5.3 Flashcards
Which of the following is a factor in the control environment?
Management’s philosophy and operating style.
The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include (1) participation of those charged with governance, (2) integrity and ethical values, (3) organizational structure, (4) management’s philosophy and operating style, (5) assignment of authority and responsibility, (6) human resource policies and practices, and (7) commitment to competence.
In an audit of financial statements in accordance with generally accepted auditing standards, an auditor should
Document the auditor’s understanding of the entity’s internal control.
The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures performed. The form and extent of the documentation are influenced by the nature and complexity of the entity’s controls (AU-C 315).
If High Tech Corporation’s disaster recovery plan requires fast recovery with little or no downtime, which of the following backup sites should it choose?
Hot site.
A company uses a hot site backup when fast recovery is critical. The hot site includes all software, hardware, and other equipment necessary for a company to carry out operations. Hot sites are expensive to maintain and may be shared with other organizations with similar needs.
In auditing an online perpetual inventory system, an auditor selected certain file-updating transactions for detailed testing. The audit technique that will provide a computer trail of all relevant processing steps applied to a specific transaction is described as
Tagging and tracing.
Tagging and tracing describes the selection of specific transactions to which an indicator is attached at input. A computer trail of all relevant processing steps of these tagged transactions in the application system can be printed or stored in a computer file for auditor evaluation.
Able Co. uses an online sales order processing system to process its sales transactions. Able’s sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a
File of all rejected sales transactions.
Edit checks test transactions prior to processing. Rejected transactions should be recorded in a file for evaluation, correction, and resubmission. Edit checks are applied to the sales transactions to test for completeness, reasonableness, validity, and other related issues prior to acceptance. A report of missing invoices, a printout of all user code numbers and passwords, and a list of all voided shipping documents are unlikely to be direct outputs of the edit routine.
Internal control is a function of management, and effective control is based upon the concept of charge and discharge of responsibility and duty. Which of the following is one of the overriding principles of internal control?
Responsibility for the performance of each duty must be fixed.
Effective internal control may be obtained by decentralization of responsibilities and duties. Fixing the responsibility for each performance or duty makes it easier to trace problems to the person(s) responsible and hold them accountable for their actions.
Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include
Controls for documenting and approving programs and changes to programs.
General controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General controls commonly include controls over data center and network operations; systems software acquisition and maintenance; access security; and application system acquisition, development, and maintenance. Accordingly, they include (1) controls over operations to ensure efficient and effective operations of the computer activity; (2) the procedures for acquiring, developing, testing, documenting, and approving systems or programs and changes thereto; (3) controls over access to equipment and data files; and (4) other data and procedural controls affecting overall computer operations.
An entity has the following invoices in a batch:
Invoice Number: 201 202 203 204
Product F10 G15 H20 K35
Quantity 150 200 250 300
Unit Price $ 5.00 10.00 25.00 30.00
Which of the following numbers represents the record count?
4.
Input controls in batch computer systems are used to determine that no data are lost or added to the batch. Depending on the sophistication of a particular system, control may be accomplished by using record counts, financial totals, or hash totals. A record count establishes the number of source documents and reconciles it to the number of output records. The total number of invoices processed is an example of a record count. In this case, the record count is 4.
Internal control has five components: the control environment, risk assessment, information and communication, monitoring, and control activities. Control activities relevant to an audit may be categorized as policies and procedures that pertain to
Reviewing actual performance.
According to AU-C 315, control activities are the policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address the risks that threaten the achievement of the entity’s objectives. Control activities, whether automated or manual, that may be relevant to an audit pertain to (1) performance reviews, (2) information processing, (3) physical controls, (4) authorization, and (5) segregation of duties.
An auditor uses the knowledge provided by the understanding of internal control and the assessed risks of material misstatement primarily to
Determine the nature, timing, and extent of substantive procedures for financial statement assertions.
The auditor is required to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement of the financial statements, whether due to fraud or error, to provide a basis for responding to the assessed RMMs. Regardless of the assessed RMMs, the auditor performs substantive procedures for all relevant assertions for material classes of transactions, account balances, and disclosures. Moreover, the auditor designs and performs further audit procedures whose nature, timing, and extent respond to the assessed RMMs at the relevant assertion level.
The client’s computer exception reporting system helps an auditor to conduct a more efficient audit because it
highlights abnormal conditions.
The exception reporting system highlights abnormal conditions and allows the auditor to focus on problem areas. Exception reports, also called error listings, suspense listings, and edit reports indicate the errors discovered by the controls. They permit the auditor to evaluate the effectiveness with which errors are investigated and corrected and the corrected transactions resubmitted.
Which of the following statements regarding auditor documentation of the understanding of the client’s internal control components obtained to plan the audit is correct?
No one particular form of documentation is necessary, and the extent of documentation may vary.
In accordance with the documentation requirements in AU-C 315, the auditor should document such matters as (1) discussions among the engagement team; (2) the understanding of the entity and its environment, including each internal control component, sources of information, and the risk assessment procedures; (3) the risk assessments; and (4) risks requiring special audit consideration. The form and extent of documentation vary with (1) the nature, size, and complexity of the entity and its controls; (2) the availability of information; and (3) the audit methods and technology used (AU-C 315).
The following are steps in the financial statement audit process:
I. Prepare flowchart
II. Gather exhibits of all documents
III. Interview personnel
The most logical sequence of steps is
III, II, I.
AU-C 315 and AS 2110 require the auditor to obtain an understanding of internal control and to document that understanding. For example, after making inquiries (interviewing client personnel) as part of performing risk assessment procedures, the auditor might gather client documents and then prepare a flowchart reflecting the information obtained about their flow.
Which of the following factors are included in an entity’s control environment?
Audit Committee Participation:
Integrity & Ethical Values:
Organizational structure:
Yes
Yes
Yes
The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include (1) participation of those charged with governance, (2) integrity and ethical values, (3) organizational structure, (4) management’s philosophy and operating style, (5) assignment of authority and responsibility, (6) human resource policies and practices, and (7) commitment to competence.
The auditor should document the understanding of internal control. For example, a narrative memorandum may be used to
Provide a written description of the process and flow of documents and of the control points.
An auditor should prepare documentation of internal control during an audit. Examples of an auditor’s documentation include flowcharts, narrative memoranda, questionnaires, and decision tables. A narrative memorandum is a written description of the process and flow of documents and of the control points. For an information system that makes little use of IT or that processes few transactions, documentation in the form of a memorandum may suffice.