Ch. 7 Gleim
To what degree, if at all, is a significant deficiency related to a material weakness? A.It is less severe than a material weakness. B.It is unrelated to a material weakness. C.It is more severe than a material weakness. D.It is equivalent to a material weakness.
A A significant deficiency is a deficiency, or combination of deficiencies, in internal control that is less severe than a material weakness but that merits attention by those charged with governance.
If an auditor performing an integrated audit identifies one or more material weaknesses in a nonissuer's internal control, the auditor should A.Express an adverse opinion on the entity's internal control. B.Disclaim an opinion on internal control. C.Expand the audit of internal control to identify deficiencies less severe than material weaknesses. D.Conclude that the financial statements are materially misstated because of the material weakness in internal control.
A Material weaknesses are significant control deficiencies that result in more than a remote chance that a material misstatement will result in the financial statements. A material weakness requires the auditor to express an adverse opinion on the effectiveness of internal control.
In an integrated audit, an auditor should issue an adverse opinion on the effectiveness of an entity's internal control in which of the following situations? A.The entity may not continue as a going concern. B.A material weakness exists C.The financial statements are misstated. D.The auditor was asked by the client to provide the report to another practitioner.
B An audit of the effectiveness of internal control over financial reporting is integrated with an audit of the financial statements. If the engagement determines that a material weakness exists, the auditor should express an adverse opinion on the effectiveness of internal control (AU-C 940).
A report on an issuer's integrated audit must include each of the following statements, except A.The auditor believes the audit provides a reasonable basis for the issued opinion. B.The audit was conducted in accordance with AICPA standards. C.Internal control over financial reporting includes policies and procedures regarding the ability to report financial data consistent with management's assertions. D.Management is responsible for maintaining effective internal control.
B The AICPA standards provide guidance for the audits of nonissuers (nonpublic entities) that may request to have an opinion expressed on the effectiveness of ICFR.
Which of the following statements correctly describes the "top-down approach" used during an audit of internal control over financial reporting? A.Begin reviewing income statement accounts and then review balance sheet accounts. B.Begin by understanding the overall risks to internal control over financial reporting at the financial statement level. C.Begin by understanding the overall risks to internal control over financial reporting at the general ledger level. D.Begin reviewing balance sheet accounts and then review income statement accounts.
B The auditor begins an integrated audit at the financial statement level by understanding the overall risks to internal control over financial reporting and focusing on entity-level controls. The auditor then performs procedures on significant classes of transactions, account balances, disclosures, and their relevant assertions.
In the integrated audit, which of the following would not be considered an entity-level control? A.The executive committee's process for assessing business risk. B.The outside auditor's assessment process of internal auditor competence and objectivity. C.Management's established controls to monitor results of operations. D.The board of directors' controls to monitor the activities of the audit committee.
B The auditor begins an integrated audit at the statement level by understanding overall risks to internal control over financial reporting. (S)he then focuses on entity-level controls and works down to significant classes of transactions, account balances, disclosures, and their relevant assertions. The following are examples of entity-level controls: (1) the control environment, (2) controls over management override, (3) monitoring of the results of operations, (4) controls over the period-end financial reporting process, (5) monitoring of other controls, and (6) the risk assessment process. But the outside auditor's assessment process of internal auditor competence and objectivity is external to the entity.
A CPA's understanding of internal control in a financial statement audit of a nonissuer A.Will usually be identical to that made in an audit of internal control integrated with an audit of financial statements. B.Is usually more limited than that made in an audit of internal control integrated with an audit of financial statements. C.Is usually more extensive than that made in an audit of internal control integrated with an audit of financial statements. D.Will usually result in a report on the effectiveness of internal control.
B The scope of the understanding of internal control in a financial statement audit of a nonissuer is usually less than that in an audit of internal control integrated with an audit of financial statements. In the integrated audit, the auditor tests controls to support the opinion on the effectiveness of internal control. To express an opinion on internal control, the auditor obtains evidence about the effectiveness of selected controls over all relevant assertions. When obtaining the understanding of internal control during a financial statement audit, the auditor need not test controls unless (1) the auditor's risk assessment is based on an expectation of the effectiveness of controls or (2) substantive procedures alone do not provide sufficient appropriate evidence.
Firms subject to the reporting requirements of the Securities Exchange Act of 1934 are required by the Foreign Corrupt Practices Act of 1977 to maintain satisfactory internal control. Moreover, the Sarbanes-Oxley Act of 2002 requires that annual reports include (1) a statement of management's responsibility for establishing and maintaining adequate internal control and procedures for financial reporting, and (2) management's assessment of their effectiveness. The role of the registered auditor relative to the assessment made by management is to A.Express an opinion on the assessment. B.Report clients with unsatisfactory internal control to the SEC. C.Determine whether management's report is complete and properly presented. D.Express an opinion on whether the client is subject to the Securities Exchange Act of 1934.
C According to PCAOB AS 2201, the auditor must express (or disclaim) an opinion on the effectiveness of internal control. Moreover, if the auditor determines that elements of management's annual report on internal control over financial reporting are incomplete or improperly presented, the auditor should modify his or her report to describe the reasons for this determination.
Which of the following representations should not be included in a written report on internal control related matters identified in an audit under the AICPA's auditing standards? A.Corrective action is recommended due to the relative significance of material weaknesses discovered during the audit. B.The auditor's consideration of internal control would not necessarily disclose all significant deficiencies or material weaknesses that exist. C.There are no significant deficiencies or material weaknesses in the design or operation of internal control. D.Significant deficiencies related to the design of internal control exist, but none are deemed to be material weaknesses.
C No report should be issued indicating that no significant deficiencies were noted. The potential for misinterpretation would exist if the auditor issued such a report (AU-C 265).
An issuer who is an accelerated filer subject to the Securities Exchange Act of 1934 is required to include in its annual report an auditor's opinion on whether internal control over financial reporting was A.Sufficient to meet the needs of the shareholders. B.Adequate to eliminate fraud. C.Complete and fair. D.Properly designed and operated effectively.
D According to PCAOB's AS 2201, the report states the auditor's opinion on whether the entity maintained, in all material respects, effective internal control over financial reporting as of the specified date based on the control criteria.
Issuers are required by the PCAOB to obtain an auditor's report attesting to the effectiveness of internal control over financial reporting (AS 2201). Likewise, nonissuers may retain an auditor to issue a report on internal control in accordance with the AICPA's auditing standards (AU-C 940). Which of the following statements best characterizes the relation between these two standards? A.The two standards have different purposes: The AICPA standards address only controls relating to the safeguarding of assets, while the PCAOB's standards relate more broadly to financial statements. B.The AICPA standards accept COSO's Internal Control - Integrated Framework as suitable and available framework for control, while the PCAOB standards do not. C.The AICPA standards recognize that the internal controls are the responsibility of the auditor, while the PCAOB standards recognize that the internal controls are the responsibility of management. D.Both the AICPA standards and the PCAOB standards require management to provide a written assessment or assertion concerning the effectiveness of controls.
D Both standards require management to assess internal controls over financial reporting and provide a written assessment of the effectiveness of those controls.
Which of the following best describes a CPA's engagement to report on an entity's internal control over financial reporting? A.A consulting engagement to provide constructive advice to the entity on its internal control. B.A prospective engagement to project, for a period of time not to exceed one year, and report on the expected benefits of the entity's internal control. C.An audit of the financial statements that results in communicating significant deficiencies in internal control. D.An audit engagement that results in issuance of a report relating to the effectiveness of internal control.
D In such an attest engagement, the auditor issues a report relating to the effectiveness of the entity's internal control over financial reporting. The practitioner, as part of engagement performance, obtains from management a written assessment about such effectiveness. AU-C 940 and AS 2201 define the objective of the engagement to express an opinion on the effectiveness of internal control over financial reporting similarly.
A secondary result of the auditor's understanding of internal control for a nonissuer is that the understanding may A.Assure that management's procedures to detect fraud are properly functioning. B.Develop evidence to support the assessed risks of material misstatement. C.Provide a basis for determining the nature, timing, and extent of audit tests. D.Bring to the auditor's attention possible control conditions required to be communicated to the client.
D The auditor is not required to search for significant deficiencies or material weaknesses in internal control. However, the auditor may identify these conditions during the audit. Significant deficiencies and material weaknesses should be communicated in writing to management and to those charged with governance (AU-C 265).
According to the PCAOB, each of the following statements is true with respect to the auditor's responsibility to communicate material weaknesses in internal control over financial reporting except A.All such weaknesses must be communicated in writing to the audit committee. B.All such weaknesses must be communicated in writing to management. C.All such weaknesses must be communicated prior to the issuance of the auditor's report on internal control over financial reporting. D.All such weaknesses must be communicated in writing to all stockholders.
D The auditor only needs to communicate material weaknesses in writing to management and those charged with governance, including the audit committee.
The Sarbanes-Oxley Act of 2002 requires management to include a report on internal control in the firm's annual report. It also requires auditors to evaluate management's internal control report. Which of the following statements concerning these requirements is false? A.The auditors should evaluate whether internal controls are effective in accurately and fairly reflecting the firm's transactions. B.Management should identify significant deficiencies and material weaknesses in its report. C.Management's report should state its responsibility for establishing and maintaining an adequate internal control system. D.The auditors should provide recommendations for improving internal control in their assessment.
D The auditors may provide management with recommendations for improving controls, but the Sarbanes-Oxley Act does not require such a communication in their report.