Chapter 6: Internal Control in a Financial Statement Audit

Ace your homework & exams now with Quizwiz!

Which of the following statements concerning control risk is correct? A. Assessing control risk and obtaining an understanding of an entity's internal controls may be performed concurrently. B. When control risk is high, an auditor is required to document the basis for that assessment. C. Control risk may be assessed sufficiently low to eliminate substantive procedures for significant accounts. D. When assessing control risk, an auditor should not consider evidence obtained in prior audits about the operation of control activities.

A. Assessing control risk and obtaining an understanding of an entity's internal controls may be performed concurrently.

An auditor's primary consideration regarding an entity's internal controls is whether the policies and procedures A. Affect the financial statement assertions. B. Prevent management override. C. Relate to the control environment. D. Reflect management's philosophy and operating style.

A. Affect the financial statement assertions.

Before applying substantive procedures to the details of asset and liability accounts at an interim date, the auditor should A. Assess the difficulty in controlling achieved audit risk for the remainder of the period. B. Investigate significant fluctuations that have occurred in the asset and liability accounts since the previous balance sheet date. C. Select only those accounts which can effectively be sampled during year-end audit work. D. Consider the compliance tests that must be applied at the balance sheet date to extend the audit conclusions reached at the interim date.

A. Assess the difficulty in controlling achieved audit risk for the remainder of the period.

A customer intended to order 100 units of product Z96014, but incorrectly ordered 100 units of a nonexistent product Z96015. Which of the following controls most likely would detect this error? A. Check digit verification. B. Record count. C. Hash total. D. Redundant data check.

A. Check digit verification

When an auditor increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increase the A. Extent of tests of details. B. Level of inherent risk. C. Extent of tests of controls. D. Level of detection risk.

A. Extent of tests of details.

An entity's IT infrastructure refers to A. Hardware components. B. Programmers. C. Software. D. Data provided by the system.

A. Hardware components.

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal controls? A. Incompatible duties. B. Management override. C. Mistakes in judgment. D. Collusion among employees.

A. Incompatible duties.

A substantive strategy differs from a reliance strategy in that a substantive strategy includes A. Increased implementation of detailed tests of transactions and balances. B. Extra tests of controls. C. Increased emphasis on verbal representations from management. D. Setting control risk at a minimum level.

A. Increased implementation of detailed tests of transactions and balances.

In planning an audit of a new client, an auditor most likely would consider the methods used to process accounting information because such methods A. Influence the design of internal controls. B. Affect the auditor's overall materiality levels. C. Assist in evaluating the planned audit assertions. D. Determine the auditor's acceptable level of audit risk.

A. Influence the design of internal controls.

To obtain evidential matter about control risk, an auditor selects tests from a variety of techniques including A. Inquiry. B. Analytical procedures. C. Calculation. D. Confirmation.

A. Inquiry.

Which of the following procedures most likely would be included as part of an auditor's tests of controls? A. Inspection. B. Reconciliation. C. Confirmation. D. Analytical procedures.

A. Inspection.

For a complex IT system, auditors are least likely to use which of the following when documenting their understanding of internal controls? A. Narratives. B. Internal control questionnaires. C. Flowcharts. D. Organization charts.

A. Narratives.

The basic concept of internal control that recognizes the cost of internal control should not exceed the benefits expected to be derived is known as A. Reasonable assurance. B. Management responsibility. C. Limited liability. D. Management by exception.

A. Reasonable assurance.

Walkthroughs usually involve all of the following audit procedures except: A. Reperformance. B. Inquiry. C. Observation. D. Inspection.

A. Reperformance.

During consideration of internal control in a financial statement audit of a nonpublic company, an auditor is not obligated to A. Search for significant deficiencies in the operation of internal control. B. Understand the internal control environment and the information system. C. Determine whether the controls relevant to audit planning have been placed in operation. D. Perform procedures to understand the design of internal control.

A. Search for significant deficiencies in the operation of internal control.

A limit test is a A. Test to ensure that a numerical value does not exceed some predetermined value. B. Check to ensure that the value in a field falls within an allowable range of values. C. Check to ensure that the data in a field have the proper arithmetic sign. D. Check on a field to ensure that it contains either all numeric or alphabetic characters.

A. Test to ensure that a numerical value does not exceed some predetermined value.

The normal sequence of documents and operations on a well-prepared systems flowchart is A. Top to bottom and left to right. B. Bottom to top and left to right. C. Top to bottom and right to left. D. Bottom to top and right to left.

A. Top to bottom and left to right.

After completing the preliminary phase of the review of internal control, the auditor decides not to rely on the system to restrict substantive procedures. Documentation may be limited to the auditor's A. Understanding of the internal control. B. Reasons for deciding not to extend the review. C. Basis for concluding that errors and fraud will be prevented. D. Completed internal control questionnaire.

A. Understanding of the internal control.

Factors that the auditor should consider as increasing the effectiveness of the audit committee include all of the following except whether: A. It is independent of management B. It is comprised almost exclusively of members of management, ensuring detailed knowledge of the company's operations. C. It asks management difficult questions. D. It interacts regularly with internal audit personnel.

B. It is comprised almost exclusively of members of management, ensuring detailed knowledge of the company's operations.

The control environment component of internal control includes all of the following except: A. Management's operating style. B. Access to computer programs. C. Organizational structure. D. Human resource policies and practices.

B. Access to computer programs.

It is important for the CPA to consider the competence of the entity's employees because their competence bears directly and importantly upon the A. Cost/benefit relationship of the system of internal control. B. Achievement of the objectives of the system of internal control. C. Comparison of recorded accountability with assets. D. Timing of the tests to be performed.

B. Achievement of the objectives of the system of internal control.

In the audit of financial statements, an auditor's primary consideration regarding an internal control policy or procedure is whether the policy or procedure A. Reflects management's philosophy and operating style. B. Affects management's financial statement assertions. C. Provides adequate safeguards over access to assets. D. Enhances management's decision-making processes.

B. Affects management's financial statement assertions.

Proper segregation of functional responsibilities in an effective system of internal control calls for separation of the functions of A. Authorization, execution, and payment. B. Authorization, recording, and custody. C. Custody, execution, and reporting. D. Authorization, payment, and recording.

B. Authorization, recording, and custody.

An auditor is least likely to test the internal controls that provide for A. Approval of the purchase and sale of marketable securities. B. Classification of revenue and expense transactions by product line. C. Segregation of the functions of recording disbursements and reconciling the bank account. D. Comparison of receiving reports and vendors' invoices with purchase orders.

B. Classification of revenue and expense transactions by product line.

Assessing control risk at a lower level involves all of the following except: A. Identifying specific controls to rely on. B. Concluding that controls are ineffective. C. Performing tests of controls. D. Analyzing the achieved level of control risk after performing tests of controls.

B. Concluding that controls are ineffective.

An effective control environment A. Allows management to identify all relevant risks. B. Creates a commitment to competence. C. Guarantees that all controls are followed as prescribed. D. Requires an internal audit function.

B. Creates a commitment to competence.

General controls include all of the following except: A. Organizational controls. B. Data validation controls. C. Access security controls. D. Application system acquisition controls.

B. Data validation controls.

Effective internal control in a small company that has an insufficient number of employees to permit proper division of responsibilities can best be enhanced by A. Employment of temporary personnel to aid in the separation of duties. B. Direct participation by the owner of the business in the recordkeeping activities of the business. C. Engaging a CPA to perform monthly bookkeeping. D. Delegation of full, clear-cut responsibility to each employee for the functions assigned to each.

B. Direct participation by the owner of the business in the recordkeeping activities of the business.

Internal controls are not designed to provide reasonable assurance that A. Transactions are executed in accordance with management's authorization. B. Embezzlement will be eliminated. C. Access to assets is permitted only in accordance with management's authorization. D. Amounts recorded for assets are compared with the actual existing assets at reasonable intervals.

B. Embezzlement will be eliminated.

In evaluating internal control, the auditor is basically concerned that the system provides reasonable assurance that A. Operational efficiency has been achieved in accordance with management plans. B. Errors and fraud have been prevented, or detected and corrected. C. Controls have not been circumvented by collusion. D. Management can not override the system.

B. Errors and fraud have been prevented, or detected and corrected.

Auditors are most likely to gather audit evidence solely using substantive procedures A. If transactions are recurring. B. For nonrecurring, unusual transactions. C. If control risk is very low. D. If the entity has a well-designed automated system.

B. For nonrecurring, unusual transactions.

Assessing control risk at a lower level most likely would involve A. Changing the timing of substantive procedures by omitting interim testing and performing the tests at year-end. B. Identifying specific internal controls relevant to specific assertions. C. Performing more extensive substantive procedures with larger sample sizes than originally planned. D. Reducing inherent risk for most of the assertions relevant to significant account balances.

B. Identifying specific internal controls relevant to specific assertions.

Management philosophy and operating style most likely would have a significant influence on an entity's control environment when A. The internal audit function reports directly to management. B. Management is dominated by one individual. C. Accurate management job descriptions delineate specific duties. D. The audit committee actively oversees the financial reporting process.

B. Management is dominated by one individual.

Management's attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity's control environment when A. External policies established by parties outside the entity affect its accounting practices. B. Management is dominated by one individual. C. Internal audit personnel have direct access to the board of directors and the entity's management. D. The audit committee is active in overseeing the entity's financial reporting policies.

B. Management is dominated by one individual.

Potential benefits of an entity's controls in an IT environment include all of the following except: A. Reduction in the risk that controls will be circumvented. B. More accurate accounting estimates. C. Consistent application of predefined business rules. D. More timely information.

B. More accurate accounting estimates.

For certain controls, such as segregation of duties, documentary evidence may not exist. An auditor would most likely test the procedures by A. Reperformance and corroboration. B. Observation and inquiry. C. Inspection and vouching. D. Confirmation and recomputation.

B. Observation and inquiry.

A procedure that would most likely be used by an auditor in performing tests of control activities that involve segregation of functions but which leave no transaction trail is A. Inspection. B. Observation. C. Reperformance. D. Reconciliation.

B. Observation.

An advantage of using systems flowcharts to document information about internal control instead of using internal control questionnaires is that systems flowcharts A. Identify whether segregation of duties prevent collusion. B. Provide a visual depiction of the entity's activities. C. Indicate whether controls are operating effectively. D. Reduce the need to observe the entity's employees performing routine tasks.

B. Provide a visual depiction of the entity's activities.

A flowchart is most frequently used by an auditor in connection with the A. Preparation of generalized computer audit programs. B. Review of the entity's internal controls. C. Use of statistical sampling in performing an audit. D. Performance of analytical procedures of account balances.

B. Review of the entity's internal controls.

The auditor should consider all of the following when deciding whether substantive procedures will be performed at an interim date except: A. The level of control risk. B. Scheduling conflicts in the audit firm that make interim testing more convenient. C. Whether business conditions will change after the interim date. D. The ability to examine the remaining period.

B. Scheduling conflicts in the audit firm that make interim testing more convenient.

As opposed to a manual control, an automated control A. Can never be circumvented. B. Should function consistently in the absence of program changes. C. Need not be tested by the auditor. D. Must be tested using the same techniques as a manual control.

B. Should function consistently in the absence of program changes.

29. The independent auditor selects several transactions in each functional area and traces them through the entire system, paying special attention to evidence about whether or not the control activities are in operation. This is an example of a(n) A. Analytical procedure. B. Test of controls. C. Substantive procedure. D. Functional test.

B. Test of controls

While substantive procedures may support the accuracy of underlying records, these tests frequently provide no affirmative evidence of segregation of duties because A. Substantive procedures rarely guarantee the accuracy of the records if only a sample of the transactions has been tested. B. The records may be accurate even though they are maintained by persons having incompatible functions. C . Substantive procedures relate to the entire period under audit, but compliance tests ordinarily are confined to the period during which the auditor is on the entity's premises. D. Many computerized procedures leave no audit trail of who performed them, so substantive procedures may necessarily be limited to inquiries and observation of office personnel.

B. The records may be accurate even though they are maintained by persons having incompatible functions.

Of the following statements about an internal control system, which one is correct? A. The maintenance of the system of internal control is an important responsibility of the internal audit function. B. Administrative controls relate directly to the safeguarding of assets. C. Because of the cost/benefit relationship, tests of controls may be applied on a test basis in some circumstances. D. Well designed internal control activities always prevent collusion among employees.

C. Because of the cost/benefit relationship, tests of controls may be applied on a test basis in some circumstances.

Before applying substantive procedures to the details of accounts at an interim date (a date prior to the balance sheet date), an auditor should A. Assess control risk at high for the assertions embodied in the accounts selected for interim testing. B. Determine that the accounts selected for interim testing are not material to the financial statements taken as a whole. C. Consider the availability of information at a later date that will be necessary for the auditor's procedures (e.g., electronic data). D. Obtain written representations from management that all financial records and related data will be made available.

C. Consider the availability of information at a later date that will be necessary for the auditor's procedures (e.g., electronic data).

The auditor's communication of material weaknesses in internal control for a nonpublic company is A. Required to enable the auditor to state that the examination has been made in accordance with generally accepted auditing standards. B. The principle reason for studying and evaluating the system of internal controls. C. Incidental to the auditor's objective of forming an opinion as to the fair presentation of the financial statements. D. Required to be included as part of the audit opinion.

C. Incidental to the auditor's objective of forming an opinion as to the fair presentation of the financial statements.

After obtaining an understanding of internal controls and assessing control risk of an entity, an auditor decided not to perform tests of controls for purposes of the audit. The auditor most likely decided that A. The available evidential matter obtained through tests of controls would not support an increased level of control risk. B. A reduction in the assessed level of control risk is justified for certain financial statement assertions. C. It would be inefficient to perform tests of controls that would result in a reduction in planned substantive procedures. D. The assessed level of inherent risk exceeded the assessed level of control risk.

C. It would be inefficient to perform tests of controls that would result in a reduction in planned substantive procedures.

The independent auditor should acquire an understanding of the internal audit function as it relates to the assessment of control risk because A. Internal audit programs, audit documents, and reports can eliminate the need for the independent auditor's staff. B. The procedures performed by the internal audit staff may eliminate the independent auditor's need for an extensive study and evaluation of internal control. C. The work performed by internal audit personnel may be a factor in determining the nature, timing, and extent of the independent auditor's procedures. D. The understanding of the internal audit function is an important substantive procedure to be performed by the independent auditor.

C. The work performed by internal audit personnel may be a factor in determining the nature, timing, and extent of the independent auditor's procedures.

Where computer processing is used in significant accounting applications, internal control activities may be defined by classifying control activities into two types: general and A. Administrative. B. Specific. C. Application. D. Authorization.

C. Application.

Information and communication includes all of the following except: A. Identifying and recording all valid transactions. B. Determining the time period in which transactions occurred. C. Communicating price changes to customers. D. Properly presenting transactions and related disclosures in the financial statements.

C. Communicating price changes to customers.

An entity's control activities include all of the following except: A. Performance reviews. B. Information processing. C. External auditor's tests of controls. D. Segregation of duties.

C. External auditor's tests of controls.

A well-prepared flowchart should make it easier for the auditor to A. Prepare audit procedure manuals. B. Prepare detailed job descriptions. C. Perform walkthroughs. D. Assess the degree of accuracy of financial data.

C. Perform walkthroughs.

Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent A. Disclosures of information that significantly contradict the auditor's going concern assumption. B. Material fraud or illegal acts perpetrated by high-level management. C. Significant design flaws in internal controls or poor implementation of internal controls. D. Manipulation or falsification of accounting records or documents from which financial statements are prepared.

C. Significant design flaws in internal controls or poor implementation of internal controls.

Which of the following is a general control that would most likely assist an entity whose systems analyst left the entity in the middle of a major project? A. Grandfather-father-son record retention. B. Input and output validation routines. C. Systems documentation. D. Check digit verification.

C. Systems documentation.

Which of the following audit tests would be regarded as a test of controls? A. Tests of the specific items making up the balance in a given general ledger account. B. Tests comparing inventory pricing to vendors' invoices. C. Tests of the signatures on canceled checks to the board of directors' authorizations. D. Tests of the additions to property, plant, and equipment by physical inspections.

C. Tests of the signatures on canceled checks to the board of directors' authorizations.

After the auditor has prepared a flowchart of the internal controls surrounding sales and evaluated the design of the system, the auditor would perform tests of controls on all control activities A. Documented in the flowchart. B. Considered to be weaknesses that might allow errors to enter the accounting system. C. That the auditor plans to rely on. D. That would aid in preventing fraud.

C. That the auditor plans to rely on.

The risk assessment component of internal control refers to A. The auditor's assessment of control risk. B. The auditor's assessment of client risk. C. The entity's identification and analysis of risks relevant to achievement of its objectives. D. The entity's monitoring of the potential for material misstatements.

C. The entity's identification and analysis of risks relevant to achievement of its objectives.

An IT specialist is least likely to be necessary when A. Data are shared extensively among systems. B. The entity participates heavily in electronic commerce. C. The system has not changed from the prior year. D. Significant audit evidence is in electronic form.

C. The system has not changed from the prior year.

As the acceptable level of detection risk increases, an auditor may change the A. Assessed level of control risk from a lower level to a higher level. B. Assurance provided by tests of controls by using a larger sample size than planned. C. Timing of substantive procedures from year-end to an interim date. D. Nature of substantive procedures from less effective to more effective procedures.

C. Timing of substantive procedures from year-end to an interim date.

Reports on service organizations typically A. Provide reasonable assurance that their financial statements are free of material misstatements. B. Ensure that the entity will not have any misstatements in areas related to the service organization's activities. C. Ensure that the auditee is billed correctly. D. Assess whether the service organization's controls are suitably designed to achieve internal control objectives.

D. Assess whether the service organization's controls are suitably designed to achieve internal control objectives.

Based on a study and evaluation completed at an interim date, the auditor concludes that no significant internal control weaknesses exist. The records and procedures would most likely be tested again at year-end if A. Compliance tests were not performed by the internal audit staff during the remaining period. B. The internal control system provides a basis for reliance in reducing the extent of substantive procedures. C. The auditor used nonstatistical sampling during interim compliance testing. D. Inquiries and observations lead the auditor to believe that conditions within the internal control system have changed.

D. Inquiries and observations lead the auditor to believe that conditions within the internal control system have changed.

When communicating internal control-related matters noted in an audit of a nonpublic company, an auditor's report issued on significant deficiencies should indicate that A. Errors or fraud may occur and not be detected because there are inherent limitations in any internal control system. B. The issuance of an unqualified opinion on the financial statements may depend on corrective follow-up action. C. The deficiencies noted were not detected within a timely period by employees in the normal course of performing their assigned functions. D. The purpose of the audit was to report on the financial statements and not to provide assurance on internal control.

D. The purpose of the audit was to report on the financial statements and not to provide assurance on internal control.

If auditors conduct substantive procedures as of 10/31 for an entity with a 12/31 year-end A. Additional tests are seldom conducted for the remaining period. B. Additional control tests are required in the remaining period. C. The entity's controls likely are ineffective. D. Additional tests likely will be performed in the remaining period.

D. Additional tests likely will be performed in the remaining period.

A high detection risk strategy includes all of the following except: A. Interim testing. B. Reduced testing of transactions. C. Heavy reliance on analytical procedures as substantive procedures. D. Audit work only completed at year-end.

D. Audit work only completed at year-end

The documentation of an auditor's understanding of internal controls A. Is optional. B. Must be exclusively in either narrative, questionnaires, or flowchart form. C. Must include flowcharts. D. Can include any combination of narratives, questionnaires, or flowcharts.

D. Can include any combination of narratives, questionnaires, or flowcharts.

Which of the following input controls is a numeric value computed to provide assurance that the original value has not been altered in construction or transmission? A. Hash total. B. Parity check. C. Encryption. D. Check digit.

D. Check digit.

A field test is a A. Test to ensure that a numerical value in a field does not exceed some predetermined value. B. Check to ensure that the value in a field falls within an allowable range of values. C. Check to ensure that the data in a field have the proper arithmetic sign. D. Check on a field to ensure that it contains either all numeric or all alphabetic characters.

D. Check on a field to ensure that it contains either all numeric or all alphabetic characters.

The program flowcharting symbol representing a decision is a A. Triangle. B. Circle. C. Rectangle. D. Diamond.

D. Diamond.

Audit evidence concerning proper segregation of duties ordinarily is best obtained by A. Preparation of a flowchart of duties performed by available personnel. B. Inquiring whether control activities operated consistently throughout the period. C. Reviewing job descriptions prepared by the Personnel Department. D. Direct personal observation of the employees who apply the control activities.

D. Direct personal observation of the employees who apply the control activities.

In an audit of financial statements of a private company in accordance with generally accepted auditing standards, an auditor is required to A. Identify specific internal control activities relevant to management's financial statement assertions. B. Perform tests of controls to evaluate the effectiveness of the entity's accounting system. C. Determine whether procedures are suitably designed to prevent or detect material misstatements. D. Document the auditor's understanding of the entity's internal control.

D. Document the auditor's understanding of the entity's internal control.

An organizational structure is important for all of the following reasons except: A. Ensuring proper accountability. B. Defining areas of authority. C. Creating clear lines of reporting. D. Ensuring a proper commitment to controls.

D. Ensuring a proper commitment to controls.

An auditor would most likely be concerned with internal control policies and procedures that provide reasonable assurance about the A. Efficiency of management's decision-making process. B. Appropriate prices that the entity should charge for its products. C. Methods of assigning production tasks to employees. D. Entity's ability to accurately process and summarize financial data.

D. Entity's ability to accurately process and summarize financial data.

All of the following are significant deficiencies except: A. Absence of appropriate reviews of transactions. B. Evidence of willful wrongdoing by lower-level employees. C. Inadequate provisions for safeguarding assets. D. Inventory is highly subject to obsolescence.

D. Inventory is highly subject to obsolescence.

A primary purpose of internal controls is to A. Form a basis for evaluating employees. B. Monitor production quality. C. Avoid clerical errors. D. Meet objectives of maintaining reliable documents and records and accurate financial reporting.

D. Meet objectives of maintaining reliable documents and records and accurate financial reporting

Which of the following procedures most likely would provide an auditor with evidence about whether an entity's internal control is suitably designed to prevent or detect material misstatements? A. Scanning the journals produced by the internal control system. B. Performing analytical procedures using data aggregated at a high level. C. Vouching a sample of transactions directly related to the controls. D. Observing the entity's personnel applying the controls.

D. Observing the entity's personnel applying the controls.

As part of gaining an initial understanding of internal control, an auditor is required to do all of the following except: A. Consider factors that affect the risk of material misstatement. B. Ascertain whether internal control policies and procedures have been placed in operation. C. Identify the types of potential misstatements that can occur. D. Obtain knowledge about the operating effectiveness of the internal control.

D. Obtain knowledge about the operating effectiveness of the internal control.

Assume that an auditor estimates that 10,000 checks were issued during the accounting period. If an IT application control which performs a limit check for each check request is to be subjected to the auditor's test data approach, the sample should include A. Approximately 1,000 test items. B. A number of test items determined by the auditor to be sufficient under the circumstances. C. A number of test items determined by the auditor's reference to the appropriate sampling tables. D. One transaction.

D. One transaction.

In obtaining an understanding of an entity's internal control in a financial statement audit of a nonpublic company, an auditor is not obligated to A. Determine whether the control activities have been placed in operation. B. Perform procedures to understand the design of the internal control policies. C. Document the understanding of the entity's internal control components. D. Search for significant deficiencies in the operation of the internal control.

D. Search for significant deficiencies in the operation of the internal control.

In a properly designed internal control system, the same employee may be permitted to A. Receive and deposit checks and also approve write-offs of customer accounts. B. Approve vouchers for payment and also sign checks. C. Reconcile the bank statements and also receive and deposit cash. D. Sign checks and also cancel supporting documents.

D. Sign checks and also cancel supporting documents.

When documenting an entity's internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a A. Pictorial presentation of the flow of instructions in an entity's internal computer system. B. Diagram which clearly indicates an organization's internal reporting structure. C. Graphic illustration of the flow of operations which is used to replace the auditor's internal control questionnaire. D. Symbolic representation of a system or series of sequential processes.

D. Symbolic representation of a system or series of sequential processes.

The concept of reasonable assurance in the context of an entity's internal controls recognizes that A. Auditors may fail to detect material misstatements. B. Proper internal controls guarantee that material misstatements will not occur. C. Proper internal controls preclude fraud. D. The costs of some controls may be too high to implement in relation to potential benefits.

D. The costs of some controls may be too high to implement in relation to potential benefits.

Proper monitoring within an internal control framework may include all of the following except: A. An external auditor. B. An effective audit committee. C. An internal audit function. D. The internal revenue service.

D. The internal revenue service.

Which of the following is not a characteristic of a batch processed computer system? A. The collection of like transactions which are sorted and processed sequentially against a master file. B. Keypunching of transactions, followed by machine processing. C. The production of numerous printouts. D. The posting of a transaction, as it occurs, to several files, without intermediate printouts.

D. The posting of a transaction, as it occurs, to several files, without intermediate printouts.

A reliance strategy is used when control risk has been set at high.

FALSE

Internal control consists of six components.

FALSE

Once a level of control risk has been established, it cannot be changed.

FALSE

The auditor must understand internal control before assessing inherent risk.

FALSE

A substantive strategy is used when control risk has been set at high.

TRUE

Internal control includes monitoring of controls.

TRUE

One of the risks associated with internal control from IT is potential loss of data.

TRUE

Tests of controls must be performed if control risk is set at a lower level.

TRUE

The concept of internal control includes IT systems and manual systems.

TRUE

The extent of an entity's use of IT can affect any of the components of internal control.

TRUE


Related study sets

Mental health exam 3 quiz questions

View Set

NU370 Week 4 PrepU: Accountability

View Set

allusions - Elijah and the Chariot of Fire to the Golden Calf

View Set