when the auditor is concerned with overstatements
The best way to identify potential sources of misstatements is often
performing walkthroughs
Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are examples of _____ controls.
physical
In conducting a statistical sample for a test of controls, auditing standards require the auditor to properly ______ the sampling application.
plan, perform, and evaluate
To compute sample size and evaluate the sample results, statistical sampling uses the laws of
probability
Flowcharting systems are divided into three groups: input/output symbols, _____ symbols, and _____ flow and ________ symbols.
processing data storage
To detect fraudulent activities in the cash accounts, auditors might prepare a(n) ______ of cash or test for _______ activities.
proof; kiting
When deciding whether substantive procedures are to be performed at an interim date, the auditor should consider the
purpose of the substantive procedures, nature of the relevant assertions, control environment
A material weakness is a deficiency or combination of deficiencies in ICFR such that there is a(n) ______ possibility that a material financial statement misstatement will not be prevented or detected on a timely basis.
reasonable
Ratio projection is used when the dollar amount of misstatement is expected to
relate to the dollar amount of items tested
Financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated are referred to as ______ assertions.
relevant
The auditor intends to depend on the entity's controls and may need a more detailed understanding of internal controls to develop a preliminary or "planned" assessment of control risk when following a ______ strategy.
reliance
A control issue does not rise to the level of control deficiency if the likelihood is
remote
Select all that apply Section 404 of the Sarbanes-Oxley Act Blank______. -requires management to accept responsibility for establishing and maintaining adequate ICFR -prevents an unqualified opinion on ICFR if any deficiencies were discovered during the year -requires management to issue a report -requires management to assert that ICFR has been effective throughout the entire year
requires management to accept responsibility for establishing and maintaining adequate ICFR, require management to issue a report
When using MUS, the selection of zero or negative balances
requires special design consideration
Written representations from management related to the audit of ICFR include management
responsibility for establishing and maintaining effective ICFR, concflusion about the effectiveness of the entity's ICFR as of a specified date
The major source of cash receipts for the general cash account is the ______ process.
revenue
A major premise of AS 2201 is that _______ assessment underlies the entire audit of ICFR
risk
To understand how management considers risks relevant to financial reporting and decides on appropriate actions to address those risks, the auditor should obtain sufficient information about the entity's ________ process
risk assessment
AS2201 defines policies and procedures that "provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposal of the entity's assets that could have a material effect on the financial statements as the _____ of assets."
safeguarding
Confidence level is the complement of
sampling risk
Controls that may be relevant to the audit when they have an impact on data the auditor uses to apply audit procedures include ______ controls.
compliance, operations
The primary purpose of sampling is to draw ___________ about the whole population based on the results of testing only a subset of the population.
conclusions
The amount of reliance to be placed on audit tests and the consequences of a decision error must be considered in determining
confidence level
The auditor uses the combination of the achieved level of ______ risk and the assessed level of _____ risk to determine the required level of ______ risk needed to bring audit risk to an acceptably low level.
control inherent detection
This exists in internal controls when the design or operation of a control does not allow management or employees to prevent, detect or correct misstatements on a timely basis
control deficiency
The components of internal controls as defined by the COSO Framework are
control environment, information and communication, monitoring activities, entity's risk assessment
A Treasury bill is an example of a cash
equivalent
In assessing material weaknesses in ICFR, management must
evaluate evidence about the operating effectiveness of ICFR, consider which locations to include in the evaluation, identify financial reporting risks and related controls
While the audit of ICFR and the audit of financial statements have different objectives, the auditor must plan and perform the audit work to achieve the objectives of both audits as a(n) _____ audit.
integrated
In establishing an effective control environment, the entity and its management must demonstrate a commitment to _____ and _____ values (Principle 1).
integrity ethical values
An important role in how management meets its stewardship or agency responsibilities is played by
internal controls
The auditor's understanding of ______ is used to identify the controls that are likely to prevent, or detect and correct, material misstatement in specific assertions.
internal controls
In testing an internal control, the risk that the sample supports a conclusion that the control is not operating effectively when, in truth, the control is operating effectively is the risk of
incorrect rejection, assessing control risk too high
The work performed by internal auditors, entity personnel, and third parties hired by management or the audit committee ______ be used by the auditor.
can
If the auditor fails to obtain written representations from management, the auditor ______ opinion of ICFR.
cannot issue an unqualified
When using probability-proportional-to-size sample selection, logical units with a book value larger than the sampling interval are ______ to be selected.
certain
To evaluate the characteristics of a population based on sample data, normal distribution theory is used in ______ sampling.
classical variables
Professional standards indicate that sample sizes for nonstatistical applications should be ______ sample sizes for statistical applications
comparable to
Which of the following statements is false? - The auditor must learn about each business process that affects significant account balances in the financial statements. -Understanding the information system requires knowing how the use of IT to process transactions comes with its own risks. -The auditor should understand the control procedures used by the entity to provide financial statement assurances. -Auditors must understand how the entity communicates information relevant to the preparation of financial statements within the entity only.
Auditors must understand how the entity communicates information relevant to the preparation of financial statements within the entity only.
Which of the following statements regarding internal control is false? -The monitoring component can be effective in a small to midsize entity as a result of management's close involvement in operations. -The size of an entity may affect how the components are implemented. -The basic concepts of the five components should be present in all entities. -All entities are required to have a written code of conduct.
all entities are required to have a written code of conduct
If a small number of large transactions make up a large percentage of an account, auditors will typically test
all transactions greater than a particular dollar amount
Data capture, data validation, processing, output, and errors controls are all categories of ______ controls.
application
Monetary-unit sampling (MUS) is based on ______ theory modified to express a monetary conclusion rather than a rate of occurrence.
attribute sampling
Selecting and evaluating less than 100% of the items in an audit population in such a way that the auditor expects a representative group to provide a reasonable basis for conclusions about the population is
audit sampling
Which of the following statements are correct? -Auditing standards recognize and permit both statistical and nonstatistical methods of audit sampling. -Steps and techniques for both statistical and nonstatistical sampling are more similar than different. -Auditing standards indicate that sample sizes for nonstatistical sampling should be larger than sample sizes for statistical sampling. -Research suggests that only statistical methods of sampling are common in practice.
auditing standards recognize and permit both statistical and non-statistical methods of audit sampling, steps and techniques for both statistical and non-statistical sampling are more similar than different
Which of the following statements are correct? -The assessment of the significance of a control deficiency depends on whether or not a misstatement has occurred. -Auditors are required to evaluate the severity of each control deficiency. -The severity of a control deficiency depends on its likelihood and magnitude.
auditors are required to evaluate the severity of each control deficiency, the severity of a control deficiency depends on its likelihood and magnitude
Advantages of MUS include
automatically stratified sample, smaller sample size than classical variables sampling when few misstatements expected, no requirement to make assumptions about the distribution of misstatements
Difference projection is used when the dollar amount of misstatement is expected to
be relatively constant for all items in the popu;ation regardless of dollar size
When companies use service organizations to process transactions,
both management and the auditor must consider the service organization activities, the service organization is considered part of the info and communication component of the entity's ICFR
Test data can be used to check
data validation controls, arithmetic calculations, error detection routines
As the sample size increases, the sampling risk
decreases
When computing a nonstatistical sample size, individually significant items are
deducted from the account balance
When preparing a bank reconciliation, outstanding checks are
deducted from the balance per bank
Tests of controls focus on ______ effectiveness
design and operating
A control deficiency exists when the ______ or _______ of a control does not allow management or employees to prevent or detect misstatements on a timely basis.
design; operation
An effective accounting system establishes methods and records that will
determine the proper time period in which transactions occurred, identify and record all valid transactions, describe transactions in sufficient detail to permit proper classification
The objectives of attribute sampling when used for tests of controls are to Blank______. -determine the level of substantive testing for a financial statement audit -evaluate the operating effectiveness of the internal control for purposes of the internal control audit -determine the degree of reliance that can be placed on controls for a financial statement audit -evaluate the compliance with policies about internal control by accounting staff
evaluate the operating effectiveness of the internal control for purposes of the internal control audit, determine the degree of reliance that can be placed on controls for a financial statement audit
Extended audit procedures that auditors typically use to detect fraudulent activities in the cash account include
extended bank reconciliation procedures, tests for kiting, proof of cash
Which of the following statements are correct? -External auditors seldom perform substantive procedures on the petty cash fund. -Because the balance in the petty cash fund is not material, there is almost no potential for fraud. -Internal auditors often document and perform tests of controls over petty cash.
external auditors seldom perform substantive procedures on the petty cash fund, internal auditors often document and perform tests of controls over petty cash
Large public companies are required to engage a(n) _____ auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting.
external/independent
Audit sampling is most often used in substantive testing to test the hypothesis that a financial statement account is
fairly stated
If tolerable misstatement is $120,000, and the upper limit on the account's possible misstatement is less than $120,000, then the account is considered to be
fairly stated
True or false: An entity's external auditor does not need to be concerned about the internal control system at service organizations used by the entity.
false
True or false: Because the potential for fraud is high, external auditors must perform substantive procedures on the petty cash fund.
false
True or false: If the auditor determines that elements of management's annual report on ICFR are incomplete or improperly presented, the auditor cannot issue a report on ICFR.
false
True or false: Monitoring is an effective component of internal control, whether or not deficiencies are communicated to those with oversight responsibilities in a timely manner
false
True or false: Nonstatistical sampling is generally considered "bad" sampling and thus rarely used in practice.
false
One disadvantage of classical variables sampling is that the projection of misstatements and related confidence limits may be unreliable if ______ misstatements are detected in the sample.
few
Section 404 of the Sarbanes-Oxley Act requires that management report on the effectiveness of its internal control over
financial reporting
Which of the following is a test of transactions for cash receipts to provide evidence regarding authorization? -For a sample of weeks, foot the cash receipts journal and agree posting to the general ledger. -Trace a sample of remittance advices to the cash receipts journal and, if necessary, to deposit slips. -For a sample of days, example the signature on the deposit slip and check endorsements. -Examine a sample of remittance advices for proper account classification.
for a sample of days, example the signature on the deposit slip and check endorsements
If management determines that mitigating a risk of inaccurate financial reporting is too costly to address, the auditors should ______.
give that risk additional scrutiny
Sampling units are selected without any conscious bias when a(n) _____ selection approach is used
haphazard
In order to set control risk below a high level, the auditor must
identify specific controls that will be relied upon, conclude on the achieved level of control risk, perform test of the identified controls
When deciding on the extent of testing, the auditor should consider the
importance of the control, nature of the control, frequency of operation
A stipulated amount of money to be used for a specific purpose is contained in a(n) ______ cash account
imprest
Which of the following statements are correct? -Violations of control activities by senior management are easy to detect with normal audit procedures. -In some cases, management may override an entity's internal controls. -Violations of internal control raise serious questions about management integrity.
in some cases, management may override an entity's internal controls, violations of internal controls raise serious questions about management integrity
If the auditor determines that elements of management's annual report on ICFR are incomplete or improperly presented, the auditor should
include an explanatory paragraph in the audit report
The phrase "All material respects" means that the entity's ICFR
is free of any material weakness
Monitoring of internal controls
is intended to assess quality of performance over time, may identify the need for control redesign, should be done to determine operating effectiveness
Random or systematic sample selection
is required for statistical sampling and may be used for nonstatistical sampling
Which of the following statements are correct? -It is easier to determine sample size using MUS when the auditor expects little or no misstatements. -MUS automatically results in a stratified sample when applied using a probability-proportional-to-size sample selection procedure. -Unlike classical variables sampling, MUS requires the user to make assumptions about the distribution of misstatements.
it is easier to determine sample size using MUS when the auditor expects little or no misstatements, MUS automatically results in a stratified sample when applied using a probability proportional to size sample selection procedure
If a control deficiency is a material weakness, management must disclose it in its assessment of the effectiveness of ICFR, including
its impact on the entity's financial reporting and its ICFR, management's current plans if any for remediating the weakness, the nature of the material weakness
The smaller the difference between tolerable error and expected error, the ______ the sample size needed.
larger
When compared to automated controls, manual controls should be subjected to ______ testing.
more extensive
To evaluate the characteristics of a population based on sample data, classical variables sampling uses _________ theory
normal distribution
A direct relationship exists between ____ which reflect what an entity is trying to achieve, ______ which represent what the entity needs to do to achieve them, and the structure of the entity.
objectives components
If the work of others is to be used, the auditor should assess the _____ and _____ of the persons whose work will be used.
objectivity, competence
The auditor's report on the effectiveness of internal control must
provide an opinion on effective ICFR as of the specified date, have the same date as the financial statement audit report, be addressed to the shareholders and board of directors, contain the basis of the auditor's opinion
The auditor has to understand the control activities that relate to assertions for which a lower level of control risk is expected when they decide to follow a _____ strategy.
reliance
If circumstances beyond the control of management or the auditor limit the _____ of the auditor's work, the auditor should disclaim an opinion or withdraw from the engagement
scope
A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a(n) _______ deficiency.
significant
In evaluating the risk of material misstatement due to fraud and the risk of management override of controls, the auditor should consider controls over
significant & unusual transactions resulting in unusual journal entries, journal entries and adjustments made in the period end financial close
Although it is less severe than a material weakness, a(n) _____ is still important enough to merit attention by those charged with governance.
significant deficiency
Auditing standards indicate that the sample size for statistical sampling should be ______ that of nonstatistical sampling.
similar
When comparing sample sizes using classical variables and monetary-unit sampling, if the auditor expects a relatively large number of differences between book and audited values, classical variables sampling will normally result in a ______ sample size.
smaller
Recent research suggests that among the largest firms,
some use statistical sampling and others use nonstatistical sampling
Small to midsize entities
sometimes use alternative approaches to achieve effective internal control
The auditor's treatment of a(n) _______ event depends on whether the event reveals information about a material weakness that existed at the end of the reporting period or about a new condition that did not exist at the end of the reporting period.
subsequent
The last step in the decision process under either audit strategy is performing ______ procedures
substantive
The risk that material misstatements are present in financial statements may be increased by conducting _____ procedures only at an interim date.
substantive
When the auditor has decided not to rely on the entity's controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a(n) _____ audit strategy.
substantive
The auditor may decide to follow a substantive strategy for some or all assertions because
testing the operating effectiveness of the controls would be inefficient, implemented controls do not pertain to the assertion under consideration, implemented controls are assessed as ineffective
Disadvantages of classical variables sampling (CVS) include
the auditor must estimate the standard deviation of the audit differences in order to determine sample size, the estimated variance used for evaluation purposes may underestimate the true variance if few misstatements are detected in the same, some techniques do not work well when little or no misstatement is expected
Which of the following statements are correct? -The auditor should understand the control procedures used by the entity to provide financial statement assurance. -The auditor must learn about each business process that affects all account balances in the financial statements. -Understanding the information system requires knowing how IT is involved in data processing
the auditor should understand the control procedures used by the entity to provide financial statement assurance, understanding the info system requires knowing how IT is involved in data processing
Which of the following statements about internal controls is correct? - a properly maintained internal control system reasonably ensures that collusion among employees cannot occur - the establishment and maintenance of internal controls is an important responsibility of the internal auditor - an exceptionally strong internal control system is enough for the auditor to eliminate substantive procedures on a significant account balance - the cost-benefit relationship is a primary criterion that should be considered is designing an internal control system
the cost-benefit relationship is a primary criterion that should be considered is designing an internal control system
Section 404 of the Sarbanes-Oxley Act requires management to report on
the effectiveness of internal control over financial reporting
Audit documentation related to the audit of internal controls must include
the scope of testing, the evaluation of deficiencies discovered, the extent of reliance on work performed by others
Advantages of classical variables sampling (CVS) include
the techniques are effective for both overstatements and understatements, it will normally result in a similar sample size than MUS when a relatively large number of differences between book and audited values are expected, the selection of zero balances does not require special sample design considerations
When a service organization provides accounting services to an entity and those services affect the entity's accounting records,
they are considered part of the entity's info system, the entity's external auditor must be concerned with the internal control system at the service organization
True or false: A substantive strategy requires the auditor to have a sufficient understanding of the entity's internal controls to know whether they are properly designed and implemented.
true
After auditing the effectiveness of an entity's internal control, an auditor issues a(n) ______ opinion if the entity's internal control is designed and operating effectively in all material respects.
unqualified
The total of the projected misstatement and the allowance for sampling risk is referred to as the ____________ limit.
upper misstatement/error
To develop an understanding of control activities, auditors normally use
walkthroughs
Which of the following statements are correct? -When testing, auditors should focus on key controls. -Auditors must make decisions regarding which locations to test based on the presence of entity-level controls and financial reporting risk. -Identifying controls to be tested is an objective task that requires little professional judgment. -Auditors must evaluate whether to test preventive controls, detective controls, or a combination of both.
when testing auditors should focus on key controls, auditors must make decisions regarding which location to test based on the presence of entity level controls and financial reporting risk, auditors must evaluate whether to test preventative controls detective controls or a combination of both