Audit - Section G
Which of the following is a factor in the control environment? a) Information processing b) Performance reviews c) Management's philosophy and operating style d) Segregation of duties
C) Management's philosophy and operating styles
Which internal control documentation method provides the auditor with the best visual understanding of a system and can be used as a means for analyzing complex operations? a) A flowcharting approach b) A matrix approach c) A questionnaire approach d) A detailed narrative approach
a) A flowcharting approach
Below is an example of a typical risk in an IT environment. RISK: Unauthorized access to data or programs Required: Identify the control(s) that would best mitigate the risk. a) Access controls and firewalls and password systems b) Firewalls and backup copies c) Backup copies and user entity controls d) None of these answers are correct
a) Access controls and firewalls and password systems
Which of the following statements concerning material weaknesses and significant deficiencies is correct with respect to financial statement audit of a nonissuer? a) All material weaknesses are significant deficiencies b) An auditor need not identify and communicate material weaknesses separately from significant deficiencies c) An auditor should report immediately material weaknesses and significant deficiencies discovered during the audit d) All significant deficiencies are material weaknesses
a) All material weaknesses are significant deficiencies
For the accounting processes below, identify which fo the following would be considered an estimate (select all that apply) a) Costs from litigation settlements and judgments b) Physical inventory c) Warranty obligations d) Inventory costing e) Cash disbursements
a) Costs from litigation settlements and judgments c) Warranty obligations
For the accounting processes below, identify which of the following would be considered nonroutine transactions (Select all that apply) a) Depreciation b) Bad Debt expense c) Financial statement close d) Payroll e) Cash Receipts
a) Depreciation c) Financial statement close
The monitoring component of internal control includes:: a) Eliminating controls that are not operating effectively b) Improving controls that are not operating effectively c) Assessing the quality of internal control performance over time d) Assessing information derived from external parties
a) Eliminating controls that are not operating effectively Eliminating controls that are not operating effectively is correct. Monitoring is the process of assessing the quality of internal controls performance over time and taking necessary corrective actions. Eliminating a control that is not operating effectively would not be an appropriate corrective action
Which of the following outcomes is a likely benefit of information technology used for internal control? a) Enhanced timeliness of information b) Potential loss of data c) Processing of unusual or nonrecurring transactions d) Recording of unauthorized transactions
a) Enhanced timeliness of information
Which of the following matters would an auditor most likely consider to be a significant deficiency in internal control to be communicated to management and those charged with governance? a) Evidence of a lack of objectivity by those responsible for accounting decisions b) Management's failure to renegotiate unfavorable long-term purchase commitments c) Recurring operating losses that may indicate going concern problems d) Management's current plans to reduce its ownership equity in the entity
a) Evidence of a lack of objectivity by those responsible for accounting decisions
Internal control over safeguarding of assets may include controls relating to : a) Financial reporting objectives; Yes Operations objectives: Yes Compliance objectives: No b) Financial reporting objectives; Yes Operations objectives: No Compliance objectives: No c) Financial reporting objectives; No Operations objectives: Yes Compliance objectives: Yes d) Financial reporting objectives; No Operations objectives: No Compliance objectives: Yes
a) Financial reporting objectives; Yes Operations objectives: Yes Compliance objectives: No
Which of the following procedures would not be effective in testing controls restricting access to specific computer programs and files? a) Inquiring as to whether programs and files are restricted to authorized personnel b) attempting to access programs and files through the client's computerized system c) Identify whether the distribution of computer output is restricted to authorized personnel d) Reviewing the access log and identifying whether access to programs and files has been limited to authorized personnel
a) Inquiring as to whether programs and files are restricted to authorized personnel
Which of the following is a complete and accurate list of the walkthrough procedures usually performed in an issuer's integrated audit? a) Inquiry, observation, inspection of relevant documentation, and reperformance of controls b) INquiry, inspection of relevant documentation, sampling, and reperformance of controls c) Inquiry, observation, analytical procedures, and testing of controls d) Inquiry, sampling, analytical procedures, and testing of controls
a) Inquiry, observation, inspection of relevant documentation, and reperformance of controls
The primary responsibility for establishing and maintaining internal controls rests with a) Management b) The internal auditors c) The external auditors d) The PCAOB
a) Management
Which of the following components of internal control contributes most to a strong control environment? a) Management adheres to internal control policies b) Duties are clearly defined and separated c) Policy manuals provide a clear and understanding of internal controls d) Controls are assessed through ongoing activities and evaluations
a) Management adheres to internal control policies
Which of the following would an auditor most likely consider in evaluating the control environment of an audit client? a) Management's operating style b) The number of CPAs in the accounting department c) Overall employee satisfaction with assigned duties d) Management reviews of monthly financial statements
a) Management's operating style
Evidence concerning the proper segregation of duties for receiving and depositing cash receipts ordinarily is obtained by: a) Observing the employees who are performing the control activities b) Performing substantive tests to verify the details of the bank balance c) Preparing a flow chart of the duties performed and the entity's available personnel d) Completing an internal control questionnaire that describes the control activities
a) Observing the employees who are performing the control activities
Which of the following is an inherent limitation of any client's internal controls? a) Procedures whose effectiveness depends on separation of duties can be circumvented by collusion b) The benefits expected to be derived from effective internal controls usually do not exceed the costs of effective internal controls c) Procedures designed to assure the execution and recording of transactions in accordance with proper authorizations are effective against frauds perpetrated by management d) The competence and integrity of client personnel provide an environment conducive to control and provides assurance that effective controls will be achieve
a) Procedures whose effectiveness depends on separation of duties can be circumvented by collusion
In a computerized payroll system environment, an auditor would be least likely to use test data to test controls related to: a) Proper approval of overtime by supervisors b) Time tickets with invalid job numbers c) Agreement of hours per clock cars with hours on time tickets d) Missing employee numbers
a) Proper approval of overtime by supervisors
Which of the following represents an inherent limitation of internal controls? a) The CEO can request a check with no purchase order b) Bank reconciliations are not performed on a timely basis c) Customer credit checks are not performed d) Shipping documents are not matched to sales invoices
a) The CEO can request a check with no purchase order
Which of the following factors is most likely to affect the extent of the documentation of the auditor's understanding of a client's system of internal controls? a) The degree to which information technology is used in the accounting function b) The degree to which the auditor intends to use internal audit personnel to perform substantive tests c) The relationship between management, the board of directors, and external stakeholders d) The industry and the business and regulatory environments in which the client operates
a) The degree to which information technology is used in the accounting function
An internal control questionnaire (ICQ) contains the following question: "Does a single individual receive and list cash receipts and perform posting to sales and general ledgers?" What action should an auditor take if the manager of accounting responds yes to the question? a) Treat it as a potential control weakness and perform appropriate testing b) Include it with other reportable findings in next year's audit report c) No action is required because "yes" responses on an ICQ indicate the presence of good control d) Statistically sample the response along with all other "yes" responses to verify their accuracy
a) Treat it as a potential control weakness and perform appropriate testing
COSO recommends that corporations implement control activities through formal policies that establish what is expected and procedures that put policies into action. a) True b) False
a) True According to COSO's internal Control - integrated Framework, control activities are the policies and procedures that enforce management's directives intended to mitigate risk. These actions are performed at all levels of the organization, at all stages of of business processes, and through both manual and automated procedures. They can be designed to prevent the occurrence of risks, detect the occurrence of risks, or both
One of the primary problems associated with end user computing is: a) Unauthorized access to programs and data b) Increased risk of unauthorized changes to mainframe data c) Inappropriate use of the internet d) Increased cost associated with appropriate separation of duties
a) Unauthorized access to programs and data
Which of the following control objectives is achieved by reviewing and testing control procedures over physical inventory count? a) Verification of existence of inventory b) Validation of purchase transactions c) Authorizations of the manufacturing orders d) Posting and summarization of inventory transactions
a) Verification of existence of inventory
An auditor has been hired to report on a nonissuer's internal control over financial reporting. Which of the following best describes a reporting option in this scenario? a) When a material weakness exists, the auditor should issue an adverse opinion b) if management fails to provide a written representation letter acknowledging its responsibility fo the effectiveness of internal control, the auditor will generally issue an unmodified opinion with additional explanatory language c) If management fails to provide a written representation letter acknowledging its responsibility for the effectiveness of internal control, the auditor may issue either a qualified opinion or an adverse opinion d) When a significant deficiency exists, the auditor may issue either a qualified or adverse opinion
a) When a material weakness exists, the auditor should issue an adverse opinion
Which of the following factors affecting the risk associated with a control is not a consideration when designing the current-year audit procedures in an audit of internal control over financial reporting for an issuer? a) Whether the control has been documented in flowchart or narrative form b) The results of the previous years testing of the control c) Whether there have been changes in the operation of a key control since the previous audit d) The nature, timing, and extent of procedures performed in previous audits
a) Whether the control has been documented in flowchart or narrative form
Which of the following controls is least likely to be relevant to a financial statement audit: a) Procedures that prevent the excess use of materials in production b) Generation of production statistics used to evaluate variances c) Use of computer passwords to limit access to data files d) Policies that relate to compliance with income tax regulations
a) procedures that prevent the excess use of materials in production
In an integrated audit of a nonissuer, an auditor should issue an adverse opinion on the effectiveness of an entity's internal control in which of the following situations? a) The auditor was asked by the client to provide the report to another practitioner b) A material weakness exists c) The entity may not continue as a going concern d) The financial statements are misstated
b) A material weakness exists
Below is an example of a typical risk in an IT environment RISK: Destruction of data Required: Identify the control(s) that would best mitigate the risk a) Physical controls over terminals and testing of programs and applications b) access and backup controls c) Program and user entity controls d) Firewalls and password systems e) None of these answers are correct
b) Access and backup controls
Below is an example of a typical risk in an IT Environment. RISK: Introduction of unauthorized data or programs Required: Identify the control(s) that would best mitigate the risk. a) Firewalls and password systems b) access and user entity controls c) Program controls and backup copies d) None of these answers are correct
b) Access and user entity controls
An auditor's primary consideration regarding an entity's internal control is whether the controls: a) Relate to the control environment b) Affect the financial statement assertions c) Prevent management override d) Reflect managements philosophy and operating style
b) Affect the financial statement assertions
The auditor is required to communicate each of the following items to those charged with governance, except: a) The auditor's responsibilities to complete the audit in accordance with generally accepted auditing standards b) All control deficiencies detected during the course of the audit c)Any significant findings from the audit d) An overview of the planned scope and timing of the audit
b) All control deficiencies detected during the course of the audit
Which of the following procedures is considered a test of controls? a) An auditor evaluates whether a general journal entry was recorded at the proper amount b) An auditor interviews and observes appropriate personnel to determine segregation of duties c) An auditor reviews the entity's check register for unrecorded liabilities d) An auditor reviews the audit workpapers to ensure proper sign-off
b) An auditor interviews and observes appropriate personnel to determine segregation of duties
Which of the following statements is correct concerning significant deficiencies in internal control with respect to a financial statement audit of a nonissuer? a) An auditor is required to search for significant deficiencies during an audit b) An auditor may communicate significant deficiencies during an audit or after the audit's completion c) All significant deficiencies are also considered to be material weaknesses d) An auditor may report that no significant deficiencies were noted during an audit
b) An auditor may communicate significant deficiencies during an audit or after the audit's completion
For the following management action identify the control environment principle it affects. ACTION: Management is committed to hiring employees with appropriate levels of education, experience, and evidence of integrity and ethical behavior. a) Effective Organizational Structure b) Attracting, developing, and retaining competent employees c) Commitment to integrity and ethical values d) Effective board of directors e) Individual accountability
b) Attracting, developing, and retaining competent employees
Which of the following is not a difference that is introduced when an entity uses the computer in processing its transactions? a) Audit teams are not permitted to use inquiry and observation as a method of testing general controls in a computerized processing environment b) Audit teams are not required to obtain an overall understanding of the entity's internal control in a computerized processing environment c) Audit teams can limit their tests of controls because random errors do not exist in a computerized processing environment d) Audit teams must consider the existence and operating effectiveness of automated controls in their assessment of control risk
b) Audit teams are not required to obtain an overall understanding of the entity's internal control in a computerized processing environment
The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the: a) operational responsibility from the record-keeping responsibility b) Authorization of transactions from the custody of related assets c) Human resources function from the controllership function d) Administrative controls from the internal accounting controls
b) Authorizing of transactions from the custody of related assets This is an example of the effective separation of duties. Separation of duties is designed to help the organization achieve effective internal control. To accomplish separation of duties, the payroll function should be divided into its authorization, recording, and custody functions.
Which of the following statements correctly describes the "top-down approach" used during an audit of internal control over financial reporting? a) Being by understanding the overall risks to internal control over financial reporting at the general ledger level b) Begin by understanding the overall risks to internal control over financial reporting at the financial statement level c) Begin reviewing income statements accounts and then review balance sheet accounts d) Begin reviewing balance sheet accounts and then review income statement accounts
b) Begin by understanding the overall risks to internal control over financial reporting at the financial statement level
Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system? a) Verification of encrypted digital certificates used to monitor the authorization of transactions b) Continuous monitoring and analysis of transaction processing with an embedded audit module c) Extensive testing of firewall boundaries that restrict the recording of outside network traffic d) increased reliance on internal control activities that emphasize the segregation of duties
b) Continuous monitoring and analysis of transaction processing with an embedded audit module
In addition to gaining an understanding of the internal controls for a private company, an external auditor, at minimum, would be expected to a) Study organization charts to obtain an understanding of the informal lines of communication b) Document their understanding of the internal control system c) Evaluate the internal auditors' work as an important part of the accounting system element of the internal controls d) Observe client employees to determine the extent of their compliance with quality control standards
b) Document their understanding of the internal control system
Computer controls that are pervasive and apply to all applications of a computerized processing system are referred to as: a) Computer controls b) General controls c) Environment controls d) Automated application controls
b) General contols
Which of the following items is an example of an inherent limitation in an internal control system? a) Ineffective board of directors b) human error in decision making c) understaffed internal audit functions d) Segretation of employee duties
b) Human error in decision making
Objectives of an entity include: a) Information and communication systems: No Reliable financial reporting: Yes Effective and efficient operations: No b) Information and communication systems: No Reliable financial reporting: Yes Effective and efficient operations: Yes c) Information and communication systems: Yes Reliable financial reporting: No Effective and efficient operations: No d) Information and communication systems: Yes Reliable financial reporting: Yes Effective and efficient operations: Yes
b) Information and communication systems: No Reliable financial reporting: Yes Effective and efficient operations: Yes
Which of the following statements is correct regarding internal control? a) A well-designed internal control environment ensures the achievement of an entity's control objectives b) An inherent limitation to internal control is the fact that controls can be circumvented by management override
b) Inherent limitation to internal control is the fact that controls can be circumvented by management override
An auditor is considered internal control in an automated environment. Under these circumstances, the auditor would need to focus on automated controls for all of the following reasons except: a) Much of the information used in monitoring the internal control system may be provided through use of information technology b) It is more efficient and cost-effective to focus on automated controls rather than manual controls c) Even manual controls may be dependent to some extent on the effective functioning of automated controls d) Unauthorized access to data, systems, or programs create an additional internal control risk
b) It is more efficient and cost-effective to focus on automated controls rather than manual controls
Which of the following procedures would an auditor most likely perform to test controls relating to management's assertion about the completeness of cash receipts for cash sales as a retail outlet? a) Compare the cash balance in the general ledger with the bank confirmation request b) Observe the consistency of the employees' use of cash registers and tapes c) Inquire about employees' access to recorded but undeposited cash d) Trace the deposits in the cash receipts journal to the cash balance in the general ledger
b) Observe the consistency of the employees' use of cash registers and tapes
When conducting field work for a physical inventory, an auditor cannot perform which fo the following steps using a generalized audit software package? a) Analyzing data resulting from inventory b) Observing inventory c) Recalculating balances in inventory reports d) Selecting sample items of inventory
b) Observing inventory
Which of the following audit techniques ordinarily would provide an auditor with the least assurance about the operating effectiveness of an internal control activity? a) Inquiry of client personnel b) Preparation of system flowcharts c) Inspection of documents and reports d) Observation of client personnel
b) Preparation of system flowcharts
Which of the following is a preventive control? a) Recalculation of a sample of payroll entries by internal auditors b) Separation of duties between the payroll and personnel departments c) Reconciliation of a bank account d) Detailed fluctuation analysis completed by the CFO for revenue
b) Separation of duties between the payroll and personnel departments
Which of the following is not true about significant deficiencies in internal control? a) All material weaknesses in internal control are also significant deficiencies b) The auditor is required to search for significant deficiencies in internal control c) The auditor should not indicate to management that no significant deficiencies in internal control were noted during the audit d) The auditor is required to communicate to management and those charged with governance all significant deficiencies in internal control that he or she observes during the audit
b) The auditor is required to search for significant deficiencies in internal control
After obtaining an understanding of the entity and its environment, including its internal control, and auditor decided to perform tests of controls. This is likely because: a) An increase in the assessed level of control risk is justified for certain financial statement assertions b) The auditor's risk assessment is based on the effective operation of controls c) Evidence to support a reduction in control risk is not available d) There were many internal control weaknesses that could allow errors to enter the accounting system
b) The auditor's risk assessment is based on the effective operation of controls
An auditor would most likely be concerned with internal control policies and procedures that provide reasonable assurance about: a) Methods of assigning production tasks to employees b) The entity's ability to process and summarize financial data
b) The entity's ability to process and summarize financial data
Examples of general controls would include all of the following except: a) Using effective passwords to prevent unauthorized users access to the accounting information system b) The use of check digits when inputting customer information c) The use of the systems development life cycle approach for implementing new programs d) The use of grandfather-father-son techniques to file reconstructions
b) The use of check digits when inputting customer information
The purpose of test data is to determine whether: a) All possible combinations of valid data are correctly processed b) Controls operate as described in responses to internal control questionnaire items and program flowcharts c) Every possible error is prevented or detected by the client's computer controls d) the audit team's test data are consistent with the client's normal transactions
b) controls operate as described in responses to internal control questionnaire items and program flowcharts
For the accounting processes below, identify which of the following would be considered non-routine transactions (select all that apply) a) Bad debt expense b) Physical inventory c) Inventory costing d) LIFO calculation e) Cash disbursements
b) physical inventory d) LIFO Calculation
Which of the following best describes the responsibility of the auditor with respect to significant deficiencies and material weaknesses in an audit of an issuer? 1) Must be communicated to Management and the Audit Committee? 2) Results in an Adverse Opinion of the Effectiveness of Internal Control? a) 1 - Material weaknesses but not significant deficiencies 2 - Material weaknesses but not significant deficiencies b) 1 - Both significant deficiencies and material weaknesses 2 - Both significant deficiencies and material weaknesses c) 1 - both significant deficiencies and material weaknesses 2 - Material weaknesses but not significant deficiencies d) 1 - Material weaknesses but not significant deficiencies 2 - Both significant deficiencies and material weaknesses
c) 1 - both significant deficiencies and material weaknesses 2 - Material weaknesses but not significant deficiencies
Which of the following situations represents a limitation, rather than a failure, of internal control? a) A jewelry store employee steals a small necklace from a display cabinet b) a bank teller embezzles several hundred dollars from the cash drawer c) Purchasing employee and an outside vendor participate in a kickback scheme d) A movie theater cashier sells reduced-price tickets to full-paying customers and pockets the difference
c) A purchasing employee and an outside vendor participate in a kickback scheme A purchasing employee and an outside vendor participate in a kickback scheme is correct. Even a well-designed internal control system has its limitations. One example of a limitation of internal control includes deliberate circumvention of controls by collusion of two or ore people, such as when a purchasing employee and an outside vendor participate in a kickback scheme. Other limitations of internal controls include human error and management override of control
The auditor should assess control risk for each relevant assertion by evaluating the evidence obtained from all sources, including: a) Misstatements detected during the financial statement audit b) Any control deficiencies identified during the audit c) All of these answers are correct d) The auditor's testing of controls for the audit of internal control on a public company
c) All of these answers are correct
A transaction-level internal control activity is best described as a) The functioning of the board of directors in support of its audit committee b) An action taken by auditors to obtain evidence c) An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company d) A method of recording, summarizing, and reporting financial information
c) An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company
An auditor is required to document the auditor's understanding of the: I. Entity's control activities that help ensure management directives are carried out II. Entity's control environment factors that help the auditor plan the engagement a) I only b) Neither I nor II c) Both I and II d) II only
c) Both I and II
For the accounting processes below, identify which of the following would be considered routine transactions (select all that apply) a) Financial statement close b) Depreciation c) Cash receipts d) Payroll e) Bad debt expense
c) Cash receipts d) Payroll
Which of the following is an example of an operation deficiency in internal control? a) The cashier has online ability to post write-offs to accounts receivable b) Management does not have a process to identify and assess risks on a recurring basis c) Clerks who conduct monthly reconciliation of inter-company accounts do not understand the nature of the misstatements that could occur in those accounts d) The company does not have a code of conduct for employees to consider
c) Clerks who conduct monthly reconciliation of inter-company accounts do not understand the nature of the misstatements that could occur in those accounts
Which of the following types of evidence would an auditor most likely examine to determine whether internal controls are operating as designed? a) Confirmations of receivables verifying account balances b) Anticipated results documented in budgets or forecasts c) Client records documenting the use of EDP programs d) Gross margin information regarding the client's industry
c) Client records documenting the use of EDP programs
Which of the following characteristics distinguishes computer processing from manual processing? a) Most computer systems are designed so that transactions trails useful for audit purposes do not exist b) Errors in irregularities in computer processing will be detected soon after their occurrences c) Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing d) The potential for systematic error is ordinarily greater in manual processing than in computerized processing
c) Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing
Which of the following would be least likely to be included in an auditor's tests of controls? a) Inquiry b) Observation c) Confirmation d) Inspection
c) Confirmation
Which of the following components of internal control would be considered the foundation for the other components? a) Information and communication b) Control activities c) Control environment d) Risk assessment
c) Control environment
Audit evidence concerning proper segregation of duties ordinarily is best obtained by: a) Inquiring whether control activities operated consistently throughout the period b) Reviewing job descriptions prepared by the personnel department c) Direct personal observation of the employees who apply control activities d) Preparation of a flowchart of duties performed by available personnel
c) Direct personal observation of the employees who apply control activities
Which of the following activities by small business clients best demonstrates management integrity in the absence of a written code of conduct? a) Reporting regularly on the board of directors about operations and finances b) Developing and maintaining formal descriptions of accounting procedures c) Emphasizing ethical behavior through oral communication and management examples d) Documenting internal control procedures using flowcharts rather than narratives
c) Emphasizing ethical behavior through oral communication and management example
An auditor would most likely be concerned with internal controls that provide reasonable assurance about the: a) Method of assigning production tasks to employees b) Efficiency of management's decision-making process c) Entity's ability to process and summarize financial data d) Appropriate prices the entity should charge for its products
c) Entity's ability to process and summarize financial data
Which of the following is a management control method that most likely could improve management's ability to supervise company activities effectively? a) Monitoring compliance with internal control requirements imposed by regulatory bodies b) Limiting direct access to assets by physical segregation and protective devices c) Establishing budgets and forecasts to identify variances from expectations d) Supporting employees with the resources necessary to discharge their responsibilities
c) Establishing budgets and forecasts to identify variances from expectations
Which of the following levels would most likely address the risk of material misstatement by the auditor's consideration of an entity's control environment? a) Specific account balances b) Classes of transactions c) Financial statements d) Disclosures
c) Financial statements
In reporting on a non-issuer's internal control over financial reporting, an auditor should include a paragraph that describes the: a) Potential benefits from the practitioner's suggested improvements b) Changes in internal control since the prior report c) Inherent limitations in any internal control d) Documentary evidence regarding the control environment factors
c) Inherent limitations of any internal control
When the operating effectiveness of a control is not evidenced by written documentation, an auditor should obtain evidence about the control's effectiveness by: a) Mailing confirmations b) Recalculating the balance in related accounts c) Inquiry and other procedures such as observation d) Analytical procedures
c) Inquiry and other procedures such as observation
Which of the following computer-assisted auditing techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process? a) Data entry monitor b) Input controls matrix c) Integrated test facility d) Parallel simulation
c) Integrated test facility
Which of the following statements most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files? a) It is usually more difficult to compare recorded accountability with physical count of assets b) Attention is focused on the accuracy of the programming process rather than errors in individual transactions c) It is usually easier for unauthorized persons to access and alter the files d) Random error associated with processing similar transactions in different ways is usually greater
c) It is usually easier for unauthorized persons to access and alter the files
Which of the following actions should the auditor take in response to discovering a deviation from the prescribed control procedure? a) Increase sample size of tests of controls b( Report the matter to the next higher level of authority within the entity c) Make inquiries to understand the potential consequence of the deviation d) Assume that the deviation is an isolated occurrence without audit significance
c) Make inquiries to understand the potential consequence of the deviation
In which case might an auditor of an issuer render a qualified opinion on internal controls? I. When there is a scope limitation II. When there is a material weakness in internal control a) I only b) II only c) Neither I nor II d) Both I and II
c) Neither I nor II
Tests of controls in a GAAS audit are required for: a) Applying analytical procedures to financial statement balances b) Accomplishing control over the occurrence of recorded transactions c) Obtaining evidence about the operating effectiveness of client control activities d) Obtaining evidence about the financial statement assertions
c) Obtaining evidence about the operating effectiveness of client control activities
An example of a program in which the audit team would be most interested in testing automated application controls is a(n) a) Data management system software b) Operating system program c) Payroll processing program d) Utility program
c) Payroll processing program
Below is an example of a typical risk in an IT environment RISK: Unauthorized changes REQUIRED: Identify the control(s) that would best mitigate the risk a) Backup copies and program testing controls b) None of these answers are correct c) Program testing and user entity controls d) Physical terminal controls and program backup controls e) Firewalls and backup copies
c) Program testing and user entity controls
When an auditor tests the internal controls of a computerized accounting system, which of the following is true of the test data approach? a) Test data programs usually consist of all possible valid and invalid conditions regarding compliance with internal controls b) Test data programs need not be tailor-made by the auditor for each client's computer applications c) Test data are processed with the client's computer and the results are compared with the auditor's predetermined results d) Test data are coded to a dummy subsidiary so they can be extracted from the system under actual operating conditions
c) Test data are processed with the client's computer and the results are compared with the auditor's predetermined results
A report of an issuer's integrated audit must include each of the following statements except: a) Management is responsible for maintaining effective internal control b) The audit includes obtaining an understanding of internal control over financial reporting c) The audit was conducted in accordance with AICPA standards d) The auditor believes the audit provides a reasonable basis for the issued opinion
c) The audit was conducted in accordance with AICPA standards
Which of the following best describes an auditor' responsibility with respect to communicating internal control deficiencies of issuers? a) The auditor is required to communicate all deficiencies in internal control to management, deficiencies that constitute a significant deficiency to the audit committee, and deficiencies that constitute a material weakness to the full board of directors b) The auditor is not required to communicate control deficiencies to management or the audit committee unless they constitute a significant deficiency or a material weakness c) The auditor is required to communicate all deficiencies in internal control to management, and deficiencies that constitute a significant deficiency or a material weakness to management and the audit committee d) The auditor is not required to communicate control deficiencies or significant deficiencies to management, or the audit committee, but must communicate material weaknesses to both management and the audit committee
c) The auditor is required to communicate all deficiencies in internal control to management, and deficiencies that constitute a significant deficiency or a material weakness to management and the audit committee
If an auditor is obtaining an understanding of an issuer's information and communication component of internal control, which of the following factors should the auditor assess? a) The oversight responsibility over financial reporting and internal control by the board of audit committee b) The integrity and ethical values of top management c) The classes of transactions in the issuer's operations that are significant to the issuer's financial statements d) The philosophy and operating style of management to promote effective internal control over financial reporting
c) The classes of transactions in the issuer's operations that are significant to the issuer's financial statements
An auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as: a) Payroll checks with unauthorized signatures b) Deductions not authorized by employees c) Time tickets with invalid job numbers d) Overtime not approved by supervisors
c) Time tickets with invalid job numbers
Computer operations controls are typically implemented for files and data used in processing. The major objectives of these controls include each of the following except for: a) ensure that files are appropriately secured and protected from los b) Ensure that appropriate files are used in computerized processing c) ensure restricted access to the computing environment d) Ensure that files can be reconstructed from earlier versions of information used in processing
c) ensure restricted access to the computing environment
Which of the following are considered control environment factors? a) Assignment of authority and responsibility: No Detection Risk: No Integrity and ethical values: No b) Assignment of authority and responsibility: Yes Detection Risk: Yes Integrity and ethical values: Yes c) Assignment of authority and responsibility: No Detection Risk: Yes Integrity and ethical values: No d) Assignment of authority and responsibility: Yes Detection Risk: No Integrity and ethical values: Yes
d) Assignment of authority and responsibility: Yes Detection Risk: No Integrity and ethical values: Yes Control environment factors include: 1) Communication and enforcement of integrity and ethical values 2) Commitment to competence 3) Participation of those charged with governance 4) Management's philosophy and operating style 5) Organizational structure 6) Assignment of authority, responsibility, and accountability 7) Human resource policies and practices
For the accounting processes below, identify which of the following would be considered an estimate (Select all that apply) a) Payroll b) Financial statement close c) Cash receipts d) Bad debt expense e) Fair value of goodwill and other intangibles
d) Bad debt expense e) Fair value of goodwill and other intangibles
Which of the following input controls is primarily related to ensuring that all transactions are input and transactions are not input more than once? a) Valid character tests b) Limits and reasonableness tests c) Check digits d) Batch totals
d) Batch totals
Which of the following factors most likely would be considered an inherent limitation to an entity's internal control? a) The lack of resources to monitor internal controls b) The complexity of the entity's electronic order-processing system c) The ineffectiveness of the entity's audit committee d) Collusion of employees in circumventing internal controls
d) Collusion of employees in circumventing internal controls
As part of a fraud audit, a CPA wishes to identify employees with invalid Social Security numbers in the client's payroll-transaction data. Which of the following audit tests of controls using computer-assisted audit techniques would best meet the objective? a) Comparing the payroll transaction file to the employee master file to extract payments to employees who are not in the employee master file b) Randomly selecting 25 payments from the payroll report and comparing the results to employee Social Security cards to the human resources records c) Obtaining statistics on the population of the payroll file to identify unusual pay amounts to employees d) Comparing social security numbers paid in the payroll transaction file to a file of government authorized social security numbers
d) Comparing social security numbers paid in the payroll transaction file to a file of government authorized social security numbers
Which of the following is a correct statement with regard to the job responsibilities of individuals in an automated information processing environment? a) Programmers prepare data for input by converting them from manual format into machine-readable format b) Systems analysts prepare flowcharts and code the logic of the computer programs c) The control group maintains control over data files and programs used in processing transactions d) Computer operators oversee the operation of the computer for each accounting application systems
d) Computer operators oversee the operation of the computer for each accounting application system
Ini an entity under audit, employees have the opportunity to change their time worked after their time cards have been approved. This is an example of which of the following types of deficiency? a) Procedural b) Accounting c) Operating d) Design
d) Design
Which of the following are considered control environment factors? a) Detection risk: No Human resource policies and practices: No b) Detection risk: Yes Human Resource policies and practices: Yes c) Detection risk: Yes Human Resource Policies and Practices: No d) Detection risk: No Human resource Policies and Practices: Yes
d) Detection risk: No Human Resource Policies and Practices: Yes The control environment represents the collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific policies and procedures. Such factors include management's philosophy and operating style, the entity's organizational structure, the participation of those charged with governance, methods of assigning authority and responsibility, and human resource policies and practices
A client recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person's name and the individual's password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the the following statements does not reflect a limitation of the client's computer-access control? a) Employees can circumvent procedures to segregate duties b) Employees are not required to change passwords c) Employees can easily guess fellow employees' passwords d) Employees are not required to take regular vacations
d) Employees are not required to take regular vacations
If an auditor performing an integrated audit identifies one or more material weaknesses in a nonissuer's internal control, the auditor should: a) Expand the audit of internal control to identify deficiencies less severe than material weaknesses b) Disclaim an opinion on internal control c) Conclude that the financial statements are materially misstated because of the material weakness in internal control d) Express an adverse opinion on the entity's internal control
d) Express an adverse opinion on the entity's internal control
An advantage of an internal control flowchart is a) That it always provides sufficient data for the assessment of control risk b) Its relative ease of completion c) Its strict adherence to a yes/no format d) Flexibility in its application
d) Flexibility in its application
Which of the following types of control best describes procedures to ensure appropriate systems software acquisition? a) Application b) Monitoring c) Physical d) General
d) General
Which of the following controls involves manually calculating a mathematical total of a field prior to input and comparing that to a total of that field from transactions processed by the client's system? a) Hash totals: yes Batch totals: No Check Digits: Yes b) Hash totals: Yes Batch totals: Yes Check Digits: Yes c) Hash Totals: yes Batch Totals: no Check Digits: no d) Hash Totals: Yes Batch Totals: Yes Check Digits: no
d) Hash Totals: Yes Batch Totals: Yes Check Digits: no
In a financial statement audit of a nonissuer, a previously communicated significant deficiency that has not been corrected, ordinarily should be communicated again: a) Unless the entity accepts that degree of risk because of cost-benefit consideration b) Only if the deficiency has a material effect on the auditor's assessment of control risk c) Only if the deficiency is considered a material weakness d) In writing, during the current audit
d) In writing, during the current audit
Which of the following is not a possible reason why a properly designed system of internal control may fail to prevent or detect fraud? a) Management may override controls through its attitude and actions b) Collusion by two or more individuals may be used to circumvent controls c) Human error may result in inappropriate application of controls d) Inadequate segregation of duties may allow one person to both perpetrate and conceal fraudulent activity
d) Inadequate segregation of duties may allow one person to both perpetrate and conceal fraudulent activity
An audit team would use test data to test the effectiveness of a) System development controls b) Data backup and recovery controls c) Program change controls d) Input controls
d) Input controls
Which of the following statements about performing tests of controls to support a lower level of control risk is not true? a) An audit of financial statements is a cumulative process b) Prior audits may be considered by the auditor in assessing control risk in the current audit c) Observation by the auditor provides more assurance than inquiry alone d) Inquiry alone generally will support a conclusion for a lower assessed level of control risk
d) Inquiry alone generally will support a conclusion for a lower assessed level of control risk
For the accounting processes below, identify which of the following would be considered routine transactions (select all that apply) a) LIFO Calculation b) Bad debt expense c) Physical Inventory d) Inventory costing e) Cash dibursements
d) Inventory costing e) Cash disbursements
In an integrated audit of a nonissuer, if an auditor concludes that the material weakness exists as of the date specified in management's assessment, the auditor should take which fo the following actions? a) Obtain written representation from management relating to such matters b) Disclaim an opinion c) Communicate in writing to the entity's outside legal counsel that the material weakness exists d) Issue an adverse opinion
d) Issue an adverse opinion
A control deficiency would be considered a material weakness when the likelihood that potential financial statement misstatements will not be prevented, or detected/corrected, and the magnitude of such misstatements are at a minimum: a) Likelihood: Probable Magnitude: More than inconsequential b) Likelihood: Probable Magnitude: Material c) Likelihood: Reasonable Magnitude: More than inconsequential d) Likelihood: Reasonable possibility Magnitude: Material
d) Likelihood: Reasonable possibility Magnitude: Material
An entity's internal control consists of the policies and procedures established to provide reasonable assurance that specific entity objectives will be achieved. Only some of these objectives, policies, and procedures are relevant to a financial statement audit. Which one of the following would most likely be considered for testing in a financial statement audit? a) Marketing analysis of sales generated by advertising projects b) Maintenance of statistical production analyses c) Timely reporting and review of quality control results d) Maintenance of control over unused checks
d) Maintenance of control over unused checks Financial statement auditors would be concerned over the control over unused checks as they may affect the fairness of the financial statements
Management's attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity's control environment when: a) Internal auditors have direct access to those charged with governance b) External policies established by parties outside the entity affect its accounting practices c) The audit committee is active in overseeing the entity's financial reporting policies d) Management is dominated by one individual who is also a shareholder
d) Management is dominated by one individual who is also a shareholder
Internal controls are designed to provide reasonable assurance that: a) Management's planning, organizing, and directing processes are properly evaluated b) The internal auditing department's guidance and oversight of management's performance is accomplished effectively and efficiently c) Management's plan have not been circumvented by worker collusion d) Material errors or fraud would be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties
d) Material errors or fraud would be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties
If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must a) Assess the control risk at less than the maximum for all relevant assertions b) Perform only substantive procedures c) Provide additional examples of responses to assessed fraud risks relating to fraudulent financial reporting d) Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance
d) Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance
Which of the following is an engagement attribute for an audit of an entity that processes most of its financial data in electronic form without any paper documentation? a) Discrete phases of planning, interim, and year-end fieldwork b) Increased effort to search for evidence of management fraud c) Increased emphasis on the completeness assertion d) Performance of audit tests on a continuous basis
d) Performance of audit tests on a continuous basis
In assessing control risk, and auditor ordinarily selects from a variety of techniques, including: a) Comparison and confirmation b) Inspection and verification c) Inquiry and analytical procedures d) Reperformance and observation
d) Reperformance and observation
When there are numerous property and equipment transactions during the year, an auditor who plans to assess control risk at a low level usually performs: a) Analytical procedures for property and equipment balances at the end of the year b) Analytical procedures for current year property and equipment transactions c) Tests of controls and extensive tests of property and equipment balances at the end of the year d) Tests of controls and limited tests of current year property and equipment transactions
d) Tests of controls and limited tests of current year property and equipment transactions
A senior auditor conducted a dual-purpose test on a client's invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. Which fo the following lists two tests that the auditor performed? a) Substantive procedures and analytical procedures b) Substantive analytical procedures and tests of controls c) Tests of details and substantive procedures d) Tests of controls and tests of details
d) Tests of controls and tests of details
The two requirements crucial to achieving audit efficiency and effectiveness with a computer are selecting: a) Audit procedures that are generally applicable to several clients in a specific industry and the appropriate audit tasks for computer applications b) Client data that can be accessed by the auditor's computer and audit procedures that are generally applicable to several clients in a specific industry c) The appropriate software to perform the selected audit tasks and client data that can be accessed by the auditor's computer d) The appropriate audit tasks for computer applications and the appropriate software to perform the selected audit task
d) The appropriate audit tasks for computer applications and the appropriate software to perform the selected audit tasks
Which of the following statements is correct concerning significant deficiencies noted in an audit of the financial statements of a nonissuer? a) Significant deficiencies should not be re-communicated each year if management has acknowledged its understanding of such deficiencies b) Significant deficiencies are material weaknesses in the design or operation of specific internal control components c) The auditor is obligated to search for significant deficiencies that could adversely affect the entity's ability to record and report financial data d) The auditor should separately identify those significant deficiencies that are considered to be material weaknesses
d) The auditor should separately identify those significant deficiencies that are considered to be material weaknesses
Which of the following statements about internal control is correct? a) Properly maintained internal control reasonably ensures that collusion among employees cannot occur b) the establishment and maintenance of internal control is an important responsibility of the internal auditor c) Exceptionally strong internal control is enough for the auditor to eliminate substantive tests on a significant account balance d) The cost-benefit relationship is a primary criterion that should be considered in designing internal control
d) The cost-benefit relationship is a primary criterion that should be considered in designing internal control
An auditor should obtain knowledge of a client's information and communication system in order to understand each of the following except: a) How transactions are initiated, processed, and reported b) The process used to prepare financial statements c) The means used by an entity to communicate financial reporting roles to its staff d) The means used by an entity to ensure that management directives are carried out
d) The means used by an entity to ensure that management directives are carried out
In the integrated audit of an issuer, which of the following would not be considered an entity-level control? a) The board of directors' controls to monitor the activities of the audit committee b) Management's established controls to monitor results of operations c) The executive committee's process for assessing business risk d) The outside auditor's assessment process of internal auditor competence and objectivity
d) The outside auditor's assessment process of internal auditor competence and objectivity
Which of the following factors is most relevant when an auditor considers the client's organizational structure in the context of control risk? a) Management's attitude toward information processing and accounting departments b) Physical proximity of the accounting function to upper management c) The organization's recruiting and hiring practices d) The suitability of the client's lines of reporting
d) The suitability of the client's lines of reporting
Which of the following constitutes a potential risk associated with the use of information technology in an entity's internal control structure? a) The facilitation of additional analyses b) A reduction in the circumvention of controls c) A reduction in the ability to monitor the entity's activities d) Unauthorized changes to systems
d) Unauthorized changes to systems
An auditor's flowchart of a client's information system relevant to financial reporting is a diagrammatic representation that depicts the auditor's: a) Identification of weaknesses in the system b) Assessment of control risk c) Assessment of the control environment's effectiveness d) Understanding of the system
d) Understanding of the system
When companies use information technology (IT) extensively, evidence may be available only in electronic form. What is an auditor's best course of actions in such situations? a) Use audit software to perform analytical procedures b) Assess the control risk as high c) Perform limited tests of controls over electronic data d) Use generalized audit software to extract evidence from client databases
d) Use generalized audit software to extract evidence from client databases
Below is an example of a typical risk in an IT environment RISK: Destruction of infrastructure or data REQUIRED: Identify the control(s) that would best mitigate the risk a) Controls over access and backup copies b) Firewalls and password systems c) Physical controls over terminals and testing of programs and applications d) None of these answers are correct e)Physical and user entity controls
e) Physical and user entity controls