Chapter 7: Internal Control

Most internal control questionnaires are designed so that a ______ answer to a question indicates a weakness in internal control. -not applicable -yes -no

-no

A supplement or alternative to certain sampling tests is the use of data __________(1). (Enter only one word per blank.)

(1) analytics

A checklist, standard form, or computer program that helps auditors make a particular decision by ensuring they consider all relevant information is called a(n) __________(1) __________(2) aid. (Enter only one word per blank.)

(1) audit (2) decision

If the assessed level of control risk is high, the auditor should plan to perform more __________(1) procedures. (Enter only one word per blank.)

(1) substantive

A policy requiring the preparation of a monthly bank reconciliation is an example of a ______ control. -corrective -detective -preventive

-detective

Data analytics may be used ______ to certain sampling tests. -only as a supplement -only as an alternative -either as a supplement or an alternative -neither as a supplement nor an alternative

-either as a supplement or an alternative

Risk assessment is management's process for ______. -ignoring risks -identifying risks -analyzing risks -controlling risks

-identifying risks -analyzing risks

Processing services are offered to user entities by __________(1) __________(2). (Enter only one word per blank.)

(1) service (2) organizations

The preliminary assessments of control risk are often referred to as the __________(1) assessed level of control risk. (Enter only one word per blank.)

(1) planned

When the auditor has performed tests of controls and they are operating effectively a ______ risk is appropriate. -lower assessed level of control -higher assessed level of control -lower assessed level of detection -higher assessed level of detection

-lower assessed level of control

Internal control is a process designed to provide ______ assurance regarding the achievement of objectives relating to operations, reporting, and compliance. -absolute -no -minimal -reasonable

-reasonable

The development of significant accounting estimates and preparation of the notes and selection and application of significant accounting policies are examples of risks at the __________(1) __________(2) level. (Enter only one word per blank.)

(1) financial (2) statement

Match the type of control with its description. Preventive Detective Corrective -Designed to discover misstatements after they have occurred -Aimed at avoiding the occurrence of misstatements -Needed to remedy a situation after a misstatement is discovered

Preventive - Aimed at avoiding the occurrence of misstatements Detective - Designed to discover misstatements after they have occurred Corrective - Needed to remedy a situation after a misstatement is discovered

An accounting information system should ______. -ensure transactions are recorded in the proper time period -ensure appropriate segregation of duties -measure the proper value of transactions -identify and record all valid transactions

-ensure transactions are recorded in the proper time period -measure the proper value of transactions -identify and record all valid transactions

The traditional method of describing internal control is to complete a(n) ______. -written narrative of internal control -internal control questionnaire -flowchart of internal control

-internal control questionnaire

Regarding deficiencies and weaknesses in internal control, auditing standards require auditors to communicate in writing ______. -material weaknesses -internal control deficiencies -significant deficiencies

-material weaknesses -significant deficiencies

True or false: If the auditors do an extensive job of identifying and assessing risk of material misstatement at the relevant assertion level, it is not necessary to assess risk at the financial statement level. -True -False

-False

All organizations under the jurisdiction of the SEC are required to maintain a system of internal control that will provide certain reasonable assurances under The ______. -Public Company Accounting Oversight Board rules -Dodd-Frank Act -Foreign Corrupt Practices Act

-Foreign Corrupt Practices Act

This document clearly describes the entity's methods of treating transactions which provides employees guidance that allows for proper and uniform handling of transactions. -Chart of accounts -Journals including general journals -Manual of accounting policies and procedures -Ledgers including general ledger

-Manual of accounting policies and procedures

The difference between control objectives of internal control and management assertions is that ______. -control objectives relate to financial reporting only -control objectives relate to operations, compliance, and financial reporting -management assertions relate to operations only -management assertions relate to operations, compliance, and financial reporting

-control objectives relate to operations, compliance, and financial reporting

External auditors can use the work of internal auditors to ______. -supervise the work of external audit staff -review the work of external audit staff -provide direct assistance to the external auditors -provide audit evidence based on their normal internal audit work

-provide direct assistance to the external auditors -provide audit evidence based on their normal internal audit work

Before performing tests of controls to determine whether they are operating effectively, auditors must first ______. -perform analytical procedures on the controls likely to prevent or detect material misstatements -perform substantive procedures on the controls -identify the controls likely to prevent or detect material misstatements

-identify the controls likely to prevent or detect material misstatements

A well-designed organizational structure ______. -ensures appropriate segregation of duties -provides a basis for planning, directing, and controlling operations -is based upon centralized management decision making

-ensures appropriate segregation of duties -provides a basis for planning, directing, and controlling operations

External auditors should assess the __________(1) (proficiency and training based on education, experience, and professional certifications) and __________(2) (ability to perform their duties free from conflicting responsibilities or constraints) of the internal audit function before relying on their work. (Enter only one word per blank.)

(1) competency (2) objectivity

A deficiency in internal control over financial reporting (or combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis is a(n) __________(1) __________(2). (Enter only one word per blank.)

(1) material (2) weakness

When auditors assess risk at the __________(1) assertion level instead of the financial statement level, they consider both the design of the control and its implementation. (Enter only one word per blank.)

(1) relevant

This document clearly describes the entity's methods of treating transactions which provides employees guidance that allows for proper and uniform handling of transactions. -Journals including general journals -Chart of accounts -Manual of accounting policies and procedures -Ledgers including general ledger

-Manual of accounting policies and procedures

True or false: When obtaining an understanding of the control environment, it is important that auditors focus on the substance of controls, rather than their form. -True -False

-True

For the control environment component, professional standards require auditors should obtain sufficient knowledge about the company's ______. -antifraud program -internal audit staff -risk management program

-antifraud program

A checklist, standard form, or computer program that helps auditors make a particular decision by ensuring they consider all relevant information is called a(n) ______. -working paper aid -decision tree -systems flowchart -audit decision aid

-audit decision aid

Auditors should identify and assess the risks of material misstatement: -only the financial statement level for transaction classes. -only the relevant assertion level for disclosures. -both the financial statement level and the relevant assertion level for account balances. -only the financial statement level for disclosures.

-both the financial statement level and the relevant assertion level for account balances.

When internal auditors provide direct assistance to external auditors in preparing working papers and performing certain audit procedures, external auditors should ______. -only direct and test the work performed -only direct and supervise the work performed -direct, supervise, review, and test the work -only review and test the work performed

-direct, supervise, review, and test the work

Tests of controls address ______. -how controls were applied -the design of the internal controls -the consistency with which controls were applied -by whom or by what means the controls were applied

-how controls were applied -the consistency with which controls were applied -by whom or by what means the controls were applied

A client uses a service organization to perform its payroll function. To obtain a sufficient understanding of the controls at the service organization, external auditors can do all of the following except ______. -ignore the relevant controls at the service organization and only consider the controls in place at the client -visit the service organization to review and possibly test relevant controls -obtain and consider the report of a service auditor on the service organization's internal controls

-ignore the relevant controls at the service organization and only consider the controls in place at the client

After assessing the risks of material misstatement, auditors should design further audit procedures such as substantive procedures and tests of controls if planned assessed level of control risk is ______. -high -low

-low

To enhance the control environment, management should do all of the following except ______. -make sure one person authorizes transactions, records transactions, and has custody of assets -establish policies describing appropriate business practices -clearly define authority and responsibility within the organization -develop job descriptions

-make sure one person authorizes transactions, records transactions, and has custody of assets

Management needs to assess risks that threaten their ability to meet their objectives in the areas of ______. -operations and reporting -operations and compliance -operations, reporting, and compliance -reporting and compliance

-operations, reporting, and compliance

The Foreign Corrupt Practices Act was passed to ______. -prevent payments of bribes and kick-backs to officials in foreign businesses -require organizations to report all bribes and kick-back payments made to foreign businesses -require organizations to maintain an effective system of internal control

-prevent payments of bribes and kick-backs to officials in foreign businesses -require organizations to maintain an effective system of internal control

Risks at the financial statement level ______. -have no impact on the audit -require considerable judgment for the auditor -potentially affect many relevant assertions -can easily be isolated and do not affect more than one account or assertion

-require considerable judgment for the auditor -potentially affect many relevant assertions

When the assessed level of control risk is low, the auditor should ______. -restrict substantive procedures for that assertion -perform more tests of controls -increase substantive procedures for that assertion

-restrict substantive procedures for that assertion