17.2 Risk and Internal Control Flashcards
Accounting control should provide reasonable assurance about the achievement of management’s objectives. The concept of internal controls providing “reasonable assurance” recognizes that
A. The auditor’s primary responsibility is the detection of fraud
B. Employee carelessness can weaken an internal accounting control system
C. Control procedures should not have an adverse effect on efficiency or profitability
D. Judgmentally selected samples do not meet the criteria for statistical validity.
C. Control procedures should not have an adverse effect on efficiency or profitability
Which of the following factors are included in an entity’s control environment?
A. Organizational structure, management philosophy, and monitoring
B. Integrity and ethical values, assignment of authority, and human resource practices
C. Competence of personnel, segregation of duties, and fraud risk assessment
D. Risk assessment, assignment of responsibility, and human resource practices
B. Integrity and ethical values, assignment of authority, and human resource practices
The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives are best described as
A. Risk assessments
B. Control environments
C. Control activities
D. Monitoring activities
C. Control activities
When management of the sales department has the opportunity to override the system of internal controls of the accounting department, a weakness exists in
A. Monitoring
B. Risk management
C. The control environment
D. Information and communication
C. The control environment
An organization’s control environment encompasses the attitudes and actions of the board of directors and upper management regarding the significance of control, i.e., the “tone at the top.” One of the components of the control environment is the assignment of authority and responsibility. For example, management defines key areas of authority and responsibility by placing the information technology, financial accounting, and treasury functions under separate officers. When the management of one department can override the internal controls of another, authority and responsibility have not been properly assigned.
Which one of the following statements in regard to internal controls is not true?
A. Risk assessment is the entity’s identification and analysis of relevant risks to achievement of its objectives
B. Control environment is the foundation for all other components of internal control, providing discipline and structure
C. Monitoring is a process that penalizes managers for breakdowns in internal control
D. Control activities are the policies and procedures that help ensure that management directives are carried out
C. Monitoring is a process that penalizes managers for breakdowns in internal control
Monitoring is a process that assesses the quality of internal control performance over time to ensure that controls continue to meet the needs of the organization. The organization evaluates and communicates control deficiencies based on what is found when monitoring. Monitoring should be used to ensure internal controls are designed and operating effectively, not as a tool to assign blame to management.
Which one of the following auditor findings would most likely raise a red flag about a company’s internal control environment?
A. The company has an established independent audit committee
B. The board nominations committee selects only independent directors
C. The role of the company’s CEO and board chairman are separate
D. Only select committees of the board have access to outside attorneys
D. Only select committees of the board have access to outside attorneys
Although the need for attorneys itself does not raise a red flags, the fact that not all committees have access to attorneys may indicate a reason for concern. Such a policy may grant those committees with access an unintended amount of authority power, which may lead to fraudulent act.
Basic to a proper control environment are the quality and integrity of personnel who must perform the prescribed procedures. Which is not a factor in providing for competent personnel?
A. Segregation of duties
B. Training programs
C. Performance evaluations
D. Hiring practices
A. Segregation of duties
Human resource policies and practices are a factor in the control environment component of internal control. They affect the entity’s ability to employ sufficient competent personnel to accomplish its objectives. Policies and practices include those for hiring, orientation, training, evaluating, promoting, compensating, and remedial actions. Although control activities based on the segregation of duties are important to internal control, they do not in themselves promote employee competence.
The risk associated with auditors failing to identify material misstatements in a financial statements is referred to as
A. Control risk
B. Inherent risk
C. Detection risk
D. Unsystematic risk
C. Detection risk
Detection risk is the risk that an obstacle to an objective will not be detected before a loss has occurred.
The COSO Internal Control – Integrated Framework includes a definition of
A. Internal control and requirements of an efficient internal control system
B. Internal control and requirements of an effective internal control system
C. Data governance and requirements of an effective IT control system
D. Internal auditing and requirements of an effective internal control system
B. Internal control and requirements of an effective internal control system
The COSO Internal Control – Integrated Framework consists primarily of a definition of internal control, categories of objectives, components and related principles, and requirements of an effective system of internal control.
In the performance of an internal audit, audit risk is best defined as the risk that an auditor
A. May not have the expertise to adequately audit a specific activity
B. May not be able to properly evaluate an activity because of its poor internal accounting controls
C. Might not select documents that are in errors as part of the examination
D. May fail to detect a significant error or weakness during an examination
D. May fail to detect a significant error or weakness during an examination
Audit risk is the risk that the external auditor may unknowingly fail to modify his or her opinion on financial statements that are materially misstated. Its elements are control risk, inherent risk, and detection risk. For internal auditing, the overall audit risk extends not only to financial statements but also to unwitting failure to uncover material errors or weaknesses in the operations audited. There may be several different reasons for the failure, and these may be in risk categories such as sampling risk, detection risk, or control risk.
Which of the following is the control component that reflects the attitude and actions of the board and management regarding the significance of control within the organization?
A. Control activities
B. Control environment
C. Risk assessment
D. Monitoring
B. Control environment
According to the COSO model for internal control, the control environment reflects the attitude and actions of the board and management regarding the significance of control within the organization.
Which of the following is not a component of internal control?
A. Information and communication
B. Monitoring
C. The control environment
D. Control risk
D. Control risk
The five components of internal control described in COSO’s Internal Control – Integrated Framework are control environment, risk assessment, control activities, information and communication, and monitoring.
Audit risk consists of inherent risk, control risk, and detection risk. Which of the following statements is true?
A. Detection risk is a function of the efficiency of an auditing procedure
B. The existing levels of inherent risk, control risk, and detection risk can be changed at the discretion of the auditor
C. The risk that material misstatement will not be prevented or detected on a timely basis by internal control can be reduced to zero by effective controls
D. Cash is more susceptible to theft than an inventory of coal because it has a greater inherent risk
D. Cash is more susceptible to theft than an inventory of coal because it has a greater inherent risk
Inherent risk is the susceptibility of an assertion to material misstatement in the absence of related controls. Some assertions and related balances or classes of transactions have greater inherent risk. Thus, cash has a greater inherent risk than less liquid assets.
Which of the following characteristics related to an entity’s control environment best indicates a commitment to strong internal controls?
A. Management demonstrates independence from the board and exercises oversight of internal control
B. A small group of top-level executives controls decisions
C. The performance of individuals and teams is evaluated based on the established standards of conduct
D. The board consists of competent, experienced former senior managers of the entity
C. The performance of individuals and teams is evaluated based on the established standards of conduct
The control environment is a set of standards, processes, and structures that pervasively affects the system of internal control. A principle that relates to the control environment is an organizational commitment to integrity and ethical values by (1) setting the tone at the top, (2) establishing standards of conduct, (3) evaluating the performance of individuals and teams based on the established standards of conduct, and (4) correcting deviations in a timely and consistent manner.
According to the COSO Internal Control – Integrated Framework, which of the following terms refers to the determination that internal control components and relevant principles continue to exist in the operation of an internal control system?
A. Operating together
B. Effective
C. Functioning
D. Present
C. Functioning
An effective system of internal control requires that each of the five components of internal control and the relevant principles is present and functioning. “Functioning” refers to whether the components and relevant principles continue to exist in the operation of an internal control system.
