7.2 Flashcards
An internal auditor is reviewing the company’s policy regarding investing in financial derivatives. The auditor would normally expect to find all of the following in the policy except a
Statement requiring board review of each transaction because of the risk involved in such transactions.
Policies are general statements that guide managers’ decision making. They are developed by the board of directors to provide guidelines for achieving objectives. Management is responsible for daily operations and should abide by the policies. Consequently, the board would not review each transaction.
Which of the following are essential elements of the audit trail in an electronic data interchange (EDI) system?
Network and sender-recipient acknowledgments.
An audit trail allows for the tracing of a transaction from initiation to conclusion. Network and sender-recipient acknowledgments relate to the transaction flow and provide for the tracking of transactions.
The objectives of internal control for a production cycle are to provide assurance that transactions are properly executed and recorded, and that
Custody of work-in-process and of finished goods is properly maintained.
A principal objective of internal control is to safeguard assets. In the production cycle, control activities should be implemented to ensure that inventory is protected from misuse and theft. Accordingly, inventories should be in the custody of a storekeeper, and transfers should be properly documented and recorded to establish accountability.
A company’s labor distribution report requires extensive corrections each month because of labor hours charged to inactive jobs. Which of the following data processing input controls appears to be missing?
Validity test.
Validity tests are used to ensure that transactions contain valid transaction codes. Before hours are assigned to a job, a programmed control should determine that the job code is active.
Which of the following controls most likely would assist in reducing the risks of material misstatement related to the existence or occurrence of manufacturing transactions?
Perpetual inventory records are independently compared with goods on hand.
The recorded accountability for assets should be compared with existing assets at reasonable intervals. If assets are susceptible to loss through fraud or error, the comparison should be made independently. An independent comparison is one made by persons not having responsibility for asset custody or the authorization or recording of transactions.
In which of the following situations would it be most important to have employees sign for their pay?
The firm uses a cash payment payroll function.
Under a cash payroll system, the receipt signed by the employee is the only document in support of payment. The signed receipt is essential to verify proper payment.
An audit of the electronic data interchange (EDI) area of a purchasing department revealed the facts listed below. Which one indicates the need for improved internal control?
Branch office employees may access the server with a single call via modem.
The system should employ automatic dial-back to prevent intrusion by unauthorized parties. This procedure accepts an incoming modem call, disconnects, and automatically dials back a prearranged number to establish a permanent connection for data transfer or inquiry.
Based on observations made during an audit, the auditor should discuss with management the effectiveness of the company’s controls that protect against the purchase of
Supplies individually ordered, without considering possible volume discounts.
An auditor should communicate to management and those charged with governance significant deficiencies and material weaknesses observed during an audit (AU-C 265). (S)he should discuss procedures that permit the avoidable loss of assets. Thus, an auditor should determine whether the failure to consider possible volume discounts is due to fraud or error.
Which of the following internal control activities most likely addresses the completeness assertion for inventory?
Receiving reports are prenumbered and periodically reconciled.
The completeness assertion states that all transactions and accounts that should be presented are included. For inventory, the assertion is that inventory quantities include all products, materials, and supplies on hand or that are owned by the entity but are in transit or stored elsewhere. The use of prenumbered receiving reports makes it possible to detect unrecorded (incomplete) inventory.
An auditor most likely would assess the risks of material misstatement as unacceptable if the payroll department supervisor is responsible for
Authorizing payroll rate changes for all employees.
The payroll department should be independent of the human resources department, which would be responsible for authorizing all payroll rate changes for the employees of the entity. A supervisor would be authorized, however, to initiate requests for rate increases for supervised employees.
Many entities use the Internet as a network to transmit electronic data interchange (EDI) transactions. An advantage of using the Internet for electronic commerce rather than a traditional value-added network (VAN) is that the Internet
Permits EDI transactions to be sent to trading partners as transactions occur.
VAN services have typically used a proprietary network or a network gatewayed with a specific set of other proprietary networks. A direct Internet connection permits real-time computer-to-computer communication for client-server applications, so transactions can be sent to trading partners as they occur.
Which of the following activities most likely would detect whether payroll data were altered during processing?
Using test data to verify the performance of edit routines.
The test data approach uses the computer to test the processing logic and controls within the system and the records produced. The auditor prepares a set of dummy transactions specifically designed to test the control activities that management claims to have incorporated into the processing programs. The auditor can expect the controls to be applied to the transactions in the prescribed manner. Thus, the auditor is testing the effectiveness of the controls over the payroll data.
Independent internal verification of inventory occurs when employees who
Compare records of goods on hand with physical quantities do not maintain the records or have custody of the inventory.
The recorded accountability for assets should be compared with existing assets at reasonable intervals. If assets are susceptible to loss through fraud or error, the comparison should be made independently. An independent comparison is one made by persons not having responsibility for asset custody or the authorization or recording of transactions. If these functions are segregated, and an independent reconciliation is made, the opportunity for any person to be in a position to both perpetrate and conceal fraud or error in the normal course of his or her duties is reduced.
In an entity under audit, employees have the opportunity to change their time worked after their timecards have been approved. This is an example of which of the following types of deficiency?
Design.
Design is evaluated to determine whether a control can effectively prevent, or detect and correct, material misstatements. When an auditor obtains the understanding of internal control, design is considered before determining whether a control has been implemented. An improper design may be a significant deficiency or material weakness. For example, when employee timecards are approved by the timekeeping function, they should be forwarded to the payroll function. Employee access to timecards after their approval is an opportunity for fraud.
Internal control over inventories is important for all of the following reasons except
Inventories are the most liquid assets.
Cash is considered the most liquid asset and most subject to the risks of material misstatement.
