Chapter 6
Which of the following situations is NOT an example of an inherent limitation of internal control? (1) A programming error in the design of an automated control allows an employee to give himself an unauthorized pay increase. (2) Management's failure to enforce control policies surrounding access to inventory allows employees to steal assets. (3) A lack of physical controls over the safeguarding of assets allows an employee to steal company assets. (4) A fraud scheme whereby an employee orders
3 something about misappropriation of assets
Place the following steps in the top-down, risk-based approach to the audit of ICFR in their proper order: Identify significant accounts and disclosures and their relevant assertions. Select controls to test. Understand likely sources of misstatement. Identify entity level controls.
4,1,3,2
Which of the following are principles associated with the control environment? Commitment to competence, participation of those charged with governance, and ethical values and integrity Commitment to competence and participation of those charged with governance Participation of those charged with governance and ethical values and integrity Commitment to competence and ethical values and integrity
Commitment to competence, participation of those charged with governance, and ethical values and integrity
Which of the following audit procedures is most likely to be conducted only after year-end? Multiple Choice Testing of property, plant, and equipment disposals to validate balance sheet PP&E account. Analysis of stockholders' equity transactions to validate balance sheet equity accounts. Evaluation of management's adjusting journal entries to the financial statements. Accounts receivable confirmations as evidence of existence and valuation of balance sheet accounts receivable balance.
Evaluation of management's adjusting journal entries to the financial statements. Since any management adjustment to the financial statements could have a material effect, it is generally appropriate for the auditor to evaluate adjusting entries after year end.
According to the COSO Integrated Framework, reviews of actual business performance with budgets is an example of which of the five components of internal control? Multiple Choice a- Control activities b- Monitoring c- Risk assessment d- Control environment
a
An auditor's flowchart of an entity's accounting system is a diagrammatic representation that depicts the auditor's: Multiple Choice understanding of the system. understanding of the types of fraud that are probable, given the present system. documentation of the study and evaluation of the system. program for tests of controls.
a
An auditor's primary consideration regarding an entity's internal controls is whether they: Multiple Choice affect the financial statement assertions. relate to the control environment. reflect management's philosophy and operating style. prevent management override.
a
Which of the following would be a potential control deficiency because of a lack of segregation of duties? Multiple Choice a- The person who is responsible for ordering equipment receives the equipment before it is released to the shop floor. b- The person who reconciles the bank accounts is also responsible for reconciling the accounts receivable subsidiary ledger to the control account in the general ledger. c- The person who is responsible for receiving inventory ordered is also responsible for custody of the inventory and releasing it to the factory as authorized requisitions are received. d- The person responsible for maintaining the accounts receivable subsidiary ledger is also responsible for maintaining the accounts payable subsidiary ledger.
a
How do the following attributes impact substantive procedures within an audit? adequate internal controls , high risk of material misstatement, predictable relationships among data
a / decrease increase increase
An auditor has established the planned assessed risk of material misstatement for an area of the audit as low because the client has established meaningful controls to prevent a material misstatement. The auditor has performed walkthroughs to determine if the policies have been placed in operation. Next: a- The auditor should perform tests of controls and, if results are satisfactory, the nature, timing, and extent of further audit procedures will be adjusted as less additional evidence will be required. b- The auditor should perform tests of controls as a basis for determining if there are control deficiencies that should be communicated to those charged with governance. c- The auditor will adjust the nature, timing, and extent of further audit procedures as less additional audit evidence will be required. d- The auditor will perform substantive tests to determine whether or not the controls have been effective during the period being audited.
a- The auditor should perform tests of controls and, if results are satisfactory, the nature, timing, and extent of further audit procedures will be adjusted as less additional evidence will be required.
Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective? Multiple Choice a- effectiveness and efficiency of operations b- all of these are correct. c- compliance with applicable laws and regulations d- reliability of financial reporting
all of the above
The requirement to _________ journal entries is an example of a preventive control.
approve
Auditors obtain an understanding of a nonpublic entity's internal control for the primary purpose of: Multiple Choice Gathering sufficient evidence to provide a reasonable basis for an opinion on the financial statements. Determining the nature, extent, and timing of subsequent audit procedures to be performed. Providing documentary evidence to present to the audit committee. Determining whether interim audit testing is appropriate.
b
Regardless of the assessed level of control risk, an auditor would perform some: Multiple Choice a- analytical procedures to verify the design of internal controls. b-substantive procedures to restrict detection risk for significant transaction classes. c-dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk. d-tests of controls to determine the effectiveness of internal controls.
b
Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent: Multiple Choice disclosures of information that significantly contradict the auditor's going concern assumption. significant deficiencies in the design or operation of the internal control. manipulation or falsification of accounting records or documents from which financial statements are prepared. material fraud or illegal acts perpetrated by high-level management.
b
The role of the registered independent auditing firm relative to its clients' internal controls under the Sarbanes-Oxley Act of 2002 is to Multiple Choice Report to both the PCAOB and SEC those entities with unsatisfactory internal controls. Express an opinion on the effectiveness of the entity's internal control. Provide report feedback but disclaim an opinion on management's assessment. Express an opinion on whether the entity is subject to all provisions of the Securities Exchange Act of 1934.
b
Which of the following are considered components of internal control? Multiple Choice Use of prenumbered documents Risk assessment Performance indicators Segregation of duties
b
Which of the following best describes why an auditor is always required to document the auditor's understanding of internal controls? Multiple Choice To lower control risk To document the basis for risk assessment To avoid performing substantive procedures To provide complete support the auditor's opinion
b
Which of the following is not one of the five major components of internal control? Multiple Choice Control activities. Human resource background checks. Information and communication system. Risk assessment.
b
Which of the following represents the correct sequence of audit steps that come after first obtaining an understanding and documenting the entity's internal control? Multiple Choice Assess Control Risk, Test of Controls, Determine Extent of Substantive Testing, Reassess Control Risk. Assess Control Risk, Test of Controls, Reassess Control Risk, Determine Extent of Substantive Testing. Test of Controls, Assess Control Risk, Determine Extent of Substantive Tests, Reassess Control Risk. Assess Control Risk, Determine Extent of Substantive Testing, Test of Controls, Reassess Control Risk.
b
Which of the following statements about internal control is correct? Multiple Choice A properly maintained internal control system reasonably ensures that collusion among employees cannot occur. The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system. The establishment and maintenance of internal control is an important responsibility of the internal auditor. An exceptionally strong internal control system is enough for the auditor to eliminate substantive procedures on a significant account balance.
b
Monitoring is a major component of the COSO Internal Control—Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component? Monitoring and other audit work conducted by internal audit staff can reduce external audit costs. Monitoring can be an ongoing process. The independent auditor can serve as part of the entity's control environment and continuous monitoring. Monitoring can be conducted as a separate evaluation.
c
The effectiveness of internal control is reduced by: a- Computerized accounting records. b- Flowcharts. c- Human errors or mistakes. d- Both a and c.
c
Which of the following statements concerning control deficiencies is true? Multiple Choice Significant deficiencies are a subset of material weaknesses that must be reported to the public. A control deficiency is a type of significant deficiency. The two dimensions of control deficiencies are likelihood of occurrence and magnitude. Auditors are required to report all control deficiencies to the audit committee.
c
An audit client maintains a proprietary computer system to be accessed only by authorized personnel. An access log is maintained within the system identifying all who accessed the system along with the date and times of access. What type of test of controls would best help the auditor obtain evidence as to whether access to this system is effectively controlled? Multiple Choice a- Observation b- Analytical procedures c- Inspection d- Inquiry
c - inspection
HexaCo has various policies and procedures pertaining to the company's operations. Policies and procedures that management uses to provide reasonable assurance that the entity's objectives will be achieved are referred to as Information and communication Control activities Control environment Monitoring
control activities
____ controls come into play when a mistatement is found
corrective
After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because the auditor: Multiple Choice performs tests of controls to restrict detection risk to an acceptable level. identifies internal controls that are likely to prevent material misstatements. determines that the pertinent internal control components are not well documented. believes the internal controls are unlikely to be effective.
d
As part of its system of internal control, X Company requires that all customer sales orders receive approval from the credit department before they can continue to be processed for fulfillment in the sales system. What type of control activity is this? Multiple Choice Physical control Segregation of duties Performance indicator Information processing control
d
Assessing control risk below high involves all of the following except: Multiple Choice analyzing the achieved level of control risk after performing tests of controls. identifying specific controls to rely on. performing tests of controls. concluding that controls are ineffective.
d
What objectives of controls are of primary interest to an auditor performing a financial statement audit? Multiple Choice a- Prevention or detection and timely correction of errors and fraud. b- Compliance with applicable laws and regulations. c-Effective and efficient operations. d- Accurate and reliable financial reporting.
d
Which of the following audit techniques would most likely provide an auditor with the least assurance about the effectiveness of the operation of a control? Multiple Choice reperformance of the control by the auditor walkthrough observation of entity personnel inquiry of entity personnel
d
Which of the following is a proper reason for not conducting tests of controls for nonpublic companies? Multiple Choice The internal control structure appears very strong. The auditor prefers the control risk to be the minimum. The company does not have any flowcharts of its system available for review. The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.
d
Which of the following types of audit reports would not be appropriate for an auditor to issue on the effectiveness of an entity's internal controls? Multiple Choice a- Unqualified [no material weaknesses identified]. b- Disclaimer [unable to perform key audit procedures]. c- Adverse [a material weakness exists]. d- Qualified [a significant deficiency exists].
d
Internal controls are designed to achieve company objectives in all of the following areas except: a- Safeguarding of assets. b-Reliability of financial reporting. c-Compliance with laws and regulations. d-Reduction of debt financing costs.
d - reduction of debt financing
the goal to find a misstatement that has already been made is
detecting
An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus? data capture controls general controls application controls output controls
general controls
segregation of duties is a control aimed at ______ misstatement
preventing
preparing bank ___ can help detect mistatements that have been made
reconciliations
X Company recognizes the need to stay current on all accounting pronouncements to make certain that the company's financial statements are being prepared in accordance with current GAAP. Identifying this need relates to which internal control component? Multiple Choice a- Risk assessment b- Control environment c- Monitoring d- Control activities
risk assessment