Assessing Control Risk Under AICPA Standards

Question 1

Which of the following analytical procedures most likely would be used during the risk assessment stage of an audit?

Comparing current year to prior year sales volumes.

Reading the financial statements and notes and considering the adequacy of evidence.

Comparing the current year ratio of aggregate salaries paid to the number of employees to the prior year’s ratio.

Reading the letter from the client’s attorney and considering the threat of litigation.

Answer 1

Comparing current year to prior year sales volumes.

This answer is correct because comparing current year to prior-year sales volumes is an analytical procedure and because analytical procedures in risk assessment often use such aggregated data.

Question 2

As a result of analytical procedures, the independent auditor determines that the gross profit percentage has declined from 30% in the preceding year to 20% in the current year. The auditor should:

Include an additional paragraph in the audit report due to the inability of the client company to continue as a going concern.

Evaluate management’s performance in causing this decline.

Require footnote disclosure.

Consider the possibility of a misstatement in the financial statements.

Answer 2

Consider the possibility of a misstatement in the financial statements.

Question 3

Analytical procedures used in risk assessment for an audit should focus on identifying:

Material weaknesses in internal control.

The predictability of financial data from individual transactions.

The various assertions that are embodied in the financial statements.

Areas that may represent specific risks relevant to the audit.

Answer 3

Areas that may represent specific risks relevant to the audit.

This answer is correct because the objectives of analytical procedures during risk assessment are to identify aspects of the entity of which the auditor was unaware and assist in assessing the risks of material misstatement (to help determine the nature, timing, and extent of audit tests).

Question 4

Which of the following statements is correct concerning analytical procedures used during risk assessment in an audit engagement?

They often replace the test of controls that are performed to assess control risk.

They usually use financial and nonfinancial data aggregated at a high level.

They usually involve the comparison of assertions developed by management to ratios calculated by an auditor.

They are often used to develop an auditor’s preliminary judgment about materiality.

Answer 4

They usually use financial and nonfinancial data aggregated at a high level.

This answer is correct because planning analytical procedures use information aggregated at a high level—often, both financial and nonfinancial information.

Question 5

Which of the following factors would least likely affect the extent of the auditor’s consideration of the client’s internal control?

The amount of time budgeted to complete the engagement.

The size and complexity of the client.

The nature of specific relevant controls.

The auditor’s prior experience with client operations.

Answer 5

The amount of time budgeted to complete the engagement.

This answer is correct because it is least likely since an auditor should not decrease (or increase) the consideration of internal control simply due to the overall time budget.

Question 6

An auditor assesses control risk because it:

Is relevant to the auditor’s understanding of the control environment.

Provides assurance that the auditor’s materiality levels are appropriate.

Indicates to the auditor where inherent risk may be the greatest.

Affects the level of detection risk that the auditor may accept.

Answer 6

Affects the level of detection risk that the auditor may accept.

The requirement is to determine why an auditor assesses control risk. Answer (d) is correct because the assessed levels of control risk and inherent risk are used to determine the acceptable level of detection risk for financial statement assertions.

Question 7

An auditor reviews a client’s accounting policies and procedures when considering which of the following planning matters?

Method of sampling to be used.

Preliminary judgments about materiality levels.

Nature of reports to be rendered.

Understanding of the client’s operations and business.

Answer 7

Understanding of the client’s operations and business.

This answer is correct because such information provides overall guidance to help an auditor understand the client’s operations and business.

Question 8

Which of the following most likely would cause an auditor to consider whether a client’s financial statements contain material misstatements?

Management did not disclose to the auditor that it consulted with other accountants about significant accounting matters.

The chief financial officer will not sign the management representation letter until the last day of the auditor’s fieldwork.

Audit trails of computer-generated transactions exist only for a short time.
The results of an analytical procedure disclose unexpected differences.

Answer 8

The results of an analytical procedure disclose unexpected differences.

This answer is correct because when an analytical procedure discloses an unexpected difference it should be followed up on since a material misstatement may exist.

Question 9

Which of the following is not a component of internal control?

Control environment.
Control activities.
Inherent risk.
Monitoring.

Answer 9

Inherent risk.

This answer is correct. The control environment, control activities, monitoring, risk assessment, and information/communications are the components of internal control, but not inherent risk.

Question 10

The overall attitude and awareness of an entity’s board of directors concerning the importance of internal control usually is reflected in its:

Computer-based controls.

System of segregation of duties.

Control environment.

Safeguards over access to assets.

Answer 10

Control environment.

The requirement is to identify where the overall attitude and awareness of an entity’s board of directors concern-ing the importance of internal control is normally reflected. Answer (c) is correct because the control environment reflects the overall attitude, awareness, and actions of the board of directors, management, owners, and others concerning the importance of control and its emphasis in the entity.

Question 11

Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?

Disclosing lack of segregation of duties to the external auditors during the annual review.

Replacing personnel every three or four years.

Requiring accountants to pass a yearly background check.

Allowing for greater management oversight of incompatible activities.

Answer 11

Allowing for greater management oversight of incompatible activities.

This is correct because management’s oversight of the activities may either prevent or detect improper activities.

Question 12

The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that:

Specific internal control activities are not operating as designed.

The collective effect of the control environment may not achieve the control objectives.

Tests of controls may fail to identify activities relevant to assertions.

Material misstatements may exist in the financial statements.

Answer 12

Material misstatements may exist in the financial statements.

This answer is correct because auditors are ultimately concerned with the existence of material misstatements in the financial statements.

Question 13

To help plan the nature, timing, and extent of substantive auditing procedures, preliminary analytical procedures should focus on:

Enhancing the auditor’s understanding of the client’s business and events that have occurred since the last audit date.

Developing plausible relationships that corroborate anticipated results with a measurable amount of precision.

Applying ratio analysis to externally generated data such as published industry statistics or price indices.

Comparing recorded financial information to the results of other tests of transactions and balances.

Answer 13

Enhancing the auditor’s understanding of the client’s business and events that have occurred since the last audit date.

This answer is correct because analytical procedures used for risk assessment (planning) the audit should focus on enhancing the auditor’s understanding of the client’s business and events that have occurred since the last audit date, and on identifying areas that may represent specific risks relevant to the audit.

Question 14

The use of fidelity bonds protects a company from embezzlement losses and also:

Minimizes the possibility of employing persons with dubious records in positions of trust.

Reduces the company’s need to obtain expensive business interruption insurance.

Allows the company to substitute the fidelity bonds for various parts of internal control.

Protects employees who made unintentional errors from possible monetary damages resulting from such errors.

Answer 14

Minimizes the possibility of employing persons with dubious records in positions of trust.

This answer is correct because bonding companies will typically investigate the backgrounds of new employees.

Question 15

Which of the following procedures is least likely to be performed as a part of obtaining an understanding during an audit engagement of a new audit client previously audited by another CPA?

Communication with the predecessor auditor.

Performing analytical procedures.

Obtaining confirmation of cash balances.

Considering internal control.

Answer 15

Obtaining confirmation of cash balances.

This answer is correct because confirmation of cash balances is a substantive audit procedure which will be performed during the audit.

Question 16

Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been:

Authorized.
Implemented.
Tested.
Monitored.

Answer 16

Implemented.

This is correct because the professional standards require that an auditor evaluate the design of controls and determine whether they have been implemented (placed in operation).

Question 17

While obtaining an understanding of a client’s risk assessment policies, an auditor ordinarily considers how management:

Identifies risks.

Eliminates significant risks.

Assesses the likelihood of occurrence of subsequent events.

Relates risk assessment to compliance with marketing objectives.

Answer 17

Identifies risks.

This answer is correct because an auditor should obtain sufficient knowledge of the entity’s risk assessment process to understand how management considers risks relevant to financial reporting objectives and decide about actions to address those risks; that knowledge might include understanding of how management identifies risks, estimates their significance, and assesses the likelihood of their occurrence, and relates them to financial reporting.

Question 18

Which of the following statements is correct concerning an auditor’s assessment of control risk?

Assessing control risk may be performed concurrently during an audit with obtaining an understanding of the entity’s internal control.

Evidence about the operation of internal control in prior audits may not be considered during the current year’s assessment of control risk.

The basis for an auditor’s conclusions about the assessed level of control risk need not be documented unless control risk is assessed at the maximum level.

The lower the assessed level of control risk, the less assurance the evidence must provide that the control procedures are operating effectively.

Answer 18

Assessing control risk may be performed concurrently during an audit with obtaining an understanding of the entity’s internal control.

The requirement is to identify the correct statement concerning an auditor’s assessment of control risk. Answer (a) is correct because AU-C 315 indicates that assessing control risk may be performed concurrently during an audit with obtaining an understanding of internal control. Answer (b) is incorrect because evidence about the operation of internal control obtained in prior audits may be considered during the current year’s assessment of control risk. Answer (c) is incorrect because the basis for an auditor’s conclusions about the assessed level of control risk needs to be documented when control risk is assessed at levels other than the maximum level. Answer (d) is incorrect because a lower level of control risk requires more assurance that the control procedures are operating effectively.

Question 19

A primary purpose of performing analytical procedures as risk assessment procedures is to identify the existence of

Unusual transactions and events.

Illegal acts that went undetected because of internal control weaknesses.

Related-party transactions.

Recorded transactions that were not properly authorized.

Answer 19

Unusual transactions and events.

The requirement is to identify a primary purpose of performing analytical procedures during an audit’s risk assessment. Answer (a) is correct because analytical procedures used during risk assessment may enhance the auditor’s understanding of the client’s business and significant transactions and events that have occurred since the prior audit and also may help to identify the existence of unusual transactions or events and amounts, ratios, and trends that might indicate matters that have audit implications. Answers (b), (c), and (d) are all incorrect because while analytical procedures may lead to the discovery of illegal acts, related-party transactions, and unauthorized transactions, this is not the primary objective.

Question 20

Which of the following statements is correct regarding internal control?

A well-designed internal control environment ensures the achievement of an entity’s control objectives.

An inherent limitation to internal control is the fact that controls can be circumvented by management override.

A well-designed and operated internal control environment should detect collusion perpetrated by two people.

Internal control is a necessary business function and should be designed and operated to detect all errors and fraud.

Answer 20

An inherent limitation to internal control is the fact that controls can be circumvented by management override.

This answer is correct because management override of controls is a limitation of internal control. For example, management may enter into undisclosed agreements with customers that alter the terms and conditions of the entity’s standard sales contracts, which may result in improper revenue recognition.

Question 21

Which of the following is a component of internal control?

Financial reporting.
Operating effectiveness.
Risk assessment.
Organizational structure.

Answer 21

Risk assessment.
This answer is correct because risk assessment is a component of internal control—the other four components are (1) the control environment, (2) control activities, (3) the information system relevant to financial reporting and (4) the monitoring of controls.

Question 22

Which of the following items is an example of an inherent limitation in an internal control system?

Segregation of employee duties.

Human error in decision making.

Ineffective board of directors.

Understaffed internal audit functions.

Answer 22

Human error in decision making.

This answer is correct because human judgment is an inherent limitation since that judgment can be faulty and result in a breakdown in internal control because of human error; additional inherent limitations of internal control include (1) collusion of two or more people and (2) inappropriate management override of internal control.

Question 23

When an auditor considers a client’s internal control, control activities ordinarily relate to performance reviews, information processing, segregation of duties and:

Information and communication.
Operating decisions.
Physical controls.
Risk assessment.

Answer 23

Physical controls.

This answer is correct because control activities include performance reviews, information processing, physical controls, and segregation of duties.

Question 24

Which of the following factors is most relevant when an auditor considers the client’s organizational structure in the context of control risk?

Management’s attitude toward information processing and accounting departments.

The organization’s recruiting and hiring practices.

Physical proximity of the accounting function to upper management.

The suitability of the client’s lines of reporting.

Answer 24

The suitability of the client’s lines of reporting.

This answer is incorrect because recruiting and hiring practices relate to the competence of client personnel.

Question 25

In order to obtain an initial understanding of internal control sufficient to assess the risk of material misstatement of the financial statements, an auditor would most likely perform which of the following procedures?

Tests of key controls to determine whether they are effective.

Expanded substantive testing to identify relevant controls.

Analytical procedures to determine the need for specific controls.

Risk-assessment procedures to evaluate the design of relevant controls.

Answer 25

Risk-assessment procedures to evaluate the design of relevant controls.

This answer is correct because risk assessment procedures are performed to assess the risk of material misstatement throughout the financial statements.

Question 26

Which of the following procedures would a CPA most likely perform during the risk assessment phase of a financial statement audit?

Make inquiries of the client’s lawyer concerning pending litigation.

Perform cutoff tests of cash receipts and disbursements.

Compare financial information with nonfinancial operating data.

Recalculate the prior year’s accruals and deferrals.

Answer 26

Compare financial information with nonfinancial operating data.

This is correct because analytical procedures often include a comparison of financial information with nonfinancial operating data and because analytical procedures must be performed during risk assessment.

Question 27

Which of the following would an auditor most likely consider in evaluating the control environment of an audit client?

Overall employee satisfaction with assigned duties.

The number of CPAs in the accounting department.

Management reviews of monthly financial statements.

Management’s operating style.

Answer 27

Management’s operating style.

This answer is correct because management’s operating style is a part of the control environment and it is considered by auditors.

Question 28

Which of the following is an analytical procedure that an auditor most likely would perform when performing the risk assessment of an audit?

Confirming a sample of accounts payable.

Scanning payroll files for terminated employees.

Comparing current year balances to budgeted balances.

Recalculating interest expense based on notes payable balances.

Answer 28

Comparing current year balances to budgeted balances.

This answer is correct because comparing current year balances to budgeted balances will help the auditor in identifying areas to which to devote additional audit attention.

Question 29

Management’s emphasis on meeting projected profit goals most likely would significantly influence an entity’s control environment when:

Internal auditors have direct access to the entity’s board of directors.

A significant portion of management compensation is represented by stock options.

External policies established by parties outside the entity affect accounting policies.

The audit committee is active in overseeing the entity’s financial reporting policies.

Answer 29

A significant portion of management compensation is represented by stock options.

This answer is correct because when a significant portion of management’s compensation is represented by stock options, risk may be involved in that management is under great pressure to report earnings that meet projected profit goals; this will ordinarily increase management compensation significantly and, under some circumstances, create a pressure to report overstated earnings to meet those projections.

Question 30

Which of the following is not a step in an auditor’s assessment of control risk?

Evaluate the effectiveness of internal control with tests of controls.

Obtain an understanding of the entity’s information system and control environment.

Perform tests of details of transactions to detect material misstatements in the financial statements.

Consider whether controls can have a pervasive effect on financial statement assertions.

Answer 30

Perform tests of details of transactions to detect material misstatements in the financial statements.

The requirement is to identify the procedure that is not a step in an auditor’s assessment of control risk. Answer (c) is correct because performing tests of details of transactions to detect material misstatements pertains more directly to detection risk rather than inherent or control risk. Answer (a) is incorrect because auditors evaluate the effectiveness of internal control with tests of controls. Answer (b) is incorrect because obtaining an understanding of the entity’s information system and control environment is a preliminary step for considering control risk. Answer (d) is incorrect because auditors will consider the effect of internal control on the various financial statement assertions.

Question 31

Management’s attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity’s control environment when:

The audit committee is active in overseeing the entity’s financial reporting policies.

External policies established by parties outside the entity affect its accounting practices.

Management is dominated by one individual who is also a shareholder.

Internal auditors have direct access to the board of directors and entity management.

Answer 31

Management is dominated by one individual who is also a shareholder.

This answer is correct because these noted factors tend to have an especially significant influence on the control environment when management is dominated by one or a few individuals. Such a circumstance allows management to effectively implement aggressive financial reporting and emphasize meeting profit goals.

Question 32

In assessing control risk, an auditor ordinarily selects from a variety of techniques, including

Inquiry and analytical procedures.

Reperformance and observation.

Comparison and confirmation.

Inspection and verification.

Answer 32

Reperformance and observation.

The requirement is to identify the most appropriate procedures for assessing control risk. Auditors perform tests of controls to obtain evidence on the operating effectiveness of controls to assess control risk. Answer (b) is correct because tests of controls include inquiries of appropriate entity personnel, inspection of documents and reports, observation of the application of the policy or procedure, and reperformance of the application of the policy or procedure.

Question 33

Analytical procedures performed during the risk assessment phase of an audit should focus on:

Documenting the risk factors relating to the susceptibility of assets to misappropriation.

Identifying the internal control activities that could reduce the assessed level of control risk.

Discovering uncorrected misstatements that should be communicated to the audit committee.

Enhancing the auditor’s understanding of the transactions and events that have occurred since the last audit.

Answer 33

Enhancing the auditor’s understanding of the transactions and events that have occurred since the last audit.

This answer is correct because analytical procedures used for risk assessment in the audit should focus on (1) enhancing the auditor’s understanding of the client’s business and the transactions and events that have occurred since the last audit date, and (2) identifying areas that may represent specific risks relevant to the audit.

Question 34

Which of the following circumstances most likely would cause an auditor to suspect that there are material misstatements in an entity’s financial statements?

Senior financial management participates in the selection of accounting principles and the determination of significant estimates.

Supporting accounting records and files that should be readily available are not produced promptly when requested.

Related-party transactions take place in the ordinary course of business with an entity that is audited by another CPA firm.

Senior management has an interest in upgrading the entity’s information technology capabilities.

Answer 34

Supporting accounting records and files that should be readily available are not produced promptly when requested.

This answer is correct because unavailability of records when requested might indicate fraudulent entries lacking proper support.

Question 35

Which of the following is least likely to be included in the auditor’s risk assessment process to identify and assess the risks of material misstatement?

Identify risks.

Relate risks to what can go wrong at the relevant assertion level.

Consider whether risks are of a magnitude that could result in a misstatement that could be material.

Consider the likelihood that risks could result in misstatements of an amount which is less than material.

Answer 35

Consider the likelihood that risks could result in misstatements of an amount which is less than material.

This answer is correct because an auditor must consider the likelihood of risks of material misstatements, not misstatements less than material.

Question 36

Which of the following is ordinarily considered a factor indicative of increased financial reporting risk when an auditor is considering a client’s risk assessment policies?

Commissioned sales personnel.

A corporate code of conduct.

Rapid growth of the organization.

Materiality standards for determining whether to capitalize acquisitions of fixed assets.

Answer 36

Rapid growth of the organization.

This answer is correct because rapid growth of the organization is considered a risk factor when considering a client’s risk assessment policies. Note that risk factors do not necessarily indicate misstated financial statements, they are simply factors that have often been present in the past when misstatements have been identified

Question 37

When performing analytical procedures during the risk assessment of an audit, the auditor most likely would develop expectations by reviewing which of the following sources of information?

Unaudited information from internal quarterly reports.

Various account assertions in the planning memorandum.

Comments in the prior year’s management letter.

The control risk assessment relating to specific financial assertions.

Answer 37

Unaudited information from internal quarterly reports.

This answer is correct because analytical procedures used in planning generally use data aggregated at a high level, data such as account balances from the prior year or from quarterly financial statements.

Question 38

After obtaining an understanding of an entity’s internal control structure, an auditor may assess control risk at the maximum level for some assertions because the auditor

Believes the internal control policies and procedures are unlikely to be effective.

Determines that the pertinent internal control structure elements are not well documented.

Performs tests of controls to restrict detection risk to an acceptable level.

Identifies internal control policies and procedures that are likely to prevent material misstatements.

Answer 38

Believes the internal control policies and procedures are unlikely to be effective.

The auditor may assess control risk at maximum for some assertions if he/she believes that the internal controls are not effective. If they are not effective, they cannot be relied upon to reduce substantive testing.

Control risk, therefore, may be assessed at maximum and more emphasis placed on substantive testing.

Question 39

An auditor should obtain sufficient knowledge of an entity’s accounting system to understand the

Safeguards used to limit access to computer facilities.

Process used to prepare significant accounting estimates.

Procedures used to assure proper authorization of transactions.

Policies used to detect the concealment of irregularities.

Answer 39

Process used to prepare significant accounting estimates.

Accounting estimates are an area of concern to the auditors because of the amount of judgment and discretion they entail. The internal control structure may reduce the likelihood of material errors occurring related to the preparation of accounting estimates. As a result, the auditor should understand the internal control structure related to preparing accounting estimates.

Question 40

When assessing control risk at below the maximum level, an auditor is required to document the auditor’s understanding of the

I. Entity’s control activities that help ensure management directives are carried out.

II. Entity’s control environment factors that help the auditor plan the engagement.

I only.
II only.
Both I and II.
Neither I nor II.

Answer 40

Both I and II.

The auditor is always required to obtain a sufficient understanding of the internal control system in order to plan the audit. This understanding must be documented, regardless of the level at which control risk is to be assessed. Control activities and control environment factors are both components of the internal control system. As a result, they would both be documented.

Question 41

Which of the following elements of an entity’s internal control structure includes the development of personnel manuals documenting employee promotion and training policies?

Control activities.
Control environment.
Accounting system.
Quality control system.

Answer 41

Control environment.

The control environment sets the tone of an organization, influencing the control consciousness of its people. It includes the following factors: integrity and ethical values, commitment to competence, board of directors or audit committee participation, management’s philosophy and operating style, organizational structure, assignment of authority and responsibility, and human resource policies and practices. The development of personnel manuals documenting employee promotion and training policies is a component of human resource policies and practices.

Question 42

An auditor would most likely be concerned with internal control structure policies and procedures that provide reasonable assurance about the

Efficiency of management’s decision-making process.

Appropriate prices the entity should charge for its products.

Methods of assigning production tasks to employees.

Entity’s ability to process and summarize financial data.

Answer 42

Entity’s ability to process and summarize financial data.

An auditor is primarily concerned with internal controls that provide reasonable assurance as to an entity’s ability to prepare financial statements. As a result, the auditor would be interested in controls over the processing and summarization of financial data.

Question 43

For certain controls, such as segregation of duties, documentary evidence may not exist. An auditor would most likely test the procedures by

Reperformance and corroboration.
Observation and inquiry.
Inspection and vouching.
Confirmation and recomputation.

Answer 43

Observation and inquiry.

Segregation of duties and similar controls which lack documentation of their functioning are best tested through observation and inquiry.

Question 44

In obtaining an understanding of an entity’s internal control structure in a financial statement audit, an auditor is not obligated to

Determine whether the control procedures have been placed in operation.

Perform procedures to understand the design of the internal control structure policies.

Document the understanding of the entity’s internal control structure elements.

Search for significant deficiencies in the operation of the internal control structure.

Answer 44

Search for significant deficiencies in the operation of the internal control structure.

An auditor is not required to search for significant deficiencies in the operation of internal control. However, if such deficiencies come to the auditor’s attention, the auditor must report them to the audit committee.

Question 45

In obtaining an understanding of an entity’s internal control structure policies and procedures that are relevant to audit planning, an auditor is required to obtain knowledge about the

Design of the policies and procedures pertaining to the internal control structure elements.

Effectiveness of the policies and procedures that have been placed in operation.

Consistency with which the policies and procedures are currently being applied.

Control procedures related to each principal transaction class and account balance.

Answer 45

Design of the policies and procedures pertaining to the internal control structure elements.

In obtaining an understanding of an entity’s internal controls that are relevant to audit planning, an auditor is required to obtain knowledge about the design of relevant internal controls pertaining to financial reporting in each of the five internal control components. Note that only those internal controls which impact the financial statements are to be considered. It is not necessary to understand and evaluate all of an entity’s internal controls.

Question 46

During consideration of the internal control structure in a financial statement audit, an auditor is not obligated to

Search for significant deficiencies in the operation of the internal control structure.

Understand the internal control environment and the accounting system.

Determine whether the control procedures relevant to the audit have been implemented.

Perform procedures to understand the design of the internal control structure policies.

Answer 46

Search for significant deficiencies in the operation of the internal control structure.

The auditor is not required to search for significant deficiencies in the design or operation of internal control. The auditor is required to communicate any significant deficiencies noted to the audit committee (or those in governance).

Question 47

Which of the following actions should the auditor take in response to discovering a deviation from the prescribed control procedure?

Make inquiries to understand the potential consequence of the deviation.

Assume that the deviation is an isolated occurrence without audit significance.

Report the matter to the next higher level of authority within the entity.

Increase sample size of tests of controls.

Answer 47

Make inquiries to understand the potential consequence of the deviation.

When a deviation from a prescribed control procedure occurs, the auditor should evaluate the significance of the potential effects associated with the deficiency. It would be appropriate to make inquiry of management and other client personnel in evaluating the potential effect of such a control deficiency.

Question 48

Which of the following audit techniques most likely would provide an auditor with the most assurance about the effectiveness of the operation of an internal control procedure?

Confirmation with outside parties.

Inquiry of client personnel.

Recomputation of account balance amounts.

Observation of client personnel.

Answer 48

Observation of client personnel.

Confirmation with outside parties and recomputation of account balances are substantive procedures designed to gather evidence about the fair presentation of account balances. Inquiry of client personnel would provide some evidence about the operation of an internal control, but the best evidence about the effectiveness of operation of an internal control would be provided through the auditor’s observation of client personnel.

Question 49

When considering the internal control structure, an auditor should be aware of the concept of reasonable assurance, which recognizes that

Internal control policies and procedures may be ineffective due to mistakes in judgment and personal carelessness.

Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.

Establishing and maintaining the internal control structure is an important responsibility of management.

The cost of an entity’s internal control structure should not exceed the benefits expected to be derived.

Answer 49

The cost of an entity’s internal control structure should not exceed the benefits expected to be derived.

Internal control can provide only reasonable assurance as a limiting factor is the cost/benefit ratio. The cost of an entity’s internal control should not exceed the benefits derived therefrom.