Audit Exam 2

Ace your homework & exams now with Quizwiz!

Nonstatistical sample sizes are determined by

applying professional judgement, audit firm policy

Management asserts that ICFR is effective Blank

as of the end of the fiscal year

SOC 1, Type 2 reports issued by the service organization's auditor typically:

assess whether the service organization's controls are suitably designed and operating effectively

Estimating the portion of a population that possesses a specified characteristic is the basis of ______ sampling.

attribute

In applying attribute sampling to tests of controls, the auditor normally attempts to determine the operating ______ of a control in terms of deviations from a prescribed internal control.

effectiveness

The main cash account for most entities is called the ______ cash account

general

When an entity has a material weakness, it should take steps to correct it, which is referred to as

remediation

The mean misstatement per sampling item is calculated by dividing the known audit differences in the sample by the

sample size

To audit a payroll or branch bank account, the auditor uses a(n)

standard bank reconciliation, bank reconciliation, cutoff bank statement

When the auditor sets control risk at high, that control risk assessment is documented and ______ procedures are performed

substantive

The projection of the errors to the population is referred to as the ______ misstatement or likely error in IDEA.

projected

When an entity has a relatively complex internal control structure, an internal control _____ is generally used

questionnaire

Audit evidence supporting effective internal control must be obtained at the level of

reasonable assurance

Evidence on the operating effectiveness of a control may be obtained from

both direct testing and ongoing monitoring

An auditor calculated the mean misstatement per sampling item to be $3.12. If the total audit difference was $234.00, the sample size was

75

If you examine a sample of 100 transactions and find 8 with errors, this suggests a transaction error rate of

8

The purpose of the_______ Framework is to help management better control the organization and to provide boards of directors an added ability to oversee internal control

COSO

If a material weakness cannot be corrected and/or properly tested before the "as of" date,

both management and the auditor should issue a report that the ICFR is not operating effectively

True or false: An entity's mix of manual and automated controls varies with the nature and complexity of the entity's use of IT.

true

When an entity's computer system is not compatible with the auditor's GAS, the auditor should

write custom audit software

Once the desired confidence level is set, the appropriate sample size is determined by how much

tolerable error exceeds expected error

The risk of incorrect rejection is also commonly known as the risk of

underreliance, assessing control risk too high

Entity-level controls that require specific evaluation by the auditor are the

control environment, period end financial reporting process

True or false: Audit sampling is always appropriate, regardless of the level of risk.

false

Branch accounts can be operated as ______ accounts

general cash, imprest

Selection methods for nonstatistical sampling include

haphazard sampling, random sample. systematic sample (with random start)

Random-number selection is used in many statistical sampling applications because the auditor is required to be able to measure the ______ of selecting the sampling units selected.

probability

An internal control questionnaire

provides a systematic means to investigate internal control, is one of many questionnaires used by auditors, contains questions about the 5 internal control components

Common methods for projecting the amount of misstatement found in a nonstatistical sample are

ratio projection, difference projection

haphazard selection

selects items that will be representative of the population, allows the auditor to select items judgmentally

Examples of disclosure issues for cash include

cash balances restricted by foreign exchange contracts, an accounting policy for defining cash and cash equivalents, letters of credit

The difference between a control deficiency, a significant deficiency, and a material weakness is determined solely based on

magnitude

A deficiency in ICFR such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis is defined as a(n) ____________ by the PCAOB.

material weakness

An effective system of internal controls allows management to focus on ______ while maintaining compliance with relevant laws and minimizing surprises.

operations, financial performance goals

Major reconciling items in bank reconciliation working papers include

outstanding checks, deposits in transit, bank service charges

The COSO definition of ICFR is designed to provide _______ assurance regarding the reliability of financial reporting and GAAP financial statement presentation.

reasonable

True or false: Auditors need to understand how management considers applicable environmental risks.

true

True or false: In some instances, management may decide to accept the consequences of a possible risk.

true

Unless a longer period of time is required, PCAOB standards require the auditor to retain audit documentation for the ICFR and financial statement audit for ______ years.

7

Which of the following is a test of transactions for cash receipts to provide evidence regarding accuracy? -Trace a sample of remittance advices to the cash receipts journal and, if necessary, to deposit slips. -Examine a sample of remittance advices for proper account classification. -For a sample of days, example the signature on the deposit slip and check endorsements. -For a sample of weeks, foot the cash receipts journal and agree posting to the general ledger.

For a sample of weeks, foot the cash receipts journal and agree posting to the general ledger

Which of the following statements are correct? -A nonstatistical approach can involve random selection and a judgmental evaluation. -If a sample size is not statically derived, it cannot be statistically evaluated. -Haphazardly selected samples should not be formally evaluated statistically.

a nonstatistical approach can involve random selection and a judgmental evaluation, haphazardly selected samples should not be formally evaluated statistically

Which of the following statements is correct? -An auditor should not consider the size of the company when considering the company's internal control effectiveness. -A small, less-complex company may achieve control objectives differently than a large company. -The way a company achieves its control objectives is not affected by company size and complexity.

a small less complex company may achieve objectives differently than a large company

After planned tests of controls have been completed, the auditor should reach a conclusion on the ______ level of control risk.

achieved

If one or more unremediated material weaknesses is identified, the auditor issues a(n) ______ opinion on the entity's internal control.

adverse

An auditor's primary consideration regarding an entity's internal controls is whether they

affect the financial statement assertions

When considering financial reporting risks, management should generally include ______ business units.

all

Ensuring the completeness and accuracy of transaction processing, authorization, and validity is the goal of ______ controls

application

Which of the following statements is correct? -Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness. -A single set of audit procedures should be used to test both the design and operating effectiveness of controls. -Evidence about the operating effectiveness of controls should never be based on procedures used to test design effectiveness.

audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness

A major control that directly affects the audit of cash is the completion of a monthly ________________ to ensure the entity's books reflect the same balance as the bank's after required adjustments have been considered.

bank reconciliation

An auditor's use of substantive analytical procedures for auditing cash can include comparing the

cash balance with the prior year's balance, cash balance with the budgeted amounts

To understand management's and the board of directors' attitudes, awareness, and actions concerning it, the auditor should gain sufficient knowledge about the

control environment

Controls over data preparation, work flow control, and library functions are included in ______ controls.

data center and network

Rotation of duties and mandatory vacations, review of the operating system log, and regular updates of anti-virus software are examples of ______ controls.

data center and network

Symbols used in flowcharts are divided into ______ symbols.

data flow and storage, input/output, processing

Disadvantages of GAS include

data that is audited must be available in electronic form, it provides limited availability to verify programming logic

Once key controls have been identified, the auditor starts evaluating their

design effectiveness

Imprest accounts are frequently used for

disbursing payroll, disbursing payroll

If the auditor believes that additional management information in its report of ICFR contains a material misstatement of fact, the auditor should immediately

discuss the matter with management

Cash ______ a predictable relationship with other financial statement accounts.

does not have

In determining whether an IT specialist is needed, the auditor should consider the

extent to which data are shared among systems, existence of entity's participation in e-commerce, complexity of IT systems and control and how they are used

If management finds any significant control deficiencies or material weaknesses, they should be reported to the

external auditor, audit committee

An auditor might test controls at an interim date

for efficiency reasons, to inform management of deficiencies found in testing, to reassess control risk for ineffective controls

An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus? - data capture controls - application controls - output controls - general controls

general controls

The infrastructure, software, people, procedures, and data used to support the functioning of internal control is known as a(n)

information system

If management remediates a material weakness after the "as of" date, the auditor can provide a(n) _____ opinion.

interim

When considering important financial statement disclosures for cash, primary documents an auditor might review include

line of credit arrangements, minutes of board of directors' meetings, loan agreements

The auditor should gain sufficient knowledge about the control environment to understand the attitudes, awareness, and actions concerning the control environment of the

management, board of directors

Auditors

may rely on any control likely to prevent or detect and correct material misstatements

The fact that no system of internal controls is perfect and that there is a remote likelihood that material misstatement will not be prevented or detected in a timely manner even with effective controls is the concept of ______ assurance.

reasonable

Financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated are referred to as ______ assertions

relevant

The number of deviations found in the sample divided by the number of items in the sample is the ______ rate.

sample deviation

When sampling is used to estimate monetary misstatement, a confidence limit must be established as an allowance for

sampling risk

If the auditor determines that internal controls are not properly designed or not implemented, the auditor will

set the level of control risk at high, use substantive procedures to reduce the risk of material misstatement to an acceptable level

In deciding on the nature and extent of the understanding of internal control needed for the audit, the auditor should consider the entity's operations and systems

sophistication, complexity

Auditing standards recognize and permit both _________ and __________ methods of audit sampling

statistical, nonstatistical

True or false: The COSO definition of ICFR includes reasonable assurance regarding the safeguarding of assets.

true

True or false: When auditing the effectiveness of an entity's internal control, significant deficiencies do not require a departure from an unqualified opinion.

true

Which of the following make an approach nonstatistical? -A haphazard sample selection technique is used. -A random sample selection technique is used. -Judgment is used to determine the sample size. -Sample results are evaluated judgmentally.

a haphazard sample selection technique is used, judgement is used to determine the sample size, sample results are evaluated judgmentally

Management's assessment of the entity's ICFR must be based on

a recognized control framework

MUS is commonly used by auditors to test accounts such as

accounts receivable, inventory, loans receivable

To evaluate the characteristics of a population based on sample data, classical variables sampling uses _______ theory

classical variables

Nonstatistical audit sampling is ______ used in practice

commonly

Cash includes

currency on hand, certificates of deposit, savings accounts

When auditors want to perform specific audit tasks, _____ audit software is generally written.

custom

Test data

ensures the accuracy of computer processing of transactions, should include both valid and invalid data

Types of tests of controls include

inquiry, inspection, observation

ongoing monitoring is performed by

people using controls

In order to provide evidence to support the lower level of control risk when using a reliance strategy, auditors perform

test of controls

When a reliance strategy is chosen,

tests of controls are used to assess the achieved level of control risk

Reasons the audit testing of a payroll or branch account is less extensive than testing for the general account include

these types of accounts generally contain a minimal balance, the types of distributions from the account are homogeneous

The extent of an auditor's understanding of control activities is a function of

the audit strategy

When using nonstatistical sampling, the auditor may individually test any item that may contain potential misstatements that individually exceed _________ misstatement

tolerable

A common formula for a nonstatistical sample size is: Sampling population book value ÷ ( ____________ misstatement - __________ misstatement ) × __________ factor.

tolerable; expected; confidence

The controls that are of most direct relevance to a financial statement audit are those that contribute to financial statement ______

transparency, reliability, timeliness

Which of the following is an important control over cash disbursements? -Voucher packages are independently approved. -Checks are restrictively endorsed "For deposit only." -Daily preparation of a bank reconciliation. -Daily cash disbursements are reconciled with postings to the accounts receivable subsidiary ledger.

voucher packages are independently approved

The auditor traces a transaction from origination through the entity's processes and information system until it is reflected in the entity's financial reports when performing a(n)

walkthrough

Which of the following statements are true about the financial statement and ICFR audits? -Work must be planned to achieve both objectives. -They must be performed at different times. -Tests of controls should be done separately for the audits. -They have different objectives.

work must be planned to achieve both objectives, they have different objectives

When using probability-proportional-to-size sample selection, the probability that a customer with a zero balance will be selected using systematic selection of monetary values is

zero

Disadvantages of MUS include

zero balances are not automatically selected, overstatement of allowance of sampling risk, increased possibility of rejecting an acceptable book value

An account has a balance of $1.5 million. Individually significant items total $325,000. Tolerable misstatement is $40,000 and expected misstatement is $10,000. Given this information, and a confidence factor is 1.2, the nonstatistical sample size should be

47 ([1.5m-325k]/[40k-10k] *1.2)

If 3 deviations are found in a sample of 60, the sample deviation rate is _______ percent

5

The most common use of ______ sampling is for tests of controls.

attribute

If a significant deficiency or material weakness exists because of the audit committee's ineffective oversight, the auditor must communicate the specific deficiency or weakness, in writing, directly to the

board of directors

Management may include additional information in its report on ICFR. In regards to such information, the auditor should

disclaim an opinion

If the scope of the auditor's work is limited because of circumstances beyond the control of management or the auditor, the auditor's option are to

disclaim an opinion, withdraw from the engagement

The integrity and ethical values of management personnel heavily influence the ______ of an entity's internal controls.

effectiveness

The auditor has a responsibility to report on any changes in internal control that might affect financial reporting between the ______ and the date of the auditor's report.

end of the reporting period

Advantages of GAS include

entire populations can be examined, limited IT expertise is required, ease of use

Because they can have a pervasive effect on the entity's ability to meet the COSO control criteria, the auditor must test the effectiveness of __________ controls

entity level

The risk that a misstatement could result in a material misstatement of the financial statements is called a(n) _________ risk.

financial reporting

The approach followed by management in choosing which locations to include in its assessment of internal control is a function of

financial reporting risks at the locations, entity level controls

When it comes to ICFR documentation, management should

focus on controls deemed adequate to address financial reporting risk

Because this function affects the way transactions are initiated, authorized, recorded, processed, and reported, the extent of an entity's use of ______ can affect internal controls

information technology

Controls that are important to the auditor's conclusion about whether the entity's controls sufficiently address the assessed risk of misstatement are often referred to as _____ controls

key

Audit sampling for tests of controls is generally appropriate when the completion of a control procedure

leaves documentary evidence

Account balances sampled by auditors typically have ______ error rates.

low

When audit risk is low and the risk of material misstatement is high, detection risk will be set at

low

If the auditor determines that internal controls are properly designed and implemented and the auditor intends to rely on those controls, the auditor will

make an assessment of control risk based on the result of tests of controls, perform tests of controls to obtain audit evidence that controls are operating effectively

Who has the responsibility to design and maintain a system of internal control that provides reasonable assurance that assets and records are properly safeguarded and that the entity's information system generates information that is reliable for decision making?

management

A lower-level employee follows a directive that violates the entity's control policy out of fear of losing their job. This is most likely the result of

management override of internal controls

A deficiency, or combination of deficiencies, in internal controls, such that there is a reasonable possibility that a material misstatement of the entity's financial statement will not be prevented, or detected and corrected on a timely basis is a

material weakness

Prior to the issuance of the auditor's report on ICFR, the auditor must communicate in writing to both management and the audit committee identified

material weaknesses, significant deficiencies

AS 2201 specifies that the "size and complexity of the company, its business processes and business units, ______ affect(s) the way in which the company achieves many of its control objectives."

may

Evidence about the operating effectiveness of controls at service organizations that are relevant to management's assessment and the auditor's opinion

may be obtained by performing tests or obtaining a service auditor's report

When companies operate in multiple locations, branch accounts

may be used as imprest or general cash accounts

The failure of a preventive control (such as inventory tags) to safeguard assets ______ result in a significant deficiency or material weakness.

may or may not

Management's documentation of ICFR

may take many forms

When audit risk is low and the risk of material misstatement is high, substantive tests should be performed

mostly at year end

The auditor determines which items should be tested individually and which items should be subject to sampling in many __________ sampling applications

nonstatistical

direct tests of controls are performed by

objective individuals

What should be used when it is necessary to show the movement of a document or report back to a previous function?

on page connector

Unrestricted random sampling without replacement means

once an item is selected, it cannot be selected a second time

Classification of control deficiencies include ______ deficiencies.

operating, design

MUS can be used to test the assertion that no material misstatements exist in an account balance

or class of transactions or disclosure component of the financial statements

In assessing financial reporting risks, management must evaluate whether there are controls in place to address

other pervasive elements of ICFR, entity-level controls

Probability-proportional-to-size sampling approach is

particularly appropriate when the auditor is concerned with overstatements

The best way to identify potential sources of misstatements is often

performing walkthroughs

Authorization requirements for access to computer programs and periodic counting and comparison with amounts shown on control records are examples of _____ controls.

physical

In conducting a statistical sample for a test of controls, auditing standards require the auditor to properly ______ the sampling application.

plan, perform, and evaluate

To compute sample size and evaluate the sample results, statistical sampling uses the laws of

probability

Flowcharting systems are divided into three groups: input/output symbols, _____ symbols, and _____ flow and ________ symbols.

processing data storage

To detect fraudulent activities in the cash accounts, auditors might prepare a(n) ______ of cash or test for _______ activities.

proof; kiting

When deciding whether substantive procedures are to be performed at an interim date, the auditor should consider the

purpose of the substantive procedures, nature of the relevant assertions, control environment

A material weakness is a deficiency or combination of deficiencies in ICFR such that there is a(n) ______ possibility that a material financial statement misstatement will not be prevented or detected on a timely basis.

reasonable

Ratio projection is used when the dollar amount of misstatement is expected to

relate to the dollar amount of items tested

Financial statement assertions that have a reasonable possibility of containing a misstatement that would cause the financial statements to be materially misstated are referred to as ______ assertions.

relevant

The auditor intends to depend on the entity's controls and may need a more detailed understanding of internal controls to develop a preliminary or "planned" assessment of control risk when following a ______ strategy.

reliance

A control issue does not rise to the level of control deficiency if the likelihood is

remote

Select all that apply Section 404 of the Sarbanes-Oxley Act Blank______. -requires management to accept responsibility for establishing and maintaining adequate ICFR -prevents an unqualified opinion on ICFR if any deficiencies were discovered during the year -requires management to issue a report -requires management to assert that ICFR has been effective throughout the entire year

requires management to accept responsibility for establishing and maintaining adequate ICFR, require management to issue a report

When using MUS, the selection of zero or negative balances

requires special design consideration

Written representations from management related to the audit of ICFR include management

responsibility for establishing and maintaining effective ICFR, concflusion about the effectiveness of the entity's ICFR as of a specified date

The major source of cash receipts for the general cash account is the ______ process.

revenue

A major premise of AS 2201 is that _______ assessment underlies the entire audit of ICFR

risk

To understand how management considers risks relevant to financial reporting and decides on appropriate actions to address those risks, the auditor should obtain sufficient information about the entity's ________ process

risk assessment

AS2201 defines policies and procedures that "provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposal of the entity's assets that could have a material effect on the financial statements as the _____ of assets."

safeguarding

Confidence level is the complement of

sampling risk

Controls that may be relevant to the audit when they have an impact on data the auditor uses to apply audit procedures include ______ controls.

compliance, operations

The primary purpose of sampling is to draw ___________ about the whole population based on the results of testing only a subset of the population.

conclusions

The amount of reliance to be placed on audit tests and the consequences of a decision error must be considered in determining

confidence level

The auditor uses the combination of the achieved level of ______ risk and the assessed level of _____ risk to determine the required level of ______ risk needed to bring audit risk to an acceptably low level.

control inherent detection

This exists in internal controls when the design or operation of a control does not allow management or employees to prevent, detect or correct misstatements on a timely basis

control deficiency

The components of internal controls as defined by the COSO Framework are

control environment, information and communication, monitoring activities, entity's risk assessment

A Treasury bill is an example of a cash

equivalent

In assessing material weaknesses in ICFR, management must

evaluate evidence about the operating effectiveness of ICFR, consider which locations to include in the evaluation, identify financial reporting risks and related controls

While the audit of ICFR and the audit of financial statements have different objectives, the auditor must plan and perform the audit work to achieve the objectives of both audits as a(n) _____ audit.

integrated

In establishing an effective control environment, the entity and its management must demonstrate a commitment to _____ and _____ values (Principle 1).

integrity ethical values

An important role in how management meets its stewardship or agency responsibilities is played by

internal controls

The auditor's understanding of ______ is used to identify the controls that are likely to prevent, or detect and correct, material misstatement in specific assertions.

internal controls

In testing an internal control, the risk that the sample supports a conclusion that the control is not operating effectively when, in truth, the control is operating effectively is the risk of

incorrect rejection, assessing control risk too high

The work performed by internal auditors, entity personnel, and third parties hired by management or the audit committee ______ be used by the auditor.

can

If the auditor fails to obtain written representations from management, the auditor ______ opinion of ICFR.

cannot issue an unqualified

When using probability-proportional-to-size sample selection, logical units with a book value larger than the sampling interval are ______ to be selected.

certain

To evaluate the characteristics of a population based on sample data, normal distribution theory is used in ______ sampling.

classical variables

Professional standards indicate that sample sizes for nonstatistical applications should be ______ sample sizes for statistical applications

comparable to

Which of the following statements is false? - The auditor must learn about each business process that affects significant account balances in the financial statements. -Understanding the information system requires knowing how the use of IT to process transactions comes with its own risks. -The auditor should understand the control procedures used by the entity to provide financial statement assurances. -Auditors must understand how the entity communicates information relevant to the preparation of financial statements within the entity only.

Auditors must understand how the entity communicates information relevant to the preparation of financial statements within the entity only.

Which of the following statements regarding internal control is false? -The monitoring component can be effective in a small to midsize entity as a result of management's close involvement in operations. -The size of an entity may affect how the components are implemented. -The basic concepts of the five components should be present in all entities. -All entities are required to have a written code of conduct.

all entities are required to have a written code of conduct

If a small number of large transactions make up a large percentage of an account, auditors will typically test

all transactions greater than a particular dollar amount

Data capture, data validation, processing, output, and errors controls are all categories of ______ controls.

application

Monetary-unit sampling (MUS) is based on ______ theory modified to express a monetary conclusion rather than a rate of occurrence.

attribute sampling

Selecting and evaluating less than 100% of the items in an audit population in such a way that the auditor expects a representative group to provide a reasonable basis for conclusions about the population is

audit sampling

Which of the following statements are correct? -Auditing standards recognize and permit both statistical and nonstatistical methods of audit sampling. -Steps and techniques for both statistical and nonstatistical sampling are more similar than different. -Auditing standards indicate that sample sizes for nonstatistical sampling should be larger than sample sizes for statistical sampling. -Research suggests that only statistical methods of sampling are common in practice.

auditing standards recognize and permit both statistical and non-statistical methods of audit sampling, steps and techniques for both statistical and non-statistical sampling are more similar than different

Which of the following statements are correct? -The assessment of the significance of a control deficiency depends on whether or not a misstatement has occurred. -Auditors are required to evaluate the severity of each control deficiency. -The severity of a control deficiency depends on its likelihood and magnitude.

auditors are required to evaluate the severity of each control deficiency, the severity of a control deficiency depends on its likelihood and magnitude

Advantages of MUS include

automatically stratified sample, smaller sample size than classical variables sampling when few misstatements expected, no requirement to make assumptions about the distribution of misstatements

Difference projection is used when the dollar amount of misstatement is expected to

be relatively constant for all items in the popu;ation regardless of dollar size

When companies use service organizations to process transactions,

both management and the auditor must consider the service organization activities, the service organization is considered part of the info and communication component of the entity's ICFR

Test data can be used to check

data validation controls, arithmetic calculations, error detection routines

As the sample size increases, the sampling risk

decreases

When computing a nonstatistical sample size, individually significant items are

deducted from the account balance

When preparing a bank reconciliation, outstanding checks are

deducted from the balance per bank

Tests of controls focus on ______ effectiveness

design and operating

A control deficiency exists when the ______ or _______ of a control does not allow management or employees to prevent or detect misstatements on a timely basis.

design; operation

An effective accounting system establishes methods and records that will

determine the proper time period in which transactions occurred, identify and record all valid transactions, describe transactions in sufficient detail to permit proper classification

The objectives of attribute sampling when used for tests of controls are to Blank______. -determine the level of substantive testing for a financial statement audit -evaluate the operating effectiveness of the internal control for purposes of the internal control audit -determine the degree of reliance that can be placed on controls for a financial statement audit -evaluate the compliance with policies about internal control by accounting staff

evaluate the operating effectiveness of the internal control for purposes of the internal control audit, determine the degree of reliance that can be placed on controls for a financial statement audit

Extended audit procedures that auditors typically use to detect fraudulent activities in the cash account include

extended bank reconciliation procedures, tests for kiting, proof of cash

Which of the following statements are correct? -External auditors seldom perform substantive procedures on the petty cash fund. -Because the balance in the petty cash fund is not material, there is almost no potential for fraud. -Internal auditors often document and perform tests of controls over petty cash.

external auditors seldom perform substantive procedures on the petty cash fund, internal auditors often document and perform tests of controls over petty cash

Large public companies are required to engage a(n) _____ auditor to express an opinion as to the effectiveness of their systems of internal control over financial reporting.

external/independent

Audit sampling is most often used in substantive testing to test the hypothesis that a financial statement account is

fairly stated

If tolerable misstatement is $120,000, and the upper limit on the account's possible misstatement is less than $120,000, then the account is considered to be

fairly stated

True or false: An entity's external auditor does not need to be concerned about the internal control system at service organizations used by the entity.

false

True or false: Because the potential for fraud is high, external auditors must perform substantive procedures on the petty cash fund.

false

True or false: If the auditor determines that elements of management's annual report on ICFR are incomplete or improperly presented, the auditor cannot issue a report on ICFR.

false

True or false: Monitoring is an effective component of internal control, whether or not deficiencies are communicated to those with oversight responsibilities in a timely manner

false

True or false: Nonstatistical sampling is generally considered "bad" sampling and thus rarely used in practice.

false

One disadvantage of classical variables sampling is that the projection of misstatements and related confidence limits may be unreliable if ______ misstatements are detected in the sample.

few

Section 404 of the Sarbanes-Oxley Act requires that management report on the effectiveness of its internal control over

financial reporting

Which of the following is a test of transactions for cash receipts to provide evidence regarding authorization? -For a sample of weeks, foot the cash receipts journal and agree posting to the general ledger. -Trace a sample of remittance advices to the cash receipts journal and, if necessary, to deposit slips. -For a sample of days, example the signature on the deposit slip and check endorsements. -Examine a sample of remittance advices for proper account classification.

for a sample of days, example the signature on the deposit slip and check endorsements

If management determines that mitigating a risk of inaccurate financial reporting is too costly to address, the auditors should ______.

give that risk additional scrutiny

Sampling units are selected without any conscious bias when a(n) _____ selection approach is used

haphazard

In order to set control risk below a high level, the auditor must

identify specific controls that will be relied upon, conclude on the achieved level of control risk, perform test of the identified controls

When deciding on the extent of testing, the auditor should consider the

importance of the control, nature of the control, frequency of operation

A stipulated amount of money to be used for a specific purpose is contained in a(n) ______ cash account

imprest

Which of the following statements are correct? -Violations of control activities by senior management are easy to detect with normal audit procedures. -In some cases, management may override an entity's internal controls. -Violations of internal control raise serious questions about management integrity.

in some cases, management may override an entity's internal controls, violations of internal controls raise serious questions about management integrity

If the auditor determines that elements of management's annual report on ICFR are incomplete or improperly presented, the auditor should

include an explanatory paragraph in the audit report

The phrase "All material respects" means that the entity's ICFR

is free of any material weakness

Monitoring of internal controls

is intended to assess quality of performance over time, may identify the need for control redesign, should be done to determine operating effectiveness

Random or systematic sample selection

is required for statistical sampling and may be used for nonstatistical sampling

Which of the following statements are correct? -It is easier to determine sample size using MUS when the auditor expects little or no misstatements. -MUS automatically results in a stratified sample when applied using a probability-proportional-to-size sample selection procedure. -Unlike classical variables sampling, MUS requires the user to make assumptions about the distribution of misstatements.

it is easier to determine sample size using MUS when the auditor expects little or no misstatements, MUS automatically results in a stratified sample when applied using a probability proportional to size sample selection procedure

If a control deficiency is a material weakness, management must disclose it in its assessment of the effectiveness of ICFR, including

its impact on the entity's financial reporting and its ICFR, management's current plans if any for remediating the weakness, the nature of the material weakness

The smaller the difference between tolerable error and expected error, the ______ the sample size needed.

larger

When compared to automated controls, manual controls should be subjected to ______ testing.

more extensive

To evaluate the characteristics of a population based on sample data, classical variables sampling uses _________ theory

normal distribution

A direct relationship exists between ____ which reflect what an entity is trying to achieve, ______ which represent what the entity needs to do to achieve them, and the structure of the entity.

objectives components

If the work of others is to be used, the auditor should assess the _____ and _____ of the persons whose work will be used.

objectivity, competence

The auditor's report on the effectiveness of internal control must

provide an opinion on effective ICFR as of the specified date, have the same date as the financial statement audit report, be addressed to the shareholders and board of directors, contain the basis of the auditor's opinion

The auditor has to understand the control activities that relate to assertions for which a lower level of control risk is expected when they decide to follow a _____ strategy.

reliance

If circumstances beyond the control of management or the auditor limit the _____ of the auditor's work, the auditor should disclaim an opinion or withdraw from the engagement

scope

A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a(n) _______ deficiency.

significant

In evaluating the risk of material misstatement due to fraud and the risk of management override of controls, the auditor should consider controls over

significant & unusual transactions resulting in unusual journal entries, journal entries and adjustments made in the period end financial close

Although it is less severe than a material weakness, a(n) _____ is still important enough to merit attention by those charged with governance.

significant deficiency

Auditing standards indicate that the sample size for statistical sampling should be ______ that of nonstatistical sampling.

similar

When comparing sample sizes using classical variables and monetary-unit sampling, if the auditor expects a relatively large number of differences between book and audited values, classical variables sampling will normally result in a ______ sample size.

smaller

Recent research suggests that among the largest firms,

some use statistical sampling and others use nonstatistical sampling

Small to midsize entities

sometimes use alternative approaches to achieve effective internal control

The auditor's treatment of a(n) _______ event depends on whether the event reveals information about a material weakness that existed at the end of the reporting period or about a new condition that did not exist at the end of the reporting period.

subsequent

The last step in the decision process under either audit strategy is performing ______ procedures

substantive

The risk that material misstatements are present in financial statements may be increased by conducting _____ procedures only at an interim date.

substantive

When the auditor has decided not to rely on the entity's controls and instead use procedures as the main source of evidence about the assertions in the financial statements, the auditor will choose a(n) _____ audit strategy.

substantive

The auditor may decide to follow a substantive strategy for some or all assertions because

testing the operating effectiveness of the controls would be inefficient, implemented controls do not pertain to the assertion under consideration, implemented controls are assessed as ineffective

Disadvantages of classical variables sampling (CVS) include

the auditor must estimate the standard deviation of the audit differences in order to determine sample size, the estimated variance used for evaluation purposes may underestimate the true variance if few misstatements are detected in the same, some techniques do not work well when little or no misstatement is expected

Which of the following statements are correct? -The auditor should understand the control procedures used by the entity to provide financial statement assurance. -The auditor must learn about each business process that affects all account balances in the financial statements. -Understanding the information system requires knowing how IT is involved in data processing

the auditor should understand the control procedures used by the entity to provide financial statement assurance, understanding the info system requires knowing how IT is involved in data processing

Which of the following statements about internal controls is correct? - a properly maintained internal control system reasonably ensures that collusion among employees cannot occur - the establishment and maintenance of internal controls is an important responsibility of the internal auditor - an exceptionally strong internal control system is enough for the auditor to eliminate substantive procedures on a significant account balance - the cost-benefit relationship is a primary criterion that should be considered is designing an internal control system

the cost-benefit relationship is a primary criterion that should be considered is designing an internal control system

Section 404 of the Sarbanes-Oxley Act requires management to report on

the effectiveness of internal control over financial reporting

Audit documentation related to the audit of internal controls must include

the scope of testing, the evaluation of deficiencies discovered, the extent of reliance on work performed by others

Advantages of classical variables sampling (CVS) include

the techniques are effective for both overstatements and understatements, it will normally result in a similar sample size than MUS when a relatively large number of differences between book and audited values are expected, the selection of zero balances does not require special sample design considerations

When a service organization provides accounting services to an entity and those services affect the entity's accounting records,

they are considered part of the entity's info system, the entity's external auditor must be concerned with the internal control system at the service organization

True or false: A substantive strategy requires the auditor to have a sufficient understanding of the entity's internal controls to know whether they are properly designed and implemented.

true

After auditing the effectiveness of an entity's internal control, an auditor issues a(n) ______ opinion if the entity's internal control is designed and operating effectively in all material respects.

unqualified

The total of the projected misstatement and the allowance for sampling risk is referred to as the ____________ limit.

upper misstatement/error

To develop an understanding of control activities, auditors normally use

walkthroughs

Which of the following statements are correct? -When testing, auditors should focus on key controls. -Auditors must make decisions regarding which locations to test based on the presence of entity-level controls and financial reporting risk. -Identifying controls to be tested is an objective task that requires little professional judgment. -Auditors must evaluate whether to test preventive controls, detective controls, or a combination of both.

when testing auditors should focus on key controls, auditors must make decisions regarding which location to test based on the presence of entity level controls and financial reporting risk, auditors must evaluate whether to test preventative controls detective controls or a combination of both


Related study sets

CISSP PRACTICE TESTS Chapter 2 ▪Asset Security (Domain 2)

View Set

Costs and Benefits in Decision Making

View Set

AP EUROPEAN HISTORY :TOWARD a New World

View Set

Monetary Policy Question Bank and Explanations for some

View Set