Study Unit 9
Which of the following circumstances would be inappropriate for the auditor to communicate to those charged with governance? A material misstatement was noted by the auditor and corrected by management. Management has consulted with other accountants about accounting and auditing matters during the period under audit. No significant deficiencies in internal control exist that would affect the financial statements. The auditor is requesting representations regarding the financial statements from management.
No significant deficiencies in internal control exist that would affect the financial statements.
When engaged to express an opinion about the effectiveness of a nonissuer's internal control over financial reporting, the auditor should Keep informed of events subsequent to the date of the report that might have affected the opinion. Not directly express an opinion on the effectiveness of internal control. Obtain management's written representation acknowledging responsibility for establishing and maintaining internal control. Accept responsibility for the establishment of the control procedures tested.
Obtain management's written representation acknowledging responsibility for establishing and maintaining internal control.
A user auditor of a nonissuer should perform which of the following procedures to obtain audit evidence related to the operating effectiveness of a service organization's controls when the risk assessment includes an expectation that the controls are operating effectively? Obtaining and reading a Type 1 report, if available. Performing substantive tests at the service organization. Obtaining and reading a Type 2 report, if available. Obtaining the user organization's representation regarding the effectiveness of the service organization's controls.
Obtaining and reading a Type 2 report, if available
When reporting to the audit committee on conditions relating to an entity's internal control observed during an audit of a nonissuer's financial statements, the auditor should include a Restriction on the use of the report. Description of tests performed to search for significant deficiencies and material weaknesses. Statement of positive assurance on internal control. Recommendation to remediate the significant deficiencies and material weaknesses identified.
Restriction on the use of the report.
An auditor is auditing a mutual fund company that uses a transfer agent to handle accounting for shareholders. Which of the following actions by the auditor would be most efficient for obtaining information about the transfer agent's internal controls? Perform tests of controls on a sample of the audited firm's transactions through the agent. Perform an audit on the internal control function of the agent. Review reports on the suitability of design and operating effectiveness of controls produced by the agent's own auditor. Review prior-year working papers to determine whether the number of transactions processed by the agent has materially increased.
Review reports on the suitability of design and operating effectiveness of controls produced by the agent's own auditor
Which of the following statements is true about an auditor's communication to those charged with governance? Any matters communicated to those charged with governance also should be communicated to the entity's management. The auditor is required to inform those charged with governance about misstatements discovered by the auditor and not subsequently corrected by management. Disagreements with management about the application of accounting principles are required to be communicated in writing to those charged with governance. Issues previously reported to those charged with governance are required to be communicated to the audit committee after each subsequent audit.
The auditor is required to inform those charged with governance about misstatements discovered by the auditor and not subsequently corrected by management.
Management of an issuer subject to SEC requirements requests the auditor to report on whether a previously reported material weakness in internal control continues to exist. The request comes 3 months after the annual audited financial statements and report on internal control were released. The auditor may accept the engagement but must wait until the next year's audit to report the remediation of the internal control weakness. The auditor may accept the engagement if management provides a statement that the identified material weakness no longer exists. The auditor may accept the engagement if (s)he withdraws the original report. No report may be issued on subsequent information.
The auditor may accept the engagement if management provides a statement that the identified material weakness no longer exists.
Which of the following statements about an auditor's communication of internal control related matters identified in an audit of a nonissuer is true? Significant deficiencies or material weaknesses may not be communicated in a document that contains suggestions regarding activities that concern other topics such as business strategies or administrative efficiencies. The auditor may issue a written report to management and those charged with governance that no significant deficiencies were noted. The auditor should communicate significant internal control related matters no later than 60 days after the report release date. Significant deficiencies or material weaknesses need not be recommunicated each year if the audit committee has acknowledged its understanding of such deficiencies.
The auditor should communicate significant internal control related matters no later than 60 days after the report release date.
Management may already know of the existence of significant deficiencies or material weaknesses in internal control. Which of the following is a true statement about the auditor's communication in this situation? The auditor need not communicate these control conditions if they were communicated in prior periods. The auditor should communicate these control conditions in writing regardless of a decision by management and those charged with governance not to remedy them. The auditor should communicate these control conditions orally, but need not communicate them in writing. The auditor need not communicate these control conditions if management is already aware of them.
The auditor should communicate these control conditions in writing regardless of a decision by management and those charged with governance not to remedy them.
In an integrated audit, an auditor should issue an adverse opinion on the effectiveness of an entity's internal control in which of the following situations? A material weakness exists. The entity may not continue as a going concern. The auditor was asked by the client to provide the report to another practitioner. The financial statements are misstated.
A material weakness exists.
Which of the following is least likely indicative of a significant deficiency or material weakness in internal control? Significant undisclosed related party transactions. Unqualified personnel. Insufficient control consciousness within the organization. A potential future internal control problem having no effect on the current period.
A potential future internal control problem having no effect on the current period.
Which of the following matters is an auditor required to communicate to those charged with governance? Changes in the auditor's preliminary judgment about materiality that were caused by projecting the results of statistical sampling for tests of transactions. Adjustments that were suggested by the auditor and recorded by management that have a significant effect on the entity's financial reporting process. The auditor's consideration of risk factors in assessing the risk of material misstatement arising from the misappropriation of assets. The results of the auditor's analytical procedures performed in the review stage of the engagement that indicate significant variances from expected amounts.
Adjustments that were suggested by the auditor and recorded by management that have a significant effect on the entity's financial reporting process.
During the audit of internal controls integrated with the audit of the financial statements, the auditor discovered a material weakness in internal control. The auditor most likely will express a(n) Unmodified opinion on internal control. Qualified opinion on internal control. Adverse opinion on internal control. Disclaimer of opinion on internal control.
Adverse opinion on internal control.
The auditor is required to communicate each of the following items to those charged with governance except An overview of the planned scope and timing of the audit. All control deficiencies detected during the course of the audit. The auditor's responsibilities to complete the audit in accordance with generally accepted auditing standards. Any significant findings from the audit.
All control deficiencies detected during the course of the audit.
According to the PCAOB, each of the following statements is true with respect to the auditor's responsibility to communicate material weaknesses in internal control over financial reporting except All such weaknesses must be communicated in writing to all stockholders. All such weaknesses must be communicated in writing to the audit committee. All such weaknesses must be communicated prior to the issuance of the auditor's report on internal control over financial reporting. All such weaknesses must be communicated in writing to management.
All such weaknesses must be communicated in writing to all stockholders.
Which of the following best describes a CPA's engagement to report on an entity's internal control over financial reporting? A consulting engagement to provide constructive advice to the entity on its internal control. An audit of the financial statements that results in communicating significant deficiencies in internal control. A prospective engagement to project, for a period of time not to exceed one year, and report on the expected benefits of the entity's internal control. An audit engagement that results in issuance of a report relating to the effectiveness of internal control.
An audit engagement that results in issuance of a report relating to the effectiveness of internal control.
Which of the following statements about significant deficiencies and material weaknesses in internal control is true for an audit of a nonissuer? An auditor may report that no significant deficiencies were noted during an audit. An auditor is required to search for significant deficiencies and material weaknesses during an audit. An auditor may communicate significant deficiencies and material weaknesses during an audit or after the audit's completion. All control deficiencies are also considered to be material weaknesses.
An auditor may communicate significant deficiencies and material weaknesses during an audit or after the audit's completion.
Under the AICPA's auditing standards, which of the following statements about an auditor's communication of significant control deficiencies is true? An auditor's report on significant control deficiencies should include a restriction on the use of the report. An auditor should perform tests of controls on significant control deficiencies before communicating them to the client. An auditor should communicate significant control deficiencies after tests of controls, but before commencing substantive tests. A significant control deficiency previously communicated during the prior year's audit that remains uncorrected causes a scope limitation.
An auditor's report on significant control deficiencies should include a restriction on the use of the report.
Each of the following statements is correct regarding the likely sources of potential misstatements in an integrated audit except The controls that management has implemented to address potential sources of misstatements should be identified. Walkthroughs are frequently the most effective way of understanding sources of potential misstatements. An understanding of how transactions are initiated, authorized, processed, and recorded should be achieved. An evaluation of the entity's information technology risk and controls should be performed separately from the top-down approach.
An evaluation of the entity's information technology risk and controls should be performed separately from the top-down approach.
Which of the following matters in a financial statement audit is most appropriate to communicate with those charged with governance? The nature and timing of detailed audit procedures. Clearance explanations of workpaper review notes. An overview of the planned scope and timing of the audit. Major variances in budgeted versus actual audit hours.
An overview of the planned scope and timing of the audit.
An issuer client who disagrees with the independent auditor on a significant matter affecting its financial statements has several courses of action. Which of the following courses of action would be inappropriate? Ask the auditor to refer in the auditor's report to a client note in the financial statements that discusses the client point of view with regard to the significant matter. Appeal to the FASB to review the significant matter. Engage another independent auditor. Modify the financial statements by expressing in the notes its viewpoint with regard to the significant matter.
Appeal to the FASB to review the significant matter.
An auditor encounters significant difficulties during an audit that are likely to lead to a modified opinion. When would it be most appropriate for the auditor to communicate those difficulties to the audit committee? On the report issuance date. As soon as is practicable during the course of the engagement. Early in the audit engagement acceptance process. On the last day of fieldwork.
As soon as is practicable during the course of the engagement.
To ensure that the audit report for an issuer is prepared in accordance with Section 404 of the Sarbanes-Oxley Act of 2002, the report must Be prepared within 60 days of the issuer's fiscal year end, be certified by the Public Company Accounting Oversight Board, and be publicly disclosed. Be prepared within 60 days of the end of the issuer's fiscal year end unless extenuating circumstances, as outlined in the act, are publicly disclosed. Attest to, and report on, the efficiency and effectiveness of the issuer's system of internal control. Attest to and report on the internal control assessment made by the management of the issuer.
Attest to and report on the internal control assessment made by the management of the issuer.
Which of the following groups is considered a subgroup ordinarily charged with assisting the board of directors in fulfilling its oversight responsibilities? Audit committee. Senior management. Secured creditors. Internal auditors.
Audit committee.
An auditor expresses an unmodified opinion on internal control over financial reporting after an audit integrated with a financial statement audit. As a result, the Auditor has engaged in an improper form of reporting. Entity has not violated provisions of the Foreign Corrupt Practices Act. Auditor believes that controls are effective. Likelihood of management fraud is minimal.
Auditor believes that controls are effective.
Which of the following is true regarding significant deficiencies and material weaknesses in control for a nonissuer? Auditors should communicate them to management and those charged with governance. They should be disclosed in notes to the financial statements. Auditors should search for them. They should be included in the financial statements.
Auditors should communicate them to management and those charged with governance.
Snow, CPA, was engaged by Master Co., a nonissuer, to audit the effectiveness of Master's internal control over financial reporting as part of an integrated audit. Snow's report should state that The results of Snow's tests will form the basis for Snow's opinion on the fairness of Master's financial statements in accordance with U.S. GAAP. Because of inherent limitations, internal control may not prevent, or detect and correct, misstatements. The purpose of the engagement is to enable Snow to plan an audit and determine the nature, timing, and extent of tests to be performed. Management's evaluation of the effectiveness of internal control is based on criteria established by the American Institute of Certified Public Accountants.
Because of inherent limitations, internal control may not prevent, or detect and correct, misstatements.
Which of the following statements correctly describes the "top-down approach" used during an audit of internal control over financial reporting? Begin by understanding the overall risks to internal control over financial reporting at the general ledger level. Begin reviewing income statement accounts and then review balance sheet accounts. Begin reviewing balance sheet accounts and then review income statement accounts. Begin by understanding the overall risks to internal control over financial reporting at the financial statement level.
Begin by understanding the overall risks to internal control over financial reporting at the financial statement level.
An auditor has withdrawn from an audit engagement of an issuer after finding fraud that may materially affect the financial statements. The auditor should set forth the reasons and findings in communication to the Client's legal counsel. PCAOB. Stock exchanges where the company's stock is traded. Board of directors.
Board of directors.
An auditor's written communication of internal control related matters identified in an audit would be addressed to "those charged with governance," which would include the Chief accounting officer. Board of directors. Chief financial officer. Director of internal auditing.
Board of directors.
Which of the following matters is an auditor required to communicate to those in the entity charged with governance? I. Disagreements with management about matters significant to the entity's financial statements that have been satisfactorily resolved II. Initial selection of significant accounting policies in emerging areas that lack authoritative guidance Neither I nor II. II only. Both I and II. I only.
Both I and II.
In an audit of internal control over financial reporting, which deficiencies in control should be communicated in writing to those charged with governance? All deficiencies. Both material weaknesses and significant deficiencies. Only significant deficiencies. Only material weaknesses.
Both material weaknesses and significant deficiencies.
A secondary result of the auditor's understanding of internal control for a nonissuer is that the understanding may Bring to the auditor's attention possible control conditions required to be communicated to the client. Provide a basis for determining the nature, timing, and extent of audit tests. Assure that management's procedures to detect fraud are properly functioning. Develop evidence to support the assessed risks of material misstatement.
Bring to the auditor's attention possible control conditions required to be communicated to the client.
A nonissuer uses a service organization whose services are part of the nonissuer's system of internal control. In the integrated audit, how does an auditor evaluate whether the service auditor's report on controls provides sufficient appropriate evidence to support an opinion on internal controls over financial reporting? By inquiring of the service auditor's reputation only from the company's outside attorney. By observing the service auditor to determine the level of knowledge about the entity under audit during the first week of the audit fieldwork. By performing a background check of the service auditor. By assessing the results of the tests of controls and the service auditor's opinion on the operating effectiveness of the controls.
By assessing the results of the tests of controls and the service auditor's opinion on the operating effectiveness of the controls.
Which of the following is not a role of the risk assessment in an integrated audit of a nonissuer? Concluding on the effectiveness of a given control. Determining significant classes of transactions, account balances, and relevant assertions. Selecting controls to test. Determining evidence necessary to conclude on the effectiveness of a given control.
Concluding on the effectiveness of a given control.
Payroll Data Co. (PDC) processes payroll transactions for a retailer. Cook, CPA, is engaged to issue a report on PDC's internal controls implemented as of a specific date. These controls are relevant to the retailer's internal control, so Cook's report may be useful in providing the retailer's independent auditor with information necessary to plan a financial statement audit. Cook's report should Identify PDC's controls relevant to specific financial statement assertions. Disclose Cook's assessed risks of material misstatement for PDC. State whether PDC's controls were suitably designed to achieve the retailer's objectives. Contain a disclaimer of opinion on the operating effectiveness of PDC's controls.
Contain a disclaimer of opinion on the operating effectiveness of PDC's controls.
The design or operation of a control may not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. According to AU-C 265, this circumstance is a Control deficiency. Material weakness. Significant deficiency. Critical deficiency.
Control deficiency.
In the integrated audit of an issuer, an auditor has identified entity-level controls that are important to the conclusion as to whether the company has effective internal control over financial reporting. Each of the following is an example of an entity-level control, except Controls over the completeness of deposited cash. The company's risk assessment process. Controls over the period-end financial reporting process. Controls over management override.
Controls over the completeness of deposited cash.
Computer Services Company (CSC) processes payroll transactions for schools. Drake, CPA, is engaged to report on CSC's description of the controls implemented and their design as of a specific date. These controls are relevant to the schools' internal control, so Drake's report will be useful in providing the schools' independent auditors with information necessary to plan their audits. Drake's report expressing an opinion on CSC's controls implemented as of a specific date should contain a(n) Description of the scope and nature of Drake's procedures. Paragraph indicating the basis for Drake's assessment of the risks of material misstatement. Statement that CSC's management has disclosed to Drake all design deficiencies of which it is aware. Opinion on the operating effectiveness of CSC's controls.
Description of the scope and nature of Drake's procedures.
Dunn, CPA, is auditing the financial statements of Taft Co. Taft uses Quick Service Center (QSC) to process its payroll. Price, CPA, is expressing an opinion on management's description of the controls implemented and their suitability of design at QSC regarding the processing of its customers' payroll transactions. Dunn expects to consider the effects of Price's report on the Taft engagement. Price's report should contain a(n) Statement that Dunn may assess control risk based on Price's report. Opinion on the operating effectiveness of QSC's internal controls. Description of the scope and nature of Price's procedures. Assertion that Price assumes no responsibility to determine whether QSC's controls are suitably designed.
Description of the scope and nature of Price's procedures
The development of constructive suggestions to a client for improvements in its internal control is a Task addressed by the auditor only during a special engagement. Requirement as important as assessing the risks of material misstatement. Desirable by-product of an audit engagement. Requirement of the auditor's consideration of internal control.
Desirable by-product of an audit engagement.
Firms subject to the reporting requirements of the Securities Exchange Act of 1934 are required by the Foreign Corrupt Practices Act of 1977 to maintain satisfactory internal control. Moreover, the Sarbanes-Oxley Act of 2002 requires that annual reports include (1) a statement of management's responsibility for establishing and maintaining adequate internal control and procedures for financial reporting, and (2) management's assessment of their effectiveness. The role of the registered auditor relative to the assessment made by management is to Express an opinion on the assessment. Express an opinion on whether the client is subject to the Securities Exchange Act of 1934. Report clients with unsatisfactory internal control to the SEC. Determine whether management's report is complete and properly presented.
Determine whether management's report is complete and properly presented.
Which of the following disagreements between the auditor and management do not have to be communicated by the auditor to those charged with governance? Disagreements about the scope of the audit. Disagreements regarding management's judgment about accounting estimates for goodwill. Disagreements of the amount of the LIFO inventory layer based on preliminary information. Disagreements in the application of accounting principles relating to software development costs.
Disagreements of the amount of the LIFO inventory layer based on preliminary information.
Cain Company's management engaged Bell, CPA, to audit the effectiveness of Cain's internal control over financial reporting. Bell's report, which was accompanied by management's separate report presenting its written assessment about the effectiveness of internal control, described several material weaknesses and potential errors and fraudulent activities that could occur. Subsequently, management included Bell's report in its annual report to the board of directors with a statement that the cost of correcting the weaknesses would exceed the benefits. Bell should Advise the board that Bell either agrees or disagrees with management's statement. Express an adverse opinion as to management's cost-benefit statement. Disclaim an opinion as to management's cost-benefit statement. Advise both management and the board that Bell is withdrawing the opinion.
Disclaim an opinion as to management's cost-benefit statement.
An auditor's communication with those charged with governance is required to include the Justification for the auditor's selection of sampling methods. Basis for the auditor's preliminary judgment about materiality. Assessment of the quality of the entity's earnings as compared with those of the previous year. Discussion of disagreements with management about matters that significantly affect the entity's financial statements.
Discussion of disagreements with management about matters that significantly affect the entity's financial statements.
Which of the following matters would an auditor most likely consider to be a significant deficiency or material weakness to be communicated to those charged with governance? Management's failure to renegotiate unfavorable long-term purchase commitments. Recurring operating losses that may indicate going concern problems. Management's current plans to reduce its ownership equity in the entity. Evidence of a lack of objectivity by those responsible for accounting decisions.
Evidence of a lack of objectivity by those responsible for accounting decisions.
If an auditor performing an integrated audit identifies one or more material weaknesses in a nonissuer's internal control, the auditor should Express an adverse opinion on the entity's internal control. Conclude that the financial statements are materially misstated because of the material weakness in internal control. Expand the audit of internal control to identify deficiencies less severe than material weaknesses. Disclaim an opinion on internal control.
Express an adverse opinion on the entity's internal control.
An auditor is conducting an integrated audit of internal control with the audit of a nonissuer's financial statements. In applying the top-down approach, the auditor first Focuses on entity-level controls and then significant classes of transactions, account balances, and disclosures. Applies substantive procedures to test financial statement assertions. Determines the type of opinion to be expressed. Communicates material weaknesses and significant deficiencies to those charged with governance.
Focuses on entity-level controls and then significant classes of transactions, account balances, and disclosures.
Which of the following most accurately describes the process of a walkthrough? Testing and documenting the results of tests of selected controls. Inspection of selected documents, records, and internal control documentation. Following a transaction from its origination until it is reflected in the financial statements. Observation of an entity's activities and operations.
Following a transaction from its origination until it is reflected in the financial statements.
Brown, CPA, has accepted an engagement to audit the effectiveness of the internal control over financial reporting of Crow Company (a nonissuer) and to issue a report on such audit. In what form does Crow present its written assessment about effectiveness? I. In a separate report that accompanies Brown's report II. As a note to the financial statements I only. Neither I nor II. I and II. II only.
I only.
Which of the following issues related to internal control over financial reporting are required to be communicated in writing to management and those charged with governance? I. Deficiencies in internal control II. Significant deficiencies III. Material weaknesses I, II, and III. None. II and III only. III only.
II and III only.
An auditor's communication with the board of directors most likely should Ordinarily occur at or near the end of the audit. Indicate that it is for the sole use of the board. Be documented only if it is in writing. Include details of audit procedures.
Indicate that it is for the sole use of the board.
Which of the following is a complete and accurate list of the walkthrough procedures usually performed in an issuer's integrated audit? Inquiry, observation, analytical procedures, testing of controls. Inquiry, observation, inspection of relevant documentation, reperformance of controls. Inquiry, inspection of relevant documentation, sampling, reperformance of controls. Inquiry, sampling, analytical procedures, testing of controls.
Inquiry, observation, inspection of relevant documentation, reperformance of controls.
The Committee of Sponsoring Organizations (COSO) of the Treadway Commission issued a document in 1992 that has been embraced by numerous organizations, including the AICPA and the GAO. That document is titled Code of Professional Conduct. Statements on Auditing Standards. Internal Control--Integrated Framework. The Yellow Book.
Internal Control--Integrated Framework.
A CPA's understanding of internal control in a financial statement audit of a nonissuer Is usually more extensive than that made in an audit of internal control integrated with an audit of financial statements. Is usually more limited than that made in an audit of internal control integrated with an audit of financial statements. Will usually result in a report on the effectiveness of internal control. Will usually be identical to that made in an audit of internal control integrated with an audit of financial statements.
Is usually more limited than that made in an audit of internal control integrated with an audit of financial statements.
In an integrated audit, if an auditor concludes that a material weakness exists as of the date specified in management's assertion, the auditor should take which of the following actions? Communicate, in writing, to the entity's outside legal counsel that the material weakness exists. Issue an adverse opinion. Disclaim an opinion. Obtain written representations from management relating to such matters.
Issue an adverse opinion.
In identifying matters for communication with an entity's audit committee, an auditor most likely would ask management whether There were any subsequent events of which the auditor was unaware. The turnover in the accounting department was unusually high. It consulted with another CPA firm about accounting matters. It agreed with the auditor's assessment of the risks of material misstatement.
It consulted with another CPA firm about accounting matters.
To what degree, if at all, is a significant deficiency related to a material weakness? It is more severe than a material weakness. It is equivalent to a material weakness. It is less severe than a material weakness. It is unrelated to a material weakness.
It is less severe than a material weakness.
AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization, applies to a financial statement audit of an entity that uses services of another organization as part of its information system. For this purpose, the user auditor may need to obtain a service auditor's report. Which of the following is a true statement about a service auditor's report? It provides the user auditor with assurance regarding whether control procedures have been implemented at the user organization. A user auditor need not be concerned about the service auditor's professional competence. If it proves to be inappropriate for the user auditor's purposes, (s)he must personally perform procedures at the service organization. It should include an opinion.
It should include an opinion.
A service auditor's report on internal control may be issued on management's description of a service organization system and the suitability of the design of controls or management's description of a service organization system and the suitability and operating effectiveness of controls. Which of the following is true about a type 1 report? It need not be restricted in its use and may be made available to any third party. It should include an opinion about the design of internal control as well as conclusions about tests of controls. It will include a list of all fraud and error discovered. It should state that the auditor did not test the effectiveness of the controls.
It should state that the auditor did not test the effectiveness of the controls
Lake, CPA, is auditing the financial statements of Gill Co. Gill uses the EDP Service Center, Inc., to process its payroll transactions. EDP's financial statements are audited by Cope, CPA, who recently issued a report on EDP's internal control. Lake is considering Cope's report on EDP's internal control in assessing control risk on the Gill engagement. What is Lake's responsibility concerning making reference to Cope as a basis, in part, for Lake's own unmodified opinion? Lake may refer to Cope only if Lake relies on Cope's report in restricting the extent of substantive procedures. Lake may refer to Cope only if Lake is satisfied as to Cope's professional reputation and independence. Lake may not refer to Cope under the circumstances above. Lake may refer to Cope only if Lake's report indicates the division of responsibility.
Lake may not refer to Cope under the circumstances above.
In reporting on an audit of an issuer's internal control over financial reporting, an auditor should include a statement that describes the Limitations inherent to internal control. Documentary evidence regarding the control environment factors. Changes in internal control since the prior report. Potential benefits from the practitioner's suggested improvements.
Limitations inherent to internal control
Green, CPA, is auditing the financial statements of Ajax Co. Ajax uses the DP Service Center to process its payroll. DP's financial statements are audited by Blue, CPA, who recently issued a report on DP's policies and procedures regarding the processing of other entities' transactions. In considering whether Blue's report is satisfactory for Green's purposes, Green should Review the audit plan followed by Blue. Perform tests of controls at the DP Service Center. Make inquiries about Blue's professional reputation. Not rely on DP's controls.
Make inquiries about Blue's professional reputation.
In the audit, the auditor reports on the effectiveness of an entity's internal control over financial reporting. Which of the following is not a condition of that engagement? Management provides assurance that limitations inherent to internal control have been eliminated. Management evaluates the effectiveness of the entity's internal control using suitable criteria. Management accepts responsibility for the effectiveness of internal control. Management documents the system of internal control.
Management provides assurance that limitations inherent to internal control have been eliminated.
Section 404 of the Sarbanes-Oxley Act of 2002 requires each annual report of an issuer to include which of the following? Reasonable assurances that fraud will be identified before the issuance of the company's annual report. Management representations that the company's external auditors have examined its internal control over compliance with laws and regulations. Management's assessment of the effectiveness of internal control over financial reporting. Representations from the company's external auditors that the company has effective internal control over operations.
Management's assessment of the effectiveness of internal control over financial reporting.
In communicating with those charged with governance, the auditor must decide whether to communicate with the audit committee or the client's entire board of directors. Which of the following considerations will be least relevant to this decision? Whether the audit committee will be able to provide further information and explanations that the auditor may require while performing the audit. Regulatory requirements related to audit communications with those charged with governance. Management's preference. The nature of the matters to be communicated.
Management's preference.
The activities of the user entity and the service organization have a high degree of interaction. The user auditor Should not consider weaknesses in the service organization's internal control to be weaknesses in the user entity's system. Need not test the service organization's internal control if the user entity has effective controls related to service organization processing. Should obtain absolute assurance that the service organization's internal control will prevent or detect fraud or error. Is not required to evaluate the service organization's controls.
Need not test the service organization's internal control if the user entity has effective controls related to service organization processing.
An issuer who is an accelerated filer subject to the Securities Exchange Act of 1934 is required to include in its annual report an auditor's opinion on whether internal control over financial reporting was Sufficient to meet the needs of the shareholders. Properly designed and operated effectively. Adequate to eliminate fraud. Complete and fair.
Properly designed and operated effectively.
The Sarbanes-Oxley Act of 2002 (SOX) requires management of issuers to do all of the following except Provide a report to include a statement of management's responsibility for and assessment of internal control. Provide an identification of the framework used to evaluate the effectiveness of internal control. Provide a statement that the board approves changes in internal control procedures. Establish and document internal control procedures and to include in their annual reports a report on the company's internal control over financial reporting.
Provide a statement that the board approves changes in internal control procedures.
When the regular audit leading to an opinion on financial statements discloses specific circumstances that create suspicion that fraud may exist, and the auditor concludes that the results of such fraud, if any, could not be so material as to affect the opinion, (s)he should Reach an understanding with the client as to whether the auditor or the client, subject to the auditor's review, is to make the investigation necessary to determine whether fraud has occurred and, if so, the amount. Immediately extend audit procedures to determine if fraud has occurred and, if so, the amount thereof. Refer the matter to the appropriate representatives of the client with the recommendation that it be pursued to a conclusion. Make a note in the audit documentation of the possibility of fraud of an immaterial amount so as to pursue the matter next year.
Refer the matter to the appropriate representatives of the client with the recommendation that it be pursued to a conclusion.
An audit client has substantial assets held in a trust that is managed by the trust department of a bank. Which of the following actions by the auditor is the most efficient way to obtain information about the trust department's internal controls? Ask management of the trust department to complete a questionnaire about internal controls and provide flowcharts for related processes. Perform a review or compilation of the trust department. Rely on the trust department's audit report on internal controls placed in operation and their operating effectiveness. Perform tests of controls on a sample of the client's transactions with the trust department.
Rely on the trust department's audit report on internal controls placed in operation and their operating effectiveness.
Moor, CPA, discovers a likely fraud during an audit but concludes that its effects, if any, could not be so material as to affect the opinion. Moor most likely should Confer with the client about the additional audit procedures necessary to establish that fraud has occurred. Perform additional audit procedures to establish that fraud has occurred. Notify the proper external authorities. Report the finding to the appropriate representatives of the client with the recommendation that it be pursued to a conclusion.
Report the finding to the appropriate representatives of the client with the recommendation that it be pursued to a conclusion.
Which of the following procedures should a user auditor include in the audit plan to create the most efficient audit when an audit client uses a service organization for several processes? Review the service auditor's report and outline the accounting system in a memo to the working papers. Audit the service organization's controls, assess risk, and prepare the audit plan. Review the service auditor's type 1 report. Audit the service organization's controls to test the work of the service auditor.
Review the service auditor's type 1 report.
In obtaining an understanding of an issuer's internal control, an auditor does all the following except Perform a walkthrough of the transaction process. Send confirmations to customers. Inspect documents. Observe employees.
Send confirmations to customers.
Which of the following statements is true about the auditor's communication of a material weakness in internal control? Suggested corrective action for management's consideration concerning a material weakness need not be communicated to the client. A weakness that management refuses to correct should be included in a separate paragraph of the auditor's report on the financial statements. The auditor should test the controls that constitute a material weakness before communicating it to the client. The auditor should request management to include a written response in the auditor's communication.
Suggested corrective action for management's consideration concerning a material weakness need not be communicated to the client.
The auditor's report expressing an opinion on the effectiveness of an entity's internal control over financial reporting should include all the following except That the entity's internal control is consistent with that of the prior year after giving effect to subsequent changes. That management is responsible for maintaining effective internal control. That, because of inherent limitations, internal control may not prevent, or detect and correct, fraud or errors. That the examination included testing and evaluating the design and operating effectiveness of internal control.
That the entity's internal control is consistent with that of the prior year after giving effect to subsequent changes.
During planning, an auditor of a nonissuer should communicate which of the following to those charged with governance at an entity? The auditor is responsible for preparing financial statements in conformity with the applicable financial reporting framework. All audit findings will be communicated in writing to those charged with governance. The auditor will express an opinion on the effectiveness of internal controls over compliance with laws and regulations. The audit does not relieve management of its responsibilities for the financial statements.
The audit does not relieve management of its responsibilities for the financial statements.
A report on an issuer's integrated audit must include each of the following statements, except The auditor believes the audit provides a reasonable basis for the issued opinion. The audit was conducted in accordance with AICPA standards. Internal control over financial reporting includes policies and procedures regarding the ability to report financial data consistent with management's assertions. Management is responsible for maintaining effective internal control.
The audit was conducted in accordance with AICPA standards.
When an auditor is to conduct an audit of a service organization, what considerations should the auditor make in the planning stages regarding internal controls of the organization? The auditor should be engaged to perform agreed-upon procedures. The auditor should determine whether management has adequately described complementary user controls. The auditor should assess risks before obtaining an understanding of internal controls. The auditor should obtain an understanding of the entity's internal controls after performing substantive procedures.
The auditor should determine whether management has adequately described complementary user controls.
Which of the following statements is true about significant deficiencies identified in an audit? The auditor is obligated to search for significant deficiencies that could adversely affect the entity's ability to record and report financial data. The auditor should identify those significant deficiencies considered to be material weaknesses. All significant deficiencies are material weaknesses in the design or operation of specific internal control components. Significant deficiencies need not be recommunicated each year if management has acknowledged its understanding of such deficiencies.
The auditor should identify those significant deficiencies considered to be material weaknesses.
An auditor is required to establish an understanding with a client regarding the services to be performed for each engagement. For an auditor of a nonissuer, this understanding generally includes The auditor's responsibility for determining the preliminary judgments about materiality and audit risk factors. Management's responsibility for identifying mitigating factors when the auditor has doubt about the entity's ability to continue as a going concern. The auditor's responsibility for ensuring that management and those charged with governance are aware of any significant deficiencies or material weaknesses in control that come to the auditor's attention. Management's responsibility for providing the auditor with an assessment of the risks of material misstatement due to fraud.
The auditor's responsibility for ensuring that management and those charged with governance are aware of any significant deficiencies or material weaknesses in control that come to the auditor's attention.
A client uses a service organization to process its payroll. Which of the following statements is correct regarding the user auditor's use of the service auditor's report on internal controls placed in operation? The client's auditor can use the service auditor's report as audit evidence for the client's internal controls. The service auditor's report should be referred to in the report of the client's auditor. The client's auditor can use the service auditor's report to jointly determine the materiality level. The client's auditor can use the service auditor's report without inquiring about the service auditor's reputation.
The client's auditor can use the service auditor's report as audit evidence for the client's internal controls.
Which of the following best describes the responsibility of an auditor of a private entity with respect to significant deficiencies and material weaknesses under AU-C 265, Communication of Internal Control Related Matters Identified in an Audit? The auditor need not report the conditions if those charged with governance know of them. The communication by the auditor must be in writing. The auditor must exercise due diligence in searching for significant deficiencies and material weaknesses. The auditor's report is a general-use report and may be distributed to the shareholders.
The communication by the auditor must be in writing.
Which of the following is true about the auditor's communication with those charged with governance? The communication should be a two-way discourse between the auditor and those charged with governance. It should be explained that the auditor is responsible for the fairness of the financial statements. Specific audit procedures should be described to those charged with governance. The auditor should limit the communication to only those issues required to be communicated.
The communication should be a two-way discourse between the auditor and those charged with governance.
A CPA had previously communicated a significant control deficiency in connection with an audit of prior financial statements of a nonissuer. As of the current audit date, the deficiency has not been corrected. What communication should be made by the CPA? A new communication is required only if the auditor has relied on the controls. The condition should be reported. None, because management has been previously put on notice and now has sole responsibility. A new communication is required only if it involves an area in which the auditor has not relied on the controls.
The condition should be reported.
Which of the following matters is an auditor not required to communicate to an entity's audit committee? Significant adjustments arising from the audit that were recorded by management. The basis for the auditor's conclusions about the reasonableness of management's sensitive accounting estimates. The degree of reliance the auditor placed on the management representation letter. The level of responsibility assumed by the auditor under generally accepted auditing standards.
The degree of reliance the auditor placed on the management representation letter.
When planning an engagement to audit the effectiveness of the entity's internal control in an integrated audit of a nonissuer, a practitioner would least likely consider which of the following factors? The evaluation of the operating effectiveness of the controls. Preliminary judgments about the effectiveness of internal control. The extent of recent changes in the entity and its operations. The type of available evidential matter pertaining to the effectiveness of the entity's internal control.
The evaluation of the operating effectiveness of the controls.
Which of the following is a true statement concerning an engagement to examine the effectiveness of an entity's internal control over financial reporting? Management relies on the practitioner's audit in making the assessment about the effectiveness of internal control. Management agrees not to include the practitioner's report in a general-use document. The management evaluates the effectiveness of internal control. The practitioner relies on management's assessment about the effectiveness of internal control.
The management evaluates the effectiveness of internal control.
An auditor would least likely initiate a discussion with a client's audit committee concerning Disagreements with management as to accounting principles that were resolved during the current year's audit. The maximum dollar amount of misstatements that could exist without causing the financial statements to be materially misstated. The methods used to account for significant unusual transactions. Indications of fraud committed by a corporate officer that were discovered by the auditor.
The maximum dollar amount of misstatements that could exist without causing the financial statements to be materially misstated.
In the integrated audit, which of the following would not be considered an entity-level control? The outside auditor's assessment process of internal auditor competence and objectivity. Management's established controls to monitor results of operations. The board of directors' controls to monitor the activities of the audit committee. The executive committee's process for assessing business risk.
The outside auditor's assessment process of internal auditor competence and objectivity.
Which of the following matters should an auditor communicate to those charged with governance? The basis for assessing the risks of material misstatement when the auditor intends to rely on controls. The justification for performing substantive procedures at interim dates. The auditor's preliminary judgments about materiality levels. The process used by management in formulating sensitive accounting estimates.
The process used by management in formulating sensitive accounting estimates.
When communicating significant deficiencies in internal control noted in a financial statement audit of a nonissuer, the communication should indicate that The expression of an unmodified opinion on the financial statements may be dependent on corrective follow-up action. The purpose of the audit was to report on the financial statements, not to provide assurance on internal control. Fraud or errors may occur and not be detected because of the inherent limitations of internal control. The deficiencies noted were not detected within a timely period by employees in the normal course of performing their assigned functions.
The purpose of the audit was to report on the financial statements, not to provide assurance on internal control.
An auditor is auditing internal control in conjunction with the audit of financial statements for an issuer. The auditor is considering the appropriate materiality level for planning the audit of internal control. Relative to the materiality level for the audit of the financial statements, materiality levels for the audit of internal control are Cannot determine. The same. Larger. Smaller.
The same.
Which of the following is a requirement for accepting an attestation engagement to report on the controls at a service organization? The description of the controls is completed prior to the signing of the engagement letter. The service auditor has the competence and capability to perform the engagement. Management agrees that the service auditor will be responsible for documenting the controls. The suitability of the evaluation criteria is reviewed by a third party.
The service auditor has the competence and capability to perform the engagement.
A service organization provides processing services for a client's sales orders. Which of the following information is relevant when gathering data for the report on the service organization's internal controls? The service organization's system calculates accounts receivable balances. The client's data entry clerk used the sales manager's password to make unauthorized changes to customer prices. Credit limits are established and updated by the client's credit department. The client's sales manager reviews accounts receivable balances.
The service organization's system calculates accounts receivable balances.
Which of the following representations should not be included in a written report on internal control related matters identified in an audit under the AICPA's auditing standards? There are no significant deficiencies or material weaknesses in the design or operation of internal control. Corrective action is recommended due to the relative significance of material weaknesses discovered during the audit. The auditor's consideration of internal control would not necessarily disclose all significant deficiencies or material weaknesses that exist. Significant deficiencies related to the design of internal control exist, but none are deemed to be material weaknesses.
There are no significant deficiencies or material weaknesses in the design or operation of internal control.
During the planning phase of an audit, an auditor is identifying matters for communication to those charged with governance. The auditor most likely would ask management whether There was significant turnover in the accounting department. There were changes in the application of significant accounting policies. It consulted with another CPA firm about installing a new computer system. It agreed with the auditor's selection of fraud detection procedures.
There were changes in the application of significant accounting policies.
Which of the following statements is true about an auditor's communication with those charged with governance? If matters are communicated in writing, the report is required to be distributed to both the audit committee and management. This communication should include disagreements with management about audit adjustments, whether or not satisfactorily resolved. This communication is required to occur after the auditor's report on the financial statements is released. If matters are communicated orally, it is necessary to repeat the communication of recurring matters each year.
This communication should include disagreements with management about audit adjustments, whether or not satisfactorily resolved.
Which of the following statements is true about an auditor's communication with those charged with governance? Any significant matter communicated to those charged with governance also should be communicated to management. This communication should include management changes in the application of significant accounting policies. This communication is required to occur at the same time as the auditor's report on the financial statements is issued. Audit adjustments proposed by the auditor, whether or not recorded by management, need not be communicated to those charged with governance.
This communication should include management changes in the application of significant accounting policies.
Which of the following best describes a CPA's responsibility to report on an issuer's (public company's) internal control over financial reporting? To report on the expected benefits of the entity's internal control. To examine the effectiveness of its internal control. To provide constructive advice to the entity on its internal control. To identify and communicate control deficiencies to the board of directors.
To examine the effectiveness of its internal control.
What is a service auditor's responsibility, if any, with regard to other information presented in a document containing management's description of its system and the service auditor's report? To ensure that the format of the other information is consistent with industry practice. The auditor has no responsibility with regard to the other information presented. To obtain supporting documentation for the other information. To read the other information in order to identify material inconsistencies or misstatements.
To read the other information in order to identify material inconsistencies or misstatements.
An auditor (the user auditor) may decide to make use of another auditor's (the service auditor's) report on internal control at a service organization that provides certain services to the user auditor's client. When the client's transactions flow through the service organization's accounting system, consideration of internal control may be necessary. The most efficient approach is often to obtain a service auditor's report. Which of the following is a true statement about the relationship of the user and service auditors? The user auditor need not be concerned about fraud or noncompliance with laws and regulations at the service organization. It is inappropriate for the user auditor to discuss with the service auditor the scope and results of the work. A user auditor cannot treat a service auditor's report as evidence if the period it covers does not coincide with that of the financial statements the user auditor has been engaged to audit. When reporting on an audit of financial statements, the user auditor should not refer to the service auditor's report if the opinion is unmodified.
When reporting on an audit of financial statements, the user auditor should not refer to the service auditor's report if the opinion is unmodified.
If a service auditor is unable to obtain a written assertion from the service organization's management regarding its system and the suitability of the design and operating effectiveness of controls, it would be most appropriate for the auditor to Report management's action in the auditor's communication to those charged with governance. Withdraw from the engagement unless prohibited by law. Increase the substantive testing of the service organization's controls. Assess a higher level of detection risk for the engagement.
Withdraw from the engagement unless prohibited by law
In an audit engagement, should an auditor communicate the following matters to those charged with governance? Auditors' Judgments about the Quality of the Client's Accounting Principles Issues Discussed with Management Prior to the Auditor's Retention
Yes Yes
The audit of internal control over financial reporting should test Design Effectiveness Operating Effectiveness
Yes Yes