Chapter 5

Auditors obtain an understanding of the internal control through all of the following, except A)A substantive testing audit plan. B)Previous experience with the company. C)Responses to inquiries directed to client personnel. D)A walk-through of one or more transactions.

A

Significant deficiencies are defined as conditions that A)Could adversely affect the organization's ability to initiate, record, process, and report financial data in the financial statements. B)Relates to either a necessary control that is missing or an existing control that is so poorly designed that it fails to satisfy the control's objective. C)Results in a reasonable possibility that a material misstatement exists in financial statements. D)Exists when the design or operation of a control does not allow the company's management or employees to detect or prevent misstatements in a timely fashion.

A

The most important fundamental component of an entity's internal control is A)People who operate the control system. B)Compliance with applicable laws and regulations. C)Effectiveness and efficiency of operations. D)Reliability of financial reporting.

A "People" is the most important fundamental component.

A material weakness is a situation in which A)It is reasonably possible that a material misstatement would not be detected on a timely basis. B)It is reasonably possible that an immaterial misstatement would not be detected on a timely basis. C)There is a remote likelihood that a material misstatement would be detected on a timely basis. D)It is probable that an immaterial financial statement misstatement would not be detected on a timely basis.

A By definition, a material weakness in internal control is defined as a deficiency, or combination of deficiencies that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis.

Which of the following would probably not be considered an indication of a material weakness? A)Overproduction by the manufacturing plant. B)Evidence of a material misstatement. C)Immaterial fraud committed by senior management. D)Ineffective oversight by the audit committee.

A Overproduction does not directly relate to a material misstatement of the financial statements but is an operational issue.

When planning the audit of internal controls for an issuer, the audit team should A)Identify significant accounts, locations, and assertions. B)Conduct a walkthrough of the internal control process. C)Make inquiries of employees regarding the existence of control activities. D)Reperform control activities performed by client employees to determine their effectiveness.

A The audit team identifies significant accounts, locations, and assertions in the planning stage of an audit of internal controls.

AS #2201 requires the audit team to do all the following except A)AS #2201 requires all the above. B)Test all internal controls in the company. C)Evaluate the severity of each control deficiency that comes to his or her attention. D)Document the process used to determine significant accounts and disclosures and major classes of transactions.

B

Accounting for the numerical sequence of shipping documents is a control procedure designed to achieve the internal control objective of A)Validity. B)Completeness. C)Accuracy. D) Accounting

B

An action taken to prevent, detect, and correct errors and frauds in transactions is referred to as a A)Dual-purpose test. B)Control activity. C)Control objective. D)Risk assessment.

B

The five internal control components do not include A)Risk assessment. B)Control risk. C)Control activities. D)Monitoring.

B

The most efficient means of gathering evidence about the internal control is to conduct a formal interview with knowledgeable managers and A)Write a narrative description of each important control. B)Use an internal control questionnaire. C)Prepare a well-indexed file of audit documentation. D)Prepare a flowchart illustrating the internal control.

B

Effectiveness of audit procedures would be reduced by A)Selecting larger sample sizes for audit. B)Performing procedures during the interim period as opposed to at the fiscal year-end date. C)Performing audit procedures at the fiscal year-end date as opposed to the interim period. D)Deciding to obtain external evidence instead of internal evidence.

B Performing procedures at an interim date is less effective than performing them at year-end.

Tests of controls in a GAAS audit are required for A)Applying analytical procedures to financial statement balances. B)Obtaining evidence about the operating effectiveness of client control activities. C)Accomplishing control over the occurrence of recorded transactions. D)Obtaining evidence about the financial statement assertions.

B Tests of controls produce the evidence about actual operation of company control activities.

Once the auditor detects a control deficiency, which of the following steps must he or she take first? A)Modify the planned substantive procedures as a result of the deficiency. B)Evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion. C)Perform tests of other controls related to the same assertion as the control deemed ineffective. D)Test the deficient control, assuming a maximum level of risk.

B The first step an auditor is likely to take after detecting a control deficiency is to determine the impact of the severity of the deficiency on the auditor's control risk assessment for that assertion. The additional steps to be taken will depend in large part on this determination.

Which of the following is a device designed to help the audit team obtain evidence about the accounting and control activities of an audit client? A)A narrative memorandum describing the control system. B)An internal control questionnaire. C)A flowchart of the documents and procedures used by the company. D)A detailed description of entity and transaction level controls.

B The internal control questionnaire is a device for collecting evidence in the form of answers to control questions.

Which of the following statements is not true with respect to the auditors' report on internal control over financial reporting? A)The auditor will issue an adverse opinion if one or more material weaknesses exist. B)The report will be dated as of the date of the financial statements. C)The report may be presented with the report on the entity's financial statements as a combined report. D)The report will express an opinion on the effectiveness of internal control over financial reporting.

B The report would be dated as of the day that enough evidence has been gathered to support the auditors' opinion on the effectiveness of the entity's internal control.

According to the PCAOB, during the audit of internal controls for an issuer, the ultimate objective of testing the design effectiveness of internal controls is to A)Determine whether the company's controls are processing company data effectively. B)Determine that the company's controls will satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed. C)Determine that the company's employees are processing the controls according to the policy and procedures manuals at the company. D)None of the choices are correct.

B The testing of design effectiveness relates primarily to whether the control has been properly put in place to prevent or detect errors or fraud. In AS5, this is exactly the objective of testing the design effectiveness of a control as per paragraph 42 of the standard.

Which of the following is a preventive control? A)Recalculation of a sample of payroll entries by internal auditors. B)Separation of duties between the payroll and personnel departments. C)Detailed fluctuation analysis completed by the CFO for revenue. D)Reconciliation of a bank account.

B This is an example of preventive control.

A transaction-level internal control activity is best described as A)An action taken by auditors to obtain evidence. B)An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company. C)A method for recording, summarizing, and reporting financial information. D)The functioning of the board of directors in support of its audit committee.

B This is one way to describe the purpose of a transaction-level control activity.

When testing a control activity's operating effectiveness, procedures the auditor performs to test operating effectiveness would likely include A)Reading over the company's code of conduct. B)Inquiry of appropriate personnel and reperformance of the control activity. C)Inquiry of appropriate personnel. D)Reperformance of the control activity.

B When testing the operating effectiveness of a control, the auditor should use a combination of inquiry, observation, inspection, and reperformance. Thus, both Inquiry of appropriate personnel, and Reperformance of the control activity are correct answers.

Which of the following is not one of COSO's objectives for internal controls? A)Compliance with applicable laws and regulations. B)Efficiency and effectiveness of operations. C)Maximization of profit. D)Reliability of financial reporting.

C

Which report would not be appropriate for a public accounting firm to provide on financial reporting controls? A)Unqualified—no material weaknesses found. B)Disclaimer of opinion—unable to perform all necessary procedures. C)Disclaimer of opinion—significant deficiencies exist. D)Adverse—material weaknesses exist.

C A disclaimer is used when the auditor's scope is limited but not when significant deficiencies exist, so it is not an appropriate report.

When completing the audit of internal controls for a public company, the PCAOB requires auditors to audit internal controls over A)Operations. B)Compliance with regulations. C)Financial reporting. D)All of the choices are correct.

C AS 2201 applies to financial reporting controls only.

When completing the audit of internal controls for a public company, AS 2201 requires auditors to test A)Operating effectiveness only. B)Design effectiveness only. C)Both operating and design effectiveness. D)Neither operating nor design effectiveness

C AS 2201 requires testing for both design effectiveness and operating effectiveness.

The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the A)Administrative controls from the internal accounting controls. B)Human resources function from the controllership function. C)Authorization of transactions from the custody of related assets. D)Operational responsibility from the record-keeping responsibility.

C This is an example of effective separation of duties. Separation of duties is designed to help the organization achieve effective internal control. To accomplish separation of duties, the payroll function should be divided into its authorization, recording, and custody functions. Authorization of hiring, wage rates, and deductions is typically completed by the human resources department. Authorization of hours worked is typically completed by the production department (or the department where the work was completed). Based on these authorizations, the accounting department would then calculate and record the payroll in the accounting system. Based on the calculated amounts, the treasurer would then prepare and distribute payroll checks.

If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must A)Perform only substantive procedures. B)Assess control risk at less than the maximum for all relevant assertions. C)Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance. D)Provide additional examples of responses to assessed fraud risks relating to fraudulent financial reporting.

C When an auditor plans to reduce control risk below the maximum and rely on controls to reduce substantive testing, they must make sure that the controls have been designed and are operating effectively in order to feel comfortable relying on such controls. The auditor cannot take the client's word that the controls are operating effectively. Rather, they must test the controls.

Which of the following would not be considered a control activity? A)Physical controls. B)Information processing controls. C)Performance reviews. D)Assessment of control risk.

D

When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on: A)Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure. B)Whether the account has a history of errors. C)The magnitude of the potential misstatement resulting from the deficiency or the deficiencies. D)Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure.

D Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure are factors in determining the severity of an internal control deficiency.

The primary purpose for obtaining an understanding of a nonpublic audit client's internal control is to A)Provide the rationale for the inherent risk assessment at the financial statement assertion level. B)Provide information for a communication of internal control-related matters to management. C)Provide a basis for making constructive suggestions in a management letter. D)Determine the nature, timing, and extent of further audit tests to be performed in the audit.

D Determining the nature, timing, and extent of tests to be performed in the audit are the auditors' responsibilities under GAAS.

In most audits of large entities, control risk assessment contributes to audit efficiency, which means that A)The cost of substantive procedures will exceed the cost of control evaluation work. B)Auditors will be able to reduce the cost of substantive procedures by an amount less than the cost of tests of controls. C)The cost of control evaluation work will exceed the cost of substantive procedures. D)Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs.

D The cost savings of substantive testing exceeds the control evaluation cost.

If the auditors encounter a significant scope limitation in evaluating a public company's internal control over financial reporting, which of the following types of opinions on the effectiveness of the company's internal control over financial reporting would be appropriate? A)Unqualified opinion or adverse opinion. B)Qualified opinion or adverse opinion. C)Unqualified opinion or disclaimer of opinion. D)Disclaimer of opinion.

D The reporting option when a scope limitation exists is a disclaimer of opinion.

To test the operating effectiveness of a control, an audit team might use a combination of each of the following tests except for: A)Inquiry of client personnel. B)Observation of company operations. C)Inspection of documentation. D)Confirmation of balances.

D This is a substantive test, not a test of a control's operating effectiveness.

Auditors of public companies do not need to determine the quality of a client's internal control; they only need to know enough to plan the audit work. T/F

F

Auditors should begin their evaluation of internal controls over financial reporting on a bottom-up basis, starting with the account level assertion and working up to entity-level controls. T/F

F

Control systems generally provide absolute assurance that the objectives of internal control are satisfied. T/F

F

Evaluation of internal control systems of a nonpublic entity should not be subject to cost-benefit considerations. T/F

F

The audit team is responsible for the client's internal control. T/F

F

The key person in the internal control system of a small business is the independent auditor. T/F

F

The most efficient means of gathering evidence about a client's internal control is to prepare a flowchart of the system. T/F

F

The primary reason for conducting an evaluation of a company's internal control is to provide a basis for communicating significant deficiencies. T/F

F

The primary reason to evaluate internal control is to formulate constructive suggestions for improvement. T/F

F

A control activity is an action taken to prevent, detect, and correct errors and frauds in transactions. T/F

T

Auditors can stop the assessment of control risk for nonpublic entities for either effectiveness or efficiency reasons. T/F

T

Auditors do not need to perform tests of controls on internal control activities that are evaluated as weak just to prove that the weaknesses actually exist. T/F

T

Auditors perform tests of control activities to determine how the company's controls actually functioned during the period under audit. T/F

T

Dual-purpose audit tests are procedures that produce both control and substantive evidence. T/F

T

PCAOB Auditing Standard No. 2201 only applies to public companies. T/F

T

Tests of controls consist of procedures designed to produce evidence of how effectively the client's controls work in practice. T/F

T

The COSO report indicates that internal control should be considered a process, not an end in itself. T/F

T

The attitudes of managers and directors are probably the most pervasive influences on the control environment. T/F

T

The auditor's opinion on internal control under AS 2201 relates only to controls existing at the end of the year. T/F

T

The most important feature of an internal control system is the people who make the system work. T/F

T