Chapter 6

Which of the following represent a common categorization of control activities? A. Authorization controls, performance reviews, information-processing controls, physical controls, and segregation of duties. B. Authorization controls, control over human error, information-processing controls, physical controls, and segregation of duties. C. Authorization controls, information-processing controls, physical controls, and segregation of duties. D. Authorization controls, control over human error, information-processing controls, and segregation of duties.

A. Authorization controls, performance reviews, information-processing controls, physical controls, and segregation of duties.

In obtaining an understanding of an entity's internal control relevant to audit planning, an auditor is required to obtain knowledge about the A. Design of the controls pertaining to internal control components. B. Controls related to each principal transaction class and account balance. C. Consistency with which controls are currently being applied. D. Effectiveness of controls that have been implemented.

A. Design of the controls pertaining to internal control components.

Which three of the following are included in common inherent limitation in internal control? (Select all that apply.) A. Ineffective understanding of the purpose of a control B. Collusion by two or more individuals to circumvent a control C. A control within a software that cannot be overridden or disabled D. Human error that results in a breakdown in internal control

A. Ineffective understanding of the purpose of a control B. Collusion by two or more individuals to circumvent a control D. Human error that results in a breakdown in internal control

A letter issued regarding significant deficiencies relating to an entity's internal control observed during an audit of financial statements should include a A. Restriction on the distribution of the report. B. Paragraph describing management's evaluation of the effectiveness of the control structure. C. Description of tests performed to search for material weaknesses. D. Statement of compliance with applicable laws and regulations.

A. Restriction on the distribution of the report.

When considering the internal control structure, an auditor should be aware of the concept of reasonable assurance, which recognizes that A. The cost of an entity's internal control structure should not exceed the benefits expected to be derived. B. Establishing and maintaining the internal control structure is an important responsibility of management. C. Internal control policies and procedures may be ineffective due to mistakes in judgment and personal carelessness. D. Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.

A. The cost of an entity's internal control structure should not exceed the benefits expected to be derived.

Which two of the following principles are within the monitoring component of the seventeen COSO principles of internal control? (Select all that apply.) A. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. B. The organization communicates with external parties regarding matters affecting the functioning of internal control. C. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate. D. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.

A. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning. C. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.

Internal control is defined as: A. a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting, and compliance. B. the entity's system to ensure that management and those charged with governance of the entity have quality information for decision making. C. the entity's system to prevent, or detect and correct, misstatements in the financial statements. D. a process, implemented by management, to ensure the integrity of the entity's management information system.

A. a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting, and compliance.

A management letter: A. contains recommendations for improving significant deficiencies and material weaknesses in internal control discovered during the course of the audit. B. is only required for public company audits. C. is written by management to the auditor at the start of the audit. D. lists only the material weaknesses discovered during the audit.

A. contains recommendations for improving significant deficiencies and material weaknesses in internal control discovered during the course of the audit.

An auditor normally obtains an understanding of transaction-level controls by: A. performing a system walkthrough. B. reading the prior year's management letter. C. testing the entity's risk assessment process. D. conducting an interview with senior management.

A. performing a system walkthrough.

The control environment: A. sets the tone of an entity with respect to internal control and influences the control consciousness of its people. B. is focused on how the entity addresses information technology risks. C. directly addresses adequacy of segregation of duties. D. only applies to public companies.

A. sets the tone of an entity with respect to internal control and influences the control consciousness of its people.

What does COSO define as a process effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting and compliance? A. Risk assessment B. Internal control C. Compliance D. Reporting

B. Internal control

When an auditor identifies internal control deficiencies, what levels of internal control deficiencies must be reported to those charged with governance of the entity? A. Material weaknesses only. B. Significant deficiencies and material weaknesses in internal control. C. Deficiencies and significant deficiencies in internal control. D. Significant deficiencies only.

B. Significant deficiencies and material weaknesses in internal control.

Documenting internal controls: A. is not done for smaller clients because of the risk of management override. B. can be handled with a combination of narratives and flowcharts or logic diagrams. C. is always handled through the use of checklists and preformatted questionnaires. D. is done after internal controls are tested so that the results can be included in the documentation.

B. can be handled with a combination of narratives and flowcharts or logic diagrams.

The internal control component that addresses how an organization holds an individual accountable for his or her internal control responsibilities in pursuit of objectives is related to: A. information and communication. B. the control environment. C. control activities. D. risk assessment.

B. the control environment.

In a good system of segregation of duties, which of the following duties should be segregated? A. Authorization of transactions, physical access to assets, and management. B. Physical access to assets, recording of transactions, and consideration. C. Authorization of transactions, physical access to assets, and recording transactions. D. Authorization of transactions, recording transactions, and management.

C. Authorization of transactions, physical access to assets, and recording transactions.

A primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with A. A basis from which to modify tests of controls. B. Audit evidence to use in reducing detection risk. C. Knowledge necessary to assess the risk of misstatement. D. Information necessary to prepare flowcharts.

C. Knowledge necessary to assess the risk of misstatement.

Immediately upon receipt of cash, a responsible employee should A. Record the amount in the cash receipts journal. B. Prepare a deposit slip in triplicate. C. Prepare a remittance listing. D. Update the subsidiary accounts receivable records

C. Prepare a remittance listing.

Which of the following factors is most likely to affect the extent of the documentation of the auditor's understanding of a client's system of internal controls? A. The relationship between management, the board of directors, and external stakeholders. B. The industry and the business and regulatory environments in which the client operates. C. The degree to which information technology is used in the accounting function. D. The degree to which the auditor intends to use internal audit personnel to perform substantive tests.

C. The degree to which information technology is used in the accounting function.

An entity's risk assessment process: A. is designed to help an entity think about risk in the same way that an auditor thinks about risk. B. never allows management of an entity to decide to accept a risk without taking any action. C. is the entity's process for identifying and responding to business risks and the results of those risks. D. is established only if the entity is subject to unusually high risk.

C. is the entity's process for identifying and responding to business risks and the results of those risks.

The purpose of the management letter is to ________. A. inform management of the auditors pending desire to withdraw from the engagement B. request management confirm the makeup and composition of its board of directors and any associated conflicts of interest C. meet the auditor's responsibility for communicating internal control matters in writing on a timely basis with those charged with governance D. meet the auditor's responsibility for communicating external control matters in writing on a timely basis with those charged with governance

C. meet the auditor's responsibility for communicating internal control matters in writing on a timely basis with those charged with governance

The objectives of internal control include: A. operations objectives, control environment objectives, and financial reporting objectives. B. risk assessment objectives, compliance objectives, and reporting objectives. C. operations objectives, reporting objectives, and compliance objectives. D. operations objectives, internal control objectives, and financial reporting objectives.

C. operations objectives, reporting objectives, and compliance objectives.

If the auditor is able to collect evidence that IT general controls are strong, then the auditor can conclude that: A. the risk of batch totals failing to detect misstatements is low. B. IT transactions are adequately supported by source documents. C. software applications are more likely to operate consistently over time. D. application controls function properly and put the correct transactions on exception reports.

C. software applications are more likely to operate consistently over time.

It is important for an auditor to understand a public company's system of internal control in order to: A. audit internal control over financial reporting. B. make a preliminary assessment of control risk. C. develop an audit strategy. D. All of these answer choices are correct.

D. All of these answer choices are correct.

Management's attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity's control environment when A. External policies established by parties outside the entity affect its accounting practices. B. The audit committee is active in overseeing the entity's financial reporting policies. C. Internal auditors have direct access to the board of directors and entity management. D. Management is dominated by one individual who is also a shareholder.

D. Management is dominated by one individual who is also a shareholder.

Which of the following is a good example of an IT application control over the occurrence of revenue transactions? A. Strong segregation of duties exists between IT operations and IT program development. B. Physical access to IT systems is limited only to specific personnel who work in the revenue cycle. C. The software changes to the revenue program must be tested and authorized before they may be used with live data. D. The software application compares information on a sales invoice with information from the bill of lading to ensure that sales invoices are only prepared for actual shipments. Any exceptions are not processed and are set aside for manual follow-up.

D. The software application compares information on a sales invoice with information from the bill of lading to ensure that sales invoices are only prepared for actual shipments. Any exceptions are not processed and are set aside for manual follow-up.