1.16.18 Flashcards

1
Q

To provide assurance that each voucher is submitted and paid only once, an auditor most likely would examine a sample of paid vouchers and determine whether each voucher is

A

Stamped “paid” by the check signer.

To provide assurance that voucher documentation is not used to support a duplicate payment, the individual responsible for cash disbursements should examine the voucher and determine the appropriateness of the supporting documents, sign the check, cancel the payment documents, and mail the check to the vendor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Samples to test controls are intended to provide a basis for an auditor to conclude whether

A

The controls are operating effectively.

Tests of controls obtain evidence about the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Tests of controls address (1) how they were applied at relevant times during the period, (2) by whom or by what means they were applied, and (3) the consistency of their application during the period. Prior to performing tests of controls, the auditor evaluates whether they are suitably designed to prevent, or detect and correct, material misstatements in relevant assertions (AU-C 330).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If the auditor intends to rely on the operating effectiveness of relevant controls, which test of controls is necessary to obtain sufficient appropriate evidence?

A

Inquiry.

According to AU-C 330, an auditor’s tests of controls include other audit procedures in combination with inquiry. For this purpose, inquiry combined with inspection, reperformance, or recalculation may be preferable to inquiry and observation. Observation is relevant only at a moment in time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An auditor may compensate for a high assessed risk of material misstatement by

A

Increasing the extent of substantive analytical procedures.

When designing further audit procedures, the auditor obtains more persuasive evidence the higher the risk assessment. Thus, the auditor may increase the quantity of evidence or obtain more relevant or reliable evidence. Furthermore, the extent of audit procedures generally increases as the RMMs increase. For example, the auditor may increase sample sizes or perform more detailed substantive analytical procedures (AU-C 330).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Before sending or receiving EDI messages, a company should

A

Execute a trading partner agreement with each of its customers and suppliers.

Before sending or receiving EDI messages, a company should execute a trading partner agreement with its customers and suppliers. For example, all parties should understand (1) their responsibilities, (2) the messages each will initiate, (3) how they will interpret messages, (4) the means of authenticating and verifying the completeness and accuracy of messages, (5) the moment when the contract between the parties is effective, and (6) the required level of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Each of the following broker-dealer relationships impairs auditor independence with respect to a broker-dealer issuer audit client except

A

The auditor has a cash balance in a brokerage account that is fully covered by the Securities Investor Protection Corporation.

Under SEC Independence Standards, an accountant is not independent when (1) the accounting firm, (2) any covered person in the firm, or (3) any of the covered person’s immediate family members has any brokerage or similar accounts maintained with a broker-dealer that is an audit client if (1) the accounts include any asset other than cash or securities or (2) the value of the assets in the accounts exceeds the amount that is subject to a Securities Investor Protection Corporation advance for those accounts. Thus, a cash balance in a brokerage account that is fully insured under the Securities Investor Protection Act (SIPA) does not impair independence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Under SEC Independence Standards, an accountant is not independent when (1) the accounting firm, (2) any covered person in the firm, or (3) any of the covered person’s immediate family members has any brokerage or similar accounts maintained with a broker-dealer that is an audit client if (1) the accounts include any asset other than cash or securities or (2) the value of the assets in the accounts exceeds the amount that is subject to a Securities Investor Protection Corporation advance for those accounts. Thus, a cash balance in a brokerage account that is fully insured under the Securities Investor Protection Act (SIPA) does not impair independence.

A

The assessment of the risks of material misstatement permits the auditor to rely on the controls.

Although controls appear to be effective based on the understanding of internal control, the auditor should perform tests of controls when the assessment of the RMMs at the relevant assertion level includes an expectation of their operating effectiveness. This expectation reflects the auditor’s intention to rely on the controls in determining the nature, timing, and extent of substantive procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A university does not have a centralized receiving function for departmental purchases of books, supplies, and equipment. Which of the following controls will most effectively prevent payment for goods not received, if performed prior to invoice payment?

A

Vendor invoices should be approved by a departmental supervisor other than the employee ordering the goods.

The departmental supervisors are the most likely to be aware of the goods received by their departments. Moreover, separating ordering authority from payment authority will prevent unauthorized purchases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A CPA’s retention of client-provided records as a means of enforcing payment of an overdue audit fee is an action that is

A

Prohibited under the AICPA Code of Professional Conduct.

The Code defines client-provided records as “accounting or other records belonging to the client that were provided to the member by or on behalf of the client.” The retention (after a request is made for them) of client-provided records to enforce payment or for any other purpose is prohibited. Such an act is deemed to be discreditable to the profession.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following types of evidence should an auditor most likely examine to determine whether internal controls are operating as designed?

A

Client records documenting the use of computer programs.

In testing controls over the computer processing function, the auditor should obtain evidence of proper authorization of access to computer programs and files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When assessing the competence of the internal auditors, an auditor should obtain information about the

A

Quality of the internal auditors’ working paper documentation.

Concerning the competence of the internal auditor, it is important to establish the quality of the work. The auditor should obtain information about (1) educational level and professional experience; (2) professional certification and continuing education; (3) audit policies, programs, and procedures (related to competence); (4) practices regarding assignment of internal auditors; (5) supervision and review of the internal auditor’s activities; (6) quality of documentation; and (7) performance evaluation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Upon receipt of customers’ checks in the mail room, a responsible employee should prepare a remittance listing that is forwarded to the cashier. A copy of the listing should be sent to the

A

Accounts receivable bookkeeper to update the subsidiary accounts receivable records.

The individuals with recordkeeping responsibility should not have custody of cash. They should use either the remittance advices or a listing of the remittances to make entries to the cash and accounts receivable control account and to the subsidiary accounts receivable records. Indeed, having different people make entries in the control account and in the subsidiary records is an effective control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If internal control is properly designed, the same employee may be permitted to

A

Sign checks and also cancel supporting documents.

Checks for disbursements should be signed by an officer, normally the CFO, after necessary supporting evidence has been examined. The documentation typically consists of a voucher, purchase order, receiving report, and a vendor invoice. Canceling vouchers and supporting papers (with perforations, ink, etc.) upon payment of the voucher prevents the payment of a duplicate voucher. If the person signing the check cancels the documents, they cannot be recycled for duplicate payments. Securing the paid-voucher file from access by the accounts payable clerk is another effective control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A client who recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password. Each UIC is a person’s name, and the individual’s password is the same as the UIC. Users are not required to change their passwords at initial log-in nor do passwords ever expire. Which of the following statements does not reflect a limitation of the client’s computer-access control?

A

Employees are not required to take regular vacations.

To be effective, passwords should consist of random letters, symbols, and numbers. They should not contain words or phrases that are easily guessed. Proper user authentication by means of passwords requires procedures to ensure that the valid passwords generated are known only by appropriate individuals. Moreover, passwords should be changed frequently so that the maximum retention period (the period during which they may be compromised) is relatively short. However, a minimum retention period should be required so that users cannot change passwords back to their old, convenient forms. Another weakness in access control is that different passwords are not required to perform different functions, e.g., to obtain access, to read certain files, or to update certain files. Use of separate passwords is a means of segregating duties. However, the password security system is unrelated to the absence of a requirement to take vacations. Nevertheless, such requirement may be appropriate for personnel in a position to embezzle funds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In obtaining an understanding of internal control, the auditor may trace several transactions through the control process, including how the transactions interface with any service organizations whose services are part of the information system. The primary purpose of this task is to

A

Determine whether the controls have been implemented.

The understanding should include information about the design of relevant controls and determining whether they have been implemented by the entity and by service organizations whose services are part of the entity’s information system. Tracing a few transactions through the control process (a walkthrough) should provide that evidence. A walkthrough follows transactions from origination through the entity’s processes, including IT systems, until they are reflected in the entity’s financial records (AS 2110).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An accounting firm’s independence is most likely to be impaired when

A

The firm and the client have a material cooperative arrangement.

Independence is impaired if, during the engagement or at the time of expressing an opinion, a member’s firm had any material cooperative arrangement with the client. A cooperative arrangement involves joint participation in a business activity. However, joint participation in a business activity is not a cooperative arrangement when the participants (1) do not have a common understanding, arrangement, or agreement; (2) are not responsible for the other’s activities or results; and (3) are not agents for each other.

17
Q

When the shipping department returns nonconforming goods to a vendor, the purchasing department should send to the accounting department the

A

Debit memo.

A debit memo indicates a reduction in the amount owed to a vendor because goods have been returned. The debit memo authorizes the accounting department to debit the appropriate payable.

18
Q

Under effective internal controls, the Sales Department should be responsible for which of the following activities?

A

Approval of the return of defective merchandise.

To ensure that the sales returns and allowances function is effective, proper controls must be established, including a segregation of duties. The Sales Department should be responsible for the initial approval of sales returns and allowances.

19
Q

Which of the following statements is true concerning the security of messages in an electronic data interchange (EDI) system?

A

Encryption performed by physically secure hardware devices is more secure than encryption performed by software.

Physically secure hardware for performing encryption is under the direct control of the client. Software is not easily controlled because it is portable. More control is achieved with the hardware approach. However, in the business environment, most encryption applications rely on software.

20
Q

Internal controls are designed to provide reasonable assurance that

A

Material errors or fraud will be prevented, or detected and corrected, within a timely period by employees in the course of performing their assigned duties.

Cost-effective controls should restrict deviations to a tolerable rate. Thus, material errors and improper or illegal acts should be prevented, or detected and corrected, within a timely period by employees in the normal course of performing their assigned duties. Accordingly, the cost-benefit relationship is considered by management during the design of systems, and the potential loss associated with any exposure or risk is weighed against the cost to control it.