5.2 Flashcards
Which of the following characteristics distinguishes computer processing from manual processing?
Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing.
Computer processing uniformly subjects like transactions to the same processing instructions. A computer program defines the processing steps to accomplish a task. Once the program is written and tested appropriately, it will perform the task repetitively and without error. However, if the program contains an error, all transactions will be processed incorrectly.
When obtaining an understanding of an entity’s control environment, an auditor should concentrate on the substance of controls rather than their form because
Management may establish appropriate controls but not act on them.
In obtaining an understanding of the control environment, the auditor seeks to understand the attitude, awareness, and actions concerning the control environment on the part of management and the directors. For this purpose, the auditor must concentrate on the substance of controls rather than their form because controls may be established but not acted upon. For example, management may adopt a code of ethics but condone violations of the code.
Which of the following is an example of a validity check?
The computer flags any transmission for which the control field value did not match that of an existing file record.
Validity checks test identification numbers or transaction codes for validity by comparison with items already known to be correct or authorized. For example, a validity check may identify a transmission for which the control field value did not match a pre-existing record in a file.
Which of the following audit techniques ordinarily would provide an auditor with the least assurance about the operating effectiveness of an internal control activity?
Preparation of system flowcharts.
System flowcharts provide an overall view of the inputs, processes, and outputs of a system. If internal control is complex, the auditor may use flowcharts, questionnaires, or decision tables to document the understanding of internal control. However, tests of controls (tests of operating effectiveness) are concerned with (1) the manner in which controls were applied, (2) the consistency of application, (3) by whom or by what means they were applied, (4) whether the controls depend on other controls (indirect controls), and (5) the time or period for which the auditor intends to rely on the controls (AU-C 330).
Which of the following strategies would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system?
Continuous monitoring and analysis of transaction processing with an embedded audit module.
An audit module embedded in the client’s software routinely selects and abstracts certain transactions. They may be tagged and traced through the information system. An alternative is recording in an audit log, that is, in a file accessible only by the auditor.
Which of the following is a management control method that most likely could improve management’s ability to supervise company activities effectively?
Establishing budgets and forecasts to identify variances from expectations.
The control activities component of internal control includes performance reviews. Performance reviews involve comparison of actual performance with budgets, forecasts, or prior performance. Identifying variances alerts management to the need for investigative and corrective actions. Such actions are necessary for effective supervision.
An auditor is concerned with controls designed to safeguard assets that are relevant to the reliability of financial reporting. Adequate safeguards over access to and use of assets means protection from
Losses arising from access by unauthorized persons.
A management objective implicit in internal control is that access to assets be permitted only in accordance with management’s authorization. However, elimination of access is not feasible because access to assets is necessary in normal business operations. The extent of access is determined by the nature of the assets and their susceptibility to loss through fraud and error. Authorization of access involves limitations on both physical access and indirect access.
Which of the following is a computer program that appears to be legitimate but performs some illicit activity when it is run?
Trojan horse.
A Trojan horse is a computer program, for example, a game, that appears friendly but that actually contains an application destructive to the computer system.
In an audit of financial statements, an auditor’s primary consideration regarding an internal control is whether the control
Affects management’s financial statement assertions.
Assertions are management representations embodied in the financial statements. They are used by the auditor to consider the different potential misstatements. A relevant assertion has a reasonable possibility of containing a misstatement that could cause a material misstatement(s) of the financial statements. Thus, a relevant assertion has a meaningful bearing on whether the account is fairly stated. Tests of controls are designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. They should be performed when (1) the auditor’s assessment of the RMMs at the relevant assertion level includes an expectation of the operating effectiveness of controls or (2) substantive procedures alone do not provide sufficient appropriate evidence at the relevant assertion level. Thus, the auditor is primarily concerned with whether a control affects relevant financial statement assertions.
An auditor should obtain an understanding of an entity’s information system, including
Process used to prepare significant accounting estimates.
The auditor should obtain an understanding of the information system, including (1) the classes of significant transactions; (2) the ways those transactions are initiated, authorized, recorded, processed, corrected, transferred to the general ledger, and reported; (3) the accounting records, whether electronic or manual; (4) how significant events and conditions other than transactions are captured; (5) the financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures; and (6) controls over journal entries (AU-C 315 and AS No. 2110).
Which of the following is not a medium that can normally be used by an auditor to record information concerning internal control?
Procedures manual.
A procedures manual is one source of information about the client’s internal control. However, the auditor normally does not prepare this manual and record information in it. The accounting procedures manual is a client document that explains the client’s accounting system and how to implement it.
Internal control can provide only reasonable assurance of achieving an entity’s control objectives. The likelihood of achieving those objectives is affected by which limitation inherent to internal control?
The cost of internal control should not exceed its benefits.
The cost of an entity’s internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.
An auditor is concerned about management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor’s concern?
Verifying that approved spending limits are not exceeded.
To determine whether management has overridden approvals, the auditor should compare actual expenditures with budgeted amounts.
The control environment may decrease the effectiveness of control activities when
Management has substantial incentives for meeting earnings projections.
The control environment may reduce the effectiveness of other components of internal control. For example, when the nature of management incentives increases the risks of material misstatement of financial statements, the effectiveness of control activities may be reduced.
The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with
Knowledge necessary for audit planning.
The auditor is required to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement of the financial statements, whether due to fraud or error, to provide a basis for responding to the assessed RMMs. The auditor obtains the understanding and assesses the RMMs to plan the audit. The audit plan describes (1) the risk assessment procedures, (2) further audit procedures at the assertion level, and (3) other procedures required by GAAS.
