17.2 Risk and Internal Control Flashcards
Accounting control should provide reasonable assurance about the achievement of management’s objectives. The concept of internal controls providing “reasonable assurance” recognizes that
A. The auditor’s primary responsibility is the detection of fraud
B. Employee carelessness can weaken an internal accounting control system
C. Control procedures should not have an adverse effect on efficiency or profitability
D. Judgmentally selected samples do not meet the criteria for statistical validity.
C. Control procedures should not have an adverse effect on efficiency or profitability
Which of the following factors are included in an entity’s control environment?
A. Organizational structure, management philosophy, and monitoring
B. Integrity and ethical values, assignment of authority, and human resource practices
C. Competence of personnel, segregation of duties, and fraud risk assessment
D. Risk assessment, assignment of responsibility, and human resource practices
B. Integrity and ethical values, assignment of authority, and human resource practices
The policies and procedures helping to ensure that management directives are executed and actions are taken to address risks to achievement of objectives are best described as
A. Risk assessments
B. Control environments
C. Control activities
D. Monitoring activities
C. Control activities
When management of the sales department has the opportunity to override the system of internal controls of the accounting department, a weakness exists in
A. Monitoring
B. Risk management
C. The control environment
D. Information and communication
C. The control environment
An organization’s control environment encompasses the attitudes and actions of the board of directors and upper management regarding the significance of control, i.e., the “tone at the top.” One of the components of the control environment is the assignment of authority and responsibility. For example, management defines key areas of authority and responsibility by placing the information technology, financial accounting, and treasury functions under separate officers. When the management of one department can override the internal controls of another, authority and responsibility have not been properly assigned.
Which one of the following statements in regard to internal controls is not true?
A. Risk assessment is the entity’s identification and analysis of relevant risks to achievement of its objectives
B. Control environment is the foundation for all other components of internal control, providing discipline and structure
C. Monitoring is a process that penalizes managers for breakdowns in internal control
D. Control activities are the policies and procedures that help ensure that management directives are carried out
C. Monitoring is a process that penalizes managers for breakdowns in internal control
Monitoring is a process that assesses the quality of internal control performance over time to ensure that controls continue to meet the needs of the organization. The organization evaluates and communicates control deficiencies based on what is found when monitoring. Monitoring should be used to ensure internal controls are designed and operating effectively, not as a tool to assign blame to management.
Which one of the following auditor findings would most likely raise a red flag about a company’s internal control environment?
A. The company has an established independent audit committee
B. The board nominations committee selects only independent directors
C. The role of the company’s CEO and board chairman are separate
D. Only select committees of the board have access to outside attorneys
D. Only select committees of the board have access to outside attorneys
Although the need for attorneys itself does not raise a red flags, the fact that not all committees have access to attorneys may indicate a reason for concern. Such a policy may grant those committees with access an unintended amount of authority power, which may lead to fraudulent act.
Basic to a proper control environment are the quality and integrity of personnel who must perform the prescribed procedures. Which is not a factor in providing for competent personnel?
A. Segregation of duties
B. Training programs
C. Performance evaluations
D. Hiring practices
A. Segregation of duties
Human resource policies and practices are a factor in the control environment component of internal control. They affect the entity’s ability to employ sufficient competent personnel to accomplish its objectives. Policies and practices include those for hiring, orientation, training, evaluating, promoting, compensating, and remedial actions. Although control activities based on the segregation of duties are important to internal control, they do not in themselves promote employee competence.
The risk associated with auditors failing to identify material misstatements in a financial statements is referred to as
A. Control risk
B. Inherent risk
C. Detection risk
D. Unsystematic risk
C. Detection risk
Detection risk is the risk that an obstacle to an objective will not be detected before a loss has occurred.
The COSO Internal Control – Integrated Framework includes a definition of
A. Internal control and requirements of an efficient internal control system
B. Internal control and requirements of an effective internal control system
C. Data governance and requirements of an effective IT control system
D. Internal auditing and requirements of an effective internal control system
B. Internal control and requirements of an effective internal control system
The COSO Internal Control – Integrated Framework consists primarily of a definition of internal control, categories of objectives, components and related principles, and requirements of an effective system of internal control.
In the performance of an internal audit, audit risk is best defined as the risk that an auditor
A. May not have the expertise to adequately audit a specific activity
B. May not be able to properly evaluate an activity because of its poor internal accounting controls
C. Might not select documents that are in errors as part of the examination
D. May fail to detect a significant error or weakness during an examination
D. May fail to detect a significant error or weakness during an examination
Audit risk is the risk that the external auditor may unknowingly fail to modify his or her opinion on financial statements that are materially misstated. Its elements are control risk, inherent risk, and detection risk. For internal auditing, the overall audit risk extends not only to financial statements but also to unwitting failure to uncover material errors or weaknesses in the operations audited. There may be several different reasons for the failure, and these may be in risk categories such as sampling risk, detection risk, or control risk.
Which of the following is the control component that reflects the attitude and actions of the board and management regarding the significance of control within the organization?
A. Control activities
B. Control environment
C. Risk assessment
D. Monitoring
B. Control environment
According to the COSO model for internal control, the control environment reflects the attitude and actions of the board and management regarding the significance of control within the organization.
Which of the following is not a component of internal control?
A. Information and communication
B. Monitoring
C. The control environment
D. Control risk
D. Control risk
The five components of internal control described in COSO’s Internal Control – Integrated Framework are control environment, risk assessment, control activities, information and communication, and monitoring.
Audit risk consists of inherent risk, control risk, and detection risk. Which of the following statements is true?
A. Detection risk is a function of the efficiency of an auditing procedure
B. The existing levels of inherent risk, control risk, and detection risk can be changed at the discretion of the auditor
C. The risk that material misstatement will not be prevented or detected on a timely basis by internal control can be reduced to zero by effective controls
D. Cash is more susceptible to theft than an inventory of coal because it has a greater inherent risk
D. Cash is more susceptible to theft than an inventory of coal because it has a greater inherent risk
Inherent risk is the susceptibility of an assertion to material misstatement in the absence of related controls. Some assertions and related balances or classes of transactions have greater inherent risk. Thus, cash has a greater inherent risk than less liquid assets.
Which of the following characteristics related to an entity’s control environment best indicates a commitment to strong internal controls?
A. Management demonstrates independence from the board and exercises oversight of internal control
B. A small group of top-level executives controls decisions
C. The performance of individuals and teams is evaluated based on the established standards of conduct
D. The board consists of competent, experienced former senior managers of the entity
C. The performance of individuals and teams is evaluated based on the established standards of conduct
The control environment is a set of standards, processes, and structures that pervasively affects the system of internal control. A principle that relates to the control environment is an organizational commitment to integrity and ethical values by (1) setting the tone at the top, (2) establishing standards of conduct, (3) evaluating the performance of individuals and teams based on the established standards of conduct, and (4) correcting deviations in a timely and consistent manner.
According to the COSO Internal Control – Integrated Framework, which of the following terms refers to the determination that internal control components and relevant principles continue to exist in the operation of an internal control system?
A. Operating together
B. Effective
C. Functioning
D. Present
C. Functioning
An effective system of internal control requires that each of the five components of internal control and the relevant principles is present and functioning. “Functioning” refers to whether the components and relevant principles continue to exist in the operation of an internal control system.
Which of the following are components of internal control according to the COSO Internal Control – Integrated Framework?
A. Monitoring, control activities, and risk assessment
B. Function, division, and operating unit
C. Principles, framework, and process
D. Compliance, operations, and reporting
A. Monitoring, control activities, and risk assessment
According to the COSO Internal Control – Integrated Framework, the components of internal control consist of the control environment, risk assessment, control activities, information and communication, and monitoring.
According to the COSO Internal Control – Integrated Framework, which of the following statements is correct?
A. The use of outsourced service providers relieves the organization’s responsibility for its internal control
B. The framework is designed for larger, not smaller, organizations
C. The framework requires judgment in designing and conducting internal control
D. The principles in the framework change with the application of emerging technology
C. The framework requires judgment in designing and conducting internal control
The use of judgement is required when designing, implementing, and conducting internal control
One of the financial statement auditor’s major concerns is to ascertain whether internal control is designed to provide reasonable assurance that
A. Financial reporting is reliable
B. Profit margins are maximized, and operational efficiency is optimized
C. The chief accounting officer reviews all accounting transactions
D. Corporate morale problems are addressed immediately and effectively
A. Financial reporting is reliable
Internal control is designed to provide reasonable assurance of the achievement of objectives in the categories of (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with laws and regulations. Controls relevant to a financial statement audit ordinarily pertain to the objective of preparing external financial statements that are fairly presented in conformity with GAAP or another comprehensive basis of accounting.
Some account balances, such as those for pensions or leases, are the results of complex calculations. The susceptibility to material misstatements in these types of accounts is defined as
A. Detection risk.
B. Audit risk.
C. Sampling risk.
D. Inherent risk.
D. Inherent risk.
Inherent risk is the susceptibility of an assertion to a material misstatement in the absence of related controls. This risk is greater for some assertions and related balances or classes than others.
For example, complex calculations are more likely to be misstated than simple ones, and cash is more likely to be stolen than an inventory of coal. Inherent risk exists independently of the audit.
A system of internal control is effective if it provides reasonable assurance of achieving an entity’s objectives. Which of the following are objectives specified in the COSO Internal Control – Integrated Framework?
A. Specific, measurable, and obtainable.
B. Compliance, operations, and reporting.
C. Strategic, compliance, and operations.
D. Internal, external, and overall.
B. Compliance, operations, and reporting.
Internal Control – Integrated Framework, a system of internal control is effective if it provides reasonable assurance of achieving an entity’s objectives relating to operations, reporting, and compliance.
Directors, management, external auditors, and internal auditors all play important roles in creating proper control processes. Senior management is primarily responsible for
A. Ensuring that external and internal auditors oversee the administration of the system of risk management and control processes.
B. Reviewing the reliability and integrity of financial and operational information.
C. Implementing and monitoring controls designed by the board of directors.
D. Overseeing the establishment, administration, and assessment of control processes.
D. Overseeing the establishment, administration, and assessment of control processes.
Senior management’s role is to oversee the establishment, administration, and assessment of the system of risk management and control processes. Among the responsibilities of the organization’s line managers is the assessment of the control processes in their respective areas. Internal auditors provide varying degrees of assurance about the effectiveness of the risk management and control processes in select activities and functions of the organization.
Which of the following are components of internal control defined by the COSO Internal Control – Integrated Framework?
A. Internal environment, control activities, and monitoring.
B. Information and communication, control environment, and control activities.
C. Governance, risk appetite, and control environment.
D. Event identification, information and communication, and risk assessment.
B. Information and communication, control environment, and control activities.
According to the COSO Internal Control – Integrated Framework, the components of internal control consist of the control environment, risk assessment, control activities, information and communication, and monitoring.
An external auditor’s primary consideration when assessing a company’s internal control structure policies and procedures is whether they
A. Affect the financial statement assertions.
B. Relate to the control environment.
C. Prevent management override.
D. Reflect management’s philosophy and operating style.
A. Affect the financial statement assertions.
Management makes certain assertions about the financial statements (existence, rights and obligations, etc.). The goal of an audit is to assess the fair presentation of the financial statements. The auditor’s consideration of the client’s system of internal control is a means to that end.
The statement below that best illustrates the importance of personnel policies and procedures is that personnel policies and procedures
A. Are integral to an efficient control environment.
B. Should be implemented where it is cost beneficial.
C. Should be implemented where risks have been identified.
D. Should be evaluated for compliance by an external firm.
A. Are integral to an efficient control environment.
In the COSO framework, the personnel policies and procedures influence the control consciousness of personnel, so they are an integral part of an efficient control environment.
Which of the following are considered control environment factors?
Detection risk: yes/no
Personnel policies and practices: yes/no
Detection risk: no
Personnel policies and practices: yes
Human resource policies and practices are part of the control environment. They relate to hiring, orientation, training, evaluating, counseling, promoting, compensating, and remedial actions. The control environment is the component that sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for the other components. Detection risk is not part of the control environment. It is the risk that the audit procedures will fail to detect material misstatements. Thus, detection risk is a function of the effectiveness of the procedures used by the auditor.
Risk assessment is a process
A. That assesses the quality of internal control throughout the year.
B. That establishes policies and procedures to accomplish internal control objectives.
C. Designed to identify potential events that may affect the entity.
D. Of identifying and capturing information in a timely fashion.
C. Designed to identify potential events that may affect the entity.
Every organization faces risks, that is, unforeseen obstacles to the pursuit of its objectives. Risks take many forms and can originate from within or from outside the organization. Risk assessment is the process whereby management identifies the organization’s vulnerabilities.
Internal controls are designed to provide reasonable assurance that
A. Management’s plans have not been circumvented by worker collusion
B. Management’s planning, organizing, and directing processes are properly evaluated
C. Material errors or fraud will be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties
D. The internal auditing department’s guidance and oversight of management’s performance is accomplished economically and efficiently
C. Material errors or fraud will be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties
Reasonable assurance is provided when cost-effective actions are taken to restrict deviations to a tolerable level. This implies, for example, that material errors and improper or illegal acts will be prevented or detected and corrected within a timely period by employees in the normal course of performing their assigned duties. The cost-benefit relationship is considered by management during the design of systems. The potential loss associated with any exposure or risk is weighed against the cost to control it.
