Auditing chapter 10 & 11
Walkthroughs combine observation, inspection, and inquiry to assure that the controls designed by management have been implemented. A) True B) False
A
When the auditor receives inconsistent responses from management and others within the organization, the auditor should obtain additional audit evidence to resolve the inconsistency. A) True B) False
A
Describe the sources of information gathered to assess fraud risks.
When the auditor is assessing fraud risks the following information sources should be considered: • Information obtained from communications among audit team members about their knowledge of the company and its industry; including how and where the company's financial statements might be susceptible to material misstatements due to fraud. • Responses to auditor inquiries of management about their views of the risks of fraud and about existing programs and controls to address specific identified fraud risks. • Specific risk factors in fraudulent financial reporting or misappropriation of assets. • The results of analytical procedures obtained during planning that indicate possible implausible or unexpected analytical relationships. • Knowledge obtained through other procedures such as client acceptance and retention decisions, interim review of financial statements, and consideration of inherent and control risks.
Which of the following best describes an entity's accounting information and communication system? (yes or no) a. Monitor transactions b. Record and process transactions c. Initiate transactions
a. no b. yes c. yes
Which of the following are elements of the fraud triangle? (yes or no) a. Attitudes/rationalization b. Risk Factors c. Opportunities
a. yes b. no c. yes
As part of designing and performing procedures to address management override of controls, auditors must perform which of the following procedures? (yes or no) a. Examine journal entries for evidence of possible misstatements due to fraud b. Review accounting estimates for biases
a. yes b. yes
As part of the brainstorming sessions, auditors are directed to emphasize: (yes no) a. How management could perpetrate and conceal fraudulent financial b. The audit team's response to potential fraud risks reporting
a. yes b. yes
Before making the final assessment of internal control at the end of an integrated audit, the auditor must: (yes no) a. Test controls b. Perform substantive tests of details
a. yes b. yes
To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their: (yes or no) a. Likelihood b. Significance
a. yes b. yes
Which of the following factors may increase risks to an organization? (yes or no) a. Geographic dispersion of company operations b. Presence of new information technologies
a. yes b. yes
Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies? a. Management b. Financial statement auditors
a. yes b. yes
When management is evaluating the design of internal control, management evaluates whether the control can do which of the following? (yes or no) a. Detect material misstatements b. Correct material misstatements
a. yes b. no
Which of the following is a category of fraud? (yes & no) a. Fraudulent financial reporting b. Misappropriation of assets
a. yes b. yes
Control activities help assure that the necessary actions are taken to address risks to the achievement of the company's objectives. List the five types of control activities.
1. Adequate separation of duties 2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance
The text suggested a five-step approach to identify deficiencies, significant deficiencies, and material weaknesses. Describe this approach.
1. Identify existing controls. Because deficiencies and material weaknesses are the absence of adequate controls, the auditor must first know which controls exist. 2. Identify the absence of key controls. Internal control questionnaires, flowcharts, and walkthroughs are useful tools to identify where controls are lacking and the likelihood of misstatement is therefore increased. 3. Consider the possibility of compensating controls. A compensating control is one elsewhere in the system that offsets the absence of a key control. When a compensating control exists, there is no longer a significant deficiency or material weakness. 4. Decide whether there is a significant deficiency or material weakness. The likelihood of misstatements and their materiality are used to evaluate if there are significant deficiencies or material weaknesses. 5. Determine potential misstatements that could result. This step is intended to identify specific misstatements that are likely to result because of the significant deficiency or material weakness. The importance of a significant deficiency or material weakness is directly related to the likelihood and materiality of potential misstatements.
In developing an understanding of the client's accounting information system the auditor follows a sequential process. Describe the process below:
1. Major classes of transactions of the entity 2. How these transactions are initiated and recorded 3. What accounting records exist and their nature 4. How the system captures other events that are significant to the financial statements 5. The nature and details of the financial reporting process followed
Separation of duties is essential in preventing errors and intentional misstatements on the financial statements. List below the four general guidelines.
1. Separation of custody of the assets from accounting 2. Separation of the authorization of transactions from custody of related assets 3. Separation of operational responsibility from record keeping responsibility 4. Separation of IT duties from user departments
"Cookie jar reserves" are often created by companies whenever their earnings are high to create reserves for future periods when earnings need to be "boosted" upward. A) True B) False
A
A common incentive for companies to manipulate financial statements is a decline in the company's financial prospects. A) True B) False
A
A narrative should describe the disposition of every document and record in the system. A) True B) False
A
Auditor's need to exhibit professional skepticism when auditing a client. This auditing standard is best expressed by which of the following? A) The auditor neither assumes dishonesty or honesty of management. B) The auditor assumes dishonesty of management. C) The auditor assumes honesty of management. D) The auditor assumes management lacks integrity.
A
Auditors should rely on original, rather than duplicate, copies of documents. A) True B) False
A
Because fraud perpetrators are often knowledgeable about audit procedures, auditors should incorporate unpredictability into the audit plan. A) True B) False
A
Financial statements of all companies are potentially subject to manipulation. A) True B) False
A
For most uses, flowcharts are superior to narratives as a method of communicating the characteristics of internal control. A) True B) False
A
Fraudulent financial reporting is an intentional misstatement or omission of amounts or disclosures with the intent to deceive users. A) True B) False
A
Fraudulent financial reporting usually involves manipulation of amounts rather than disclosures. A) True B) False
A
If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain satisfactory evidence related to the IA's competence, integrity, and objectivity. A) True B) False
A
Information and idea exchange sessions by the audit team are required by current auditing standards. A) True B) False
A
Management has a legal and professional responsibility to be sure that the financial statements are prepared in accordance with reporting requirements of applicable accounting frameworks. A) True B) False
A
Misappropriation of assets is normally perpetrated at the lowest levels of the organization hierarchy. A) True B) False
A
Section 404 of the Sarbanes-Oxley Act requires that public companies issue an internal control report. A) True B) False
A
The assessment of control risk is the measure of the auditor's expectation that internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred. A) True B) False
A
The auditors should pay careful attention to accounting principles that involve subjective measurements or complex transactions. A) True B) False
A
The chart of accounts is helpful in preventing classification errors if it accurately describes which type of transaction should be in each account. A) True B) False
A
The presence of fraud risk factors increases the likelihood of fraud and may suggest that fraud is being perpetrated. A) True B) False
A
The pressure to do "whatever it takes" to meet goals is one of the main reasons why financial statement fraud occurs. A) True B) False
A
The same three fraud triangle risk conditions apply to fraudulent financial reporting and misappropriation of assets. A) True B) False
A
The two main categories of fraud are fraudulent financial reporting and misappropriation of assets. A) True B) False
A
The two most common areas of fraud in payroll are the creation of fictitious employees and the overstatement of individual payroll hours. A) True B) False
A
To issue an unqualified opinion on internal control over financial reporting, there must be no identified material weaknesses and no restrictions on the scope of the audit. A) True B) False
A
You are the audit manager for a new audit client. Your staff auditors are unsure of what constitutes a control deficiency. Discuss the terms control deficiency, design deficiency, and operating deficiency.
A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis in the normal course of performing assigned functions. A design deficiency exists if a necessary control is missing or not properly designed. An operating deficiency exists if a well-designed control does not operate as designed or if the person performing the control is insufficiently qualified or authorized.
Which of the following would the auditor be most concerned about regarding a heightened risk of intentional misstatement? A) Senior management emphasizes that it is very important to beat analyst estimates of earnings every reporting period. B) Senior management emphasizes that budgeted amounts for expenses are to be achieved for each reporting period or explained in the variance analysis report. C) Senior management emphasizes that job rotation is a worthwhile corporate objective. D) Senior management emphasizes that job evaluations are based on performance.
A) Senior management emphasizes that it is very important to beat analyst estimates of earnings every reporting period.
Auditors may identify conditions during fieldwork that change or support a judgment about the initial assessment of fraud risks. Which of the following is not a condition which should alert an auditor that the initial assessment should be changed? A) The subsidiary ledger agrees to the general ledger. B) Discrepancies in the accounting records C) Unusual relationships between the auditor and management D) Missing or conflicting evidence
A) The subsidiary ledger agrees to the general ledger.
Incentives and opportunities are two conditions that are generally present when financial statement fraud occurs. A) True B) False
A) True
4) Fraud is more prevalent in smaller businesses and not-for-profit organizations because it is more difficult for them to maintain: A) adequate separation of duties. B) adequate compensation. C) adequate financial reporting standards. D) adequate supervisory boards.
A) adequate separation of duties.
Two of the most useful warning signals that can indicate that revenue fraud is occurring are: A) analytical procedures and documentary discrepancies. B) analytical procedures and misappropriation of assets. C) documentary discrepancies and vague responses to inquiries. D) missing audit evidence and vague responses to inquiries.
A) analytical procedures and documentary discrepancies.
An act of two or more employees to steal assets and cover their theft by misstating the accounting records would be referred to as: A) collusion. B) a material weakness. C) a control deficiency. D) a significant deficiency.
A) collusion.
Misappropriation of assets is normally perpetrated by: A) members of the board of directors. B) employees at lower levels of the organization. C) management of the company. D) the internal auditors.
Answer: B B) employees at lower levels of the organization.
The most common fraud in the acquisition and payment cycle is for the perpetrator to issue payments to fictitious vendors and deposit the cash in fictitious accounts. What procedures could the company take to prevent this type of fraud?
Allowing payments to be made only to approved vendors Detailed review of legitimacy of approved vendors Careful review of document authorizing the acquisition Segregation of duties between authorizing payments and authorizing the acquisition Canceling supporting documents to prevent their use as support for multiple payments
Which of the following is the correct definition of "control deficiency"? A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis. B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably. C) A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements. D) A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.
Answer: A A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
In the fraud triangle, fraudulent financial reporting and misappropriation of assets: A) share little in common. B) share most of the same risk factors. C) share the same three conditions. D) share most of the same conditions.
C) share the same three conditions.
Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements? A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting B) A statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting C) A statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting D) A statement that the external auditors are solely responsible
Answer: A A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
Which of the following components of the control environment define the existing lines of responsibility and authority? A) Organizational structure B) Management philosophy and operating style C) Human resource policies and practices D) Management integrity and ethical values
Answer: A A) Organizational structure
Which of the following is responsible for establishing a private company's internal control? A) Senior Management B) Internal Auditors C) FASB D) Audit committee
Answer: A A) Senior Management
Which of the following is most correct regarding the requirements under Section 404 of the Sarbanes Oxley Act? A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements. B) The audit of internal control provides absolute assurance of misstatement. C) The audit of financial statements provides absolute assurance of misstatement. D) The audits of internal control and the financial statements provide absolute assurance as to misstatements.
Answer: A A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements.
Internal controls are not designed to provide reasonable assurance that: A) all frauds will be detected. B) transactions are executed in accordance with management's authorization. C) the company's resources are used efficiently and effectively. D) company personnel comply with applicable rules and regulations.
Answer: A A) all frauds will be detected.
The Sarbanes-Oxley Act requires: A) all public companies to issue reports on internal controls. B) all public companies to define adequate internal controls. C) the auditor of public companies to design effective internal controls. D) the auditor of public companies to withdraw from an engagement if internal controls are weak.
Answer: A A) all public companies to issue reports on internal controls
The financial statements may not correctly reflect accounting frameworks such as GAAP or IFRS if the: A) controls affecting the reliability of financial reporting are inadequate. B) company's controls do not promote efficiency. C) company's controls do not promote effectiveness. D) company's controls do not promote compliance with applicable rules and regulations.
Answer: A A) controls affecting the reliability of financial reporting are inadequate.
The purpose of phase 3 in the "process for understanding internal control and assessing control risk" is to: A) design, perform and evaluate tests of controls. B) obtain and document an understanding of internal control design an operation. C) assess control risk. D) decide planned detection risk and substantive tests.
Answer: A A) design, perform and evaluate tests of controls.
When a compensating control exists, the absence of a key control: A) is no longer a concern because there is no longer a significant deficiency or material weakness. B) is still a major concern to the auditor. C) could cause a material loss, so it must be tested using substantive procedures. D) is magnified and must be removed from the sampling process and examined in its entirety.
Answer: A A) is no longer a concern because there is no longer a significant deficiency or material weakness.
Reasonable assurance allows for: A) low likelihood that material misstatements will not be prevented or detected by internal controls. B) no likelihood that material misstatements will not be prevented or detected by internal control. C) moderate likelihood that material misstatements will not be prevented or detected by internal control. D) high likelihood that material misstatements will not be prevented or detected by internal control.
Answer: A A) low likelihood that material misstatements will not be prevented or detected by internal controls.
Once auditors determine that entity level controls are designed and placed in the operation they: A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction. B) make a preliminary assessment of control risk. C) obtain an understanding of the design and implementation of internal control. D) prepare audit documentation in order to opine on the company's internal control system.
Answer: A A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
To obtain an understanding of an entity's control environment, an auditor should concentrate on the substance of management's policies and procedures rather than their form because: A) management may establish appropriate policies and procedures but not act on them. B) the board of directors may not be aware of management's attitude toward the control environment. C) the auditor may believe that the policies and procedures are inappropriate for that particular entity. D) the policies and procedures may be so weak that no reliance is contemplated by the auditor.
Answer: A A) management may establish appropriate policies and procedures but not act on them.
When assessing whether the financial statements are auditable, the auditor must consider: A) that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability. B) that the integrity of management and the adequacy of risk management are the two primary factors determining auditability. C) that if all of the transaction information is available only in electronic form without a visible audit trail, the company cannot be audited. D) the control risk before determining if the entity is auditable.
Answer: A A) that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability.
In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because: A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing. B) the class of transaction is where most fraud schemes occur. C) account balances are less important to the auditor then the changes in the account balances. D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
Answer: A A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
The employee in charge of authorizing credit to the company's customers does not fully understand the concept of credit risk. This lack of knowledge would constitute: A) a deficiency in operation of internal controls. B) a deficiency in design of internal controls. C) a deficiency of management. D) not constitute a deficiency.
Answer: A A) a deficiency in operation of internal controls.
The primary emphasis by auditors is on controls over: A) classes of transactions. B) account balances. C) both A and B, because they are equally important. D) both A and B, because they vary from client to client.
Answer: A A) classes of transactions.
Proper segregation of functional responsibilities calls for separation of: A) authorization, execution, and payment. B) authorization, recording, and custody. C) custody, execution, and reporting. D) authorization, payment, and recording.
Answer: B
The auditor must communicate: A) only material weaknesses in internal control to those charged with governance. B) both significant deficiencies and material weaknesses in internal control to those charged with governance. C) any significant deficiencies in internal control to those charged with governance using a management letter. D) issues regarding internal control to those charged with governance in writing within 90 days following the audit report release.
Answer: B
The auditors primary purpose in auditing the client's system of internal control over financial reporting is: A) to prevent fraudulent financial statements from being issued to the public. B) to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements. C) to report to management that the internal controls are effective in preventing misstatements from appearing on the financial statements. D) to efficiently conduct the Audit of Financial Statements.
Answer: B
Authorizations can be either general or specific. Which of the following is not an example of a general authorization? A) Automatic reorder points for raw materials inventory B) A sales manager's authorization for a sales return C) Credit limits for various classes of customers D) A sales price list for merchandise
Answer: B B) A sales manager's authorization for a sales return
Which of the following statements is most correct with respect to separation of duties? A) A person who has temporary or permanent custody of an asset should account for that asset. B) Employees who authorize transactions should not have custody of related assets. C) Employees who open cash receipts should record the amounts in the subsidiary ledgers. D) Employees who authorize transactions should have recording responsibility for these transactions.
Answer: B B) Employees who authorize transactions should not have custody of related assets.
Which of the following best defines fraud in a financial statement auditing context? A) Fraud is an unintentional misstatement of the financial statements. B) Fraud is an intentional misstatement of the financial statements. C) Fraud is either an intentional or unintentional misstatement of the financial statements, depending on materiality. D) Fraud is either an intentional or unintentional misstatement of the financial statements, depending on consistency.
Answer: B B) Fraud is an intentional misstatement of the financial statements.
Which of the following activities would be least likely to strengthen a company's internal control? A) Separating accounting from other financial operations B) Maintaining insurance for fire and theft C) Fixing responsibility for the performance of employee duties D) Carefully selecting and training employees
Answer: B B) Maintaining insurance for fire and theft
Which of management's assertions with respect to implementing internal controls is the auditor primarily concerned? A) Efficiency of operations B) Reliability of financial reporting C) Effectiveness of operations D) Compliance with applicable laws and regulations
Answer: B B) Reliability of financial reporting
Most cases of fraudulent reporting involve: A) inadequate disclosures. B) an overstatement of income. C) an overstatement of liabilities. D) an overstatement of expenses.
Answer: B B) an overstatement of income.
When considering internal controls, an important point to consider is that: A) auditors can ignore controls affecting internal management information. B) auditors are concerned with the client's internal controls over the safeguarding of assets if they affect the financial statements. C) management is responsible for understanding and testing internal control over financial reporting. D) companies must use the COSO framework to establish internal controls.
Answer: B B) auditors are concerned with the client's internal controls over the safeguarding of assets if they affect the financial statements
Internal controls: A) are implemented by and are the responsibility of the auditors. B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals. C) guarantee that the company complies with all laws and regulations. D) only apply to SEC companies.
Answer: B B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.
The person responsible for reconciling sales invoices to customer orders does not access to the company's master price list in order to correctly compute sales. This is an example of a(n): A) operating deficiency. B) design deficiency. C) training deficiency. D) management deficiency.
Answer: B B) design deficiency.
Narratives, flowcharts, and internal control questionnaires are three common methods of: A) testing the internal controls. B) documenting the auditor's understanding of internal controls. C) designing the audit manual and procedures. D) documenting the auditor's understanding of a client's organizational structure.
Answer: B B) documenting the auditor's understanding of internal controls.
Significant deficiencies are matters that come to an auditor's attention and should be communicated to an entity's audit committee because they represent: A) material frauds perpetrated by high-level management. B) internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably. C) flagrant violations of the entity's documented conflict-of-interest policies. D) intentional attempts by client personnel to limit the scope of the auditor's field work.
Answer: B B) internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably.
An audit procedure that would most likely be used by an auditor in performing tests of control procedures in which the segregation of functions and that leaves no "audit" trail is: A) inspection. B) observation. C) reperformance. D) reconciliation.
Answer: B B) observation.
When dealing with the documentation of internal control: A) in a narrative, most questions simply require a "yes" or "no" response. B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist. C) questionnaires and flowcharts should not be used together. D) flowcharts fail to show the segregation of duties in the company.
Answer: B B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
Internal controls normally include procedures designed to provide reasonable assurance that: A) employees act with integrity when performing their assigned tasks. B) transactions are executed in accordance with management's authorization. C) decision processes leading to management's authorization of transactions are sound. D) collusive activities would be detected by segregation of employee duties.
Answer: B B) transactions are executed in accordance with management's authorization.
Companies may intentionally understate earnings when income is high to create ________ that may be used in future years to increase earnings. A) income smoothing B) cookie jar reserves C) cash D) sales
Answer: B B) cookie jar reserves
Which of the following deal with ongoing or periodic assessment of the quality of internal control by management? A) Quality monitoring activities B) Monitoring activities C) Oversight activities D) Management activities
Answer: B B) Monitoring activities
You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control? A) The company's audit committee has experienced unusual turnover of members. B) The company's CFO was indicted for embezzling from the company. C) Bank reconciliations are done monthly. D) The CEO retired after twenty years of service to the company.
Answer: B B) The company's CFO was indicted for embezzling from the company.
It is important for the CPA to consider the competence of the clients' personnel because their competence has a direct impact upon the: A) cost/benefit relationship of the system of internal control. B) achievement of the objectives of internal control. C) comparison of recorded accountability with assets. D) timing of the tests to be performed.
Answer: B B) achievement of the objectives of internal control.
If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment. A) a lower B) the same C) a higher D) either a lower or higher
Answer: B B) the same
The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on: A) the company's board of directors. B) the audit committee of the board of directors. C) management. D) the CFO and the independent auditors.
Answer: C
________ is fraud that involves theft of an entity's assets. A) Fraudulent financial reporting B) A "cookie jar" reserve C) Misappropriation of assets D) Income smoothing
Answer: C
Which of the following is not one of the subcomponents of the control environment? A) Management's philosophy and operating style B) Organizational structure C) Adequate separation of duties D) Commitment to competence
Answer: C C) Adequate separation of duties
Which of the following deficiency exists if a necessary control is missing or not properly formulated? A) Control B) Significant C) Design D) Operating
Answer: C C) Design
Which of the following is a form of earnings management in which revenues and expenses are shifted between periods to reduce fluctuations in earnings? A) Fraudulent financial reporting B) Expense smoothing C) Income smoothing D) Each of the above is correct.
Answer: C C) Income smoothing
Which of the following questions is the auditor not required to ask company management when assessing fraud risk? A) Does management have knowledge of any fraud or suspected fraud within the company? B) What are the nature of the fraud risks identified by management? C) Is management using all assets effectively? D) What internal controls have been implemented to address the fraud risks?
Answer: C C) Is management using all assets effectively?
Which of the following groups establishes and maintains the company's internal controls? A) Internal auditors B) Board of Directors C) Management D) Audit committee
Answer: C C) Management
Which of the following represents a correct statement regarding internal control testing? A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year. B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively. C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit. D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year.
Answer: C C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
Which of the following best describes the purpose of control activities? A) The actions, policies and procedures that reflect the overall attitudes of management B) The identification and analysis of risks relevant to the preparation of financial statements C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives D) Activities that deal with the ongoing assessment of the quality of internal control by management
Answer: C C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
Without an effective ________, the other components of the COSO framework are unlikely to result in effective internal control, regardless of their quality. A) risk assessment policy B) monitoring policy C) control environment D) system of control activities
Answer: C C) control environment
When one material weakness is present at the end of the year, management of a public company must conclude that internal control over financial reporting is: A) insufficient. B) inadequate. C) ineffective. D) inefficient.
Answer: C C) ineffective.
Two key concepts that underlie management's design and implementation of internal control are: A) costs and materiality. B) absolute assurance and costs. C) inherent limitations and reasonable assurance. D) collusion and materiality.
Answer: C C) inherent limitations and reasonable assurance.
If a company has an effective internal audit department: A) the internal auditors can express an opinion on the fairness of the financial statements. B) their work cannot be used by the external auditors per PCAOB Standard 5. C) it can reduce external audit costs by providing direct assistance to the external auditors. D) the internal auditors must be CPAs in order for the external auditors to rely on their work.
Answer: C C) it can reduce external audit costs by providing direct assistance to the external auditors.
When assessing control risk: A) many auditors use actuarial tables to assist in the control risk assessment process. B) each control can be used to satisfy only one audit objective. C) many auditors use a control risk matrix to assist in the control risk assessment process. D) all controls, including key controls, should be considered.
Answer: C C) many auditors use a control risk matrix to assist in the control risk assessment process.
Audit evidence regarding the separation of duties is normally best obtained by: A) preparing flowcharts of operational processes. B) preparing narratives of operational processes. C) observation of employees applying control activities. D) inquiries of employees applying control activities.
Answer: C C) observation of employees applying control activities.
When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be: A) tracing. B) vouching. C) performing a walk-through. D) testing controls.
Answer: C C) performing a walk-through.
An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are: A) the effectiveness and efficiency of the controls. B) the frequency and effectiveness of the controls. C) the design and operating effectiveness of the controls. D) the implementation and operating effectiveness of the controls.
Answer: C C) the design and operating effectiveness of the controls.
To issue a report on internal control over financial reporting for a public company, an auditor must: A) evaluate management's assessment process. B) independently assess the design and operating effectiveness of internal control. C) evaluate management's assessment process and independently assess the design and operating effectiveness of internal control. D) test controls over significant account balances.
Answer: C C) evaluate management's assessment process and independently assess the design and operating
Significant deficiencies and material weaknesses in internal control of a public company must be reported in writing to which of the following? A) Public Company Accounting Oversight Board B) Members of management who are responsible for the related area of the company C) Audit committee of the company's board of directors and to management D) AICPA
Answer: C C) Audit committee of the company's board of directors and to management
How must significant deficiencies and material weaknesses be communicated to those charged with governance? A) Either oral or written communication is acceptable. B) Oral communication is required. C) Written communication is required. D) Written communication is required for material weaknesses, but oral communication is allowed for significant deficiencies.
Answer: C C) Written communication is required.
Management must disclose material weaknesses in internal control in its audit report: A) whenever the weakness is deemed significant to a single class of transactions. B) whenever the weakness is significant to overall financial reporting objectives. C) if the weakness exists at the end of the year. D) only if the auditor identifies the weakness as significant.
Answer: C C) if the weakness exists at the end of the year.
External financial statement auditors must obtain evidence regarding what attributes of an internal audit (IA) department if the external auditors intend to rely on IA's work? A) Integrity B) Objectivity C) Competence D) All of the above
Answer: D D) All of the above
Which of the following is not one of the three primary objectives of effective internal control? A) Reliability of financial reporting B) Efficiency and effectiveness of operations C) Compliance with laws and regulations D) Assurance of elimination of business risk
Answer: D D) Assurance of elimination of business risk
Of the following statements about internal controls, which one is least likely to be correct? A) No one person should be responsible for the custodial responsibility and the recording responsibility for an asset. B) Transactions must be properly authorized before such transactions are processed. C) Because of the cost-benefit relationship, a client may apply controls on a test basis. D) Control procedures reasonably ensure that collusion among employees cannot occur.
Answer: D D) Control procedures reasonably ensure that collusion among employees cannot occur.
Which of the following is correct with respect to the design and use of business documents? A) The documents should be in paper format. B) Documents should be designed for a single purposes to avoid confusion in their use. C) Documents should be designed to be understandable only by those who use them. D) Documents should be prenumbered consecutively to facilitate control over missing documents.
Answer: D D) Documents should be prenumbered consecutively to facilitate control over missing documents.
An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be used? A) Make inquiries of appropriate client personnel B) Examine documents, records, and reports C) Reperform client procedures D) Inspect design documents
Answer: D D) Inspect design documents
When determining what type of report to issue on internal control under Section 404: A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered. B) a scope limitation requires the auditor to disclaim an opinion on internal controls. C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls. D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
Answer: D D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
A five-step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses. The first step in this approach is: A) identify the absence of key controls. B) consider the possibility of compensating controls. C) determine potential misstatements that could result. D) identify existing controls.
Answer: D D) identify existing controls.
Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting department. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably: A) eliminate tests of controls. B) increase the depth of the study and evaluation of administrative controls. C) avoid duplicating the work performed by the internal audit staff. D) place limited reliance on the work performed by the internal audit staff.
Answer: D D) place limited reliance on the work performed by the internal audit staff.
Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the: A) adequacy of the computer system. B) proper implementation by management. C) ability of the internal audit staff to maintain it. D) competency and dependability of the people using it.
Answer: D D) competency and dependability of the people using it.
Auditors are required to perform certain procedures in every audit to address the risk of management override of internal controls. What are these procedures?
Auditing procedures require the following to be performed to address the risk of management override of controls: • Examine journal entries and other adjustments for evidence of possible misstatements due to • Review accounting estimates for bias. • Evaluate the business rationale for significant unusual transactions.
Briefly discuss the brainstorming session required by current auditing standards. Be sure to include a list of ideas that should be addressed in the session.
Auditing standards require the audit team to conduct discussions to share insights from more experienced audit team members and to "brainstorm" ideas that address several ideas. The ideas that should be discussed are: • How and where the entity's financial statements might be susceptible to material misstatements due to fraud. This includes known external and internal factors affecting the entity that might (1) create an incentive or pressure for management to commit fraud (2) provide the opportunity for fraud to be perpetrated and (3) indicate a culture or environment that enables management to rationalize fraudulent acts. • How management could perpetrate and conceal fraudulent financial reporting. • How assets of the entity could be misappropriated. • How the auditor might respond to the susceptibility of material misstatements due to fraud.
Explain professional skepticism and the need for maintaining professional skepticism during an audit.
Auditing standards state that, in exercising professional skepticism, an auditor "neither assumes that management is dishonest nor assumes unquestioned honesty." Auditors need to maintain their skepticism and a questioning mind throughout the audit so that they can identify fraud risk and critically evaluate audit evidence.
"An attitude, character, or set of ethical values exist that allow management or employees to commit a dishonest act ...." describes the opportunities condition included in the fraud triangle. A) True B) False
B
Adequate documents and records is a subcomponent of the control environment. A) True B) False
B
An ineffective board of director oversight over financial reporting is an example of an incentives/pressures risk factor. A) True B) False
B
Auditing standards prohibit reliance on the work of internal auditors due to the lack of independence of the internal auditors. A) True B) False
B
Control activities are a subcomponent of the information and communication component of internal control. A) True B) False
B
Controls that are applied throughout the accounting period must be tested both at an interim date and then again on the balance sheet date. A) True B) False
B
Fictitious revenue transactions have the same level of documentary evidence as legitimate transactions. A) True B) False
B
Fraud is more prevalent in large businesses than small businesses and not-for-profit organizations. A) True B) False
B
The procedures to obtain an understanding of internal control are only applied when the assessed control risk is high. A) True B) False
B
The scope of the auditor's report on internal control is limited to obtaining reasonable assurance that significant weaknesses in internal control are identified. A) True B) False
B
Upon discovering information that indicates a material misstatement due to fraud, the auditor must assume that the misstatement is an isolated incident. A) True B) False
B
When a company designs and implements internal controls, cost of the controls is not a valid consideration. A) True B) False
B
When documenting their understanding of a client's internal controls, auditors are required to use narratives. A) True B) False
B
When the allowance for doubtful accounts is understated, bad debt expense is understated and net income is also understated. A) True B) False
B
Which of the following is a factor that relates to incentives or pressures to commit fraudulent financial reporting? A) Significant accounting estimates involving subjective judgments B) Excessive pressure for management to meet debt repayment requirements C) Management's practice of making aggressive forecasts D) High turnover of accounting, internal audit, and information technology staff
B) Excessive pressure for management to meet debt repayment requirements
Which of the following is a correct statement regarding the misappropriation of receipts involving revenue? A) One of the easiest frauds to detect is when a sale is not recorded and the cash from the sale is stolen. B) If a customer's payment is stolen, regular billing of unpaid accounts can uncover the fraud unless the fraud perpetrator does something to hide the theft. C) Misappropriation of cash receipts is generally as material as fraudulent reporting of revenues. D) Analytical procedures can detect relatively small thefts of sales and related cash receipts.
B) If a customer's payment is stolen, regular billing of unpaid accounts can uncover the fraud unless the fraud perpetrator does something to hide the theft.
Which of the following matters related to the auditor's consideration of material misstatements due to fraud are required to be documented? A) Reasons supporting a conclusion that there is not a significant risk of material improper expense recognition B) Procedures performed to obtain information necessary to identify and assess the risks of material fraud C) Results of the internal auditor's procedures performed to address the risk of management override of controls D) Discussions with management regarding the hiring of a new plant manager
B) Procedures performed to obtain information necessary to identify and assess the risks of material fraud
Which of the following is a factor that relates to incentives to misappropriate assets? A) Significant accounting estimates involving subjective judgments B) Significant personal financial obligations C) Management's practice of making overly aggressive forecasts D) High turnover of accounting, internal audit and information technology staff
B) Significant personal financial obligations
When assessing the risk for fraud, the auditor must be cognizant of the fact that: A) the existence of fraud risk factors means fraud exists. B) analytical procedures must be performed on revenue accounts. C) horizontal analysis is not useful in helping to determine unusual financial statement relationships. D) the auditor cannot make inquiries about fraud to company personnel who have no financial statement responsibilities.
B) analytical procedures must be performed on revenue accounts.
A company is concerned with the theft of cash after the sale has been recorded. One way in which fraudsters conceal the theft is by a process called "lapping." Which of the following best describes lapping? A) Reduce the customer's account by recording a sales return B) Write off the customer's account C) Apply the payment from another customer to the customer's account D) Reduce the customer's account by recording a sales allowance
C
Who is most likely to perpetrate fraudulent financial reporting? A) Members of the board of directors B) Production employees C) Management of the company D) The internal auditors
C) Management of the company
Which of the following is not a factor that relates to opportunities to commit fraudulent financial reporting? A) Lack of controls related to the calculation and approval of accounting estimates B) Ineffective oversight of financial reporting by the board of directors C) Management's practice of making overly aggressive forecasts D) High turnover of accounting, internal audit, and information technology staff
C) Management's practice of making overly aggressive forecasts
Which of the following is a factor that relates to attitudes or rationalization to commit fraudulent financial reporting? A) Significant accounting estimates involving subjective judgments B) Excessive pressure for management to meet debt repayment requirements C) Management's practice of making overly aggressive forecasts to third parties D) High turnover of accounting, internal audit and information technology staff
C) Management's practice of making overly aggressive forecasts to third parties
Company management is often under pressure to increase revenue and/or net income. One approach is to use a "bill and hold" arrangement. This is an example of which of the following? A) Significant accounting estimates B) Fictitious revenue recorded C) Premature revenue recognized D) Alteration of cutoff documents
C) Premature revenue recognized
Financial statement manipulation risk is arguably present for all companies' financial statements. However, the risk is elevated for companies that: A) are heavily regulated. B) have low amounts of debt. C) have to make significant judgments for accounting estimates. D) operate in stable economic environments.
C) have to make significant judgments for accounting estimates.
Auditing standards specifically require auditors to identify ________ as a fraud risk in most audits. A) overstated assets B) understated liabilities C) improper revenue recognition D) overstated expenses
C) improper revenue recognition
Fictitious revenues: A) increase accounts receivable turnover. B) understate the gross margin percentage. C) lower accounts receivable turnover. D) have no impact on the gross margin percentage.
C) lower accounts receivable turnover.
When analyzing accounts for fraud risk: A) companies will generally attempt to overstate accounts payable and net income. B) the inventory account is generally not susceptible to fraud since the auditor must verify the existence of the inventory. C) payroll is rarely a significant risk for fraudulent financial reporting. D) fixed assets are rarely stolen because of their large size.
C) payroll is rarely a significant risk for fraudulent financial reporting.
Analytical procedures can be very effective in detecting inventory fraud. Which of the following analytical procedures would not be useful in detecting fraud? A) Gross margin percentage B) Inventory Turnover C) Cost of sales percentage D) Accounts receivable turnover
D) Accounts receivable turnover
Which of the following is not a factor that relates to opportunities to misappropriate assets? A) Inadequate internal controls over assets B) Presence of large amounts of cash on hand C) Inappropriate segregation of duties or independent checks on performance D) Adverse relationships between management and employees
D) Adverse relationships between management and employees
Determine from the following the factor that would most likely elevate the auditor's concern about the risk of financial statement fraud. A) Company cannot borrow debt capital without restrictive covenants. B) Company finds it difficult to sell equity capital for expansion. C) Company has a significant portion of liquid assets on its balance sheet. D) Company reports substantial net income but ever decreasing cash flow from operations.
D) Company reports substantial net income but ever decreasing cash flow from operations.
Which of the following is not a likely source of information to assess fraud risks? A) Communications among audit team members B) Inquiries of management C) Analytical procedures D) Consideration of fraud risks discovered during recent audits of other clients
D) Consideration of fraud risks discovered during recent audits of other clients
Which of the following does not represent an increased opportunity to commit fraud? A) Related party transactions B) The company founder is the CEO and Chairman of the Board. C) The financial statements involve accounting estimates. D) The company is a new audit client for the CPA firm.
D) The company is a new audit client for the CPA firm.
To promote operational efficiency, the internal audit department would ideally report to: A) line management. B) PCAOB. C) Chief Accounting Officer. D) audit committee.
D) audit committee. Answer: D
When dealing with revenue frauds: A) the most egregious form of revenue fraud involves premature revenue recognition. B) premature revenue recognition involves recognizing the revenue after the accounting standards requirements have been met. C) premature revenue recognition is the same as cutoff errors. D) side agreements can modify the terms of the sales transaction and should be analyzed carefully.
D) side agreements can modify the terms of the sales transaction and should be analyzed carefully.
The internal control framework developed by COSO includes five so-called "components" of internal control. Discuss each of these five components.
Five components of internal control are: • The control environment. The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the company. • Risk assessment. This is management's identification and analysis of risks relevant to the preparation of financial statements in accordance with appropriate accounting frameworks such as GAAP or IFRS. • Information and communication. These are the methods used to initiate, record, process, and report the entity's transactions and to maintain accountability for the related assets. • Control activities. These are the policies and procedures that management has established to meet its objectives for financial reporting. • Monitoring. This is management's ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as intended and are modified when needed.
Define fraud and distinguish between the two main categories of fraud.
In the context of financial statement auditing, fraud is defined as an intentional misstatement of the financial statements. The two main categories of fraud are fraudulent financial reporting and misappropriation of assets. Fraudulent financial reporting is an intentional misstatement or omission of amounts or disclosures with the intent to deceive users of the financial statement. Misappropriation of assets involve theft of an entity's assets.
List and briefly describe examples of risk factors for each condition of fraud for fraudulent financial reporting.
Incentives/Pressures: 1. Financial stability or profitability is threatened by economic, industry, or entity operating conditions. 2. Excessive pressure for management to meet debt repayment or other debt covenant requirements. 3. Management or the board of directors' personal net worth is materially threatened by the entity's financial performance. Opportunities: 1. Significant accounting estimates involve subjective judgments or uncertainties that are difficult to verify. 2. Ineffective board of director or audit committee oversight over financial reporting. 3. High turnover or ineffective accounting, internal audit, or information technology staff. 4. Weak internal controls. 5. Significant related party transactions. Attitudes/Rationalization: 1. Inappropriate or ineffective support of the entity's ethics and values. 2. Known history of violations of laws and regulations. 3. Management's practice of making overly aggressive or unrealistic forecasts to analysts, creditors, and other third parties.
Describe the auditor's responsibilities related to required communications between the auditor and those charged with governance (remove auditor committee) regarding internal control.
The auditor must communicate significant deficiencies and material weaknesses in writing to those charged with governance as soon as they become aware of their existence. The communication is usually addressed to the audit committee and to management. Timely communications may provide management an opportunity to address control deficiencies before management's report on internal control must be issued. In some instances, deficiencies can be corrected sufficiently early such that both management and the auditor can conclude that controls are operating effectively as of the balance sheet date. These communications must be made no later than 60 days following the audit report release
Discuss what is meant by the term "control environment" and identify four control environment subcomponents that the auditor should consider.
The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about control and its importance to the entity. Subcomponents include: • integrity and ethical values • commitment to competence • board of director or audit committee participation • management's philosophy and operating style • organizational structure • human resource policies and practices.
List the three steps in management's assessment of risk and then list two of the categories of management assertions that must be satisfied during the risk assessment process.
The steps taken by management in the risk assessment process are: • identify the factors affecting risk • assess the significance of risks and likelihood of occurrence • determine actions necessary to manage the risks. The categories of management assertions that must be satisfied are: • assertions about classes of transactions and other events • assertions about account balances • assertions about presentation and disclosure.
List the three main types of revenue manipulations employed to commit fraudulent financial reporting and give an example for each type.
The three main types of revenue manipulation are: • Fictitious revenues-preparation of fictitious documentary evidence for sales and reduction of • Premature revenue recognition-bill and hold; side agreements; unlimited right of return • Manipulation of adjustments to revenues - adjustments to the sales and returns allowance account; i.e. not recording returns
Describe each of the three broad objectives management typically has for internal control. With which of these objectives is the auditor primarily concerned?
The three objectives are: • Reliability of financial reporting. Management has both a legal and professional responsibility to be sure that the information is fairly presented in according with reporting requirements such as U.S. GAAP and IFRS. • Efficiency and effectiveness of operations. Controls within an organization are meant to encourage efficient and effective use of its resources to optimize the company's goals. • Compliance with laws and regulations. Public, non-public, and not-for-profit organizations are required to follow many laws and regulations. Some relate to accounting only indirectly, such as environmental protection and civil rights laws. Others are closely related to accounting, such as income tax regulations and anti-fraud legal provisions. The auditor's focus in both the audit of financial statements and the audit of internal controls is on the controls over the reliability of financial reporting plus those controls over operations and compliance with laws and regulations that could materially affect financial reporting.
Management's identification and analysis of risk is an ongoing process and is a critical component of effective internal control. An important first step is for management to identify factors that may increase risk. Identify at least five factors, observable by management, which may lead to increased risk in a typical business organization.
There are many factors that may lead to increased risk in an organization. Some examples include: • failure to meet prior objectives, • quality of personnel, • geographic dispersion of company operations, • significance and complexity of core business processes, • introduction of new information technologies • entrance of new competitors and, • economic downturns
Define the following terms: control deficiency, significant deficiency, and material weakness.
• A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis in the normal course of performing their assigned functions. • A significant deficiency exists if one or more control deficiencies exist that is less severe than a material weakness but important enough to merit attention by those responsible for oversight of the company's financial statements. • A material weakness exists if a significant deficiency, by itself, or in combination with other significant deficiencies, results in a reasonable possibility that internal control will not prevent or detect material financial statement misstatements on a timely basis.
Certain principles dictate the proper design and use of documents and records. Briefly describe several of these principles
• Documents should be prenumbered consecutively to facilitate control over missing documents and as an aid in locating documents when they are needed at a later date. • Documents and records should be prepared at the time a transaction takes place, or as soon as possible thereafter, to minimize timing errors. • Documents and records should be designed for multiple uses, when possible, to minimize the number of different forms. For example, a properly designed and used shipping document can be the basis for releasing goods from storage to the shipping department, informing billing of the quantity of goods to bill to the customer and the appropriate billing date, and updating the perpetual inventory records. • Documents and records should be constructed in a manner that encourages correct preparation. This can be done by providing internal checks within the form or record. For example, computer screen prompts may force online data entry of critical information before the record is electronically routed for authorizations and approvals. Similarly, screen controls can validate the information entered, such as when an invalid general ledger account number is automatically rejected when the account number does not match the chart of accounts master file.
List and briefly describe the three conditions for fraud.
• Incentives/pressures — Management or other employees have incentives or pressures to commit fraud. • Opportunities — Circumstances provide opportunities for management or employees to commit fraud. • Attitudes/Rationalization — An attitude, character, or set of ethical values exists that allows management or employees to intentionally commit a dishonest act, or they are in an environment that imposes sufficient pressure that causes them to rationalize committing a dishonest act.
In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures below.
• Make inquiries of appropriate client personnel • Examine documents, records, and reports • Observe control-related activities • Reperform client procedures