Ch 7 Quiz and HW

At the completion of the audit, the auditors are least likely to know: The assessed level of control risk. The planned assessed level of control risk. Actual control risk. The scope of tests of controls.

Actual control risk. The auditors never know the exact control risk involved—they always simply have an estimate of it.

Which of the following factors most likely would be considered an inherent limitation to an entity's internal control? The lack of resources to monitor internal controls. The ineffectiveness of the entity's audit committee. Collusion of employees in circumventing internal controls. The complexity of the entity's electronic order processing system.

Collusion of employees in circumventing internal controls.

Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes? Checklist. Confirmation. Flowchart. Questionnaire.

Confirmation. A confirmation is designed to obtain evidence from a third-party. It is not used to document internal control.

Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes? Confirmation. Checklist. Questionnaire. Flowchart.

Confirmation. A confirmation is designed to obtain evidence from a third-party. It is not used to document internal control.

When a CPA decides that the work performed by internal auditors may have an effect on the nature, timing, and extent of the CPA's procedures, the CPA should consider the competence and objectivity of the internal auditors. Relative to objectivity, the CPA should: Consider the organizational level to which the internal auditors report the results of their work. Review the internal auditors' work. Consider the qualifications of the internal audit staff. Review the training program in effect for the internal audit staff.

Consider the organizational level to which the internal auditors report the results of their work. The internal auditors' objectivity refers to their relative independence from the organizational units they have been evaluating. This may best be determined by considering the organizational level to which the internal auditors report. The other answers address the issues of the internal auditors' competence, not objectivity.

Which of the following would be least likely to be considered an objective of internal control? Checking the accuracy and reliability of accounting data. Detecting management fraud. Encouraging adherence to managerial policies. Safeguarding assets.

Detecting management fraud. Detecting management fraud is generally not considered to be an objective of internal control. In fact, one of the inherent limitations of internal control is that it is subject to override by management. All of the other answers represent valid objectives of internal control.

Effective internal control in a small company that has an insufficient number of employees to permit proper separation of responsibilities can be improved by: Employment of temporary personnel to aid in the separation of duties. Direct participation by the owner in key record-keeping and control activities of the business. Engaging a CPA to perform monthly write-up work. Delegation of full, clear-cut responsibility for a separate major transaction cycle to each employee.

Direct participation by the owner in key record-keeping and control activities of the business. Involvement of the owner in key control functions should be a major step toward preventing material errors or defalcations. Employment of temporary personnel to aid in the separation of duties would not be cost-effective. Engaging a CPA to perform monthly write-up work would provide some measure of control, but not as much as would daily participation by the owner. If it were feasible to hire additional employees, it would be cheaper to hire permanent employees rather than temporary. The need for internal control is permanent. Delegation of full, clear-cut responsibility for a separate major transaction cycle to each employee would weaken, not strengthen internal control.

Which of the following is not an advantage of establishing an enterprise risk management system within an organization? Reduces operational surprises. Provides integrated responses to multiple risks. Eliminates all risks. Identifies opportunities.

Eliminates all risks. An enterprise risk management system cannot eliminate all risks.

Which of the following is least likely to be considered an appropriate response relating to risks the auditors identify at the financial statement level? Increase the scope of auditor procedures. Assign more experienced staff. Emphasize the need to remain neutral, rather than to exercise professional skepticism. Incorporate additional elements of unpredictability in the selection of audit procedures.

Emphasize the need to remain neutral, rather than to exercise professional skepticism.

When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level of control risk will: Be less than the preliminary assessed level of control risk. Equal the actual control risk. Be less than the actual control risk. Equal the preliminary assessed level of control risk.

Equal the preliminary assessed level of control risk.

To have an adequate basis to issue a management report on internal control under Section 404(a) of the Sarbanes-Oxley Act, management must do all of the following, except: Establish internal control with no material weakness. Accept responsibility for the effectiveness of internal control. Evaluate the effectiveness of internal control using suitable control criteria. Support the evaluation with sufficient evidence.

Establish internal control with no material weakness. Management may issue a report on internal control regardless of whether the system has a material weakness.

A material weakness involves an amount that could result in a misstatement that is: Larger than inconsequential. Smaller than inconsequential. Greater than a significant deficiency. Tolerable.

Greater than a significant deficiency.

Tests of controls do not address: How controls were applied. How controls were originated. The consistency with which controls were applied. By what means the controls were applied.

How controls were originated. Auditors are not in general concerned with how controls originated.

A significant deficiency: Is less severe than a material weakness. Involves an amount of discovered misstatements greater than the amount used as the planning measure of materiality. Differs from a material weakness in that it involves internal control over compliance with laws and regulations rather than internal control over financial reporting. Is identical to a material weakness except that it need not be communicated to those responsible for oversight of the company's financial reporting.

Is less severe than a material weakness.

A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with: Knowledge necessary to determine the nature, timing, and extent of further audit procedures. Audit evidence to use in reducing detection risk. A basis for modifying tests of controls. An evaluation of the consistency of application of management policies.

Knowledge necessary to determine the nature, timing, and extent of further audit procedures. Because the auditors' purposes are for considering internal control, and to obtain the necessary knowledge to (a) assess the risks of material misstatement, and (b) to determine the nature, timing, and extent of the tests to be performed, Knowledge necessary to determine the nature, timing, and extent of further audit procedures is correct.

An entity's ongoing monitoring activities often include: Periodic audits by internal auditors. The audit of the annual financial statements. Approval of cash disbursements. Management review of weekly performance reports.

Management review of weekly performance reports. Management review of weekly performance reports is an ongoing monitoring activity that may detect errors or fraud. Periodic audits by internal auditors is incorrect because while periodic audits by internal audit represent a monitoring activity, they are best classified as separate evaluations, and not ongoing monitoring activities. The audit of the annual financial statements is incorrect because the audit of the annual financial statements is the function of the external auditors. Approval of cash disbursements is incorrect because approvals of cash disbursements represent a control activity.

Which of the following is least likely to be a test of controls? Inquiries of client personnel. Inspection of documents. Observation of confirmations. Reperformance of controls.

Observation of confirmations. While tests of controls involve, inquiry, inspection, observation and re-performance, "observation of confirmations" doesn't have a clear meaning.

Tests of controls ordinarily are designed to provide evidence of: Balance correctness. Control implementation. Disclosure adequacy. Operating effectiveness.

Operating effectiveness. Tests of controls address operating effectiveness of controls.

When performing an internal control audit under PCAOB requirements, one or more material weaknesses in internal control that exist at year-end will result in what type of report(s)? QualifiedAdverse A.YesYes B.YesNo C.NoYes D.NoNo Option B Option C Option A Option D

Option C

Controls over financial reporting are often classified as preventative, detective, or corrective. Which of the following is an example of a detective control? Segregation of duties over cash disbursements. Requiring approval of purchase transactions. Preparing bank reconciliations. Maintaining backup copies of key transactions.

Preparing bank reconciliations. Preparing bank reconciliations will detect a variety of misstatements related to cash and is a detective control in the sense that it does not prevent the misstatement from occurring, but may detect it. Segregation of duties over cash disbursements and requiring approval of purchase transactions are incorrect because segregating duties and requiring approvals are primarily designed to prevent misstatements. Maintaining backup copies of key transactions is incorrect because the primary purpose of keeping backup copies of key transactions (or all transactions) is prevent loss of information in the event of an information system failure.

Which of the following would be least likely to be considered a benefit of effective internal control? Ensuring authorization of transactions. Restricting access to assets. Reduction of costs. Detecting ineffectiveness.

Reduction of costs.

An organization has decided to hedge raw materials with highly volatile prices. This is an example of: Risk reduction Risk sharing Risk avoidance Risk acceptance

Risk sharing

An auditor may compensate for a weakness in internal control by increasing the extent of: Tests of controls. Detection risk. Substantive tests of details. Inherent risk.

Substantive tests of details. An increase in the substantive procedures will decrease detection risk, and thereby compensate for the increased level of control risk due to a weakness in internal control. Tests of controls is incorrect because if the weakness exists, increasing the extent of tests will only provide more evidence on the weakness—not evidence that compensates for the weakness. Detection risk and Inherent risk are incorrect because a decrease in detection risk or inherent risk, not an increase, would compensate. Also, in the case of inherent risk, it may not be possible to change the assessment since it is a function of the firm's environment.

When the auditors are performing a first-time internal control audit in accordance with the Sarbanes-Oxley Act and PCAOB standards, they should: Modify their report for any significant deficiencies identified. Use a "bottom-up" approach to identify controls to test. Test controls for all significant accounts. Perform a separate assessment of controls over operations.

Test controls for all significant accounts. In an audit of internal control performed under PCAOB standards the auditors must test controls for all significant accounts.

Which of the following comes closest to outlining the auditors' responsibility for considering internal control in all financial statement audits? When tests of controls have been performed, control risk must be assessed at a level less than the maximum. The auditor must obtain an understanding of each of the five internal control components sufficient to assess the risks of material misstatement for the audit. An understanding of the control environment is necessary, but no understanding of the other components is necessary unless control risk is to be assessed at a level less than the maximum. An understanding of the control environment, information and communication, risk assessment and monitoring is necessary; an understanding of control activities is only necessary for areas in which the auditor is performing tests of controls.

The auditor must obtain an understanding of each of the five internal control components sufficient to assess the risks of material misstatement for the audit.

The preliminary assessments of control risk are often referred to as: The assessed level of control risk. The planned assessed level of control risk. Control risk. Internal control objectives risk.

The planned assessed level of control risk. The planned assessed level of control risk is determined during planning.

Which of the following symbols indicate that a file has been consulted? This diagram has a rectangle pointing to a trapezium with an arrow. This diagram has a rectangle with the curved bottom pointing to an inverted triangle. This diagram has a diamond shape with arrows pointing in opposite directions. This diagram has a quadrilateral pointing to an inverted triangle.

This diagram has a quadrilateral pointing to an inverted triangle. The symbol on the left indicates a manual function; the symbol on the right represents a file.