Auditing CH 5
Which of the following statements is not true with respect to the auditors' report on internal control over financial reporting? A. The report will be dated as of the date of the financial statements. B. The report may be presented with the report on the entity's financial statements as a combined report. C. The report will express an opinion on the effectiveness of internal control over financial reporting. D. The auditor will issue an adverse opinion if one or more material weaknesses exist.
A. The report will be dated as of the date of the financial statements. The report would be dated as of the day that enough evidence has been gathered to support the auditors' opinion on the effectiveness of the entity's internal control.
In most audits of large entities, control risk assessment contributes to audit efficiency, which means that
Auditors will be able to reduce the cost of substantive procedures by an amount more than the control evaluation costs.
Which of the following would probably not be considered an indication of a material weakness? A.Evidence of a material misstatement. B. Overproduction by the manufacturing plant. C. Immaterial fraud committed by senior management. D. Ineffective oversight by the audit committee.
B. Overproduction by the manufacturing plant. Overproduction does not directly relate to a material misstatement of the financial statements but is an operational issue.
When completing the audit of internal controls for a public company, AS 2201 requires auditors to test
Both operating and design effectiveness. AS 2201 requires testing for both design effectiveness and operating effectiveness.
When completing the audit of internal controls for an issuer, the severity of an internal control deficiency depends on
Both the magnitude of the potential misstatement resulting from the deficiency or the deficiencies and whether there is a reasonable possibility that the company's controls will fail to prevent or detect a misstatement of an account balance or disclosure.
Which report would not be appropriate for a public accounting firm to provide on financial reporting controls? A. Unqualified—no material weaknesses found. B. Disclaimer of opinion—unable to perform all necessary procedures. C. Disclaimer of opinion—significant deficiencies exist. D. Adverse—material weaknesses exist.
C. Disclaimer of opinion—significant deficiencies exist. A disclaimer is used when the auditor's scope is limited but not when significant deficiencies exist, so it is not an appropriate report.
Which of the following is not one of COSO's objectives for internal controls? A. Compliance with applicable laws and regulations. B. Reliability of financial reporting. C. Maximization of profit. D. Efficiency and effectiveness of operations.
C. Maximization of profit.
Accounting for the numerical sequence of shipping documents is a control procedure designed to achieve the internal control objective of
Completeness
To test the operating effectiveness of a control, an audit team might use a combination of each of the following tests except for: A. Confirmation of balances. B. Observation of company operations. C. Inspection of documentation. D. Inquiry of client personnel.
Confirmation of balances.
Significant deficiencies are defined as conditions that
Could adversely affect the organization's ability to initiate, record, process, and report financial data in the financial statements.
Auditors obtain an understanding of the internal control through all of the following, except A. A walk-through of one or more transactions. B. Responses to inquiries directed to client personnel. C. Previous experience with the company. D. A substantive testing audit plan.
D. A substantive testing audit plan.
The auditor should assess control risk for each relevant assertion by evaluating the evidence obtained from all sources, including A. The auditor's testing of controls for the audit of internal control on a public company. B. Misstatements detected during the financial statement audit. C. Any control deficiencies identified during the audit. D. All of the choices are correct.
D. All of the choices are correct. Evidence obtained during the test of controls would be relevant to the assessment of control risk; misstatements detected during the audit; and control deficiencies detected during the audit would all be relevant. As a result, all of the answer choices are correct.
Which of the following information would be included in the introductory paragraph of the auditors' report on internal control over financial reporting if the report is presented separately from the auditors' report on the entity's financial statements? A. The definition of a material weakness in internal control over financial reporting. B. The fact that the auditors conducted an audit of the entity's financial statements. C. A reference to the auditors' report and opinion on the entity's financial statements. D. Statements identifying the responsibility of the auditors and management for internal control over financial reporting.
D. Statements identifying the responsibility of the auditors and management for internal control over financial reporting. Statements identifying the responsibility of the auditor and management for internal control over financial reporting would be included in the introductory paragraph.
According to the PCAOB, during the audit of internal controls for an issuer, the ultimate objective of testing the design effectiveness of internal controls is to
Determine that the company's controls will satisfy the company's control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements, if they operate as prescribed.
The primary purpose for obtaining an understanding of a nonpublic audit client's internal control is to
Determine the nature, timing, and extent of further audit tests to be performed in the audit.
Once the auditor detects a control deficiency, what step must he or she take first?
Evaluate the severity of the deficiency on the auditor's control risk assessment for that assertion. The first step an auditor is likely to take after detecting a control deficiency is to determine the impact of the severity of the deficiency on the auditor's control risk assessment for that assertion. The additional steps to be taken will depend in large part on this determination.
(T/F) Auditors of public companies do not need to determine the quality of a client's internal control; they only need to know enough to plan the audit work.
False
(T/F) Auditors should begin their evaluation of internal controls over financial reporting on a bottom-up basis, starting with the account level assertion and working up to entity-level controls.
False
(T/F) Control systems generally provide absolute assurance that the objectives of internal control are satisfied.
False
(T/F) Evaluation of internal control systems of a nonpublic entity should not be subject to cost-benefit considerations.
False
(T/F) The audit team is responsible for the client's internal control.
False
(T/F) The key person in the internal control system of a small business is the independent auditor.
False
(T/F) The most efficient means of gathering evidence about a client's internal control is to prepare a flowchart of the system.
False
(T/F) The primary reason for conducting an evaluation of a company's internal control is to provide a basis for communicating significant deficiencies.
False
(T/F) The primary reason to evaluate internal control is to formulate constructive suggestions for improvement.
False
A material weakness is a situation in which
It is reasonably possible that a material misstatement would not be detected on a timely basis.
If the auditor plans to assess control risk at less than the maximum and rely on controls, and the nature, timing, and extent of further audit procedures are based on that lower assessment, the auditor must
Obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance. When an auditor plans to reduce control risk below the maximum and rely on controls to reduce substantive testing, they must make sure that the controls have been designed and are operating effectively in order to feel comfortable relying on such controls. The auditor cannot take the client's word that the controls are operating effectively. Rather, they must test the controls.
Tests of controls in a GAAS audit are required for
Obtaining evidence about the operating effectiveness of client control activities.
The most important fundamental component of an entity's internal control is
People who operate the control system
Effectiveness of audit procedures would be reduced by
Performing procedures during the interim period as opposed to at the fiscal year-end date.
Example of preventative control
Separation of duties between the payroll and personnel departments.
(T/F) A control activity is an action taken to prevent, detect, and correct errors and frauds in transactions.
True
(T/F) Auditors can stop the assessment of control risk for nonpublic entities for either effectiveness or efficiency reasons.
True
(T/F) Auditors do not need to perform tests of controls on internal control activities that are evaluated as weak just to prove that the weaknesses actually exist.
True
(T/F) Auditors perform tests of control activities to determine how the company's controls actually functioned during the period under audit.
True
(T/F) Dual-purpose audit tests are procedures that produce both control and substantive evidence.
True
(T/F) Tests of controls consist of procedures designed to produce evidence of how effectively the client's controls work in practice.
True
(T/F) The COSO report indicates that internal control should be considered a process, not an end in itself.
True
(T/F) The attitudes of managers and directors are probably the most pervasive influences on the control environment.
True
(T/F) The audit task of control risk assessment involves finding out what the company does to prevent, detect, and correct errors and fraud.
True
(T/F) The auditor's opinion on internal control under AS 2201 relates only to controls existing at the end of the year.
True
(T/F) The most important feature of an internal control system is the people who make the system work.
True
Vouch recorded sales invoices to supporting shipping documents.
Type: Dual purpose Assertion: occurrence/existence
Inspect recorded sales invoices for credit approval
Type: Test of controls Assertion: Valuation, occurrence
Recalculate the arithmetic accuracy of the recorded sales invoices.
Type: dual purpose Assertion: accuracy/valuation
Select a sample of shipping documents from the shipping department file and trace shipments to recorded sales invoices.
Type: dual purpose Assertion: completeness
Trace recorded sales invoices to posting in the general ledger control account and in the correct customer's account.
Type: dual purpose Assertion: completeness
Compare the shipment date of recorded sales invoices with the invoice record date.
Type: dual purpose Assertion: cutoff/completeness
Vouch sales invoices and shipping documents.
Type: dual purpose Assertion: occurence/ existence
Send confirmations to all customers regarding accounts receivable.
Type: substantive Assertion: existence
Calculate an estimate of the allowance for doubtful accounts using prior relations of write-offs and sales.
Type: substantive Assertion: valuation
Evaluate the adequacy of the allowance for doubtful accounts.
Type: substantive Assertion: valuation
Obtain financial statements or credit reports on large past due accounts and inquire of the credit manager about collections.
Type: substantive Assertion: valuation
Vouch recorded sales invoices prices to the approved price list
Type: test of controls Assertion: accuracy
Scan recorded sales invoices and shipping documents for missing numbers in sequence.
Type: test of controls Assertion: completeness
When completing the audit of internal controls for a public company, the PCAOB requires auditors to audit internal controls over
financial reporting AS 2201 applies to financial reporting controls only.
auditors' requirements regarding internal control for nonpublic and public entities
nonpublic: understand, document, and evaluate control risk public: understand, document, evaluate control risk, and test controls
When completing the audit of internal controls for a public company, AS 2201 requires auditors to report on
the audit of internal controls NOT Management's Report on Internal Control
The most efficient means of gathering evidence about the internal control is to conduct a formal interview with knowledgeable managers and
use internal control questionnaire