Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AUD Study Unit 9 > 9.7 > Flashcards

9.7 Flashcards

1
Q

Which of the following matters in a financial statement audit is most appropriate to communicate with those charged with governance?

A

An overview of the planned scope and timing of the audit.

The auditor should communicate with those charged with governance (1) the auditor’s responsibilities under generally accepted auditing standards, (2) an overview of the planned scope and timing of the audit, and (3) significant findings from the audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is least likely indicative of a significant deficiency or material weakness in internal control?

A

A potential future internal control problem having no effect on the current period.

According to AU-C 265, the auditor should communicate material weaknesses and significant deficiencies in internal control to management and those charged with governance. A material weakness is a deficiency, or combination of deficiencies, in internal control such that a reasonable possibility exists that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness yet important enough to merit attention by those charged with governance. However, an auditor is not required to report a potential future internal control problem unless it affects the period under audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following matters should an auditor communicate to those charged with governance?

A

The process used by management in formulating sensitive accounting estimates.

Certain accounting estimates are particularly sensitive because they are significant to the financial statements, and future events affecting them may differ from current judgments. Those charged with governance should be informed about the process used in formulating sensitive estimates, including fair value estimates, and the basis for the auditor’s conclusions about their reasonableness (AU-C 260).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following best describes the responsibility of an auditor of a private entity with respect to significant deficiencies and material weaknesses under AU-C 265, Communication of Internal Control Related Matters Identified in an Audit?

A

The communication by the auditor must be in writing.

The auditor communicates on a timely basis and in writing to those charged with governance significant deficiencies and material weaknesses identified during the audit. This communication includes those remediated during the audit. The auditor also communicates on a timely basis and in writing to the appropriate level of management significant deficiencies and material weaknesses communicated (or intended to be communicated) to those charged with governance. (But certain deficiencies should not be reported directly to management.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When planning an engagement to audit the effectiveness of the entity’s internal control in an integrated audit of a nonissuer, a practitioner would least likely consider which of the following factors?

A

The evaluation of the operating effectiveness of the controls.

The audit of a nonissuer’s internal control over financial reporting should be integrated with the financial statement audit. Evaluating certain matters may assist the auditor’s planning of the audit, but the evaluation of the operating effectiveness of the controls is not one of those matters. This evaluation is not made until the auditor forms an opinion by considering the evidence obtained from all sources, including (1) tests of controls, (2) misstatements detected during the audit, and (3) identified deficiencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In the integrated audit, which of the following would not be considered an entity-level control?

A

The outside auditor’s assessment process of internal auditor competence and objectivity.

The auditor begins an integrated audit at the statement level by understanding overall risks to internal control over financial reporting. (S)he then focuses on entity-level controls and works down to significant classes of transactions, account balances, disclosures, and their relevant assertions. The following are examples of entity-level controls: (1) the control environment, (2) controls over management override, (3) monitoring of the results of operations, (4) controls over the period-end financial reporting process, (5) monitoring of other controls, and (6) the risk assessment process. But the outside auditor’s assessment process of internal auditor competence and objectivity is external to the entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A service auditor’s report on internal control may be issued on management’s description of a service organization system and the suitability of the design of controls or management’s description of a service organization system and the suitability and operating effectiveness of controls. Which of the following is true about a type 1 report?

A

It should state that the auditor did not test the effectiveness of the controls.

A service auditor’s type 1 report should contain a statement that the auditor did not test the effectiveness of the controls.
The AICPA has issued additional guidance on service auditor reports. The term System and Organization Controls (SOC) report is used in this guidance. The reports obtained by the user auditor in an audit are called SOC 1 reports (type 1 or type 2). Service auditors also may prepare SOC 2 and SOC 3 reports to provide assurance on more than internal controls over financial reporting (e.g., security, availability, processing integrity, confidentiality, or privacy). SOC 2 reports are to be used by those identified in the report, and SOC 3 reports may be used by any user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In the audit, the auditor reports on the effectiveness of an entity’s internal control over financial reporting. Which of the following is not a condition of that engagement?

A

Management provides assurance that limitations inherent to internal control have been eliminated.

By their nature, limitations inherent to internal control cannot be eliminated. Thus, management is not expected to provide such assurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When an auditor is to conduct an audit of a service organization, what considerations should the auditor make in the planning stages regarding internal controls of the organization?

A

The auditor should determine whether management has adequately described complementary user controls.

The service auditor should obtain an understanding of the service organization’s system, including controls within the scope of the engagement. Understanding controls at the service organization requires evaluating management’s description of the service organization’s system, including complementary user entity controls (AT-C 320).
The AICPA has issued additional guidance on service auditor reports. The term System and Organization Controls (SOC) report is used in this guidance. The reports obtained by the user auditor in an audit are called SOC 1 reports (type 1 or type 2). Service auditors also may prepare SOC 2 and SOC 3 reports to provide assurance on more than internal controls over financial reporting (e.g., security, availability, processing integrity, confidentiality, or privacy). SOC 2 reports are to be used by those identified in the report, and SOC 3 reports may be used by any user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following matters would an auditor most likely consider to be a significant deficiency or material weakness to be communicated to those charged with governance?

A

Evidence of a lack of objectivity by those responsible for accounting decisions.

Failures in internal control include deficiencies in internal control design and failures in the operation of internal control. An example of the second type is evidence of undue bias or lack of objectivity by those responsible for accounting decisions (AU-C 265).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following statements is true about the auditor’s communication of a material weakness in internal control?

A

Suggested corrective action for management’s consideration concerning a material weakness need not be communicated to the client.

Although the auditor should communicate material weaknesses to management and those charged with governance, suggested corrective action need not be communicated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An auditor’s communication with the board of directors most likely should

A

Indicate that it is for the sole use of the board.

Communication may be either oral or in writing and should be documented. The auditor communicates significant findings from the audit in writing when (s)he judges that oral communication is inadequate. A written communication should indicate that it is for the sole use of those charged with governance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An auditor would least likely initiate a discussion with a client’s audit committee concerning

A

The maximum dollar amount of misstatements that could exist without causing the financial statements to be materially misstated.

The auditor is responsible for determining the levels of materiality appropriate in the audit of a client’s financial statements. Only the general nature of materiality need be discussed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An auditor (the user auditor) may decide to make use of another auditor’s (the service auditor’s) report on internal control at a service organization that provides certain services to the user auditor’s client. When the client’s transactions flow through the service organization’s accounting system, consideration of internal control may be necessary. The most efficient approach is often to obtain a service auditor’s report. Which of the following is a true statement about the relationship of the user and service auditors?

A

When reporting on an audit of financial statements, the user auditor should not refer to the service auditor’s report if the opinion is unmodified.

Because the service auditor is not responsible for auditing any portion of the financial statements being reported on by the user auditor, the service auditor should not be referred to in the user auditor’s report if the opinion is unmodified. But if the user auditor modifies the opinion because of a modified opinion by the service auditor, the user auditor may refer to the service auditor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An auditor is required to establish an understanding with a client regarding the services to be performed for each engagement. For an auditor of a nonissuer, this understanding generally includes

A

The auditor’s responsibility for ensuring that management and those charged with governance are aware of any significant deficiencies or material weaknesses in control that come to the auditor’s attention.

An auditor should accept an engagement only when the basis for audit performance is agreed through (1) establishing whether the preconditions for an audit exist and (2) confirming that the auditor and management (and, possibly, those charged with governance) have a common understanding of the terms of engagement. The agreement typically is documented in an engagement letter (AU-C 210). An engagement letter for a nonissuer should indicate that a financial statement audit is not designed to provide assurance on internal control. However, the auditor is responsible for ensuring that management and those charged with governance are aware of any significant deficiencies or material weaknesses in control that come to his or her attention.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Computer Services Company (CSC) processes payroll transactions for schools. Drake, CPA, is engaged to report on CSC’s description of the controls implemented and their design as of a specific date. These controls are relevant to the schools’ internal control, so Drake’s report will be useful in providing the schools’ independent auditors with information necessary to plan their audits. Drake’s report expressing an opinion on CSC’s controls implemented as of a specific date should contain a(n)

A

Description of the scope and nature of Drake’s procedures.

The report expressing an opinion on the description of controls implemented and their design (type 1 report) includes (1) a title that includes the word independent; (2) an addressee; (3) identification of management’s description of the system and the criteria in its assertion; (4) a reference to management’s assertion and a statement of management’s responsibility for the controls; (5) a statement that the service auditor’s responsibility is to express an opinion on the fairness of management’s description of the system and the suitability of the design of the controls in meeting the objectives; (6) a statement that the examination was conducted in accordance with the AICPA attestation standards; (7) a statement that the service auditor did not test the effectiveness of the controls; (8) statements about the scope of the service auditor’s procedures; (9) a statement about the inherent limitations of controls; (10) an opinion on whether, in all material respects, based on the criteria, management’s description of the system is fairly presented and whether the controls are suitably designed; (11) an alert, in a separate paragraph, restricting the use of the report to management of the service organization and user entities; (12) the date of the report; and (13) the name, city, and state of the service auditor (AT-C 320). NOTE: The AICPA has issued additional guidance on service auditor reports. The term “System and Organization Controls (SOC) report” is used in this guidance. The reports obtained by the user auditor in an audit are called SOC 1 reports (type 1 or type 2). Service auditors also may prepare SOC 2 and SOC 3 reports to provide assurance on more than internal controls over financial reporting (e.g., security, availability, processing integrity, confidentiality, or privacy). SOC 2 reports are to be used by those identified in the report, and SOC 3 reports may be used by any user.

17
Q

Which of the following most accurately describes the process of a walkthrough?

A

Following a transaction from its origination until it is reflected in the financial statements.

Performing walkthroughs will frequently be the most effective way of achieving the objectives in testing controls. In performing a walkthrough, the auditor follows a transaction from origination through the company’s processes, including information systems, until it is reflected in the company’s financial records, using the same documents and information technology that company personnel use. Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant documentation, and reperformance of controls.

18
Q

AU-C 402, Audit Considerations Relating to an Entity Using a Service Organization, applies to a financial statement audit of an entity that uses services of another organization as part of its information system. For this purpose, the user auditor may need to obtain a service auditor’s report. Which of the following is a true statement about a service auditor’s report?

A

It should include an opinion.

A service auditor’s report should be helpful in providing a sufficient understanding to plan the audit of the user organization. The service auditor’s report may express an opinion on the fairness of the description of the controls implemented at the service organization and whether they were suitably designed. If the service auditor also has tested controls, the report may express an opinion on the operating effectiveness of the controls.

19
Q

Which of the following matters is an auditor not required to communicate to an entity’s audit committee?

A

The degree of reliance the auditor placed on the management representation letter.

Management representations are audit evidence but do not substitute for necessary auditing procedures. The auditor should use professional judgment in determining the reliability of management representations. However, (s)he need not communicate this judgment to those charged with governance.

20
Q

A CPA’s understanding of internal control in a financial statement audit of a nonissuer

A

Is usually more limited than that made in an audit of internal control integrated with an audit of financial statements.

The scope of the understanding of internal control in a financial statement audit of a nonissuer is usually less than that in an audit of internal control integrated with an audit of financial statements. In the integrated audit, the auditor tests controls to support the opinion on the effectiveness of internal control. To express an opinion on internal control, the auditor obtains evidence about the effectiveness of selected controls over all relevant assertions. When obtaining the understanding of internal control during a financial statement audit, the auditor need not test controls unless (1) the auditor’s risk assessment is based on an expectation of the effectiveness of controls or (2) substantive procedures alone do not provide sufficient appropriate evidence.

AUD Study Unit 9 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions