5.5 Flashcards
An entity has the following invoices in a batch:
Invoice Number 201 202 203 204
Product F10 G15 H20 K35
Quantity 150 200 250 300
Unit Price $5.00 10.00 25.00 30.00
Which of the following most likely represents a hash total?
810
Input controls in batch computer systems are used to determine that no data are lost or added to the batch. Depending on the sophistication of a particular system, control may be accomplished by using record counts, financial totals, or hash totals. The hash total is a control total without a defined meaning, such as the total of employee numbers or invoice numbers, that is used to verify the completeness of data. The hash total of the invoice numbers is 810.
During consideration of internal control in a financial statement audit, an auditor is not obligated to
Search for significant deficiencies in the operation of internal control.
The auditor should obtain an understanding of the entity and its environment, including its internal control, and assess the risks of material misstatement. The limited purpose of this consideration does not include the search for significant deficiencies or material weaknesses.
The auditor should obtain an understanding of the entity and its environment, including its internal control, and assess the risks of material misstatement. The limited purpose of this consideration does not include the search for significant deficiencies or material weaknesses.
Emphasizing ethical behavior through oral communication and management example.
Audit evidence for elements of the control environment of a small business client may not be documented, especially when management communication with other employees is informal but effective. Thus, a small business may not have a written code of conduct. However, it may have a culture emphasizing integrity and ethical behavior by means of oral communication and management example.
When documenting internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a
Symbolic representation of a system or series of sequential processes.
A systems flowchart is a symbolic representation of the flow of documents and procedures through a series of steps in the accounting process of the client’s organization.
In an audit of financial statements of a nonissuer in accordance with GAAS, an auditor is required to
Document the auditor’s understanding of the entity’s internal control components.
Documentation of the understanding of the internal control components is required by GAAS. Its form and extent are influenced by the nature and complexity of the entity’s controls and the extent of the procedures performed by the auditor.
In obtaining an understanding of controls that are relevant to audit planning, an auditor is required to obtain knowledge about the
Design of the controls included in the internal control components.
In all audits, the auditor should obtain an understanding of each of the five components of internal control sufficient to plan the audit. An understanding is obtained by performing risk assessment procedures to evaluate the design of controls relevant to the audit and to determine whether they have been implemented (AU-C 315).
Which of the following is an example of how specific internal controls in a database environment may differ from controls in a nondatabase environment?
Controls should exist to ensure that users have access to and can update only the data elements that they have been authorized to access.
A database is a series of related files combined to eliminate unnecessary redundancy of data elements. The data dictionary states not only the meaning of a data element but also its ownership (who is responsible for its maintenance), size, format, and usage. Moreover, it states what persons, programs, reports, and functions use the data element. Thus, the issue of ownership (maintenance or updating) of, and control over access to, data elements common to many applications arises only in a database environment.
In an audit of financial statements in accordance with generally accepted auditing standards, an auditor should
Document the auditor’s understanding of the entity’s internal control.
The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures performed. The form and extent of the documentation are influenced by the nature and complexity of the entity’s controls (AU-C 315).
If High Tech Corporation’s disaster recovery plan requires fast recovery with little or no downtime, which of the following backup sites should it choose?
Hot site.
A company uses a hot site backup when fast recovery is critical. The hot site includes all software, hardware, and other equipment necessary for a company to carry out operations. Hot sites are expensive to maintain and may be shared with other organizations with similar needs.
Although substantive tests may support the accuracy of underlying information used in monitoring, these tests may provide no affirmative evidence of the effectiveness of monitoring controls because
The information used in monitoring may be accurate even though it is subject to ineffective control.
When obtaining an understanding of each of the five components of internal control (including monitoring), the auditor must perform procedures to understand the design of relevant controls and must determine whether controls have been implemented. If (s)he intends to rely on the controls, (s)he must also determine their effectiveness. However, when controls based on monitoring leave no audit trail, for example, documentation of design or operation, evidence about effectiveness of design or operation may be obtained only by inquiries, observations, and computer-assisted audit methods. Moreover, substantive procedures likewise may provide no affirmative evidence of the effectiveness of monitoring controls because the information may be accurate even though controls over its creation are ineffective. Thus, the ineffectiveness of monitoring would not be revealed by substantive procedures unless the detection of material misstatements resulted in performance of additional audit procedures directed at the controls.
In which of the following circumstances would an auditor expect to find that an entity implemented automated controls to reduce risks of misstatement?
When transactions are high-volume and recurring.
Automated controls are cost effective when they are applied to high-volume, recurring transactions. For example, credit limit checks on customer orders could be automated to relieve management from evaluating each customer order as it is received.
An auditor’s flowchart of a client’s accounting system is a diagrammatic representation that depicts the auditor’s
Understanding of the system.
The auditor should document (1) the understanding of the entity and its environment and the components of internal control, (2) the sources of information regarding the understanding, and (3) the risk assessment procedures performed. The form and extent of this documentation are influenced by the nature and complexity of the entity’s controls (AU-C 315). For example, documentation of the understanding of internal control of a complex information system in which many transactions are electronically initiated, authorized, recorded, processed, or reported may include questionnaires, flowcharts, or decision tables.
Internal control cannot be designed to provide reasonable assurance that
Fraud will be eliminated.
Internal control is a process designed to provide reasonable assurance regarding the achievement of the entity’s objectives. It can provide reasonable assurance regarding (1) reliability of financial reporting, (2) compliance with applicable laws and regulations, and (3) effectiveness and efficiency of operations. Because of inherent limitations, however, no system can be designed to eliminate all fraud (AU-C 315).
Which of the following characteristics distinguishes computer processing from manual processing?
Computer processing virtually eliminates the occurrence of computational error normally associated with manual processing.
Computer processing uniformly subjects like transactions to the same processing instructions. A computer program defines the processing steps to accomplish a task. Once the program is written and tested appropriately, it will perform the task repetitively and without error. However, if the program contains an error, all transactions will be processed incorrectly.
A customer intended to order 100 units of product Z96014 but incorrectly ordered nonexistent product Z96015. Which of the following controls most likely would detect this error?
Check digit verification.
Check digit verification is used to identify incorrect identification numbers. The digit is generated by applying an algorithm to the ID number. During input, the check digit is recomputed by applying the same algorithm to the entered ID number.
