Chapter 6

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

True or false: A substantive strategy requires the auditor to have a sufficient understanding of the entity's internal controls to know whether they are properly designed and implemented.

True

True or false: An entity's mix of manual and automated controls varies with the nature and complexity of the entity's use of IT.

True

True or false: An entity's risk assessment process should consider the possibility of events that threaten the achievement of objectives.

True

True or false: Auditors need to understand how management considers risks because many types of risk can impact financial reporting objectives.

True

True or false: The application systems acquisition, development and maintenance controls are critical for ensuring the reliability of information processing.

True

Locked doors to prevent unauthorized entry, preventing programmers from entering the computer room and an operational disaster recovery plan are examples of ______ controls. output access and security processing data center and network

access and security

The physical protection of computer equipment, software and data as well as loss of assets and information through theft or unauthorized use is the concern of ______ controls. output data center and network processing access and security

access and security

After planned tests of controls have been completed, the auditor should reach a conclusion on the ______ level of control risk. achieved appropriate assessed planned

achieved

Controls that are part of the computer programs used in the accounting system are _____ controls.

application

Data capture, data validation, processing, output and errors controls are all categories of _____ controls.

application

Ensuring the completeness and accuracy of transaction processing, authorization, and validity is the goal of _____ controls.

application

The process of evaluating the effectiveness of an entity's internal control in preventing, or detecting and correcting, material misstatements in the financial statements is called _____ control risk.

assessing

If properly designed, ______ controls should operate more consistently and are not typically subject to human errors or mistakes in its application. detection risk assessment manual automated

automated

For a control system to be considered ______, each of the five components and relevant principles must be present and functioning, and the five components must operate together in an integrated manner.

effective

The integrity and ethical values of management personnel heavily influence the ______ of an entity's internal controls. efficiency effectiveness sufficiency accuracy

effectiveness

Knowledge of the information system is important to understand the related accounting records when they are ______. manual only electronic or manual electronic only

electronic or manual

The competence level for a particular job should be specified and translated into a job description that details the specific knowledge and skills required. This task should be done by ______. the audit committee internal auditors management external auditors

management

The auditor should gain sufficient knowledge about the control environment to understand the attitudes, awareness, and actions concerning the control environment of the ______. internal auditors management board of directors non-management employees

management and BOD

True or false: All communication regarding matters affecting the functioning of internal control within an organization should be internal.

False

True or false: An entity's external auditor does not need to be concerned about the internal control system at service organizations used by the entity.

False

True or false: How the components of internal control are implemented is not impacted by the size of the entity.

False

True or false: Monitoring is an effective component of internal control, whether or not deficiencies are communicated to those with oversight responsibilities in a timely manner.

False

The auditor's understanding of an entity's internal control over financial reporting are documented using diagrammatic representation known as a(n) ___.

Flowcharts

These provide a diagrammatic representation of the entity's accounting system. Internal Control Questionnaires Organizational Charts Flowcharts Procedures Manuals

Flowcharts

Which of the following statements are correct? Good documentation is an important component of managing controls. Auditors are mainly concerned that program changes are properly authorized, tested and implemented. The external auditor should not be involved in the system acquisition or development process.

Good documentation is an important component of managing controls. Auditors are mainly concerned that program changes are properly authorized, tested and implemented.

Identify the fraud risk factors that organizations must consider in assessing risks to the achievement of objectives. Morality Incentives Threats Rationalization Opportunities

Incentives, rationalization, and opportunities

In many entities, this produces much of the knowledge used in monitoring. Information system Accounting system Report manuals Control environment

Information system

An important role in how management meets its stewardship or agency responsibilities is played by _____ _____

Internal Control

Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded, and that the entity's information system generates information that is reliable for decision making? - External Auditors - Internal Auditors - Management - Audit Committee

Management

What should be used when it is necessary to show the movement of a document or report back to a previous function? On-page connector Off-line storage Communication link Off-page connector

On-page connector

Physical controls: Information processing controls: Performance reviews: segregation of duties

PC: Periodic counting and comparison with amounts shown on control records IPC: Made up of two broad categories referred to as general and application controls PR: Managers should periodically check the quality of subordinates' work SD: Separating the custody of assets, authorization of transactions and recording of transactions

Which of the following communicate policies and procedures to the entity's personnel? Policy manuals Memoranda Personnel manuals Accounting manuals

Policy manuals, memoranda, accounting manuals

Which of the following statements are correct? The internal control system should be designed to provide absolute assurance that objectives are being achieved. The cost of internal controls should not exceed the benefits derived. Lack of management review is one of the primary sources of internal control weakness.

The cost of internal controls should not exceed the benefits derived. Lack of management review is one of the primary sources of internal control weakness.

General controls play an important role in providing assurance about the quality of _____ controls. data capture output data validation processing

processing

The proper execution of transactions is ensured by ______ controls. processing data validation output data capture

processing

Symbols used in flowcharts are divided into ______ symbols. processing error correction data flow and storage input/output

processing data flow and storage input/output

Flowcharting systems are divided into three groups: input/output symbols, _____ systems and _____ flow and _____ symbols.

processing, data, storage

Internal communication within an organization related to internal control ______. provides clear messages about the importance of how control responsibilities are to be performed is provided by policy manuals involves providing and understanding of roles and responsibilities should always be made by senior management either orally or in writing

provides clear messages about the importance of how control responsibilities are to be performed is provided by policy manuals involves providing and understanding of roles and responsibilities

When deciding whether substantive procedures are to be performed at an interim date, the auditor should consider the ______. purpose of the substantive procedures desired risk of material misstatement nature of the relevant assertions control environment

purpose of the substantive procedures nature of the relevant assertions control environment

The quality of internal control is directly related to the ______ of the personnel operating the system. age experience gender quality

quality

An internal control _____ is generally used for entities with a relatively complex internal control structure.

questionnaire

An effective internal control system provides ______ assurance that the risk of not achieving an entity objective is reduced to an acceptable level. absolute minimal no reasonable

reasonable

In regards to internal control systems, the concept of _____ _____ recognizes that the cost should not exceed the benefits expected to be derived.

reasonable assurenace

Data capture controls must ensure that ______. every transaction entered has appropriate source documentation rejected transactions are identified, controlled, corrected and reentered all transactions are recorded in the application system transactions are only recorded once

rejected transactions are identified, controlled, corrected and reentered all transactions are recorded in the application system transactions are only recorded once

Information that is capable of making a difference in user decisions has the characteristic of _____.

relevance

When an auditor decides to follow a(n) _______strategy, he or she has to understand the control activities that relate to assertions for which a lower level of control risk is expected.

reliance

When the auditor intends to depend on the entity's controls, a(n) _______ strategy is chosen.

reliance

Auditing standards ______ that the auditor document his or her understanding of the entity's internal control components. require recommend suggest

require

Setting an audit strategy ______. requires a detailed understanding of the entity's internal controls should be done based upon the scope of the engagement helps the auditor determine how to evaluate internal controls

requires a detailed understanding of the entity's internal controls

Consideration of possible changes in the internal or external environment because changes can introduce or change risks to the entity's objectives are part of the ______ identification process. detection control fraud risk

risk

As it relates to the external financial reporting objective, the entity's ______ _____process should consider internal and external events and circumstances that may arise and adversely affect the entity's ability to initiate, authorize, record, process and report financial data consistent with management's financial statement assertions

risk assessment

The auditor should obtain sufficient information about the entity's _____ _____ process to understand how management considers risks relevant to financial reporting and decides on appropriate actions to address those risks.

risk assessment

The possibility of events that threaten the achievement of objectives should be considered in an entity's ____ ____.

risk assessment

To obtain an understanding of the entity's internal controls which helps identify key controls, recognize types of potential misstatements and design test of controls and substantive procedures, auditors use _______ ________procedures.

risk assessment

Consideration of possible changes in the internal or external environment because changes can introduce or change risks to the entity's objectives are part of the _____ _____ process.

risk identification

Which of the following statements are correct? senior management may override an entity's internal controls. Violations of control activities by senior management are easy to detect with normal audit procedures. Violations of internal control raise serious questions about management integrity.

senior management may override an entity's internal controls. Violations of internal control raise serious questions about management integrity.

If the auditor determines that internal controls are not properly designed or not implemented the auditor will ______. set the level of control risk at high use substantive procedures to reduce the risk of material misstatement to an acceptable level perform tests of controls to obtain audit evidence that controls are operating effectively make an assessment of control risk based on the result of tests of control

set the level of control risk at high use substantive procedures to reduce the risk of material misstatement to an acceptable level

The components of internal controls as defined by the COSO Framework are ______. entity's risk assessment detection activities information and communication monitoring activities control environment

All except detection activities

These apply to the processing of individual applications and help ensure the occurrence, completeness and accuracy of transaction processing. Control activities Application controls General controls

Application controls

People that significantly influence the control consciousness of the entity and must take their fiduciary responsibilities seriously and actively oversee the entity's accounting and reporting policies and procedures include the ______. external auditors internal auditors board of directors audit committee

BOD and audit committee

The purpose of the ______ Framework is to help management better control the organization and to provide boards of directors an added ability to oversee internal control.

COSO

According to COSO, a system of internal controls is designed to provide reasonable assurance about the achievement of entity objectives in which of the following categories? Maximization of management compensation Accuracy of internal and external financial and non-financial reporting Compliance with applicable laws and regulations Effectiveness and efficiency of operations Reliability, timeliness, and transparency of internal and external financial and non-financial reporting

Compliance with applicable laws and regulations Effectiveness and efficiency of operations Reliability, timeliness, and transparency of internal and external financial and non-financial reporting

This exists in internal controls when the design or operation of a control does not allow management or employees to prevent, detect or correct misstatements on a timely basis. Material weakness Significant deficiency Control deficiency

Control deficiency

The tone of a organization is set an the control consciousness of its people is influenced by the ______, COSO Framework Monitoring of controls Risk assessment procedures Control environment

Control environment

Which of the following statements are correct? Errors must be corrected and resubmitted at the correct point in processing. Most transaction errors are identified by processing or output controls. Errors can be identified at any point in the system. Proper segregation of duties is important in preventing errors from processing.

Errors must be corrected and resubmitted at the correct point in processing. Errors can be identified at any point in the system. Proper segregation of duties is important in preventing errors from processing.

Which of the following statements are correct? Understanding the information system requires knowing how IT is involved in data processing. The auditor should understand the control procedures used by the entity to provide financial statement assurance. The auditor must learn about each business process that affects all account balances in the financial statements.

Understanding the information system requires knowing how IT is involved in data processing. The auditor should understand the control procedures used by the entity to provide financial statement assurance.

Monitoring _________. should only be done through separate evaluations must be included in ongoing activities to be effective can be done through ongoing activities or separate evaluations

can be done through ongoing activities or separate evaluations

Within an entity, there is always a risk of the fraud of _____ between individuals will destroy the effectiveness of segregation of duties.

collusion

Controls that may be relevant to the audit when they have an impact on data the auditor uses to apply audit procedures include ______ controls. planning compliance management decision operations

compliance and operations

Approvals, authorizations, verification, reconciliations, review of operating performance, and segregation of duties are all examples of _____ activities

control

Assignment of authority and responsibility for operating activities and the establishment of reporting relationships and authorization hierarchies are part of the ______ environment principle. control risk financial detection

control

The policies and procedures that help ensure that management's directives are carried out and implemented to address risks identified in the risk assessment process are ______ activities. control detection risk fraud

control

Based upon its risk assessment, management determines which relevant business processes require ______ ______.

control activities

The tone of an organization is set and the foundation for implementing the entity's system of internal control is established by the ________ _______.

control environment

To understand management's and the board of directors' attitudes, awareness, and actions concerning it, the auditor should gain sufficient knowledge about the _____ ____.

control environment

Controls over data preparation, work flow control and library functions are included in ______ controls. processing output access security data center and network

data center and network

Rotation of duties and mandatory vacations, review of the operating system log and regular updates of anti-virus software are examples of ______ controls. processing data center and network access security output

data center and network

Controls that can be applied at various stages and are mainly concerned with the accuracy assertion are ______ controls. processing data capture output data validation

data validation

The information gathered by performing risk assessment procedures is used to evaluate the ________of controls and to determine whether they have been ________.

design, implemented

The level of _____ risk is used to determine the nature, timing, and extent of substantive tests.

detection

An effective accounting system establishes methods and records that will ______. present transaction and disclosures in a manner than ensures profitability for the entity determine the proper time period in which transactions occurred describe transactions in sufficient detail to permit proper classification identify and record all valid transactions

determine the proper time period in which transactions occurred describe transactions in sufficient detail to permit proper classification identify and record all valid transactions

Procedures manuals, organization charts, internal control questionnaires, flowcharts and narrative descriptions are all tools for _____ the auditor's understanding of internal controls.

documenting

Communication with external parties regarding matters affecting the functioning of internal control ______. should only be done between the entity and its external auditors enables inbound receipt of relevant information can assist in meeting outside requirements and expectations

enables inbound receipt of relevant information can assist in meeting outside requirements and expectations

After _______ have been identified, they must be corrected and resubmitted to the application system at the correct point in processing. errors management overrides fraudulent activities

errors

In determining whether an IT specialist is needed, the auditor should consider the ______. existence of the entity's participation in electronic commerce complexity of the IT systems and controls and how they are used total revenue the entity generates in a typical year extent to which data are shared among systems entity's use of existing, common IT technologies

existence of the entity's participation in electronic commerce complexity of the IT systems and controls and how they are used extent to which data are shared among systems

Large public companies are required to engage a(n) _______auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting.

external

How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ______. audit committee internal auditors board of directors external auditors

external auditors

Information that is complete, neutral and free from error has the characteristic of _____ _____

faithful representation

On a flowchart, the movement of documents, records or information is shown using ______. annotation online storage flow arrows display

flow arrows

From the auditor's perspective, a(n) _____ is a diagrammatic representation of the entity's accounting system.

flowchart

The assessment of ______ ______ includes consideration of incentives and pressures, opportunities and how personnel might rationalize or justify inappropriate actions.

fraud risk

Controls over network operations are included as part of _______controls which relate to the overall information processing environment.

general

Controls that relate to the overall information processing environment, have a pervasive effect on the entity's computer operation and are sometimes referred to as supervisory, management or information technology controls are called ____ controls

general

The two broad categories of information systems controls are _____ controls and_______ controls.

general, application

Management and the board of directors are responsible for ______. implementing corrective actions related to internal control responsibilities hiring the external auditors to evaluate internal controls establishing performance measures evaluating performance of internal control responsibilities

implementing corrective actions related to internal control responsibilities establishing performance measures evaluating performance of internal control responsibilities

The infrastructure, software, people, procedures and data used to support the functioning of internal control is known as a(n) ______, _____.

information system

The extent of an entity's use of ______ can affect internal controls because this function affects the way transactions are initiated, authorized, recorded, processed and reported. - industry specialists - information technology - internal auditors - managerial estimates

information technology

To obtain an understanding of an entity's internal controls auditors may use ______. recalculation of account balances inspection of entity documents and reports reperformance of control activities inquiry of appropriate personnel observation of entity activities and operations

inspection of entity documents and reports inquiry of appropriate personnel observation of entity activities and operations

Types of tests of controls include ______. inspection recalculation inquiry observation

inspection, inquiry, observation

The approach to taking and monitoring business risks and attitudes and actions toward financial reporting are characteristics that may signal important information to the auditor about management's _______and _____values.

integrity, ethical

Auditors may test controls at an ______ date because the assertion being tested may not be significant, the control has been effective in prior audits, or it may be more efficient to conduct the tests at that time.

interim

The auditor's understanding of ______ is used to identify the controls that are likely to prevent, or detect and correct, material misstatement in specific assertions. management objectives the control environment fraudulent activities internal controls

internal controls

An internal control questionnaire ______. is one of many types of questionnaires used by auditors contains questions about the five internal control components is generally used for entities with a relatively simplistic internal control structure provides a systematic means to investigate internal control

is one of many types of questionnaires used by auditors contains questions about the five internal control components provides a systematic means to investigate internal control

Interim tests of controls give auditors time to inform the ______ so that likely misstatements can be located and corrected before the rest of the audit is performed. board of directors internal auditors audit committee management

management

Responsibility for establishing mechanisms to communicate and hold individuals accountable for the performance of internal control responsibilities across the organization rests with ______, the external auditors the internal auditors management the board of directors

management and the board of directors

A deficiency, or combination of deficiencies, in internal controls, such that there is a reasonable possibility that a material misstatement of the entity's financial statement will not be prevented, or detected and corrected on a timely basis is a ______. control deficiency material weakness significant deficiency

material weakness

Monitoring the operating effectiveness of internal controls ______. should only be done by management should involve the external auditors may be done by internal auditors

may be done by internal auditors

The operating effectiveness of a control ______. may be tested using computer-assisted audit techniques if the control is manual should not be affected by whether it is performed manually or is automated may be tested using audit data analytics if the control is automated

may be tested using audit data analytics if the control is automated

Auditors ____. should only rely on controls that have a pervasive effect on many assertions should only rely on controls that affect an individual assertion may rely on any control likely to prevent or detect and correct material misstatements

may rely on any control likely to prevent or detect and correct material misstatements

The understanding of internal control may be documented in a(n) _____which is most appropriate when then entity has a simple internal control system.

memorandum

Assessing the quality of internal control performance over time is the intention of ______ of controls. enforcement monitoring communication creation

monitoring

When audit risk is low and the risk of material misstatement is high, substantive tests should be performed ______. mostly at interim dates throughout the year mostly at year-end consistently thought the year at interim dates and year end

mostly at year--end

Factors that can impact the effectiveness of the board of directors or audit committee include ______. compensation packages nature and extent of interactions with auditors stock performance experience of members information availability

nature and extent of interactions with auditors experience of members information availability

If an entity's accounting system has control weaknesses that result in a high level of assessed control risk, substantive procedures will probably ______. not be conducted at interim dates only be conducted at interim dates be conducted at both interim dates and year end

not be conducted at interim dates

A direct relationship exists between _________which reflect what an entity is trying to achieve, ________which represent what the entity needs to do to achieve them, and the ______of the entity.

objectives, components, structure

Data capture controls are concerned primarily with the ______ assertions. authorization occurrence completeness accuracy reliability

occurrence completeness accuracy

Tests of controls directed toward _____ _____ are concerned with assessing how the control was applied, the consistency with which it was applied during the audit period and by whom it was applied.

operating effectiveness

An effective system of internal controls allows management to focus on _____ while maintaining compliance with relevant laws and minimizing surprises. operations compensation compliance financial performance goals stock price fluctuations

operations and compensation compliance

Designated lines of authority and responsibility are presented on an entity's _____ _____.

organizational chart

How authority and responsibility are delegated and monitored and the framework within which the entity's activities for achieving entity wide objectives are planned, executed, controlled and reviewed are defined by the entity's ____ ____

organizational structure

Report distribution logs, transmittal sheets, reasonableness reviews and reconciliations to control or batch totals are examples of ______ controls. data validation output processing error

output

The main concern of ______ controls is that computer reports, checks, documents or other printed or displayed information may be distributed or displayed to unauthorized users. data validation output processing error

output

If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will ______. set the level of control risk at high use substantive procedures to reduce the risk of material misstatement to an acceptable level perform tests of controls to obtain audit evidence that controls are operating effectively make an assessment of control risk based on the result of tests of control

perform tests of controls to obtain audit evidence that controls are operating effectively make an assessment of control risk based on the result of tests of controls

Commonly categorized control activities include ______. performance reviews segregation of duties information processing controls physical controls fraud controls risk identification controls

performance reviews segregation of duties information processing controls physical controls

Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are examples of ______. fraud controls risk identification controls information processing controls physical controls segregation of duties controls

physical controls

A rule or guideline that calls for certain activities to take place in certain circumstances is knowns as a(n) ____.

policy

A policy might call for two people to sign all checks over a certain dollar amount and the _______is the action of having two people sign a check.

procedure

Many organizations prepare ______ which include documentation of the accounting system and related control activities. procedures manuals flowcharts organizational charts internal control questionnaires

procedures manuals

Monitoring of internal controls ______. should be done to determine operating effectiveness is intended to assess quality of performance over time has received decreased attention in recent years may identify the need for control redesign

should be done to determine operating effectiveness is intended to assess quality of performance over time may identify the need for control redesign

Less severe than a material weakness, a(n) _____ _____ is still important enough to merit attention by those charged with governance.

significant deficiency

Documenting the understanding of internal control in a memorandum is most appropriate when the entity has a(n) ______ internal control system. extensive complex simple

simple

Small to midsize entities ______. sometimes use alternative approaches to achieve effective internal control generally do not need a system of internal control generally achieve internal control objectives using the same methods as large entities

sometimes use alternative approaches to achieve effective internal control

In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems ______. sophistication accuracy complexity effectiveness

sophistication and complexity

The last step in the decision process is performing _____ procedures.

substantive

The risk that material misstatements are present in financial statements may be increased by conducting _____ procedures only at an interim date.

substantive

When an auditor decides to follow a(n) _______strategy, little work is done on understanding specific control activities.

substantive

When the auditors sets control risk at high, he or she documents that control risk assessment and performs _____ procedures.

substantive

Processing steps and computer processing are included in a ______ flowchart. document systems program

systems

The auditor may decide to follow a substantive strategy for some or all assertions because ______. tests of controls have been used to assess control risk testing the operating effectiveness of the controls would be inefficient implemented controls are assessed as ineffective implemented controls do not pertain to the assertion under consideration

testing the operating effectiveness of the controls would be inefficient implemented controls are assessed as ineffective implemented controls do not pertain to the assertion under consideration

In order to provide evidence to support the lower level of control risk when using a reliance strategy, the auditor performs _____ _____ _____.

tests of controls

When a reliance strategy is chosen, ______. tests of controls are used to assess the achieved level of control risk a detailed understanding of internal control is not required substantive test procedures are not required

tests of controls are used to assess the achieved level of control risk

When a service organization provides accounting services to an entity and those services affect the entity's accounting records, ______. the entity's external auditor must rely on the control assessment provided by the service organization's auditor control risk must be assessed at high the entity's external auditor must be concerned with the internal control system at the service organization they are considered part of the entity's information system

the entity's external auditor must be concerned with the internal control system at the service organization they are considered part of the entity's information system

The controls that are of most direct relevance to a financial statement audit are those that contribute to financial statement ______. accuracy transparency effectiveness reliability timeliness

transparency reliability timeliness

Output documents from the application that are used as source documents in later processing are called _____ documents.

turnaround

When an auditor traces a sales transaction from its origination to its inclusion in the financial statements, he or she is performing a(n) ______.

walkthroughs


संबंधित स्टडी सेट्स

Chapter 37: Prep U Assessment and Management of Patients With Allergic Disorders

View Set

fahmy Geology and Environmental Science - English - german for 3rd secondary certificate

View Set

4312 Cybersecurity Final (Ch. 6,7,8,9)

View Set

Domino theory, rollback and containment

View Set

"Sin Cos Tan (30°, 45°, 60°, 90°, 180°, 270°, 360°)

View Set

Environmental Biology- Chapter 21

View Set