Audit Chapter 6 part 2
After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because the auditor
Believes the internal controls are unlikely to be effective.
The purpose of the ______ Framework is to help management better control the organization and to provide boards of directors an added ability to oversee internal control.
COSO
According to COSO, a system of internal controls is designed to provide reasonable assurance about the achievement of entity objectives in which of the following categories?
Compliance with applicable, laws and regulations, Effectiveness and efficiency of operations, Reliability, timeliness and transparency of internal and external financial and non-financial reporting
Assessing control risk below high involves all of the following except
Concluding that controls are ineffective
Assignment of authority and responsibility for operating activities and the establishment of reporting relationships and authorization hierarchies are part of the ______ environment principle.
Control
Based upon its risk assessment, management determines which relevant business processes require ________ ________.
Control activities
For a control system to be considered _____________ , each of the five components and relevant principles must be present and functioning, and the five components must operate together in an integrated manner.
Effective
The integrity and ethical values of management personnel heavily influence the ______ of an entity's internal controls.
Effectiveness
Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective?
Effectiveness and efficiency of operations. Reliability of financial reporting. Compliance with applicable laws and regulations.
The components of internal controls as defined by the COSO Framework are ______.
Entity's risk assessment, control environment, information and communication, monitoring activities, control activities
information that is complete, neutral and free from error has the characteristic of _______ _________.
Faithful representation
The assessment of __________ __________ includes consideration of incentives and pressures, opportunities and how personnel might rationalize or justify inappropriate actions.
Fraud risk
Controls over network operations are included as part of __________ controls which relate to the overall information processing environment.
General
The infrastructure, software, people, procedures and data used to support the functioning of internal control is known as a(n) _______ __________
Information system
The approach to taking and monitoring business risks and attitudes and actions toward financial reporting are characteristics that may signal important information to the auditor about management's ___________ and _________ values.
Integrity and ethical values
The competence level for a particular job should be specified and translated into a job description that details the specific knowledge and skills required. This task should be done by ______.
Management
A direct relationship exists between ____________ which reflect what an entity is trying to achieve, ____________ which represent what the entity needs to do to achieve them, and the ___________ of the entity.
Objectives, components, structure
The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by
Observation by the auditor of the employees performing control activities.
How authority and responsibility are delegated and monitored and the framework within which the entity's activities for achieving entity wide objectives are planned, executed, controlled and reviewed are defined by the entity's _________ __________.
Organizational structure
The quality of internal control is directly related to the ______ of the personnel operating the system.
Quality
Identify the fraud risk factors that organizations must consider in assessing risks to the achievement of objectives
Rationalization or justify, Opportunities, Incentives and pressures
Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the operation of a control?
Reperformance of the control by the auditor.
As it relates to the external financial reporting objective, the entity's _________ ___________ process should consider internal and external events and circumstances that may arise and adversely affect the entity's ability to initiate, authorize, record, process and report financial data consistent with management's financial statement assertions.
Risk assessment
Allowing the individual who opens mail and receives cash payments to have access to the accounts receivable subsidiary ledger is a violation of the ____ ________ ________ principle.
Segregation of duties
Monitoring is a major component of the COSO Internal Control— Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component?
The independent auditor can serve as part of the entity's control environment and continuous monitoring.
True or False are the following correct in how the company can implement the monitoring component? Monitoring can be an ongoing process. Monitoring can be conducted as a separate evaluation. And Monitoring and other audit work conducted by internal audit staff can reduce external audit costs.
True
People that significantly influence the control consciousness of the entity and must take their fiduciary responsibilities seriously and actively oversee the entity's accounting and reporting policies and procedures include the ______.
board of directors, audit committee
How management identifies risks relevant to the preparation of financial statements, estimates their significance, assesses the likelihood of their occurrence and decides on how to manage them is most directly relevant to the ______
external auditors
Factors that can impact the effectiveness of the board of directors or audit committee include ______.
nature and extent of interactions with auditors, information availability, experience of members, Extent to which difficult questions are raised and pursued with management, and Extent of involvement with and scrutiny of the entity's activities.
Commonly categorized control activities include ______.
performance reviews, segregation of duties, physical controls, and information processing controls
An effective internal control system provides ______ assurance that the risk of not achieving an entity objective is reduced to an acceptable level
reasonable
Information that is capable of making a difference in user decisions has the characteristic of _____________.
relevance
Regardless of the assessed level of control risk, an auditor would perform
some Substantive procedures to restrict detection risk for significant transaction classes.