Auditing Chapter 5
Which of the following statements is correct regarding internal control?
A well-designed internal control environment ensures the achievement of an entity's control objectives. An inherent limitation to internal control is the fact that controls can be circumvented by management override. Correct A well-designed and operated internal control environment should detect collusion perpetrated by two people. Internal control is a necessary business function and should be designed and operated to detect all errors and fraud.
Which of the following would most likely be classified as a material weakness?
Absence of appropriate separation of duties. Absence of appropriate reviews and approvals of transactions. Evidence of failure of control activities. Ineffective oversight of the financial reporting process by the company's audit committee. Correct
Which of the following procedures is considered a test of controls?
An auditor reviews the entity's check register for unrecorded liabilities. An auditor evaluates whether a general journal entry was recorded at the proper amount. An auditor interviews and observes appropriate personnel to determine segregation of duties. Correct An auditor reviews the audit workpapers to ensure proper sign-off.
Which of the following audit procedures most likely would provide an auditor with the most assurance about the effectiveness of the operation of an entity's internal control?
Confirmation with outside parties. Inquiry of client personnel. Successful re-performance of the control activity.Correct Observation of client personnel.
Which of the following is not a component of internal controls?
Control environment. Control activities. Inherent risk. Correct Monitoring.
Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?
Disclosing lack of segregation of duties to the external auditors during the annual review. Replacing personnel every three or four years. Requiring accountants to pass a yearly background check. Allowing for greater management oversight of incompatible activities. Correct
Which of the following areas can external auditors rely on internal auditors' work in auditing internal controls?
Evaluation of the auditing environment. Testing of low risk internal control activities.Correct All testing of the operating effectiveness of internal control activities. As providing the principle evidence for the external auditors' opinion.
Which of the following should an auditor do when control risk is assessed at the maximum level?
Perform fewer substantive tests of details. Perform more tests of controls . Document the assessment. Correct Document the control structure more extensively
Which of the following outcomes is a likely benefit of information technology used for internal control?
Processing of unusual or nonrecurring transactions. Enhanced timeliness of information. Correct Potential loss of data. Recording of unauthorized transactions.
Which of the following is a definition of control risk?
The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls.Correct The risk that the auditor will not detect a material misstatement. The risk that the auditor's assessment of internal controls will be at less than the maximum level. The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.
Which of the following is the least important audit reason for the auditor's obtaining an understanding of a company's internal control?
To serve as a basis for constructive suggestions. Correct To plan subsequent substantive tests. To identify types of possible misstatements that may occur. To consider factors that may affect the risk of material misstatement.
The appropriate separation of duties does not include:
authorization to execute transactions. recording of transactions. custody of assets involved in the transactions. data preparation. Correct
Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been:
authorized. implemented. Correct tested. monitored.
The overall attitude and awareness of an entity's board of directors concerning the importance of the client's internal control usually is reflected in its:
computer-based control activities. system of separation of duties. control environment. Correct safeguards over access to assets.
The "obtaining an understanding" work phase (Phase 1) of internal control evaluation would not give auditors an overall acquaintance with the client's:
control environment. information and communication system. control activity effectiveness. Correct monitoring activities.
An audit team's responsibility would not include
designing client's internal controls. Correct documentation of understanding of a client's internal controls. communicating internal control deficiencies. assessing the effectiveness of a client's internal controls.
When the audit team increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the audit team would most likely increase the:
extent of substantive tests of details. Correct level of inherent risk. extent of tests of controls. level of detection risk.
The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the:
factors that raise doubts about the auditability of the financial statements. operating effectiveness of internal control policies and procedures. risk that material misstatements exist in the financial statements. Correct possibility that the nature and extent of substantive tests may be reduced.
Proper separation of duties reduces the opportunities to allow persons to be in positions to both:
journalize entries and prepare financial statements. record cash receipts and cash disbursements. establish internal controls and authorize transactions. perpetrate a fraud and then conceal it in the books. Correct
The primary objective of procedures performed to obtain an understanding of the entity's internal control is to provide an auditor with:
knowledge necessary for audit planning. Correct evidential matter to use in assessing inherent risk. a basis for modifying tests of controls. an evaluation of the consistency of application of management's policies.
Control activities intended to ensure that transactions are recorded in the right period are designed to achieve the ASB assertion of:
occurrence. accuracy. valuation or allocation. cutoff. Correct
If auditors assess control risk at the maximum level, they will tend to:
perform a great deal of additional tests of controls. perform a great deal of substantive testing during the audit. Correct perform substantive tests at an interim date. perform more audit procedures using internal evidence.
Assessing control risk at below the maximum level most likely would involve:
performing more extensive substantive tests with larger sample sizes than originally planned. reducing inherent risk for most of the assertions relevant to significant account balances. changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end. identifying specific internal control activities that are relevant to specific financial statement assertions. Correct
In an audit of financial statements, an auditor's primary consideration regarding an internal control policy or activity is whether the policy or activity:
reflects management's philosophy and operating style. affects management's financial statement assertions. Correct provides adequate safeguards over access to assets. enhances management's decision making processes.
Tracing bills of lading to sales invoices provides evidence that:
shipments to customers were invoiced. Correct shipments to customers were recorded as sales. recorded sales were shipped. invoiced sales were recorded as sales.
After obtaining an understanding of a client's financial reporting control activities, the auditor would next:
test the client's control activities. assess the final control risk. document the understanding obtained. Correct plan the remainder of the audit work.
A report on internal control effectiveness by the management team of public companies is required by:
the Sarbanes-Oxley Act of 2002. Correct the PCAOB. the AICPA. the auditors.
Sound internal control can be described as separating all of the following duties and responsibilities except for:
transaction authorization. recordkeeping. custody of, or direct access to, assets. hiring of employees. Correct