Auditing & assurance services ch 5
When completing the audit of internal controls for an issuer, AS 2201 requires auditors to test:
Both operating and design effectiveness.
When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on:
Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure.
Which of the following statements are correct? Multiple select question. Audit evidence for tests of controls should not be obtained during an interim period. For a sample to be representative, all items in the population have an opportunity to be selected. Tests of controls should be applied to samples executed throughout the period under audit. The audit team should never rely on tests from previous periods.
For a sample to be representative, all items in the population have an opportunity to be selected. Tests of controls should be applied to samples executed throughout the period under audit.
COSO internal control categories include: _____ of financial reporting _____ with applicable laws and regulations and ______ and ______ of operations.
Reliability of financial reporting Compliance with applicable laws and regulations Effectiveness and efficiency of operations
the probability that an entity's controls will fail to prevent or detect errors and frauds that would otherwise have entered the system
control risk
When either the design or operation of the control under consideration does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion an internal control _____exists.
deficiency
An employee knowingly doing something to bypass the internal control system is an act of Blank______.
deliberate circumvention
a condition expressing whether controls would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements
design effectiveness
the activities that detect misstatements after they occur
detective controls
Section 302 of the Sarbanes-Oxley Act ______. Multiple select question. makes managers responsible for establishing a control environment requires management to assess the risks it wishes to control requires certain specific controls regardless of benefits versus costs makes internal auditors responsible for monitoring and maintaining control activities
makes managers responsible for establishing a control environment requires management to assess the risks it wishes to control
The COSO definition states that internal control is designed to provide ______ ______regarding the achievement of objectives in three categories
reasonable assurance
the concept that recognizes that the costs of control activities should not exceed the benefits that are expected from the control activities
reasonable assurance
A material weakness is a deficiency that results in a(n) ______ ______ that a material misstatement would not be prevented or detected on a timely basis.
reasonable possibility
The auditor should assess control risk for each relevant assertion by evaluating the evidence obtained from all sources, including
All of the choices are correct.
Which of the following is a device designed to help the audit team obtain evidence about the accounting and control activities of an audit client?
An internal control questionnaire.
According to the PCAOB, during the audit of internal controls for an issuer, the ultimate objective of testing the design effectiveness of internal controls is to
Determine that the company's controls will satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed.
If the auditors encounter a significant scope limitation in evaluating an issuer's internal control over financial reporting, which of the following types of opinions on the effectiveness of the company's internal control over financial reporting would be appropriate?
Disclaimer of opinion.
Which report would not be appropriate for a public accounting firm to provide on financial reporting controls?
Disclaimer of opinion—significant deficiencies exist.
When completing the audit of internal controls for an issuer, the PCAOB requires the audit team to audit internal controls over:
Financial reporting.
The risk of material misstatement is composed of ______ risk and ______ risk
Inherent and control
Which of the following does not accurately summarize auditors' requirements regarding internal control? Issuer/Nonissuer
Test of Controls Yes/Yes
The most important fundamental component of an entity's internal control is
The control environment.
the opinion issued when the company has not maintained an effective internal control over financial reporting
adverse opinion on internal control over financial reporting
All entities recognize the need for a formalized process to identify, properly assess and ultimately manage factors, events, and conditions, known as,______ _______ that can prevent the organization from achieving its objectives
business risk
Two or more people working together to circumvent the internal control system is called ______ and it cannot be prevented by separation of duties.
collusion
Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls.
entity
Procedures related to internal control in an integrated audit performed under AS 2201 are ______ than those in a GAAS audit for a nonpublic entity.
far more extensive
the term used to describe an audit process that is designed to provide an opinion on both the financial statements and internal control system of an entity
integrated audit process
a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the reliability of financial reporting, the effectiveness and efficiency of operations, and compliance with applicable laws and regulations
internal control
a condition that exists when the design or operation of a control does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion
internal control deficiency
a checklist of internal control-related questions used to gain and document an understanding of the client's internal control
internal control questionnaire
a deficiency or combination of deficiencies that results in a reasonable possibility that a material misstatement would not prevented or detected on a timely basis
material weakness
a condition expressing whether a control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively
operation effectiveness
the tracing of one or more transactions through the audit trail from initiation of the transaction to its inclusion in the financial statements
walkthrough
The five basic components of a properly designed internal control system as defined by COSO are: (1) control ______, (2) ______ assessment, (3) ______ activities, (4) ______ and (5) information and ______ .
(1) control environment (2) risk assessment (3) control activities (4) monitoring (5) information and communication
The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the
Authorization of transactions from the custody of related assets.
True or false: For audits of internal control, the audit team must understand and evaluate internal controls for the entire period.
F
a subcommittee of the board of directors that is generally composed of three to six "outside" members of the organization's board of directors
audit committee
a report required by the Sarbanes-Oxley Act that provides an opinion on the effectiveness of the entity's internal control over financial reporting
auditor's report on internal control over financial reporting
those factors, events, and conditions that could prevent the organization from achieving its business objectives
business risk
an audit procedure that can be used as both a test of controls and a substantive test
dual-purpose test
When planning the audit of internal controls for an issuer, the audit team should:
identify significant accounts, locations, and relevant assertions.
Gaining an understanding of internal controls should start by identifying ______ accounts and disclosures and their ______ ______
significant; relevant assertions
the controls that are persuasive to the financial statements taken as a whole
entity-level controls (ELCs)
Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.
exception
An account's significance is based on its ______ risk.
inherent
When a properly designed control is either ignored or inappropriately applied, a(n) Blank______ has occurred.
operating deficiency
maintaining a good business reputation, ensuring a positive return on investment, increasing market share, promoting new product innovation, and using assets effectively and efficiently
operations category
In most audits of large entities, control risk assessment contributes to audit efficiency, which means that
Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs.
Once the auditor detects a control deficiency, which of the following steps must he or she take first?
Evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion.
True or false: The audit team is only required to communicate significant deficiencies and material weaknesses in internal control that come to their attention during the performance of a PCAOB audit for an issuer.
F
When testing a control activity's operating effectiveness, procedures the auditor performs to test operating effectiveness would likely include
Inquiry of appropriate personnel and reperformance of the control activity.
A material weakness is a situation in which
It is reasonably possible that a material misstatement would not be detected on a timely basis.
If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must
Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance.
Which of the following would probably not be considered an indication of a material weakness?
Overproduction by the manufacturing plant.
Effectiveness of audit procedures would be reduced by
Performing procedures during the interim period as opposed to at the fiscal year-end date.
Matters that could affect the necessary extent of testing for a control activity as it related to the degree of auditor reliance on a control activity would not include the following:
The relevance and reliability of the audit evidence to be obtained to test the operating effectiveness of a control activity.
The foundation for all other components of internal control is the ______ ______.
control environment
Section 302 of the Sarbanes-Oxley Act ______. Multiple select question. allows managers to make their own judgments about the necessity of specific controls is designed to ensure the proper "tone at the top" makes management responsible for monitoring, supervising and maintaining control activities stipulates criminal penalties for the Board of Directors of firm's issuing materially misleading financial statements
allows managers to make their own judgments about the necessity of specific controls is designed to ensure the proper "tone at the top" makes management responsible for monitoring, supervising and maintaining control activities
Flowcharts ______. Multiple select question. can be helpful in identifying missing controls are easy to evaluate after they are completed are time-consuming to construct must be created from scratch for every audit
can be helpful in identifying missing controls are easy to evaluate after they are completed are time-consuming to construct
AS 2201 encourages the audit team to use the work of internal auditors but the audit team must evaluate their ______ and ______ and perform some tests of their work.
competence and objectivity
to ensure compliance with laws and regulations that affect the entity
compliance category
Specific actions a client's management and employees take to help ensure management's directives are carried out are called ______ ______.
control activities
the specific actions taken by a client's management and employees to help ensure that management directives are carried out
control activities
Integrity, ethical values and competence of the entity's people are all ______ ______ factors
control environment
the situations in which auditors cannot provide assurance on the effectiveness of internal control over financial reporting; issued when a significant scope limitation exists
disclaimer of opinion on internal control over financial reporting
For all relevant assertions for each significant account and disclosure, the audit team begins by examining ______ ______ controls that are pervasive to the internal control system and reliability of the financial statements as a whole.
entity level
Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ______ testing.
exception
producing reliable financial reports and safeguarding assets
financial reporting category
Separation of duties Blank______. Multiple select question. forces different people or departments to deal with different facets of transactions prevents fraud that do not involve collusion increases the chance of innocent errors being overlooked prevents incompatible responsibilities
forces different people or departments to deal with different facets of transactions prevents fraud that do not involve collusion prevents incompatible responsibilities
After understanding and documenting internal control, the audit team should be able to ______.
make a preliminary assessment of control risk
Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are termed ______ responsibilities.
incompatible
an entity's system, usually built on some type of technological platform that has been designed to produce the information necessary for the entity to operate and control its business operations
information system
______ ______ ______ are designed to help the audit team obtain evidence about the control environment of a client organization.
internal control questionnaires
a report required by the Sarbanes-Oxley Act that states that management is responsible for establishing and maintaining adequate internal control over financial reporting, identifies the framework management uses to evaluate the effectiveness of the entity's internal control, and provides management's assessment of the effectiveness of the entity's internal control
management's annual report on internal control over financial reporting
The focus of AS 2201 is to determine whether a(n) ______ ______ exists at the end of the year being reported on. If it does, the entity's internal control over financial reporting cannot be considered effective.
material weakness
The magnitude of the potential misstatement that could occur and would not be detected on a timely basis is the primary difference between a(n) ______.
material weakness and significant deficiency
The audit team: Multiple select question. generally makes recommendations to management regarding ways to improve internal control. must communicate significant deficiencies and material weaknesses identified during the audit. communicates internal control issues to help management carry out internal control monitoring responsibilities.
must communicate significant deficiencies and material weaknesses identified during the audit. communicates internal control issues to help management carry out internal control monitoring responsibilities.
the audit documentation that describes the environmental elements, the accounting system, and the control activities in an entity's internal control
narrative description
the activities that prevent misstatements before they occur
preventive controls
Common monitoring controls include Blank______. Multiple select question. quality assurance review of the internal audit department regular management and supervisory control activities analysis of and follow up items that might by indicative of a control failure self-assessments by management regarding the tone they set
quality assurance review of the internal audit department analysis of and follow up items that might by indicative of a control failure self-assessments by management regarding the tone they set
An assertion that has a reasonable possibility of containing a material misstatement is considered to be a(n) ______ assertion
relevant
When control activities do not lend themselves to automated testing, the audit team is likely to use audit ______ to test the population.
sampling
A deficiency in internal controls that is less severe than a material weakness yet important enough to merit attention from those charged with governance is a(n) ______ ______
significant deficiency
a deficiency or a combination of deficiencies in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance
significant deficiency
the detailed audit and analytical procedures designed to detect material misstatements in account balances and footnote disclosures
substantive procedures
Common monitoring controls include Blank______. Multiple select question. supervisory review of controls periodic evaluation of controls by internal audit external auditor inquiries of internal auditors and the audit committee self-assessments by boards regarding the effectiveness of their oversight
supervisory review of controls periodic evaluation of controls by internal audit self-assessments by boards regarding the effectiveness of their oversight
Internal control questionnaires ______. Multiple select question. tend to be inflexible make it less likely for the audit team to forget to cover an important point should be worded so that "yes" answers are always good should be used in combination with other methods
tend to be inflexible make it less likely for the audit team to forget to cover an important point should be used in combination with other methods
reliability of financial reporting effectiveness and efficiency of operations compliance with applicable laws and regulations
three objectives of internal control
Professional standards recognize that to make effective decisions, managers must have access to _____ ,_____ , and _____ information
timely, reliable, and relevant
the controls that relate to specific classes of transactions, account balances, and disclosures
transaction-level controls
If the audit-team decides an entity-level control sufficiently reduces a specific risk Blank______.
transaction-level controls related to that risk may not be needed
the report issued when no material weaknesses in internal control over financial reporting are identified and no scope limitations on the audit of internal control exist
unqualified opinion on internal control over financial reporting