Ch 7 - Survey of Audit, Attest, and Assurance Topics
At the completion of the audit, the auditors are least likely to know:
Actual control risk.
Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes?
Confirmation.
When a CPA decides that the work performed by internal auditors may have an effect on the nature, timing, and extent of the CPA's procedures, the CPA should consider the competence and objectivity of the internal auditors. Relative to objectivity, the CPA should:
Consider the organizational level to which the internal auditors report the results of their work.
Which of the following would be least likely to be considered an objective of internal control?
Detecting management fraud.
Effective internal control in a small company that has an insufficient number of employees to permit proper separation of responsibilities can be improved by:
Direct participation by the owner in key record-keeping and control activities of the business.
Which of the following is not an advantage of establishing an enterprise risk management system within an organization?
Eliminates all risks.
To have an adequate basis to issue a management report on internal control under Section 404(a) of the Sarbanes-Oxley Act, management must do all of the following, except:
Establish internal control with no material weakness.
Tests of controls do not address:
How controls were originated.
A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with:
Knowledge necessary to determine the nature, timing, and extent of further audit procedures.
An entity's ongoing monitoring activities often include:
Management review of weekly performance reports.
Which of the following is least likely to be a test of controls?
Observation of confirmations.
Tests of controls ordinarily are designed to provide evidence of:
Operating effectiveness.
Controls over financial reporting are often classified as preventative, detective, or corrective. Which of the following is an example of a detective control?
Preparing bank reconciliations.
An auditor may compensate for a weakness in internal control by increasing the extent of:
Substantive tests of details.
When the auditors are performing a first-time internal control audit in accordance with the Sarbanes-Oxley Act and PCAOB standards, they should:
Test controls for all significant accounts.
The preliminary assessments of control risk are often referred to as:
The planned assessed level of control risk.