ACCY131-Chpt 7

Ace your homework & exams now with Quizwiz!

Management periodically evaluates the threats to preparting reliable financial statements.

Control component: Risk assessment Sub-control component: n/a

In an integrated audit, the planning of the internal control audit is ______ the planning of the financial statement audit.

coordinated with

Watch as a second person reviews the quantities, prices, extensions, and footing of each sales invoice.

Observation

Which of the following is least likely to be a test control?

Observation of confirmations

Under the direction of the treasurer, Has custody of liquid assets, Plans future cash requirements, Conducts financial activities

Finance department

Detective Controls

A requirement to prepare bank reconciliations controls designed to discover control problems that were not prevented

Which of the following is NOT a reason that internal control can only provide reasonable assurance from fraud and waste?

All designed controls to address fraud and waste are adopted.

Independence from management and proper oversight of the development and performance of the organization's internal control should be demonstrated by the board of directors and its __________ committee.

audit

Exiting an activity that gives rise to a risk is an example of risk ________________.

avoidance

Components included in the 2017 enterprise risk management framework include governance and ______________; ____________________ and objective-setting; and ____________.

culture strategy performance

Proper segregation of duties should be applied to ______.

departments and individuals

The goal to find a misstatement that has already been made is a type of ________ control.

detective control

When internal auditors provide direct assistance to external auditors in preparing working papers and performing certain audit procedures, external auditors should ______.

direct, supervise, review, and test the work

Internal control is a process designed to provide ______ assurance regarding the achievement of objectives relating to operations, reporting, and compliance.

reasonable

Monitoring

Ongoing and separate evaluations.

The difference between control objectives of internal control and management assertions is that ______.

control objectives relate to operations, compliance, and financial reporting

Which of the following is NOT one of the components of the 2017 risk management framework?

Profitability

___________ auditors are the auditors of a service organization.

Service

Auditors selected by a service organization to assess systems

Service Auditors

Flowchart

Documentation

COSO's definition of internal control emphasizes that it is a(n) ______________________, or a means to an end.

Process

What is the primary reason that auditor's assess internal control?

To determine the risk of misstatements of accounts

Preventive control

segregation of duties

The Sarbanes-Oxley Act of 2002 requires public companies to provide reports on internal control by ______.

management and auditors

Which of the following is not a limitation of interal control?

transaction controls

Integrated audit

Reporting on internal control and financial statements An audit of both financial statements and internal control over financial reporting, provided by the external auditor. Required for public companies.

Controls over the authorization and processing of payroll are _______________ controls.

application

exiting the activity that gives rise to the risk

avoidance

Section 404 of the Sarbanes-Oxley Act requires public companies to provide reports on internal control by ______.

management external auditors

In an audit of a small company, the auditor typically performs ______ internal control.

more substantive procedures because of the absence of strong

Further audit procedures

Substantive procedures and tests of controls. The additional procedures that are performed based on the results of the auditors' risk assessment procedures. Such procedures include additional tests of controls (if needed) and substantive tests of account balances, classes of transactions, and disclosures.

Less severe than a material weakness

significant deficiency

For public companies, auditors are required to perform a(n) ____________

audit that addresses both the financial statements and internal control

Purchasing an insurance policy to protect assets is an example of risk ______.

sharing

managing the risk or adding additional controls to process it

reduction

A report that documents a service organization's controls and documents their suitability

Type 1 Report

Data analytics may be used ______ to certain sampling tests.

either as a supplement or an alternative

Management has developed and distributed a code of conduct.

Control component: Control environment Sub-control component: integrity and ethical values

The accounting department uses a manual of accounting policies and procedures.

Control component: Accounting information and communication system Sub-control component: n/a

entry into the warehouse is strictly controlled by security personnel

Control component: Control activities Sub-control component: Physical controls

For the control environment component, professional standards require auditors should obtain sufficient knowledge about the company's ______.

antifraud program

True or false: The auditors should obtain an understanding of the client's processes for eliminating business risks.

False

When the auditors are performing a first-time internal control audit in accordance with the Sarbanes-Oxley Act and PCAOB standards, they should:

Test controls for all significant accounts. In an audit of internal control performed under PCAOB standards, the auditors must test controls for all significant accounts.

Type 2 reports address operating _______; type 1 do not.

effectiveness

A deficiency in internal control such that there is a reasonable possiblity that a material misstatement will not be prevented or detected on a timely basis.

Material weakness in internal control

Factors that may indicate increased financial reporting risk include ______. Multiple select question. consistent use of accounting information systems new business models changes in personnel consistent use of accounting principles

new business models changes in personnel

Sarbanes-Oxley Section 404 requires that ______ internal control. Multiple select question. management accept responsibility establishing management evaluate the effectiveness of auditors accept responsibility for the effectiveness of

management accept responsibility establishing management evaluate the effectiveness of

Controls that assess whether other transaction control activities are operating properly and are usually focused on high risk transactions are called ______ controls.

supervisory

Management is committed to hiring employees with appropriate levels of education, experience, and evidence of integrity and ethical behavior.

Attracting, developing, and retaining competent employees.

performance review

Comparison of actual performance to expectations

The human resources department investigates the educational background of prospective employees.

Control component: Control environment Sub-control component: Commitment to attract, develop and retain competent employees

Management has prepared and distributed an organizational chart.

Control component: Control environment Sub-control component: Effective structure, reporting lines, and authority and responsibility.

____________________ controls come into play when a misstatement is found.

Corrective

A situation in which a control does not allow management or employees, in the normal course of performing their functions, to prevent or detect misstatements on a timely basis.

Deficiency in internal control.

A well designed structure provides a basis for planning, directing, and controlling operations.

Effective organizational structure

True or false: The division of responsibilities between finance and accounting illustrates how accounting is involved in the financial operations of the business but separated from the custody of assets.

False

True or false: The division of responsibilities between finance and accounting illustrates how accounting is involved in the financial operations of the business but separated from the custody of assets.

False

True or false: The COSO definition of internal control emphasizes that internal control is an end in and of itself

False

The organization must hold individuals accountable for their internal control responsibilities.

Individual accountability

Risk Assessment Procedures

Inquiries, analytical procedures, observation audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control, to identify and assess the risks of material misstatement

Talk to client personnel about the control policy requiring a second person to review the quantities, prices, extensions, and footing of each sales invoice.

Inquiry

Corrective Controls

Maintaining backups of data

This component of internal control assesses the quality of internal control performance over time.

Monitoring

Monitoring customer complaints

Ongoing

Compare the quantity from sales invoice to related shipping document, compare unit price to client's price list, and verify extensions and footings.

Reperformance

Control activities

Risk responses policies, procedures, and rules that provide reasonable assurance that control objectives are met and risk responses are carried out

Perform data processing/computer/IT services, like payroll processing, for various clients

Service Organization

An auditor may compensate for a weakness in internal control by increasing the extent of:

Substantive tests of details. An increase in the substantive procedures will decrease detection risk, and thereby compensate for the increased level of control risk due to a weakness in internal control. Answer (1) is incorrect because if the weakness exists, increasing the extent of tests will only provide more evidence on the weakness—not evidence that compensates for the weakness. Answers (2) and (4) are incorrect because a decrease in detection risk or inherent risk, not an increase, would compensate. Also, in the case of inherent risk, it may not be possible to change the assessment since it is a function of the firm's environment.

A report that documents a service organization's controls and documents their suitability and effectiveness

Type 2 Report

The sequence of procedures applied by the client in processing a particular type of recurring transaction

Walk-through

Auditors use their understanding of internal control to do all of the following except ______.

assess detection risk for use in the audit risk model

Controls that rely on segregation of duties may be circumvented by _____________________ among employees.

collusion

Internal control addresses the achievement of objectives in the following areas except ______.

company profitability and growth

External auditors should assess the _________________ (proficiency and training based on education, experience, and professional certifications) and __________________ (ability to perform their duties free from conflicting responsibilities or constraints) of the internal audit function before relying on their work.

compentency and objectivity

A control that functions together with another control to achieve the same control objective

complimentary control

To enhance the control environment, management develops job __________.

descriptions

To enhance the control environment, management should do all of the following except ______.

make sure one person authorizes transactions, records transactions, and has custody of assets

In an internal control audit, tests of the ______________________of controls are used to determine whether the controls function as designed and if the individuals performing the controls possess the necessary authority and qualifications.

operating effectiveness

Management needs to assess risks that threaten their ability to meet their objectives in the areas of ______.

operations, reporting, and compliance

In general, auditors want evidence on operating effectiveness throughout the audit, so they ______ the year.

sample throughout

Regarding deficiencies and weaknesses in internal control, auditing standards require auditors to communicate in writing ______. Multiple select question. internal control deficiencies significant deficiencies material weaknesses

significant deficiencies material weaknesses

If employees lack ________, they may be ineffective in performing their duties.

skills

The rule that management must approve all credit sales over $75,000 is an example of a(n) _______________ authorization.

specific

When an organization has senior management and a board of directors that establish values and expectations regarding appropriate behavior and lead by example, it is said to have a strong ______.

tone at the top

There are ________ types of reports that auditors of service organizations (service auditors) can provide.

two

The requirement to _________ journal entries is an example of a preventive control.

approve

The extent of independence of this group is critical

Effective board of directors

A form of insurance in which an insurance company agrees to reimburse an employee for losses attributable to employee theft is referred to as _______________________

fidelity bonds

The development of significant accounting estimates and preparation of the notes and selection and application of significant accounting policies are examples of risks at the ____________________ ________________ level.

financial statement

Specific authorization occurs when transactions are authorized on an individual basis while _______________ authorization occurs when management establishes criteria for acceptance of a certain type of transaction.

general

Transaction-level controls may be broken down into two categories:

general and application control activities

Segregation of duties is a control that does not leave documentary evidence so it should be tested by ______. Multiple select question. inspecting evidence of segregation of duties observing the client's employees performing the duties inquiring as to who performed these duties

observing the client's employees performing the duties inquiring as to who performed these duties

Control Risk

the likelihood that the client's internal control policies and procedures fail to prevent or detect a material misstatement

Tests of controls are generally performed ______.

throughout the year

All of the following are examples of control activities except ______.

tone at the top

Walk-through

Follow a transaction through the system

A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with:

knowledge to determine the nature, timing, and extent of further audit procedures.

When auditors assess risk at the ______________________ assertion level instead of the financial statement level, they consider both the design of the control and its implementation.

relevant

The two broad categories of information processing controls are ____________________ and application controls.

general controls

When auditors consider internal control design to be strong, they need to determine whether the control has been implemented which normally involves ______.

observing the procedure

insurance, hedging, and outsourcing

sharing

Choice taking no action

acceptance

The auditors of a service organization, known as service auditors, may review the controls at the organization and issue a report that may be relied upon by __________.

user

A clearly articulated statement of ethical values

Commitment to integrity and ethical values

A supplement or alternative to certain sampling tests is the use of data _______________.

analytics

True or false: Auditors test the design of controls immediately after determining if they operate effectively.

False

Under the direction of the controller, Often designs and implements internal control, Records financial transactions, Establishes accountability over assets

Accounting department

All of the following are possible responses to a pervasive weakness in internal control except:

Adding an element of unpredictability to the procedures performed.

A client's _______ environment includes such components as management philosophy and operating style, and organizational structure

Control

performance reviews are an integral part of which component of internal control?

Control activities

Management compares actual performance budgets and forecasts.

Control component: Control activities Sub-control component: performance reviews

Invoices are reviewed for accuracy before they are mailed to customers.

Control component: Control activities Sub-control component: transaction processing (or application) control.

Management surveys customers about their satisfaction with the company's service.

Control component: Monitoring Sub-control component: Ongoing

The internal auditors periodically evaluate the controls in the various departments of the company.

Control component: Monitoring Sub-control component: Ongoing

Select a sample of sales invoices and look for initials of a second person who reviewed the quantities, prices, extensions, and footing of each sales invoice.

Inspection

A primary objective of procedures performed to obtain an understanding of internal control is to provide the auditors with:

Knowledge necessary to determine the nature, timing, and extent of further audit procedures.

_____________should develop a statement of ethical values.

Senior management

Audits by internal auditors

Separate

The preliminary assessments of control risk are often referred to as:

The planned assessed level of control risk

True or false: When obtaining an understanding of the control environment, it is important that auditors focus on the substance of controls, rather than their form.

True

A type ____________report assesses the controls and their suitability

Type 1

A type ____________report assesses the controls and their suitability and effectiveness

Type 2

Test of controls are designed to determine all of the following, except:

Whether the contro was overridden

In a small company, it is not always practical to segregate duties. To strengthen internal control to prevent or detect the concealment of fraud or errors ______.

active participation by the owner is needed

Policies and procedures that help mitigate the risk that the organization's objectives are not met are called control _______________

activities

Auditors should identify and assess the risks of material misstatement:

both the financial statement level and the relevant assertion level for account balances.

All of the following are appropriate tests of controls except ______.

confirmation of control with third party

Auditors identify the company's control objectives and risks in each financial reporting area and then identify relevant controls that satisfy each control objective when testing design ____________________.

effectiveness

Auditors understanding of internal control should include not only the design of controls but also whether they ______.

have been implemented

Before performing tests of controls to determine whether they are operating effectively, auditors must first ______.

identify the controls likely to prevent or detect material misstatements

Risk assessment is management's process for ______. Multiple select question. identifying risks analyzing risks controlling risks ignoring risks

identifying risks analyzing risks

The goal of segregation of duties is not to allow an individual to have ______________

incompatible

Procedures to obtain an understanding of internal control include ______. Multiple select question. performance of analytical procedures inquiry of entity personnel inspection of documents and reports tracing of transactions through information system

inquiry of entity personnel inspection of documents and reports tracing of transactions through information system

The three categories of objectives of ________________ (internal/external) control are reporting, operations, and compliance

internal

In making a judgment about the extent of the understanding of ___________________ necessary, auditors should realize the information will be used to identify types of potential misstatements and consider factors that affect the risks of material misstatement.

internal control

After assessing the risks of material misstatement, auditors should design further audit procedures such as substantive procedures and tests of controls if planned assessed level of control risk is ______.

low

When the auditor has performed tests of controls and they are operating effectively a ______ risk is appropriate.

lower assessed level of control

A deficiency in internal control over financial reporting (or combination of deficiencies) such that there is a reasonable possibility that a material misstatement of the company's financial statements will not be prevented or detected on a timely basis is a(n) _______________________ __________________________.

material weakness

Regarding deficiencies and weaknesses in internal control, auditing standards require auditors to communicate in writing ______.

material weaknesses significant deficiencies

In comparison to financial statement audits, auditors who perform integrated audits typically perform ______.

more audit procedures directed toward testing the effectiveness of internal control

Organizational structure provides a basis for planning, directing, and controlling __________________

operations

The three categories of objectives of internal control are reporting, _____________, and _________________ .

operations and compliance

Controls that may be most relevant in an audit include those that ______. Multiple select question. Select all that apply pertain to the reliability of financial reporting affect efficiency and effectiveness of operations only affect the reliability of data used to perform audit procedures

pertain to the reliability of financial reporting affect the reliability of data used to perform audit procedures

The preliminary assessments of control risk are often referred to as the _________________ assessed level of control risk.

planned

Segregation of duties is a control aimed at ____________ misstatement.

preventing

External auditors can use the work of internal auditors to ______. Multiple select question. provide direct assistance to the external auditors review the work of external audit staff supervise the work of external audit staff provide audit evidence based on their normal internal audit work

provide direct assistance to the external auditors provide audit evidence based on their normal internal audit work

A well-designed organizational structure ______. Multiple select question. provides a basis for planning, directing, and controlling operations is based upon centralized management decision making ensures appropriate segregation of duties

provides a basis for planning, directing, and controlling operations ensures appropriate segregation of duties

Preparing bank _________ can help detect misstatements that have been made.

reconciliations

The overall response of the auditor to financial statement risks might include all of the following except ______.

reducing the overall scope of audit procedures

An integrated audit requires the auditors to test controls for all ______.

relevant assertions about major accounts

The controls that are most relevant to an audit are those that pertain to the ______.

reliability of financial reporting

One feature of well-designed forms and documents that can be used to control the number of documents issued and account for sequence of documents is ______.

serial numbers

Which of the following is not a COSO component of internal control?

Board Oversight Explanation: Coso framework is developed to align the internal control process with the Business process. It enable the business to give assurance that the business is running according to set standard .

True or false: If the auditors do an extensive job of identifying and assessing risk of material misstatement at the relevant assertion level, it is not necessary to assess risk at the financial statement level.

False

The audit committee should be composed of directors who are not _______________ of the organization.

employees

The audit committee ______. Multiple select question. is directly responsible for the CPA firm performing public company audits looks to senior management to resolve any differences with the auditing firm oversees development and performance of the organization's internal control should have one member that is an officer of the organization

is directly responsible for the CPA firm performing public company audits oversees development and performance of the organization's internal control


Related study sets

Statistics Midterm Study Guide Chapter 2

View Set

The successful selling of merchandise depends on the price point, which must be in line with what the consumer is willing to pay for the product. List and describe the levels of price points and give an example of a retailer for each price point.

View Set

Network Pro Part 3 ++++++++++++++++++++++++++++++

View Set

Important Elements from the Periodic Table

View Set

Chapter 9. Making Capital Investment Decisions

View Set

Guida de Examen - Modulo 3 Representaciones simbolicas y algoritmos

View Set

Pharm Ch. 42: Drugs Used to Treat Glaucoma and Other Eye Disorders

View Set

Chapter 8: Harvesting Energy: Glycolysis and Cellular Respiration

View Set

Series 6: Chapter 5:3 Variable Annuities

View Set