Exam #2- Auditing
A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with: a. knowledge necessary to determine the nature, timing and extent of further audit procedures b. audit evidence to use in reducing detection risk c. a basis for modifying test of controls d. an evaluation of the consistency of application of management policies
A
An accounts payable program posted a payable to a vendor not included in the online vendor master file. A control that would prevent this error is a: a. validity check b. range check c. limit test d. control total
A
The auditors are concerned about source documents that reflect valid transactions that have not been recorded in the journals. Which procedure would be most effective? a. Trace from source documents to journals b. Vouch from journals to source documents c. Either (a) or (b)
A
To have an adequate basis to issue a management report on internal control under Section 404(a) of the Sarbanes-Oxley Act, management must do all the following except a. establish internal control with no material weakness b. accept responsibility for the effectiveness of internal control c. evaluate the effectiveness of internal control using suitable control criteria d. support the evaluation with sufficient evidence
A
Tracing from source documents to journals most directly tests: a. Completeness (understatements) b. Existence (overstatements)
A
When a CPA decides that the work performed by internal auditors may have an effect on the nature, timing, and extent of the CPA's procedures, the CPA should consider the competence and objectivity of the internal auditors. Relative to objectivity, the CPA should: a. consider the organizational level to which the internal auditors report the results of their work b. review the internal auditors' work c. consider the qualifications of the internal audit staff d. review the training program in effect for the internal audit staff
A
When erroneous data are detected by computer program controls, such data may be excluded from processing and printed on an error report. This error report should be reviewed and followed up by the a. Data control group b. Systems analyst c. Supervisor of IT operations d. Computer programmer
A
Effective internal control in a small company that has an insufficient number of employees to permit proper separation of responsibilities can be improved by: a. employment of temporary personnel to aid in the separation of duties b. direct participation by the owner in key record-keeping and control activities of the business c. engaging a CPA to perform monthly write-up work d. Delegation of full, clear-cut responsibility for a separate major transaction cycle to each employee
B
LAN is the abbreviation for a. large area network b. local area network c. longitudinal analogue network d. low analytical nets
B
Tests of controls do not address a. how controls were applied b. how controls were originated c. the consistency with which controls were applied d. by what means the controls were applied
B
The auditors are concerned about transactions that have been recorded in the journals (and subsequently in the ledgers) that are not valid- that is, a transaction is recorded, but it did not actually occur (e.g., a fraudulent overstatement of sales). Which procedure would be most effective? a. Trace from source documents to journals b. Vouch from journals to source documents c. Either (a) or (b)
B
The increased presence of user operated computers in the workplace has resulted in an increasing number of persons having access to the system. A control that is often used to prevent unauthorized access to sensitive programs is: a. backup of data in the cloud b. authentication procedures c. input validation checks d. record counts of the number of input transactions on a batch being processed
B
The preliminary assessments of control risk are often referred to as: a. the assessed level of control risk b. the planned assessed level of control risk c. control risk d. internal control objectives risk
B
Vouching from journals (or ledgers) to source documents mostly directly tests: a. Completeness (understatements) b. Existence (overstatements)
B
Which of the following best describes what is meant by the term "fraud risk factor"? a. Factors that, when present, indicate that risk exists b. Factors often observed in circumstances where frauds have occurred c. Factors that, when present, require modification of planned audit procedures d. Weaknesses in internal control identifies during an audit
B
Which of the following is an advantage of generalized audit software packages? a. they are all written in on identical computer language b. they can be used for audits of clients that use differing computing equipment and file formats c. they have reduced the need for the auditor to study input controls for computer-related procedures d. their use can be substituted for a relatively large part of the required tests of controls
B
Which of the following is least likely to be considering engagement of an information technology specialist on an audit? a. complexity of the client's system and IT controls b. number of financial institutions at which the client has accounts c. client's use of emerging technologies d. extent of the client's participation in electronic commerce
B
Which of the following is most likely to be an overall response to fraud risks identified in an audit? a. Supervise members of the audit team less closely and rely more upon judgement b. Use less predictable audit procedures c. Use only certifies public accountants on the engagement d. Place increased emphasis on the audit of objective transactions rather than subjective transactions
B
Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes? a. checklist b. confirmation c. flowchart d. questionnaire
B
Which of the following would be least likely to be considered an of internal control? a. checking the accuracy and reliability of accounting data b. detecting management fraud c. encouraging adherence to managerial policies d. safeguarding assets
B
An auditor may compensate for a weakness in internal control by increasing the extent of: a. test controls b. detection risk c. substantive tests of details d. inherent risk
C
An auditor will use the computer test data method in order to gain assurances with respect to the: a. security of data in a system b. IT system capacity c. controls contained within a program d. degree of data entry accuracy for batch input data
C
At the completion of the audit the auditors are least likely to know: a. the assessed level of control risk b. the planned assessed level of control risk c. actual control risk d. the scope of tests of controls
C
Controls over financial reporting are often classified as preventative, detective, or corrective. Which of the following is an example of a detective control? a. segregation of duties over cash disbursements b. requiring approval of purchase transactions c. preparing bank reconciliations d. maintaining backup copies of key transactions
C
End user computing is most likely to occur on which of the following types of computers? a. mainframe b. decision support systems c. personal computer d. personal reference assistants
C
In planning and performing an audit, auditors are concerned about risk factors for two distinct types of fraud: fraudulent financial reporting and misappropriation of assets. Which of the following is a risk factor for misappropriation of assets? a. Generous performance-based compensation systems b. Management preoccupation with increased financial performance c. An unreliable accounting system d. Strained relationship between management and the auditors
C
The auditors are concerned about transactions that have been recorded for improper amounts. Which procedure would be most effective? a. Trace from source documents to journals b. Vouch from journals to source documents c. Either (a) or (b)
C
The auditors would be least likely to use software to: a. access client data files b. prepare spreadsheets c. assess computer control risk d. test application programs
C
The auditors would most likely be concerned with which of the following controls in a distributed data processing system? a. hardware controls b. systems documentation controls c. access controls d. disaster recovery controls
C
The primary objective of test of details of transactions performed as substantive procedures is to: a. Comply with generally accepted auditing standards b. Attain assurance about the reliability of the accounting system c. Detect material misstatements in the financial statements d. Evaluate whether management's policies and procedures are operating effectively
C
Three conditions generally are present when fraud occurs. Select the one below that is not one of those conditions. a. Incentive or pressure b. Opportunity c. Supervisory position d. Attitude
C
When the auditors are performing a first-time internal control audit in accordance with the Sarbanes-Oxley Act and PCAOB standards, they should: a. modify their report for any significant deficiencies identified. b. use a "bottom-up" approach to identify controls to test. c. test controls for all significant accounts. d. perform a separate assessment of controls over operations.
C
Which of the following elements underlies the application of generally accepted auditing standards, particularly the standards of fieldwork and reporting? a. Adequate disclosure b. Quality control c. Materiality and audit risk d. Client acceptance
C
Which of the following is least likely to be a test of controls? a. inquires of client personnel b. inspection of documents c. observation of confirmations d. reperformance of controls
C
Which of the following is not a major component of an information system? a. people b. data c. review d. software
C
Which of the following is not an advantage of establishing an enterprise risk management system within an organization? a. reduces operational surprises b. provides integrated responses to multiple risks c. eliminates all risks d. identifies opportunities
C
Which part of an audit is least likely to be completed before the balance sheet data? a. Test of controls b. Issuance of an engagement letter c. Substantive procedures d. Assessment of control risk
C
An entity's ongoing monitoring activities often include: a. periodic audits by internal auditors b. the audit of the annual financial statements c. approval of cash disbursements d. management review of weekly performance reports
D
As one step in testing sales transactions, a CPA traces a random sample of sales journal entries to debits in the accounts receivable subsidiary ledger. This test provides evidence as to whether: a. Each recorded sale represents a bona fide transaction b. All sales have been recorded in the sales journal c. All debit entries in the accounts receivable subsidiary ledger are properly supported by sales journal entries d. Recorded sales have been properly posted to customer accounts
D
Tests of controls ordinarily are designed to provide evidence of: a. balance correctness b. control implementation c. disclosure adequacy d. operating effectiveness
D
The audit committee of a company must be made up of: a. Representatives from the client's management, investors, suppliers, and customers b. The audit partner, the chief financial officer, the legal counsel, and at least one outsider c. Representatives of the major equity interests, such as preferred and common stockholders d. Members of the board of directors who are not officers or employees
D
The risk that the auditors will conclude, based on substantive procedures, that a material misstatement does not exist in an accounting balance when, in fact, such misstatement does exist is referred to as: a. Business risk b. Engagement risk c. Control risk d. Detection risk
D
When an online, real time (OLRT) EDP system is in use, internal control can be strengthen by a. providing for the separation of duties between data entry and error-listing operations b. attaching plastic file protection rings to reels of magnetic tape before new data can be entered on the file c. preparing batch tools to provide assurance that file updates are made for the entire input d. making a validity check of an identification number before a user can obtain access to the computer files
D
Which of the following should not normally be included in the engagement letter for an audit? a. A description of the responsibilities of the client personnel to provide assistance b. In indication of the amount of the audit fee c. A description of the limitations of an audit d. A listing of the client's branch offices selected for testing
D
Which of the following should the auditors obtain from the predecessor auditors before accepting an audit engagement? a. Analysis of balance sheet accounts b. Analysis of income statement accounts c. All matters of continuing accounting significance d. Facts that might bear on the integrity of management
D
T/F: In cloud-based systems, programs are typically housed by service providers
F
T/F: The systems development life cycle is a system for securing programs and data
F
T/F: a limit test in a computer program is comparable to a decision that an individual makes in a manual system to judge a transaction's reasonableness
F
T/F: a organization that has an intranet housed on a local area network (LAN) does not have to be concerned with unauthorized access
F
T/F: a recent improvement in computer hardware is the ability to automatically produce error listings. Previously this was possible only when provisions for such a report were included in the program
F
T/F: An internal-audit computer program that continuously monitors IT processing is a feasible approach for improving internal control in OLRT systems
T
T/F: In a three-tier client/server environment, presentation, processing, and data storage are seperated
T
T/F: Online transaction processing systems are closely related to expert systems
T
T/F: The control of input and output to and from the information systems department should be performed by an independent data control group
T