SB HW Ch 7 Auditing IC over FR

True or false: In planning an integrated audit, the auditor should design separate tests of controls to accomplish the objectives of the audit of ICFR and the audit of financial statements. True False

False

Entity-level controls that require specific evaluation by the auditor are the ______. control environment management compensation and evaluation processes interim financial reporting process period-end financial reporting process

control environment period-end financial reporting process

An unqualified opinion regarding the effectiveness of the entity's ICFR provides ______ assurance that the entity's controls are designed and operating effectively in all material respects as of the balance sheet date. absolute reasonable limited

reasonable

The fact that no system of internal controls is perfect and that there is a remote likelihood that material misstatement will not be prevented or detected in a timely matter even with effective controls is the concept of _____ assurance.

reasonable

Audit evidence supporting effective internal control must be obtained at the level of ______. reasonable assurance risk-based assurance absolute assurance substantial completion

reasonable assurance

The auditor traces a transaction from origination through the entity's processes and information system until it is reflected in the entity's financial reports when performing a(n) _____

walkthrough

When the auditor issues an adverse opinion on internal control, ______ be issued on the financial statement audit. a disclaimer of opinion must an adverse opinion must an unqualified opinion may at least a qualified opinion must

an unqualified opinion may

After auditing the effectiveness of an entity's internal control, an auditor issues a(n) _____ opinion if the entity's internal control is designed and operating effectively in all material respects.

unqualified

Test data ______. should include both valid and invalid data is not used to test processing logic controls is a time-effective method of testing ensures the accuracy of computer processing of transactions

should include both valid and invalid data ensures the accuracy of computer processing of transactions

A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a ______ deficiency. possible reasonable remote significant

significant

A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a(n) _____deficiency.

significant

The work performed by internal auditors, entity personnel, and third parties hired by management or the audit committee ______ be used by the auditor. cannot should must can

can

Match the type of evidence with the most appropriate description. Direct tests of controls Ongoing monitoring Performed by objective individuals Performed by people using controls

Direct tests of controls matches Performed by objective individuals Ongoing monitoring matches Performed by people using controls

Management's assessment of the entity's ICFR must be based on ______. a recognized control framework the PCAOB framework a framework consistent with industry peers prior year's deficiencies

a recognized control framework

To identify significant accounts and disclosures and their relevant assertions, the auditor assesses risk factors including ______. account size and composition target earnings per share range of values nature of the disclosure susceptibility to misstatement

account size and composition nature of the disclosure susceptibility to misstatement

Once key controls have been identified, the auditor starts with evaluating their _____ effectiveness, which may also provide some evidence about _____ effectiveness.

blank 1: design blank 2: operating

If the auditor fails to obtain written representations from management, the auditor ______ opinion of ICFR. cannot issue an unqualified must issue an adverse must disclaim an

cannot issue an unqualified

The best way to identify potential sources of misstatements is often ______. performing walkthroughs using professional judgment to assess management's controls testing entity-level controls identifying controls management has implemented to address misstatements

performing walkthroughs

Audit documentation related to the audit of internal controls must include ______. the evaluation of deficiencies discovered the scope of testing the extent of reliance on work performed by others a discussion of PCAOB documentation standards

the evaluation of deficiencies discovered the scope of testing the extent of reliance on work performed by others

Because they can have a pervasive effect on the entity's ability to meet the COSO control criteria, the auditor must test the effectiveness of _____ - _____ controls.

blank 1: entity blank 2: level

If the work of others is to be used, the auditor should assess the _____ and _____ of the persons whose work will be used.

blank 1: objectivity blank 2: competence

When auditors want to perform specific audit tasks, _____ audit software is generally written.

custom

Written representations from management related to the audit of ICFR include management ______. conclusion about the effectiveness of the entity's ICFR as of a specified date reliance on the work of the auditor in forming its assessment of ICFR effectiveness disclosure to the audit committee of all design and operational deficiencies responsibility for establishing and maintaining effective ICFR

conclusion about the effectiveness of the entity's ICFR as of a specified date responsibility for establishing and maintaining effective ICFR

The auditor's report on the effectiveness of internal control must ______. contain the basis of the auditor's opinion be addressed to the shareholders and board of directors provide an opinion on whether the entity maintained effective ICFR throughout the financial statement audit period be issued as a separate report from the financial statement audit report

contain the basis of the auditor's opinion be addressed to the shareholders and board of directors

Advantages of GAS include ______. entire populations can be examined ease of use auditing can be done as the entity processes data limited IT expertise is required

entire populations can be examined ease of use limited IT expertise is required

Disadvantages of GAS include ______. it provides limited ability to verify programming logic data that is audited must be available in electronic form the time required to develop the application is usually short it requires advance programming skills

it provides limited ability to verify programming logic data that is audited must be available in electronic form

In evaluating the risk of material misstatement due to fraud and the risk of management override of controls, the auditor should consider controls over ______. recurring transactions that are recorded monthly journal entries and adjustments made in the period-end financial close significant, unusual transactions resulting in unusual journal entries

journal entries and adjustments made in the period-end financial close significant, unusual transactions resulting in unusual journal entries

If a misstatement is detected by substantive procedures, the auditor should consider whether the control deficiency might affect the _____ on the audit of ICFR.

opinion

In assessing financial reporting risks, management must evaluate whether there planned controls internal audit department management other pervasive elements of ICFR entity-level controls

other pervasive elements of ICFR entity-level controls

The auditor's report on the effectiveness of internal control must ______. provide an opinion on effective ICFR as of the specified date be addressed to the management of the company contain the basis of management's opinion on the effectiveness of ICFR have the same date as the financial statement audit report

provide an opinion on effective ICFR as of the specified date have the same date as the financial statement audit report

The auditor's report on the effectiveness of internal control must ______. provide an opinion on effective ICFR as of the specified date be addressed to the management of the company contain the basis of management's opinion on the effectiveness of ICFR have the same date as the financial statement audit report

provide an opinion on effective ICFR as of the specified date have the same date as the financial statement audit report

To identify significant accounts and disclosures and their relevant assertions, the auditor assesses risk factors including ______. related party transactions gains from asset disposals changes from prior periods volume of activity reporting complexities

related party transactions changes from prior periods volume of activity reporting complexities

When an entity has a material weakness, it should take steps to correct it, which is referred to as _____

remediation

Prior to the issuance of the auditor's report on ICFR, the auditor must communicate in writing to both management and the audit committee identified ______. control deficiencies significant deficiencies material weaknesses compensating controls

significant deficiencies material weaknesses

Unless a longer period of time is required, PCAOB standards require the auditor to retain audit documentation for the ICFR and financial statement audit for ______ years. 5 10 3 7

7

Which of the following statements is correct? A single set of audit procedures should be used to test both the design and operating effectiveness of controls. Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness. Evidence about the operating effectiveness of controls should never be based on procedures used to test design effectiveness.

Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness.

Which of the following statements is correct? Evidence about the operating effectiveness of controls should never be based on procedures used to test design effectiveness. Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness. A single set of audit procedures should be used to test both the design and operating effectiveness of controls.

Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness.

Which of the following statements are correct? Auditors are required to evaluate the severity of each control deficiency. The assessment of the significance of a control deficiency depends on whether or not a misstatement has occurred. The severity of a control deficiency depends on its likelihood and magnitude.

Auditors are required to evaluate the severity of each control deficiency. The severity of a control deficiency depends on its likelihood and magnitude.

Which of the following statements are true about the financial statement and ICFR audits? They have different objectives. Tests of controls should be done separately for the audits. Work must be planned to achieve both objectives. They must be performed at different times.

They have different objectives. Work must be planned to achieve both objectives.

If one or more unremediated material weaknesses is identified, the auditor issues a(n) ______ opinion on the entity's internal control. disclaimer of qualified adverse unqualified

adverse

The presence of a material weakness in ICFR at the end of the period necessitates a(n) ______ assessment by management and a(n) ______ opinion by the auditor. adverse, qualified qualified, adverse qualified, qualified adverse, adverse

adverse, adverse

If a significant deficiency or material weakness exists because of the audit committee's ineffective oversight, the auditor must communicate the specific deficiency or weakness, in writing, directly to the ______. appropriate regulatory agency board of directors company CEO internal audit department

board of directors

Evidence on the operating effectiveness of a control may be obtained from ______. neither direct testing nor ongoing monitoring direct testing of the control only both direct testing and ongoing monitoring ongoing monitoring only

both direct testing and ongoing monitoring

When companies use service organizations to process transactions, ______. both management and the auditor must consider the service organization activities the auditor cannot express an opinion about the effectiveness of operating controls an audit opinion only can only be expressed if the auditor performs tests of controls at the service organization the service organization is considered part of the information and communication component of the entity's ICFR

both management and the auditor must consider the service organization activities the service organization is considered part of the information and communication component of the entity's ICFR

If a material weakness cannot be corrected and/or properly tested before the "as of" date, ______. management should issue a report that the ICFR is not operating effectively and the auditor should disclaim an opinion neither management nor the auditor should issue a report on the effectiveness of ICFR the auditor should issue a report that the ICFR is not operating effectively and the management should not issue an opinion both management and the auditor should issue a report that the ICFR is not operating effectively

both management and the auditor should issue a report that the ICFR is not operating effectively

The auditor's report on the effectiveness of internal control must ______. provide an opinion on whether the entity maintained effective ICFR throughout the financial statement audit period contain the basis of the auditor's opinion be addressed to the shareholders and board of directors be issued as a separate report from the financial statement audit report

contain the basis of the auditor's opinion be addressed to the shareholders and board of directors

In addition to material weaknesses and significant deficiencies, the auditor should communicate, in writing, to management all _____ deficiencies identified during the audit.

control

If the scope of the auditor's work is limited because of circumstances beyond the control of management or the auditor, the auditor's option are to ______. disclaim an opinion issue an unqualified opinion withdraw from the engagement issue an adverse opinion

disclaim an opinion withdraw from the engagement

Test data can be used to check ______. error detection routines the exclusion of transactions in records, files, and reports arithmetic calculations data validation controls

error detection routines arithmetic calculations data validation controls

In assessing material weaknesses in ICFR management must ______. centralize processing of controls evaluate evidence about the operating effectiveness of ICFR notify the auditor of locations to include in the evaluation identify financial reporting risks and related controls consider which locations to include in the evaluation

evaluate evidence about the operating effectiveness of ICFR identify financial reporting risks and related controls consider which locations to include in the evaluation

The auditor's report on the effectiveness of internal control must ______. be addressed to the management of the company have the same date as the financial statement audit report contain the basis of management's opinion on the effectiveness of ICFR provide an opinion on effective ICFR as of the specified date

have the same date as the financial statement audit report provide an opinion on effective ICFR as of the specified date

The risk that a misstatement could result in a material misstatement of the financial statements is called a(n) _____ _____ risk.

financial reporting

The phrase "All material respects" means that the entity's ICFR ______. is free of any material weakness has prevented and/or detected all material errors does not have any significant deficiencies

is free of any material weakness

The severity of a control deficiency depends on ______. likelihood and magnitude number of misstatements and magnitude likelihood and number of misstatements

likelihood and magnitude

The difference between a control deficiency, a significant deficiency, and a material weakness is determined solely based on ______. (Enter only one word per blank.) likelihood management judgment auditor judgment magnitude

magnitude

Evidence about the operating effectiveness of controls at service organizations that are relevant to management's assessment and the auditor's opinion ______. must be obtained from a service auditor's report on the design and operating effectiveness of controls in operation at the service organization must be obtained by performing tests of the user organization's controls over the activities of the service organization may be obtained by performing tests or obtaining a service auditor's report must be obtained by performing tests of controls at the service organization

may be obtained by performing tests or obtaining a service auditor's report

The failure of a preventive control (such as inventory tags) to safeguard assets ______ result in a significant deficiency or material weakness. will always will never may or may not

may or may not

A control issue does not rise to the level of control deficiency if the likelihood is ______. remote probable likely reasonably possible

remote

Written representations from management related to the audit of ICFR include management ______. responsibility for establishing and maintaining effective ICFR conclusion about the effectiveness of the entity's ICFR as of a specified date reliance on the work of the auditor in forming its assessment of ICFR effectiveness disclosure to the audit committee of all design and operational deficiencies

responsibility for establishing and maintaining effective ICFR conclusion about the effectiveness of the entity's ICFR as of a specified date

A major premise of AS 2201 is that _____ assessment underlies the entire audit of ICFR.

risk

AS2201 defines policies and procedures that "provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposal of the entity's assets that could have a material effect on the financial statements as the _____ of assets."

safeguarding

If circumstances beyond the control of management or the auditor limit the _____ of the auditor's work, the auditor should disclaim an opinion or withdraw from the engagement.

scope

When an entity's computer system is not compatible with the auditor's GAS, the auditor should ______. rely on the entity's computer software not use software to conduct testing write custom audit software

write custom audit software