Chapter 5 - Exam Review

Which of the following is the least important audit reason for the auditor's obtaining an understanding of a company's internal control? A.) to serve as a basis for constructive suggestions B.) to plan subsequent substantive tests C.) to identify types of possible misstatements that may occur D.) to consider factors that may affect the risk of material misstatement

A.) to serve as a basis for constructive suggestions

What objectives of internal controls are of primary interest to an auditor performing a financial statement audit? A. Effective and efficient operations B. Accurate and reliable financial reporting C. Compliance with applicable laws and regulations D. Prevention or detection and timely correction of errors and fraud

B. Accurate and reliable financial reporting

According to the PCAOB, during the audit of internal controls for an issuer, the ultimate objective of testing the design effectiveness of internal controls is to: A. Determine whether the company's controls at processing company data effectively. B. Determine that the company's control will satisfy the company's objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed. C. Determine that the company's employees are processing the controls according to the policy and procedures manuals at the company. D. None of the choices are correct.

B. Determine that the company's control will satisfy the company's objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed

The primary purpose for obtaining an understanding of internal control during the audit of a nonissuer is to: A. Provide a basis for making constructive suggestions in a management letter. B. Determine the nature, timing, and extent of further audit tests to be performed. C. Provide the rationale for the inherent risk assessment at the financial statement assertion level. D. Provide information for a communication of internal control- related matters to management

B. Determine the nature, timing, and extent of further audit tests to be performed

Which of the following statements is correct regarding internal control? A.) a well-designed internal control environment ensures the achievement of an entity's control objectives B.) an inherent limitation to internal control is the fact that controls can be circumvented by management override C.) a well-designed and operated internal control environment should detect collusion perpetrated by two people D.) internal control is a necessary business function and should be designed and operated to detect all errors and fraud

B.) an inherent limitation to internal control is the fact that controls can be circumvented by management override

Which of the following outcomes is a likely benefit of information technology used for internal control? A.) processing of unusual or non recurring transactions B.) enhanced timeliness of information C.) potential loss of data D.) recording of unauthorized transactions

B.) enhanced timeliness of information

Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been: A.) authorized B.) implemented C.) tested D.) monitored

B.) implemented

When completing the audit of internal controls for an issuer, AS 2201 requires auditors to test: A. Operating effectiveness only B. Design effectiveness only C. Both operating and design effectiveness D. Neither operating nor design effectiveness

C. Both operating and design effectiveness

Which report would not be appropriate for a public accounting firm to provide on financial reporting controls? A. Unqualified— no material weaknesses found B. Disclaimer of opinion- unable to perform all necessary procedures C. Disclaimer of opinion- significant deficiencies exist D. Adverse- material weaknesses exist

C. Disclaimer of opinion- significant deficiencies exist

When completing the audit of internal controls for an issuer, the PCAOB requires the audit team to audit internal controls over: A. Operations B. Compliance with regulations C. Financial reporting D. All of the choices are correct

C. Financial reporting

An auditor is evaluating a client's internal controls. Which of the following situations would be the most difficult internal control issue for an auditor to detect? A.) the accounting staff neglects the control, due to increased transactions to be processed B.) the technology department writes a program that does not properly implemented the control, due to a lack of understanding C.) two employees, who work in different departments, are circumventing an internal control D.) someone erroneously disables edit checks in software program designed to identify control exceptions

C.) two employees, who work in different departments, are circumventing an internal control Explanation: when two employees of two different departments circumvent an internal control, it would be most difficult for an auditor to detect it while evaluating a client's internal control

Management's evaluation process of internal control ___ with the management report on internal control— the first step of the audit process.

Concludes Explanation: Management's evaluation period ends with its report on internal control. This evaluation begins the audit process.

Efficient planning of the evaluation of internal control requires ___ the financial statement audit.

Coordination with Explanation: To efficiently plan an internal control audit, the auditor must plan the audit in coordination with the financial statement audit. This coordination is referred to as an integrated audit.

When planning the audit of internal controls for an issuer, the audit team should: A. Identify significant accounts, locations, and relevant assertions B. Conduct a walkthrough of the internal control process C. Make inquires of employees regarding the existence of control activities D. Reperform control activities performed by client employees to determine their effectiveness

A. Identify significant accounts, locations, and relevant assertions

A material weakness is a situation in which A. It is reasonably possible that a material misstatement would not be detected on a timely basis B. There is a remote likelihood that a material misstatement would be detected on a timely basis C. It is reasonably possible that an immaterial misstatement would not be detected on a timely basis D. It is probably that an immaterial financial statement misstatement would not be detected on a timely basis

A. It is reasonably possible that a material misstatement would not be detected on a timely basis

Which of the following would probably not be considered an indication of a material weakness? A. Overproduction by the manufacturing plant B. Immaterial fraud committed by senior management C. Ineffective oversight by the audit committee D. Evidence of material misstatement

A. Overproduction by the manufacturing plant

Effectiveness of audit procedures would be reduced by: A. Performing procedures during the interim period as opposed to at the fiscal year-end date B. Performing audit procedures at the fiscal year-end date as opposed to the interim period C. Selecting larger sample sizes for audit D. Deciding to obtain external evidence instead of internal evidence

A. Performing procedures during the interim period as opposed to at the fiscal year-end date

Which organization developed the framework most commonly used by the auditing profession for benchmarking internal controls of non-issuers? A. The Committee of Sponsoring Organizations (COSO) of the Treadway Commission B. The Public Company Accounting Oversight Board C. The Financial Reporting Council D. The AICPA

A. The Committee of Sponsoring Organizations (COSO) of the Treadway Commission

When obtaining an understanding of an entity's internal control in a financial statement audit at a non-public company, an auditor is not obligated to: A.) determine whether the control activities have been placed in operation B.) perform procedures to understands the design of the internal control system C.) document the understanding of the company's internal control system D.) search for significant deficiencies in the operation of the internal control system

D.) search for significant deficiencies in the operation of the internal control system

Which of the following is an information technology general control? A.) check digit B.) run-to-run totals C.) distribution of computerized output D.) separation of duties in the IT department

D.) separation of duties in the IT department

The goal to find a misstatement that has already been made is a type of ___ control

Detective

Accounting ___ involve management's judgement or assumptions.

Estimates Explanation: estimates are the result of management's assumptions and/or judgment

CONCEPT REVIEW: Internal controls vary significantly between organizations- depending on attributes like organization size, nature of operations, and objectives. In all systems, however, a variety of controls needs to be designed to accomplish the organization's objectives. Controls are classified as preventive, detective, or corrective

Example of each Preventive Control: Segregation of duties Detective Control: A requirement to prepare bank reconciliations Corrective Control: Maintaining backups of data

An account is __ if there is a reasonable possibility that it could contain a misstatement that has a material effect on the financial statements.

Significant Explanation: significant accounts are critical to the financial statements being materially correct

Which of the following is a step in an auditor's decision to assess control risk at below the maximum? A.) apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls B.) perform tests of details of transaction and account balances to identify potential errors and fraud c.) identify specific internal control policies and activities that are likely to detect or prevent material misstatements D.) document that the additional audit effort to perform tests of controls exceeds the potential reduction in substantive tests

c.) identify specific internal control policies and activities that are likely to detect or prevent material misstatements

When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on: A. Whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure B. Whether the account has a history of errors C. The magnitude of the potential misstatement resulting from the deficiency or the deficiencies D. Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure. E. All of the choices are correct

D. Both the magnetite of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's control will fail to prevent or detect a misstatement of an account balance or disclosure

If the auditors encounter a significant scope limitation in evaluating an issuer's internal control over financial reporting, which of the following types of opinions on the effectiveness of the company's internal control over financial reporting would be appropriate? A. Unqualified opinion or adverse opinion B. Qualified opinion or adverse opinion C. Unqualified opinion or disclaimer of opinion D. Disclaimer of opinion

D. Disclaimer of opinion

If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must: A. Provide additional examples of responses to assessed fraud risks relating to fraudulent financial reporting B. Perform only substantive procedures C. Assess control risk at less than the maximum for all relevant assertions D. Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance

D. Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance

As part of understanding the internal control, an auditor is not required to: A.) consider factors that affect the risk of material misstatement. B.) ascertain whether internal control policies and activities have been placed in operation. C.) identify the types of potential misstatements that can occur. D.) obtain knowledge about the operating effectiveness of the client's internal control activities.

D.) obtain knowledge about the operating effectiveness of the client's internal control activities. Explanation: an auditor is not required to obtain the knowledge of operating effectiveness of internal controls because the effectiveness of internal control operation is evaluated at a later storage. It is evaluated only for those controls on which the auditor plans to rely

After determining significance, the financial statement ___ come into determination.

Assertions Explanation: assertions are considered by auditors after they consider the financial statement account significance

HexaCo has various policies and procedures pertaining to the company's operations. These policies and procedures are routinely referred to and adhered to, as they support management directives. According to the COSO Integrated Framework, policies and procedures which assist in achieving management directives would be examples of which element of internal control? A.) Control activities B.) Control environment C.) Monitoring D.) Information and communication

A.) Control activities Explanation: control activities are the policies and procedures that management uses to provide reasonable assurance that the entity's objectives will be achieved. The control environment, or tone at the top, would include the fact that management is control conscious and willing to commit the resources to develop policies and procedures, but the policies and procedures themselves are control activities. Attention to information and communication ascertains that management's directives are communicated to those responsible for fulfilling them and to make certain that management receives feedback. Monitoring is the process the entity uses to make certain that policies and procedures are, in fact, being following.

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal controls? A.) Incompatible duties. B.) Management override. C.) Mistakes in judgment. D.) Collusion among employees.

A.) Incompatible duties.

An auditor has assessed risk of material misstatement as low because the client has established meaningful internal controls to prevent a material misstatement to the financial statements. The auditor has performed walkthroughs to determine if the policies have been put into place. As a result: A.) The auditor should perform tests of controls and, if results are satisfactory, the nature, timing, and extent of further audit procedures will be adjusted as less additional evidence will be required. B.) As a result of the walkthroughs, the auditor will adjust the nature, timing, and extent of further audit procedures as less additional audit evidence will be required. C.) The auditor will perform substantive tests to determine whether or not the controls have been effective during the period being audited. D.) The auditor should perform tests of controls as a basis for determining if there are control deficiencies that should be communicated to governance.

A.) The auditor should perform tests of controls and, if results are satisfactory, the nature, timing, and extent of further audit procedures will be adjusted as less additional evidence will be required. Explanation: when an auditor believes that controls are effective, test of controls are generally performed to make certain that the controls are in place and operating effectively during the audit period. If so, the auditor may reduce the anticipated amount of appropriate audit evidence required and will adjust the nature, timing, and extent of further audit procedures. Walkthroughs are used to determine if internal controls have been effectively designed and put into place. They are not, however, effective for determine whether or not the controls were operating effectively during the period being audited. Test of controls, not substantive tests, are performed to evaluate the effectiveness of internal controls. The auditor identifies control weaknesses to communicate to governance when obtaining an understanding of internal control, not as a result of test of controls.

When the audit team increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the audit team would most likely increase the: A.) extent of substantive tests of details B.) level of inherent risk C.) extent of tests of controls D.) level of detection risk

A.) extent of substantive tests of details Explanation: control risk refers to the chances of any material misstatements in the financial statements of the company. In the case of higher probability of control risk, audit team is most likely to increase the extent of substantive tests of details Substantive test of details: the phase of an audit where the auditor gathers samples to identify any material misstatements in the client's accounting records or other information. The main goal is to provide reasonable assurance about the validity and correctness of financial reporting, or to identify material misstatements. Control testing: an audit procedures used to determine whether internal controls effectively prevent or discover material misstatements at the appropriate assertion level. The ultimate goal of this is to evaluate the performance of the internal control system to improve the organization's operations, financial reporting, and compliance

After obtaining an understanding of internal controls and assessing control risk on the audit of a non-public company, an auditor decided to perform tests of controls. The auditor most likely decided that: A.) it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests. B.) additional evidence to support a further reduction in control risk is not available. C.) an increase in the assessed level of control risk is justified for certain financial statement assertions. D.) there were many internal control weaknesses that could allow errors to enter the accounting system.

A.) it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.

The primary objective of procedures performed to obtain an understanding of the entity's internal control is to provide an auditor with: A.) knowledge necessary for audit planning. B.) evidential matter to use in assessing inherent risk. C.) a basis for modifying tests of controls. D.) an evaluation of the consistency of application of management's policies.

A.) knowledge necessary for audit planning.

In computer systems, the information technology general controls (ITGC) would not include: A.) processing control activities B.) separation of various computer system functions C.) appropriate documentation of the data processing system D.) control over physical access to computer hardware

A.) processing control activities

Tracing bills of lading to sales invoices provides evidence that: A.) shipments to customers were invoices B.) shipments to customers were recorded as sales C.) recorded sales were shipped D.) invoiced sales were recorded as sales

A.) shipments to customers were invoices

When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate? A.) test the operating effectiveness of such controls in the current audit B.) document that reliance and proceed with the original audit strategy C.) inquire of management as to the effectiveness of the controls D.) report the reliance in the report on internal controls

A.) test the operating effectiveness of such controls in the current audit

Which of the following a definition of control risk? A.) the risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls B.) the risk that the auditor will not detect a material misstatement C.) the risk that the auditor's assessment of internal controls will be at less than the maximum level D.) the susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.

A.) the risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls

The requirement to ___ journal entries is an example of preventive control

Approve

Evidence as to the design of internal control and its operating effectiveness should be considered ___ the date specified in the assessment.

As of

The ___ committee is especially important as it exercises oversight responsibility over the financial statements.

Audit Explanation: An audit committee exercises responsibility for oversight over the financial statements- an important part of the internal control structure.

Test of controls in a GAAS audit are required for: A. Applying analytical procedures to financial statement balances B. Obtaining evidence about the operating effectiveness of client control activities C. Accomplishing control over the occurrence of recorded transactions D. Obtaining evidence about the financial statement assertions

B. Obtaining evidence about the operating effectiveness of client control activities

Which of the following are considered components of an internal control structure according to the COSO framework? A. Segregation of duties B. Risk assessment C. Performance indicators D. Use of prenumbered documents

B. Risk assessment

In an audit of financial statements, an auditor's primary consideration regarding an internal control policy or activity is whether the policy or activity: A.) reflects management's philosophy and operating style B.) affects management's financial statement assertions C.) provides adequate safeguards over access to assets D.) enhances managmenet's decision making processes

B.) affects management's financial statement assertions

Generally accepted auditing standards (GAAS) give auditors considerable discretion to decide the amount of work required to satisfy auditing standards guiding internal control evaluation and related audit planning. Which of the descriptions below best expresses the minimum amount of work permitted by GAAS for non public companies? A.) Do not obtain an understanding of client environment, accounting, or control activities. Do not document the decision to assess control risk at maximum. Perform 100% substantive audit on all financial statement transactions and balances B.) Obtain an understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances C.) obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk below the maximum. Perform restricted substantive audit on financial statement transactions and balances, considering the control risk assessment D.) obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk at zero. Perform no substantive audit on financial statement transactions and balances, since zero control risk means that no errors or fraud can reach the accounts

B.) obtain and understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances

In testing control activities, an auditor ordinarily selects from a variety of techniques, including: A.) inquiry and analytical procedures. B.) reperformance and observation. C.) comparison and confirmation. D.) inspection and verification.

B.) reperformance and observation.

A set of characteristics that helps to define a seriousness about employees' attitudes about the control activities in a company is referred to as: A.) management assertions B.) the control environment C.) control risk assessment D.) functional responsibilities

B.) the control environment

An auditor is concerned about a policy of management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor's concern? A.) matching purchase orders to accounts payable B.) verifying that approved spending limits are not exceeded C.) tracing sales orders to the revenue account D.) reviewing minutes of board meeting

B.) verifying that approved spending limits are not exceeded

Which of the following is not an objective of internal controls over financial reporting as defined by the SOX Act? A.) Policies and procedures that pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant. B.) Policies and procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and receipts and expenditures of the registrant are being made only in accordance with authorizations of management and directors of the registrant. C.) Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations. D.) Policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the registrant's assets that could have a material effect on the financial statements.

C.) Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations.

Which of the following client internal control activities is not usually performed in the treasure's department? A.) verifying the accuracy of checks and vouchers B.) controlling the mailing of checks to vendors C.) approving vendors' invoices for payment D.) cancelling payment vouchers when paid

C.) approving vendors' invoices for payment

The "obtaining an understanding" work phase (Phase 1) of internal control evaluation would not give auditors an overall acquaintance with the client's: A.) control environment B.) information and communication system C.) control activity effectiveness D.) monitoring activites

C.) control activity effectiveness

The overall attitude and awareness of an entity's board of directors concerning the importance of the client's internal control usually is reflected in its: A.) computer-based control activities. B.) system of separation of duties. C.) control environment. D.) safeguards over access to assets.

C.) control environment.

After obtaining an understanding of a client's financial reporting control activities, the auditor would next: A.) test the client's control activities B.) assess the final control risk C.) document the understanding obtained D.) plan the remainder of the audit work

C.) document the understanding obtained

The internal control in small business is highly dependent on the: A.) separation of functional responsibilities B.) complexity of the client's internal controls C.) owner-manager's competence, as well as his/her ethics and integrity D.) bonding of employees

C.) owner-manager's competence, as well as his/her ethics and integrity

When auditing financial statements of a private company, the minimum work an auditor must perform in connection with a company's internal control is best described by which of the following statements? A.) perform exhaustive tests of accounting controls and evaluate the company's control system effectiveness B.) determine whether the company's control policies are designed well enough to prevent material misstatements C.) prepare auditing working papers that document the auditor's understanding of the company's internal control D.) design procedures to search for significant deficiencies in the actual operation of the company's internal control

C.) prepare auditing working papers that document the auditor's understanding of the company's internal control

Each of the following types of controls is considered to be an entity-level control, except those: A.) relating to the control environment B.) pertaining to the company's risk assessment process C.) regarding the company's annual stockholder meeting D.) addressing policies over significant risk management practices

C.) regarding the company's annual stockholder meeting

The ultimate purpose of assessing control risk to contribute to the auditor's evaluation of the: A.) factors that raise doubts about the audit ability of the financial statements B.) operating effectiveness of internal control policies and procedures C.) risk that material misstatements exist in the financial statements D.) possibility that the nature and extent of substantive tests may be reduced

C.) risk that material misstatements exist in the financial statements

Regardless of the assessed level of control risk, an auditor of a non-public company would perform some: A.) tests of controls to determine the effectiveness of internal control policies B.) analytical procedures to verify the design of internal control activities C.) substantive tests to restrict detection for significant transactions classes. D.) dual purpose tests of evaluate both the risk of monetary misstatement and preliminary control risk

C.) substantive tests to restrict detection for significant transactions classes Explanation: substantive test verifies the correctness of the information, it creates conclusive evidence regarding disclosure, valuations, completeness, and existence of accounts of financial statements. Since, it helps to form the opinion, it is important to be performed regardless of the assessed level of control risk.

Which of the following audit procedures most likely would provide an auditor with the most assurance about the effectiveness of the operation of an entity's internal control? A.) confirmation with outside parties B.) inquiry of client personnel C.) successful re-performance of the control activity D.) observation of client personnel

C.) successful re-performance of the control activity

Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks? A.) the relevant internal control components are not well documents B.) the internal auditor already has tested the relevant controls and found them effective C.) testing the operating effectiveness of the relevant controls would not be efficient D.) the cost of substantive procedures will exceed the cost of testing the relevant controls

C.) testing the operating effectiveness of the relevant controls would not be efficient

Which of the following is a preventive control? A. Reconciliation of a bank account B. Detailed fluctuation analysis completed by the CFO for revenue C. Recalculation of a sample of payroll entires by internal auditors D. Separation of duties between the payroll and personnel departments

D. Separation of duties between the payroll and personnel departments

Which of the following does not accurately summarize auditors' requirements regarding internal control? Issuer and Nonissuer - yes to all A. Understanding B. Documenting C. Evaluating control risk D. Test controls

D. Test controls; yes-issuer, yes-nonissuer Testing controls is required only for audits of issuers under AS 2201

Which of the following best describes why an auditor is always required to document the auditor's understanding of internal controls? A.) To support the auditor's opinion B.) To avoid performing substantive procedures C.) To lower control risk D.) To document the basis for risk assessment

D.) To document the basis for risk assessment Explanation: The strength or weakness of a client's internal control dictates whether or not management's policies are being followed and whether or not information that is generated by the system is likely to be reliable. The auditor is required to assess the risk of material misstatement of financial statements to determine the amount of audit evidence to obtain and the strength of the audit evidence that will be required to convince the auditor that the financial statements are not materially misstated. This is accomplished through obtaining an understanding of the client's internal control and documenting the understanding provides documentation of the auditor's risk assessment. The evidence gathered in an audit, not the understanding of internal control, supports the auditor's opinion. The understanding is designed to help the auditor determine how much testing will be required, not to avoid performing substantive procedures. Documenting internal control does not reduce control risk. It is reduced when the auditor determines that the client's controls, if operating effectively, would reduce the risk of material misstatement and, through tests of controls, are in place and operating effectively.

Management's report on internal controls must include each of the following except: A.) a statement that management is responsible for establishing and maintaining adequate internal control over financial reporting. B.) a statement identifying the framework management uses to evaluate the effectiveness of the company's internal control. C.) a statement providing management's assessment of the effectiveness of the company's internal control. D.) a statement providing management's evaluation of the company's control environment.

D.) a statement providing management's evaluation of the company's control environment. Explanation: Management's report on internal controls must include the following: 1. A statement that management is responsible for establishing and maintaining adequate internal control over financial reporting 2. A statement identifying the framework management uses to evaluate the effectiveness of the company's internal control 3. A statement providing management's assessment of the effectiveness of the company's internal control. It is the auditor's responsibility to evaluate the company's control environment. The auditor evaluates the control environment based on various factors such as - integrity and ethical value - competence of the entity's people - management's philosophy and operating style - authority and responsibility - direction provided by the board of directors

Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization? A.) disclosing lack of segregation of duties to the external auditors during the annual review B.) replacing personnel every three or four years C.) requiring accountants to pass a yearly background check D.) allowing for greater management oversight of incompatible activities

D.) allowing for greater management oversight of incompatible activities

Which of the following activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud? A.) distributing paychecks directly to department store employees B.) setting the pay rate for departmental employees C.) hiring employees and authorizing them to be added to payroll D.) approving a summary of hours each employee worked during the pay period

D.) approving a summary of hours each employee worked during the pay period

A sales clerk enters a customer's six-number customer account. The computer program uses the first five numbers to calculate a sixth number. This resulting number is then compared to the sixth number entered by the sales clerk. This is an example of a: A.) valid character test B.) missing data test C.) reasonableness test D.) check digit

D.) check digit

Control activities intended to ensure that transactions are recorded in the right period are designed to achieve the ASB assertion of: A.) occurrence B.) accuracy C.) valuation or allocation D.) cutoff

D.) cutoff

The appropriate separation of duties does not include: A.) authorization to execute transactions B.) recording of transactions C.) custody of assets involved in transactions D.) data preparation

D.) data preparation

Sound internal control can be described as separating all of the following duties and responsibilities except for: A.) transaction authorization B.) record keeping C.) custody of, or direct to, assets D.) hiring of employees

D.) hiring of employees

Assessing control risk at below the maximum level most likely would involve: A.) performing more extensive substantive tests with larger sample sizes than originally planned. B.) reducing inherent risk for most of the assertions relevant to significant account balances. C.) changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end. D.) identifying specific internal control activities that are relevant to specific financial statement assertions.

D.) identifying specific internal control activities that are relevant to specific financial statement assertions. Explanation: if control risk is assessed at below the maximum level, the auditor is required to identify "specific internal control polices and procedures relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions"

Which of the following would most likely be classified as a material weakness? A.) absence of appropriate separation of duties B.) absence of appropriate reviews and approvals of transactions C.) evidence of failure of control activities D.) ineffective oversight of the financial reporting process by the company's audit committee

D.) ineffective oversight of the financial reporting process by the company's audit committee

Which of the following is a factor in the control environment? A.) segregation of duties B.) information processing C.) performance reviews D.) management's philosophy and operating style

D.) management's philosophy and operating style

Segregation of duties is a control aimed at ___ misstatement

Preventing

Preparing bank ___ can help detect misstatements that have been made.

Reconciliations

Routine transactions are for ___ activities.

Recurring Explanation: routine transactions are for a system's recurring activirties

The auditors' objective in an audit of internal controls is to express an opinion on the company's internal control over its financial reporting. To meet this objective, an auditor must plan and perform the audit and obtain reasonable assurance. A properly planned audit does this in six distinct steps. CONCEPT REVIEW: A properly planned audit to report on internal control consists of the following six steps: (1) plan the engagement, (2) use a top-down approach to identify controls to test, (3) testing controls, (4) evaluating identified deficiencies, (5) wrapping up, and (6) reporting on internal control.

The steps in the correct order: 1. Management's report on internal control 2. Plan the engagement 3. Use a top-down approach to identify controls to test 4. Test and evaluate design effectiveness 5. Test and evaluate operating effectiveness 6. Form an opinion on the effectiveness of internal control over financial reporting 7. Issue auditors' attestation report

Auditors should use a ___ approach to assess controls.

Top-down Explanation: Using a top-down approach, auditors starts at the top (the financial statement level) and link to the controls in the significant accounts.

The significance of the accounts should be considered ___ regard to internal control.

Without Explanation: accounts are significant independent of the role of internal control