audit 2 practice

Ace your homework & exams now with Quizwiz!

Gaining an understanding of internal controls should start by identifying

-are somewhat unique for each organization -can be useful in detecting internal control weaknesses -help the auditing team obtain evidence about the control environment

Flowcharts ______.

-help the audit team assess the key control points in the process -involve considerable time and effort -have become a popular documentation method for auditors -are time-consuming to construct -are easy to evaluate after they are completed -can be helpful in identifying missing controls

Audit considerations in an IT environment include ______.

-possibility of input errors -possibility of inappropriate access -to computer files and programs lack of an audit trail

Separation of duties ______.

-prevents incompatible responsibilities -prevents fraud that do not involve collusion -forces different people or departments to deal with different facets of transactions

section 302 of the sarbanes-oxley act

-requires management to assess the risks it wishes to control -makes managers responsible for establishing a control environment -makes management responsible for monitoring, supervising and maintaining control activities -is designed to ensure the proper "tone at the top" -allows managers to make their own judgments about the necessity of specific controls

Common monitoring controls include ______.

-self-assessments by boards regarding the effectiveness of their oversight -supervisory review of controls -periodic evaluation of controls by internal audit -self-assessments by management regarding the tone they set -quality assurance review of the internal audit department -analysis of and follow up items that might by indicative of a control failure

internal control questionnaires

-tend to be inflexible -should be used in combination with other methods -make it less likely for the audit team to forget to cover an important point -can be useful in detecting internal control weaknesses -are somewhat unique for each organization -help the auditing team obtain evidence about the control environment

After their understanding of the entity's internal controls have been documented, the audit team may choose not to perform tests on the operating effectiveness of the controls because ______.

-the internal control system is too ineffective to rely on -it is less time consuming to conduct substantive tests -the cost of obtaining a low control risk assessment is high

Obtaining an understanding of the information system relevant to financial reporting includes understanding ______.

-the nature of the underlying accounting records, information and accounts used to execute a transaction -how the information system captures events and conditions other than transactions significant to the financial statements

The five basic components of a properly designed internal control system as defined by COSO are:

1 control environment 2 risk assessment 3 control activities 4 monitoring 5 information and communication

Which of the following is NOT an administrative level control?

Access control software and passwords

Which of the following is NOT a category of general controls?

Automated application

Prenumbered documents are important in testing the ___ and the ___ assertion

Blank 1: completeness Blank 2: occurrence

"The science of acquiring, preserving, retrieving, and presenting data that has been processed electronically and stored on computer media" is the FBI definition of

Computer forensics

Which of the following statements are correct?

Confirming a specific transaction may be more effective than confirming the account balance. Confirmation returned as "undeliverable" are always a red flag.

True or false: Auditing standards recommend but generally do not require the use of confirmations for accounts receivable.

F

Which of the following statements are correct?

For a sample to be representative, all items in the population have an opportunity to be selected. Tests of controls should be applied to samples executed throughout the period under audit.

Which of the following is NOT a computer operations control?

Programs and software support the entity's financial reporting requirements.

Which of the following is NOT a basic activity in the revenue and collection cycle for a typical manufacturing company?

Purchasing raw materials

Which of the following is NOT an input control?

Run-to-run totals ^ its a processing control

Which of the following is NOT a typical end-user computing environment control issue that audit teams must consider?

Separation of programming and operations functions

Which of the following statements are correct?

Someone without access to check-writing should perform the recording function. Individuals outside of normal cash operations should prepare bank reconciliations.

Which of the following statements are correct?

Tests of controls over cash often support a reduction in control risk. Most audit clients have strong controls over cash.

Which of the following statements regarding the revenue cycle are correct?

There is always a presumptive risk of fraud. It consists of routine transactions. Tests of controls often support a reduction in control risk.

Which of the following is NOT a data entry control in end-user computing environments?

Transaction logs

Individuals employed by the entity and limitations or limits on the nature and scope of activities they perform are the focus of

administrative

When an auditor receives an oral response to a confirmation ______.

alternative audit procedures may be warranted a written response still needs to be requested

Substantive procedures over cash will ______.

always be performed

Substantive procedures are ______.

always performed in the revenue cycle

According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______.

always required

At the end of each day a copy of the check listing, a report of payments recorded in accountants receivable and a copy of the bank deposit slip should be received by ______.

an independent employee

fidelity bonds

are a type of insurance policy may include employee background checks are often recommended by auditors

Detection risk is set based on the level of _______and risk of material misstatement.

audit risk

When a material misstatement is not prevented or detected by the client's internal controls or auditors' substantive procedures,_____ has been manifested

audit risk

In an IT environment, a chain of evidence and documentation known as a(n) ----- does not exist

audit trail

Controls applied to specific business activities within an accounting information system to achieve financial reporting objectives are called

automated application controls

The primary document used to test the cash balance in the financial statements is the company's

bank reconciliation

An entity's auditors, accountants and security personnel must be acquainted with the basics of fraud awareness ______.

because not all fraud schemes can be thwarted or detected

The form the carrier signs to verify goods are shipped is a(n) ______.

bill of lading

All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as___that can prevent the organization from achieving it objectives.

business risks

all the debits to the cash accounts are found in the

cash receipts journal

Difficulties in estimating the allowance for doubtful accounts can be due to ______.

change in customer base changing economic conditions revised credit policies Need help? Review these concept resources.Read About the Concept Feedback

Two or more people working together to circumvent the internal control system is called____ and it cannot be prevented by separation of duties.

collusion

the audit team

communicates internal control issues to help management carry out internal control monitoring responsibilities must communicate significant deficiencies and material weaknesses identified during the audit

AS 2201 encourages the audit team to use the work of internal auditors but the audit team must evaluate their___ and ___

competence/objectivity

Auditors review items in the pending order file for evidence of the_____ of recorded sales and accounts receivable

completeness

Experts have two definitions related to computer chicanery

computer abuse computer fraud

The use of information technology by a perpetrator to achieve a gain at the expense of a victim is called

computer abuse or computer fraud

Impeaching a president, terrorist tracking and child pornographer prosecution have all been helped by

computer forensics

Providing reasonable assurance that processing failures do not affect or delay the processing of other transactions is one objective of

computer operation

Having an appropriate disaster recovery plan to ensure files are secured and protected from loss is a major objective of_____

computer operations

Justifications for not using confirmations may include ______.

confirmations would be ineffective other procedures provide sufficient, competent evidence receivables are not material

Specific actions a client's management and employees take to help ensure management's directives are carried out are called

control activities

Integrity, ethical values and competence of the entity's people are all___factors The foundation for all other components of internal control

control environment

It is important to maintain an up-to-date customer master file to ensure ______.

credit limits are appropriate files are accurate

proper separation of duties involves different people and departments handling______ of checks, cash disbursement ____ record keeping for payments and bank ___

custody authorization, reconciliaiton

Which of the following documents should be matched before recording revenue?

customer invoice evidence of shipment customer sales order

For current status, including up-to-date credit limit information, auditors may test a sample of the

customer master file

The auditors' information source for validating the bank reconciliation is typically a(n)_____ bank statement

cutoff

Tracing shipping documents before and after year-end to the sales journal and vouching credit memos for returns after year end to receiving reports are done to test the

cutoff

Verifying the dates on sales documents helps reduce the risk of misstatement related to the____ assertion of revenue

cutoff

To ensure sales are recorded in the proper period, auditors use sales

cutoff tests

Restrictions on access to input devices and standard screens and computer prompting are examples of _____ controls in end-user computing environments

data entry

Standardized formats and screens are examples of ______ controls.

data entry and formatting

When either the design or operation of the control under consideration does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion an internal control___ exits

deficiency

An employee knowingly doing something to bypass the internal control system is an act of ______.

deliberate circumvention

In determining whether an audit team can rely on IT controls, auditors must determine the scope of the IT testing plan completed by carefully identifying each of the IT

dependency

In a computerized environment, proper separation of duties is ______.

dependent on proper password controls

A problem relating to either a necessary control that is missing or an existing control so poorly constructed that it fails to satisfy the control's objective is called a(n) ______.

design deficiency

The major phases that need to be completed in order to determine whether an audit team can rely on IT controls are ______

determining the scope of the IT testing plan by identifying each IT dependency testing the IT controls understanding the IT controls and processes that need to be tested

Auditors must gain an understanding of internal controls that are in place to mitigate assessed fraud risk and, at a minimum,______.

document that understanding in the workpapers

COSO internal control categories include ______and_____ of operations.

effectiveness/efficiency

missappropriation of assets is another term for

employee fraud

COSO developed a(n) ______ framework to facilitate the assessment and mitigation of business risks a company faces.

enterprise risk management

Audit professionals generally categorize------- level controls as either general controls or application controls.

entity

Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls.

entity

Within a client's IT environment, there are essential, general IT controls that apply to all applications that are called

entity level controls

For all relevant assertions for each significant account and disclosure, the audit team begins by examining___-___controls that are pervasive to the internal control system and reliability of the financial statements as a whole.

entity-level

The audit team's first step in gaining an understand of the client's internal control system should focus on ______.

entity-level controls

When computerized processing is used ______.

errors will result in all similar transactions between processed incorrectly

Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ___ testing Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing.

exception

When customers are not willing or able to return confirmations, examining subsequent cash receipts, sales orders, invoices, and shipping documents, and correspondence files for past-due accounts are alternative procedures that may be performed to ensure

existence

Accounts receivable confirmation is a substantive procedure designed to obtain evidence of the _____and rights & obligations of customers' balances directly from the

existence rights and obligations

True or false: A walkthrough can be used to provide evidence of whether the client's control activities were operating effectively during the period under audit.

false

True or false: All passwords should be at least six characters long to make hacking by computer-generated algorithms difficult.

false Reason: A six character lower case alphabetic password of 6 characters can be hacked in 10 minutes.

True or false: There is no such thing as a typical revenue and collection cycle.

false Reason: Companies come in many different sizes and there are also differences between industries.

True or false: Small entities often fail to separate the functions of programming and operations due to indifference with respect to internal control.

false Reason: While it is true these functions are not always separated, it often occurs because of a lack of resources, not indifference.

True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness.

false The components work in an integrated manner

True or false: When doing a WCGW analysis, the question the auditor should ask is, "Has the client designed and implemented a control that, if operating perfectly, would mitigate the identified risk of material misstatement?"

false ^ perfection is not an option, settle for effective

True or false: For audits of internal control, the audit team must understand and evaluate internal controls for the entire period.

false they are as of the end of the fiscal year

Procedures related to internal control in an integrated audit performed under AS 2201 are ______ than those in a GAAS audit for a nonpublic entity.

far more expensive

An insurance policy that covers most kinds of cash embezzlement losses is called a(n)

fidelity bond

A safe and secure computing environment that allows the operating controls to operate effectively is provided by the

general IT controls

a typical white collar criminal is

generally acting alone socially conforming attended college some type of religious affiliation no arrest record

The cutoff bank statement ______.

helps search for unrecorded liabilities verifies the existence of year-end deposits in transit qualifies as external evidence

An audit team's assessment of control risk as low ______.

implies controls are effective allows auditors to use smaller sample sizes may limit the use of substantive tests of details

An audit team's assessment of control risk as high ______.

implies controls are ineffective implies controls cannot be relied upon

Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are___ responsibilities

incompatible

An account's significance is based on its ______ risk.

inherent

The risk of material misstatement is a combination of ___ risk and __ risk

inherent/ control

Controls that provide the opportunity for entity personnel to correct and resubmit data initially rejected as erroneous are called

input

Which type of controls are designed to provide reasonable assurance that data received for processing by the computer department have been properly authorized and accurately entered or converted for processing?

input

Automated application controls are organized under three categories,

input processing output

When testing controls, the audit team often uses----- about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed.

inquiry

The four methods of testing controls are ___ ___ document examination and ___

inquiry/ observation/reperformance

For each relevant assertion identified by the auditor, professional standards require auditors to first gain an understanding of the ______ that have been designed to mitigate the risk of material misstatement.

internal controls

The audit team's decision that it would take more time to test the operating effectiveness of the control activities than it would take to perform the substantive tests necessary for a relevant assertion ______.

is equivalent to assessing control risk at 100%

When scoping the IT audit procedures that need to be completed, auditors need to be concerned with ______

key control activities being relied on the mitigate the RMM

After understanding and documenting internal control, the audit team should be able to ______.

make a preliminary assessment of control risk

Control activities over cash disbursements are designed to ______.

make it difficult for a fraudster to steal cash detect fraudulent activity if it occurs prevent or detect misappropriations of cash

The focus of AS 2201 is to determine whether a(n)____ exists at the end of the year being reported on. If it does, the entity's internal control over financial reporting cannot be considered effective.

material weakness

The magnitude of the potential misstatement that could occur and would not be detected on a timely basis is the primary difference between a(n) ______.

material weakness and significant deficiency

Because of the nature of cash, auditors ______ need to expand substantive audit procedures to ensure the cash balance is not materially misstated and to identify possible fraudulent activities.

may

The preliminary assessment of control risk ______.

may be made after understanding and documenting internal control includes identifying activities explicitly designed to support reliable financial statement reporting

The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is ______.

moderate

If a customer confirms that an account exists, the auditor ______.

must still review the account for collectability

The accountant who record cash receipts and credits to customer accounts should ______.

never handle the cash

Common procedures used in tests of controls are_____, inspection and reperformance

observation inquiry

When a properly designed control is either ignored or inappropriately applied, a(n) ______ has occurred.

operating deficiency

Reasonable assurance that only authorized persons have access to files produced by the system is one concern of______

output

Which type of controls are concerned with detecting rather than preventing errors?

output

A strong entity-level control in the revenue process is ______.

overall review by management

A description of the goods being shipped as well as the quantity shipped is found on the ______.

packing slip

The most common form of control related to access is the use of

passwords

When evaluating tests of controls within an IT environment, auditors need to consider the ______.

possibility of temporary transactions trails potential for errors and frauds potential for increased management supervision

the objectives ___ parallel are to provide reasonable assurances regarding modifications to existing programs

pprogram change

Errors and frauds are kept from entering the system by

preventive controls

an important general control is the separation of duties erformed by system analysts ____ and ___

programmers - computer operators

Due to the lack of predictability of the cash balance, auditors ______ use substantial analytical procedures to test cash.

rarely

According to accounting standards, to be recognized, revenue must be __ and earned

realized or realizable

A material weakness is a deficiency that results in a(n)_____ ___ that a material misstatement would not be prevented or detected on a timely basis.

reasonable / possibility

The COSO definition states that internal control is designed to provide ___regarding the achievement of objectives in three categories.

reasonable assurance

Adjusting and correcting entries that result from bank reconciliations are found in the cash ______ journal.

receipts disbursements

Access to accounts receivable records gives an individual ______,

recording responsibility authorization

An assertion that has a reasonable possibility of containing a material misstatement is considered to be a(n) ____assertion.

relevant

COSO internal control categories include_____ of financial reporting and _____ with applicable laws and regulations.

reliability/compliance

When testing cash, auditors typically ______.

rely exclusively on tests of detail

In many situations an employee initially receives cash and thus has custody. Because this cannot be avoided, good control dictates that ______.

remittance advices should be sent to the controller's office for recording cash should be deposited daily and intact two people should open the mail checks should be endorsed immediately Need help? Review these concept resources.Read About the Concept Feedback Next Question Reading

A key factor in audit sampling is that, for a sample to be considered____ all items in a population must have an opportunity to be selected

representative

In a computerized environment, proper separation of duties ______.

requires proper permissions

Sales must be realized or realizable and earned in order to be recorded under the accounting standards related to

revenue recognition

Regarding the revenue process, management should ______.

review merchandise returns continually review revenues and compare them to budgeted and forecasts scrutinize total write-offs of accounts receivables

Accounts receivable confirmation is a substantive procedure designed to obtain evidence of the ______ of customers' balances directly from the customer.

rights & obligations existence

When control activities do not lend themselves to automated testing, the audit team is likely to use audit____ to test the population

sampling

user entities may outsource specialized data processing to other companies referred to as

service organizations

Emergency change requests and the migration of new programs into operations, ______.

should be subject to standard approval procedures after they are made require appropriate documentation should be migrated by appropriate individuals

Gaining an understanding of internal controls should start by identifying___ accountd and disclosures and their ___ ___

significant / relevant assertions

A deficiency in internal controls that is less severe than a material weakness yet important enough to merit attention from those charged with governance is a(n)

significant deficiency

serious internal control deficiencies can be categotized as either ____ decifiencies or __ __

significant/material/weakness

The most effective alternative procedure to confirmations to ensure existence is examining ______.

subsequent cash receipts

If controls are not in place or personnel are not performing control activities effectively, auditors need to design____procedures to try to detect whether control failures have produced material misstatements in the financial statements.

substantive

If the internal control activities over cash are not operating effectively, auditors may need to expand ______.

substantive audit procedures

In an information technology environment, audit teams need to be concerned with ______ errors.

systematic processing input

If a control is missing or ineffective ______.

the risk of material misstatement increases fraud may or may not exist auditors need to design substantive procedures related to control failure

When companies process payments electronically, the required separation of duties is ______ for companies that write paper checks.

the same as

Professional standards recognize that to make effective decisions, managers must have access to ________ and ___ information

timely/reliable/relevant

The audit team's focuses on threats to the integrity of the external financial reporting process by taking a _____- approach to evaluating the effectiveness of the internal control system over financial reporting.

top-down

If the audit-team decides an entity-level control sufficiently reduces a specific risk ______.

transaction-level controls related to that risk may not be needed

True or false: Prenumbered documents are an example of an internal control.

true

True or false: The bank reconciliation is an opportunity for management to monitor the separation of duties between cash receipts and disbursements.

true

True or false: When a user entity employs a service organization for specialized processing, the user entity's auditors must still evaluate controls related to the service organization's computerized processing for the user entity.

true

Computer operations controls are implemented for files and data used in processing with the major objectives of ensuring files ______.

used in automated processing are appropriate can be reconstructed from earlier versions of processing information are appropriately secured and protected from loss

employee fraud

usually involves some type of falsification generally includes a cover-up is also called misappropriation of assets

When the auditor evaluates the reasonableness of the allowance for doubtful accounts,___________is a high risk assertion.

valuation

Reviewing accounts for collectability and determining the adequacy of the allowance for doubtful accounts is done in support of the

valuation assertion

Cash disbursements are typically authorized by an accounts payable department's assembly of supporting documents which is called a(n)____

voucher

The auditor selects examples of a transaction and traces them from initial receipt to the recording in the accounting records when performing a(n)

walkthrough

The identification of IT applications and systems typically occurs during the______ of each financial reporting process

walkthrough

Fraudsters behaviors often include ______.

working late drinking too much irritability defensiveness working standing up inability to relax


Related study sets

Costs of Goods Sold Assignment and Quiz 100%

View Set

STC Series 7 Chapter 9, 10, and 11: Investment Companies, Variable Products, and Alternative Products

View Set

Culture, Spirituality, and Alternative/Complementary Modalities - ML8

View Set

L5 Practice Quiz: Ch 4 Creating Your Own Class

View Set