Chapter 6 MC Questions
In order to be able to set control risk at a lower level, the auditor must do all of the following except: A) Identify all general IT controls. B) Identify specific controls that will be relied upon. C) Perform tests of controls. D) Conclude on the achieved level of control risk.
A) Identify all general IT controls
An auditor's primary consideration regarding an entity's internal controls is whether the policies and procedures A. Affect the financial statement assertions. B. Prevent management override. C. Relate to the control environment. D. Reflect management's philosophy and operating style.
A. Affect the financial statement assertions.
Which of the following statements concerning control risk is correct? A. Assessing control risk and obtaining an understanding of an entity's internal controls may be performed concurrently. B. When control risk is high, an auditor is required to document the basis for that assessment. C. Control risk may be assessed sufficiently low to eliminate substantive procedures for significant accounts. D. When assessing control risk, an auditor should not consider evidence obtained in prior audits about the operation of control activities.
A. Assessing control risk and obtaining an understanding of an entity's internal controls may be performed concurrently.
Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent A. Significant deficiencies in the design or operation of the internal control B. Manipulation or falsification of accounting records or documents from which financial statements are prepared C. Material fraud or illegal acts perpetrated by high-level management D. Disclosures of information that significantly contradict the auditor's going concern assumption
A. Significant deficiencies in the design or operation of the internal control
For nonpublic companies with preliminary control risk assessments set at high, auditors are likely to: A) Use a reliance strategy. B) Complete little or no tests of controls. C) Complete interim testing of account balances. D) Test controls extensively.
B) Complete little or no tests of controls.
Auditors obtain an understanding of a nonpublic entity's internal control for the primary purpose of: A) Gathering sufficient evidence to provide a reasonable basis for an opinion on the financial statements. B) Determining the nature, extent, and timing of subsequent audit procedures to be performed. C) Determining whether interim audit testing is appropriate. D) Providing documentary evidence to present to the audit committee.
B) Determining the nature, extent, and timing of subsequent audit procedures to be performed.
The auditor may document the achieved level of control risk using all of the following except: A) Structured working papers. B) Flowcharts. C) Internal control questionnaire. D) A memorandum.
B) Flowcharts.
Which of the following is a proper reason for not conducting tests of controls for nonpublic companies? A) The internal control structure appears very strong. B) The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk. C) The company does not have any flowcharts of its system available for review. D) The auditor prefers the control risk to be the minimum.
B) The procedures require more audit effort than the projected benefits to be obtained from lowering the control risk.
Which of the following audit techniques would most likely provide an auditor with the most assurance about the effectiveness of the operation of a control? A. Walk though B. Re performance of the control by the auditor C. Observation of entity personnel D. Inquiry of entity personnel
B. Re performance of the control by the auditor
The effectiveness of internal control is reduced by: A) Computerized accounting records. B) Flowcharts. C) Human errors or mistakes. D) Both a and c.
C) Human errors or mistakes.
Which of the following is not considered a general control? A) Back up and disaster recovery controls. B) Password protection on the central server. C) Reconciliation of payroll record count with the number of active employees. D) Requiring change authorization forms on all program software.
C) Reconciliation of payroll record count with the number of active employees.
Internal controls are designed to achieve company objectives in all of the following areas except: A) Safeguarding of assets. B) Reliability of financial reporting. C) Reduction of debt financing costs. D) Compliance with laws and regulations.
C) Reduction of debt financing costs.
The auditor must report the following to the audit committee or others charged with governance: A) Only material weaknesses. B) Only significant deficiencies. C) Significant deficiencies and material weaknesses. D) All control deficiencies identified during the audit.
C) Significant deficiencies and material weaknesses.
SOC 1, Type 2 reports by the service organization's auditor typically A. Provide reasonable assurance that their financial statements are free of material misstatements B. Ensure that the entity will not have any misstatements in areas related to the service organization's activities C. Assess whether the service organization's controls are suitably designed and operating effectively D. Ensure that the entity is billed correctly
C. Assess whether the service organization's controls are suitably designed and operating effectively
After obtaining an understanding of an entity's internal control system, an auditor may set control risk at high for some assertions because he or she A. Determines that the pertinent internal control components are not well documented B. Performs tests of controls to restrict detection risk to an acceptable level C. Believes the internal controls are unlikely to be effective D. Identifies internal controls that are likely to prevent material misstatements
C. Believes the internal controls are unlikely to be effective
Assessing control risk below high involves all of the following except A. Analyzing the achieved level of control risk after performing tests of controls B. Performing tests of controls C. Concluding that controls are ineffective D. Identifying specific controls to rely on
C. Concluding that controls are ineffective
An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus? A. Data capture controls B. Output controls C. General controls D. Application controls
C. General controls
Regardless of the assessed level of control risk, an auditor would perform some A. Tests of controls to determine the effectiveness of internal controls B. Analytical procedures to verify the design of internal controls C. Substantive procedures to restrict detection risk for significant transaction classes D. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk
C. Substantive procedures to restrict detection risk for significant transaction classes
Monitoring is a major component of the COSO Internal Control Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component? A. Monitoring can be conducted as a separate evaluation B. Monitoring can be an ongoing process C. The independent auditor can serve as part of the entity's control environment and continuous monitoring D. Monitoring and other audit work conducted by internal audit staff can reduce external audit costs
C. The independent auditor can serve as part of the entity's control environment and continuous monitoring
Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective? A) Effectiveness and efficiency of operations. B) Reliability of financial reporting. C) Compliance with applicable laws and regulations D) All of the above
D) All of the above
Which of the following represents the correct sequence of audit steps that come after first obtaining an understanding and documenting the entity's internal control? A) Test of Controls, Assess Control Risk, Determine Extent of Substantive Tests, Reassess Control Risk. B) Assess Control Risk, Test of Controls, Determine Extent of Substantive Testing, Reassess Control Risk. C) Assess Control Risk, Determine Extent of Substantive Testing, Test of Controls, Reassess Control Risk. D) Assess Control Risk, Test of Controls, Reassess Control Risk, Determine Extent of Substantive Testing.
D) Assess Control Risk, Test of Controls, Reassess Control Risk, Determine Extent of Substantive Testing.
A reliance strategy is chosen when the auditor: A) Plans on conducting tests of controls. B) Has set the control risk at a high level. C) Has set the control risk at a lower level. D) Both a and c.
D) Both a and c.
Understanding each of the components of internal control provides knowledge about: A) The design of tests of controls. B) The assessment of inherent risks. C) Factors that affect the risk of material misstatement. D) Both a and c.
D) Both a and c.
Which of the following is not one of the five major components of internal control? A) Risk assessment. B) Control activities. C) Information and communication system. D) Human resource background checks.
D) Human resource background checks.
Which of the following statements regarding auditor documentation of the entity's internal control is correct? A) Documentation must include narrative memorandums. B) No documentation is necessary to satisfy GAAS, however, oral inquiry is required at minimum. C) Internal control questionnaires are specifically tailored to meet the needs of each individual entity. D) No one particular form of documentation is necessary, and the extent of documentation may vary.
D) No one particular form of documentation is necessary, and the extent of documentation may vary.
The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by A. Inspection of documents prepared by a third-party but which contain the initials of those applying entity controls B. Inquiries of employees who apply control activities C. Inspection of a flowchart of duties performed and available personnel D. Observation by the auditor of the employees performing control activities
D. Observation by the auditor of the employees performing control activities
An auditor's flowchart of an entity's accounting system is a diagrammatic representation that depicts the auditor's A. Understanding of the types of fraud that are probable, given the present system B. Program for tests of controls C. Documentation of the study and evaluation of the system D. Understanding of the system
D. Understanding of the system