Auditing Ch 6

Ace your homework & exams now with Quizwiz!

After completing the preliminary phase of the review of internal control, the auditor decides not to rely on the system to restrict substantive procedures. Documentation may be limited to the auditor's

Understanding of the internal control.

In planning an audit of a new client, an auditor most likely would consider the methods used to process accounting information because such methods

Influence the design of internal controls.

As opposed to a manual control, an automated control

Should function consistently in the absence of program changes.

In a properly designed internal control system, the same employee may be permitted to

Sign checks and also cancel supporting documents.

The control environment component of internal control includes all of the following except

Access to computer programs

It is important for the CPA to consider the competence of the entity's employees because their competence bears directly and importantly upon the

Achievement of the objectives of the system of internal control.

If auditors conduct substantive procedures as of 10/31 for an entity with a 12/31 year-end

Additional tests likely will be performed in the remaining period

An auditor's primary consideration regarding an entity's internal controls is whether the policies and procedures

Affect the financial statement assertions.

In the audit of financial statements, an auditor's primary consideration regarding an internal control policy or procedure is whether the policy or procedure

Affects management's financial statement assertions.

The documentation of an auditor's understanding of internal controls

Can include any combination of narratives, questionnaires, or flowcharts.

Where computer processing is used in significant accounting applications, internal control activities may be defined by classifying control activities into two types: general and

Application

Before applying substantive procedures to the details of asset and liability accounts at an interim date, the auditor should

Assess the difficulty in controlling achieved audit risk for the remainder of the period.

Reports on service organizations typically

Assess whether the service organization's controls are suitably designed to achieve internal control objectives.

Which of the following statements concerning control risk is correct?

Assessing control risk and obtaining an understanding of an entity's internal controls may be performed concurrently.

A high detection risk strategy includes all of the following except

Audit work only completed at year-end.

Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of

Authorization, recording, and custody.

Of the following statements about an internal control system, which one is correct?

Because of the cost/benefit relationship, tests of controls may be applied on a test basis in some circumstances.

A customer intended to order 100 units of product Z96014, but incorrectly ordered 100 units of a nonexistent product Z96015. Which of the following controls most likely would detect this error?

Check digit verification.

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission?

Check digit.

A field test is a

Check on a field to ensure that it contains either all numeric or all alphabetic characters.

An auditor is least likely to test the internal controls that provide for

Classification of revenue and expense transactions by product line

Information and communication includes all of the following except:

Communicating price changes to customers

Assessing control risk at a lower level involves all of the following except:

Concluding that controls are ineffective.

Before applying substantive procedures to the details of accounts at an interim date (a date prior to the balance sheet date), an auditor should

Consider the availability of information at a later date that will be necessary for the auditor's procedures (e.g., electronic data).

An effective control environment

Creates a commitment to competence

General controls include all of the following except

Data validation controls.

The program flowcharting symbol representing a decision is a

Diamond.

Effective internal control in a small company that has an insufficient number of employees to permit proper division of responsibilities can best be enhanced by

Direct participation by the owner of the business in the recordkeeping activities of the business.

Audit evidence concerning proper segregation of duties ordinarily is best obtained by

Direct personal observation of the employees who apply the control activities.

In an audit of financial statements of a private company in accordance with generally accepted auditing standards, an auditor is required to

Document the auditor's understanding of the entity's internal control

Internal controls are not designed to provide reasonable assurance that

Embezzlement will be eliminated

An organizational structure is important for all of the following reasons except:

Ensuring a proper commitment to controls.

An auditor would most likely be concerned with internal control policies and procedures that provide reasonable assurance about the

Entity's ability to accurately process and summarize financial data.

In evaluating internal control, the auditor is basically concerned that the system provides reasonable assurance that

Errors and fraud have been prevented, or detected and corrected.

When an auditor increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increase the

Extent of tests of details.

An entity's control activities include all of the following except:

External auditor's tests of controls.

A reliance strategy is used when control risk has been set at high. (T/F)

FALSE

Internal control consists of six components. (T/F)

FALSE

Once a level of control risk has been established, it cannot be changed. (T/F)

FALSE

The auditor must understand internal control before assessing inherent risk. (T/F)

FALSE

Auditors are most likely to gather audit evidence solely using substantive procedures

For nonrecurring, unusual transactions

An entity's IT infrastructure refers to

Hardware components.

Assessing control risk at a lower level most likely would involve

Identifying specific internal controls relevant to specific assertions.

The auditor's communication of material weaknesses in internal control for a nonpublic company is

Incidental to the auditor's objective of forming an opinion as to the fair presentation of the financial statements.

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal controls?

Incompatible duties.

A substantive strategy differs from a reliance strategy in that a substantive strategy includes

Increased implementation of detailed tests of transactions and balances.

Based on a study and evaluation completed at an interim date, the auditor concludes that no significant internal control weaknesses exist. The records and procedures would most likely be tested again at year-end if

Inquiries and observations lead the auditor to believe that conditions within the internal control system have changed.

To obtain evidential matter about control risk, an auditor selects tests from a variety of techniques including

Inquiry.

Which of the following procedures most likely would be included as part of an auditor's tests of controls?

Inspection.

All of the following are significant deficiencies except:

Inventory is highly subject to obsolescence

Factors that the auditor should consider as increasing the effectiveness of the audit committee include all of the following except whether:

It is comprised almost exclusively of members of management, ensuring detailed knowledge of the company's operations.

After obtaining an understanding of internal controls and assessing control risk of an entity, an auditor decided not to perform tests of controls for purposes of the audit. The auditor most likely decided that

It would be inefficient to perform tests of controls that would result in a reduction in planned substantive procedures.

Management philosophy and operating style most likely would have a significant influence on an entity's control environment when

Management is dominated by one individual.

Management's attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity's control environment when

Management is dominated by one individual.

A primary purpose of internal controls is to

Meet objectives of maintaining reliable documents and records and accurate financial reporting.

Potential benefits of an entity's controls in an IT environment include all of the following except:

More accurate accounting estimates

For a complex IT system, auditors are least likely to use which of the following when documenting their understanding of internal controls?

Narratives.

For certain controls, such as segregation of duties, documentary evidence may not exist. An auditor would most likely test the procedures by

Observation and inquiry.

A procedure that would most likely be used by an auditor in performing tests of control activities that involve segregation of functions but which leave no transaction trail is

Observation.

Which of the following procedures most likely would provide an auditor with evidence about whether an entity's internal control is suitably designed to prevent or detect material misstatements?

Observing the entity's personnel applying the controls.

As part of gaining an initial understanding of internal control, an auditor is required to do all of the following except:

Obtain knowledge about the operating effectiveness of the internal control.

Assume that an auditor estimates that 10,000 checks were issued during the accounting period. If an IT application control which performs a limit check for each check request is to be subjected to the auditor's test data approach, the sample should include

One transaction

A well-prepared flowchart should make it easier for the auditor to

Perform walkthroughs.

An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts

Provide a visual depiction of the entity's activities.

The basic concept of internal control that recognizes the cost of internal control should not exceed the benefits expected to be derived is known as

Reasonable assurance.

Walkthroughs usually involve all of the following audit procedures except:

Reperformance.

A flowchart is most frequently used by an auditor in connection with the

Review of the entity's internal controls.

The auditor should consider all of the following when deciding whether substantive procedures will be performed at an interim date except:

Scheduling conflicts in the audit firm that make interim testing more convenient.

During consideration of internal control in a financial statement audit of a nonpublic company, an auditor is not obligated to

Search for significant deficiencies in the operation of internal control.

In obtaining an understanding of an entity's internal control in a financial statement audit of a nonpublic company, an auditor is not obligated to

Search for significant deficiencies in the operation of the internal control

Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent

Significant design flaws in internal controls or poor implementation of internal controls.

When documenting an entity's internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a

Symbolic representation of a system or series of sequential processes.

Which of the following is a general control that would most likely assist an entity whose systems analyst left the entity in the middle of a major project?

Systems documentation.

A substantive strategy is used when control risk has been set at high. (T/F)

TRUE

Internal control includes monitoring of controls. (T/F)

TRUE

One of the risks associated with internal control from IT is potential loss of data. (T/F)

TRUE

Tests of controls must be performed if control risk is set at a lower level. (T/F)

TRUE

The concept of internal control includes IT systems and manual systems. (T/F)

TRUE

The extent of an entity's use of IT can affect any of the components of internal control. (T/F)

TRUE

The independent auditor selects several transactions in each functional area and traces them through the entire system, paying special attention to evidence about whether or not the control activities are in operation. This is an example of a(n)

Test of controls.

A limit test is a

Test to ensure that a numerical value does not exceed some predetermined value.

Which of the following audit tests would be regarded as a test of controls?

Tests of the signatures on canceled checks to the board of directors' authorizations

After the auditor has prepared a flowchart of the internal controls surrounding sales and evaluated the design of the system, the auditor would perform tests of controls on all control activities

That the auditor plans to rely on.

The concept of reasonable assurance in the context of an entity's internal controls recognizes that

The costs of some controls may be too high to implement in relation to potential benefits.

The risk assessment component of internal control refers to

The entity's identification and analysis of risks relevant to achievement of its objectives

Proper monitoring within an internal control framework may include all of the following except:

The internal revenue service.

Which of the following is not a characteristic of a batch processed computer system?

The posting of a transaction, as it occurs, to several files, without intermediate printouts

When communicating internal control-related matters noted in an audit of a nonpublic company, an auditor's report issued on significant deficiencies should indicate that

The purpose of the audit was to report on the financial statements and not to provide assurance on internal control.

While substantive procedures may support the accuracy of underlying records, these tests frequently provide no affirmative evidence of segregation of duties because

The records may be accurate even though they are maintained by persons having incompatible functions.

An IT specialist is least likely to be necessary when

The system has not changed from the prior year.

The independent auditor should acquire an understanding of the internal audit function as it relates to the assessment of control risk because

The work performed by internal audit personnel may be a factor in determining the nature, timing, and extent of the independent auditor's procedures

As the acceptable level of detection risk increases, an auditor may change the

Timing of substantive procedures from year-end to an interim date.

The normal sequence of documents and operations on a well-prepared systems flowchart is

Top to bottom and left to right.


Related study sets

OSHA: Refueling & Battery Changing

View Set

Muscles of the Forearm That Move Wrist, Hand & Fingers

View Set

Geometry: Chapter 8 Review: Right Triangles and Trigonometry

View Set

16' BUSINESS MANAGEMENT+ ADMINISTRATION CAREER CLUSTER

View Set

Chapter 5: Roots > Bracketing Methods

View Set