3.03 - UNDERSTANDING THE I/C STRUCTURE Flashcards
3.03 - UNDERSTANDING THE I/C STRUCTURE
Proper segregation of duties reduces the opportunities to allow persons to be in positions to both
A) Establish internal controls and authorize transactions.
B) Perpetuate and conceal errors and irregularities.
C) Journalize entries and prepare financial
statements.
D) Record cash receipts and cash disbursements
B) Perpetuate and conceal errors and irregularities.
Proper segregation of duties consists of…
- segregating authorization of transactions,
- recording of transactions,
- custody of the related assets, and
- comparisons of reports and source documents.
Proper segregation of duties will reduce the opportunity for employees to perpetuate and conceal errors and irregularities.
3.03 - UNDERSTANDING THE I/C STRUCTURE
During an audit of a nonissuer’s financial
statements, an auditor should perform tests of controls to obtain sufficient appropriate audit evidence about the operating effectiveness of relevant controls if
A) The auditor does not intend to rely on the operating effectiveness of controls.
B) Substantive procedures alone cannot provide sufficient appropriate audit evidence.
C) The auditor does not presume that client management has committed fraud.
D) More financial
documentation is available through tests of controls.
B) Substantive procedures alone cannot provide sufficient appropriate audit evidence.
An auditor will perform tests of controls if the auditor intends to rely on those controls to affect the nature, timing, or
extent of substantive testing or if the auditor is unable to obtain sufficient appropriate audit evidence through the performance o
substantive procedures exclusively.
This may be the case, for example, when auditing the contributions received by a not-for profit organization since there are no goods or services exchanged for them.
The auditor would not presume that management
has committed fraud but will react to indications of the possibility by informing those charged with governance.
Tests of controls provide evidence of the effectiveness of controls, not financial documentation.
The auditor would not bother testing
controls that are not going to be relied upon.
3.03 - UNDERSTANDING THE I/C STRUCTURE
Obtaining an understanding of an internal control involves evaluating the design of the control and determining
whether the control has been
A) Tested.
B) Authorized.
C) Monitored.
D) Implemented.
D) Implemented
A control cannot be effective unless it has been implemented.
The fact that it is part of the system of internal control
implies it has been authorized.
The auditor will more likely determine if a control is being tested and monitored if the auditor decides to rely on the control based on the understanding.
3.03 - UNDERSTANDING THE I/C STRUCTURE
An audit client failed to maintain copies of its procedures manuals and organizational owcharts.
What should the auditor do in an audit of financial
statements?
A) Assess control risk at the maximum level.
B) Issue a qualified
opinion on the basis of a scope limitation.
C) Document the auditor’s understanding of internal controls.
D) Restrict the auditor’s responsibility to assess the effectiveness of controls in the audit engagement letter.
C) Document the auditor’s understanding of internal controls.
An auditor is required to obtain and document an understanding of internal control.
A client’s lack of documentation does not affect the scope of the audit, nor does it necessarily represent an internal control deficiency requiring control risk to be assessed at maximum as long as controls are communicated and monitored.
The auditor’s responsibility to assess control risk is not affected by the client’s documentation.
3.03 - UNDERSTANDING THE I/C STRUCTURE
In obtaining an understanding of an entity’s internal control structure in a financial
statement audit, an auditor is
not obligated to
A) Determine whether the control procedures have been placed in operation.
B) Perform procedures to understand the design of the internal control structure.
C) Document the understanding of the entity’s internal control structure.
D) Search for significant
deficiencies in the operation of the internal control structure.
D) Search for significant
deficiencies in the operation of the internal control structure.
Deficiencies may be detected during the process, but the auditor is not required to specifically search for them.
When obtaining an understanding of internal control the auditor is not required to search for internal control deficiencies, but is required to…
- obtain an understanding of the design of internal control (including whether the controls have
been implemented), . - document the understanding of internal control,
- assess the risk of material misstatement,
- test controls if the auditor intends to rely on the controls,
- evaluate results and document conclusions.
3.03 - UNDERSTANDING THE I/C STRUCTURE
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that
A) Tests of controls may fail to identify activities relevant to assertions.
B) Material misstatements may exist in the financial
statements.
C) The collective effect
of the control environment may notachieve the control objectives.
D) Specific internal control activities are notoperating as designed.
B) Material misstatements may exist in the financial
statements.
The objective of an audit is to obtain evidence that enables the auditor to form and express an opinion as to the fairness of the financial statements.
The assessment of inherent risk informs the auditor as to the susceptibility of information to misstatement and, therefore, the importance of controls.
The assessment of control risk tells the auditor the degree to which
controls add to the reliability of the financial statements and, accordingly, the risk of material misstatement.
The auditor will determine if specific controls are operating as designed in assessing control risk, but not as the objective for making the assessment.
The auditor may conclude, as a result of the assessment, that controls cannot be relied upon but that is not the ultimate objective.
Tests of controls, like all tests that involve looking only at samples may not be representative and, as a result may not identify activities relevant to assertions. That, however, is not the ultimate objective of assessing control risk.
3.03 - UNDERSTANDING THE I/C STRUCTURE
Which of the following types of evidence would an auditor most likely examine to determine whether internal
control structure policies and procedures are operating as designed?
A) Client records documenting the use of EDP programs.
B) Confirmations
of receivables verifying account balances.
C) Attorneys’ responses to the auditor’s inquiries.
D) Letters of representations corroborating inventory pricing.
A) Client records documenting the use of EDP programs.
An auditor performs tests of controls to evaluate whether internal control policies and procedures are operating as
designed.
Examining the client’s records documenting the use of EDP programs would be a test of controls to determine if controls related to access to
EDP programs are operating effectively.
Confirmations, representation letters and attorney inquiries are all substantive procedures.
3.03 - UNDERSTANDING THE I/C STRUCTURE
Which of the following procedures is considered a test of controls?
A) An auditor interviews and observes appropriate personnel to determine segregation of duties.
B) An auditor reviews the audit workpapers to ensure proper sign-off.
C) An auditor evaluates whether a general journal entry was recorded at the proper amount.
D) An auditor reviews the entity’s check register for unrecorded liabilities.
B) An auditor reviews the audit workpapers to ensure proper sign-off.
By evaluating whether a general journal entry was recorded at the proper amount, the auditor is testing controls over
the recording of journal entries.
Reviewing the check register for unrecorded liabilities is a substantive test of details.
Interviewing and observing personnel to determine segregation of duties is part of obtaining an understanding of internal
controls so it can be evaluated and the auditor can determine whether or not to perform tests of controls.
Reviewing audit
workpapers is part of the process of making certain that the audit has been completed in conformity with GAAS.