5.3 Flashcards

1
Q

Which of the following is a factor in the control environment?

A

Management’s philosophy and operating style.

The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include (1) participation of those charged with governance, (2) integrity and ethical values, (3) organizational structure, (4) management’s philosophy and operating style, (5) assignment of authority and responsibility, (6) human resource policies and practices, and (7) commitment to competence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In an audit of financial statements in accordance with generally accepted auditing standards, an auditor should

A

Document the auditor’s understanding of the entity’s internal control.

The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures performed. The form and extent of the documentation are influenced by the nature and complexity of the entity’s controls (AU-C 315).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If High Tech Corporation’s disaster recovery plan requires fast recovery with little or no downtime, which of the following backup sites should it choose?

A

Hot site.

A company uses a hot site backup when fast recovery is critical. The hot site includes all software, hardware, and other equipment necessary for a company to carry out operations. Hot sites are expensive to maintain and may be shared with other organizations with similar needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In auditing an online perpetual inventory system, an auditor selected certain file-updating transactions for detailed testing. The audit technique that will provide a computer trail of all relevant processing steps applied to a specific transaction is described as

A

Tagging and tracing.

Tagging and tracing describes the selection of specific transactions to which an indicator is attached at input. A computer trail of all relevant processing steps of these tagged transactions in the application system can be printed or stored in a computer file for auditor evaluation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Able Co. uses an online sales order processing system to process its sales transactions. Able’s sales data are electronically sorted and subjected to edit checks. A direct output of the edit checks most likely would be a

A

File of all rejected sales transactions.

Edit checks test transactions prior to processing. Rejected transactions should be recorded in a file for evaluation, correction, and resubmission. Edit checks are applied to the sales transactions to test for completeness, reasonableness, validity, and other related issues prior to acceptance. A report of missing invoices, a printout of all user code numbers and passwords, and a list of all voided shipping documents are unlikely to be direct outputs of the edit routine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internal control is a function of management, and effective control is based upon the concept of charge and discharge of responsibility and duty. Which of the following is one of the overriding principles of internal control?

A

Responsibility for the performance of each duty must be fixed.

Effective internal control may be obtained by decentralization of responsibilities and duties. Fixing the responsibility for each performance or duty makes it easier to trace problems to the person(s) responsible and hold them accountable for their actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Some data processing controls relate to all computer processing activities (general controls) and some relate to specific tasks (application controls). General controls include

A

Controls for documenting and approving programs and changes to programs.

General controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General controls commonly include controls over data center and network operations; systems software acquisition and maintenance; access security; and application system acquisition, development, and maintenance. Accordingly, they include (1) controls over operations to ensure efficient and effective operations of the computer activity; (2) the procedures for acquiring, developing, testing, documenting, and approving systems or programs and changes thereto; (3) controls over access to equipment and data files; and (4) other data and procedural controls affecting overall computer operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An entity has the following invoices in a batch:

Invoice Number:
201
202
203
204
Product
F10
G15
H20
K35
Quantity
150
200
250
300
Unit Price
$  5.00
10.00
25.00
30.00

Which of the following numbers represents the record count?

A

4.

Input controls in batch computer systems are used to determine that no data are lost or added to the batch. Depending on the sophistication of a particular system, control may be accomplished by using record counts, financial totals, or hash totals. A record count establishes the number of source documents and reconciles it to the number of output records. The total number of invoices processed is an example of a record count. In this case, the record count is 4.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Internal control has five components: the control environment, risk assessment, information and communication, monitoring, and control activities. Control activities relevant to an audit may be categorized as policies and procedures that pertain to

A

Reviewing actual performance.

According to AU-C 315, control activities are the policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address the risks that threaten the achievement of the entity’s objectives. Control activities, whether automated or manual, that may be relevant to an audit pertain to (1) performance reviews, (2) information processing, (3) physical controls, (4) authorization, and (5) segregation of duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An auditor uses the knowledge provided by the understanding of internal control and the assessed risks of material misstatement primarily to

A

Determine the nature, timing, and extent of substantive procedures for financial statement assertions.

The auditor is required to obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement of the financial statements, whether due to fraud or error, to provide a basis for responding to the assessed RMMs. Regardless of the assessed RMMs, the auditor performs substantive procedures for all relevant assertions for material classes of transactions, account balances, and disclosures. Moreover, the auditor designs and performs further audit procedures whose nature, timing, and extent respond to the assessed RMMs at the relevant assertion level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The client’s computer exception reporting system helps an auditor to conduct a more efficient audit because it

A

highlights abnormal conditions.

The exception reporting system highlights abnormal conditions and allows the auditor to focus on problem areas. Exception reports, also called error listings, suspense listings, and edit reports indicate the errors discovered by the controls. They permit the auditor to evaluate the effectiveness with which errors are investigated and corrected and the corrected transactions resubmitted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following statements regarding auditor documentation of the understanding of the client’s internal control components obtained to plan the audit is correct?

A

No one particular form of documentation is necessary, and the extent of documentation may vary.

In accordance with the documentation requirements in AU-C 315, the auditor should document such matters as (1) discussions among the engagement team; (2) the understanding of the entity and its environment, including each internal control component, sources of information, and the risk assessment procedures; (3) the risk assessments; and (4) risks requiring special audit consideration. The form and extent of documentation vary with (1) the nature, size, and complexity of the entity and its controls; (2) the availability of information; and (3) the audit methods and technology used (AU-C 315).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The following are steps in the financial statement audit process:

I. Prepare flowchart
II. Gather exhibits of all documents
III. Interview personnel

The most logical sequence of steps is

A

III, II, I.

AU-C 315 and AS 2110 require the auditor to obtain an understanding of internal control and to document that understanding. For example, after making inquiries (interviewing client personnel) as part of performing risk assessment procedures, the auditor might gather client documents and then prepare a flowchart reflecting the information obtained about their flow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following factors are included in an entity’s control environment?

Audit Committee Participation:
Integrity & Ethical Values:
Organizational structure:

A

Yes
Yes
Yes

The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include (1) participation of those charged with governance, (2) integrity and ethical values, (3) organizational structure, (4) management’s philosophy and operating style, (5) assignment of authority and responsibility, (6) human resource policies and practices, and (7) commitment to competence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The auditor should document the understanding of internal control. For example, a narrative memorandum may be used to

A

Provide a written description of the process and flow of documents and of the control points.

An auditor should prepare documentation of internal control during an audit. Examples of an auditor’s documentation include flowcharts, narrative memoranda, questionnaires, and decision tables. A narrative memorandum is a written description of the process and flow of documents and of the control points. For an information system that makes little use of IT or that processes few transactions, documentation in the form of a memorandum may suffice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Transaction authorization within an organization may be either specific or general. An example of specific transaction authorization is the

A

Approval of a detailed construction budget for a warehouse.

A specific transaction authorization is applicable to a unique decision. A general authorization establishes criteria and authorizes the routine making of decisions subject to the criteria. Approving a detailed construction budget for a warehouse is a one-time decision.

17
Q

Internal controls are designed to provide reasonable assurance that

A

Material errors or fraud will be prevented, or detected and corrected, within a timely period by employees in the course of performing their assigned duties.

Cost-effective controls should restrict deviations to a tolerable rate. Thus, material errors and improper or illegal acts should be prevented, or detected and corrected, within a timely period by employees in the normal course of performing their assigned duties. Accordingly, the cost-benefit relationship is considered by management during the design of systems, and the potential loss associated with any exposure or risk is weighed against the cost to control it.

18
Q

Manual controls would most likely be more suitable than automated controls for which of the following?

A

Large, unusual, or nonrecurring transactions.

Manual controls may be more suitable where judgment and discretion are required, such as (1) for large, unusual, or nonrecurring transactions; (2) for circumstances where misstatements are difficult to define, anticipate, or predict; (3) in changing circumstances that require a control response outside the scope of an existing automated control; and (4) in monitoring the effectiveness of automated controls.

19
Q

Which of the following are considered control environment factors?

Detention risk:
Human resources policies & procedures:

A

No
Yes

Human resource policies and practices are part of the control environment. These policies and practices relate to recruitment, orientation, training, evaluating, counseling, promoting, compensating, and remedial actions. The control environment is the component that sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for the other components.

20
Q

Which of the following could be difficult to determine because electronic evidence may not be retrievable after a specific period?

A

The timing & control of substantive tests.

The timing of control and substantive tests are, at least in part, determined based on the availability and retrievability of evidence over a period of time.