AUDITING-INTERNAL CONTROL Flashcards
1
Q
Which of the following most likely would not be
considered an inherent limitation of the potential
effectiveness of an entity’s internal control?
a. Incompatible duties.
b. Management override.
c. Mistakes in judgment.
d. Collusion among employees.
A
- (a) The requirement is to identify the reply that most
likely would not be considered an inherent limitation of the potential
effectiveness of an entity’s internal control. Answer (a) is
correct because incompatible duties may generally be divided
among individuals in such a manner as to control the problem.
Answers (b), (c), and (d) are all incorrect because management
override, mistakes of judgment, and collusion among employees
are all inherent limitations of internal control.
2
Q
- When considering internal control, an auditor should
be aware of the concept of reasonable assurance, which
recognizes that
a. Internal control may be ineffective due to mistakes in
judgment and personal carelessness.
b. Adequate safeguards over access to assets and
records should permit an entity to maintain proper
accountability.
c. Establishing and maintaining internal control is an
important responsibility of management.
d. The cost of an entity’s internal control should not
exceed the benefi ts expected to be derived.
A
- (d) The requirement is to identify the meaning of the
concept of reasonable assurance. Answer (d) is correct because
reasonable assurance recognizes that the cost of internal
control should not exceed the benefi ts expected to be derived
3
Q
- Proper segregation of functional responsibilities calls
for separation of the functions of
a. Authorization, execution, and payment.
b. Authorization, recording, and custody.
c. Custody, execution, and reporting.
d. Authorization, payment, and recording.
A
- (b) The requirement is to identify the functions that
should be segregated for effective internal control. Answer (b)
is correct because authorizing transactions, recording
transactions, and maintaining custody of assets should be
segregated.
4
Q
- An entity’s ongoing monitoring activities often include
a. Periodic audits by the audit committee.
b. Reviewing the purchasing function.
c. The audit of the annual fi nancial statements.
d. Control risk assessment in conjunction with quarterly
reviews.
A
- (b) The requirement is to identify the most likely type
of ongoing monitoring activity. Answer (b) is correct because
ongoing monitoring involves assessing the design and
operation of controls on a timely basis and taking necessarycorrective actions and such an approach may be followed in
reviewing the purchasing function. Answer (a) is incorrect
because periodic audits are not ordinarily performed by the
audit committee, a subcommittee of the Board of Directors.
Answer (c) is incorrect because the audit of the annual
fi nancial statements is not ordinarily considered monitoring as
presented in the professional standards. Answer (d) is incorrect
because the meaning of the reply, control risk assessment in
conjunction with quarterly reviews, is uncertain.
5
Q
- The overall attitude and awareness of an entity’s board of
directors concerning the importance of internal control usually
is refl ected in its
a. Computer-based controls.
b. System of segregation of duties.
c. Control environment.
d. Safeguards over access to assets.
A
- (c) The requirement is to identify where the overall
attitude and awareness of an entity’s board of directors
concerning the importance of internal control is normally
refl ected. Answer (c) is correct because the control
environment refl ects the overall attitude, awareness, and
actions of the board of directors, management, owners, and
others concerning the importance of control and its emphasis
in the entity.
6
Q
- Management philosophy and operating style most likely
would have a signifi cant infl uence on an entity’s control
environment when
a. The internal auditor reports directly to management.
b. Management is dominated by one individual.
c. Accurate management job descriptions delineate
specifi c duties
d. The audit committee actively oversees the fi nancial
reporting process.
A
(b) The requirement is to identify the circumstance in
which management philosophy and operating style would
have a signifi cant infl uence on an entity’s control environment.
Answer (b) is correct because management philosophy and
operating style, while always important, is particularly so
when management is dominated by one or a few individualsbecause it may impact numerous other factors. Answer (a) is
incorrect because the impact of the internal auditor reporting
directly to management is likely to be less than that of
answer (a). Answer (c) is incorrect because while accurate
management job descriptions are desirable, they do not
have as signifi cant of an effect on management philosophy
and operating style as does domination by an individual.
Answer (d) is incorrect because an active audit committee
might temper rather than lead to a more signifi cant infl uence of
management philosophy and operating style
7
Q
- Which of the following factors are included in an entity’s
control environment?
Audit
committee
Integrity and
values Organizational
a. Yes Yes No
b. Yes No Yes
c. No Yes Yes
d. Yes Yes Yes
A
(d) The requirement is to determine which of the
factors listed are included in an entity’s control environment.
Answer (d) is correct because the audit committee, integrity
and ethical values, and organization structure are all included
8
Q
8. Which of the following is not a component of an entity’s internal control? a. Control risk. b. Control activities. c. Monitoring. d. Control environment
A
(a) The requirement is to identify the reply that is not a
component of an entity’s internal control. Answer (a) is correct
because while auditors assess control risk as a part of their
consideration of internal control, it is not a component of an
entity’s internal control. Answers (b), (c), and (d) are incorrect
because the control environment, risk assessment, control
activities, information and communication, and monitoring are
the fi ve components of an entity’s internal control (AU-C 315).
9
Q
- Which of the following is a provision of the Foreign
Corrupt Practices Act?
a. It is a criminal offense for an auditor to fail to detect and
report a bribe paid by an American business entity to a
foreign offi cial for the purpose of obtaining business.
b. The auditor’s detection of illegal acts committed
by offi cials of the auditor’s publicly held client in
conjunction with foreign offi cials should be reported
to the Enforcement Division of the Securities and
Exchange Commission.
c. If the auditor of a publicly held company concludes
that the effects on the fi nancial statements of a bribe
given to a foreign offi cial are not susceptible to
reasonable estimation, the auditor’s report should be
modifi ed.
d. Every publicly held company must devise, document,
and maintain internal control suffi cient to provide
reasonable assurances that internal control objectives
are met.
A
(d) The Foreign Corrupt Practices Act makes payment
of bribes to foreign offi cials illegal and requires publicly held
companies to maintain systems of internal control suffi cient to
provide reasonable assurances that internal control objectives
are met.
10
Q
An auditor suspects that certain client employees are
ordering merchandise for themselves over the Internet without
recording the purchase or receipt of the merchandise. When
vendors’ invoices arrive, one of the employees approves the
invoices for payment. After the invoices are paid, the employee
destroys the invoices and the related vouchers. In gathering
evidence regarding the fraud, the auditor most likely would
select items for testing from the fi le of all
a. Cash disbursements.
b. Approved vouchers.
c. Receiving reports.
d. Vendors’ invoices.
A
(a) The requirement is to determine the most likely
population from which an auditor would sample when
vendors’ invoices and related vouchers relating to purchases
made by employees have been destroyed. Answer (a) is correct
because the disbursement will be recorded and the auditor
may thus sample from that population. Answers (b) and (d) are
incorrect because the related vouchers and vendors’ invoices
are destroyed. Answer (c) is incorrect because there is no
recording of the receipt of the merchandise.
11
Q
- Which of the following procedures most likely would
provide an auditor with evidence about whether an entity’s
internal control activities are suitably designed to prevent or
detect material misstatements?
a. Reperforming the activities for a sample of
transactions.
b. Performing analytical procedures using data
aggregated at a high level.
c. Vouching a sample of transactions directly related to
the activities.
d. Observing the entity’s personnel applying the activities.
A
- (d) The requirement is to identify the procedure an
auditor would perform to provide evidence about whether
an entity’s internal control activities are suitably designed
to prevent or detect material misstatements. Answer (d) is
correct because AU-C 315 indicates an auditor will observe
the entity’s personnel applying the procedures to determine
whether controls have been implemented. Answer (a) is
incorrect because reperforming the activities is a test of
control to help assess the operating effectiveness of a control.
Answer (b) is incorrect because analytical procedures are
not performed to determine whether controls are suitably
designed. Answer (c) is incorrect because vouching a sample
of transactions is a substantive test not directly aimed at
determining whether controls are suitably designed. See
AU-C 315 for a discussion of an auditor’s responsibility for
determining whether controls have been implemented vs. their
operating effectiveness.
12
Q
- Which statement is correct concerning the relevance of
various types of controls to a fi nancial audit?
a. An auditor may ordinarily ignore a consideration of
controls when a substantive audit approach is taken.
b. Controls over the reliability of fi nancial reporting are
ordinarily most directly relevant to an audit, but other
controls may also be relevant.
c. Controls over safeguarding of assets and liabilities
are of primary importance, while controls over the
reliability of fi nancial reporting may also be relevant.
d. All controls are ordinarily relevant to an audit.
A
- (b) The requirement is to identify the correct statement
relating to the relevance of various types of controls to a
fi nancial statement audit. Answer (b) is correct because,
generally, controls that are relevant to an audit pertain to the entity’s objective of preparing fi nancial statements for external
purposes. Answer (a) is incorrect because AU-C 315 makes clear
that an auditor may not ignore consideration of controls under
any audit approach. Answer (c) is incorrect because control
over fi nancial reporting are of primary importance. Answer (d)
is incorrect because many operational and compliance related
controls are not ordinarily relevant to an audit.
13
Q
- In an audit of fi nancial statements in accordance with
generally accepted auditing standards, an auditor is required to
a. Document the auditor’s understanding of the entity’s
internal control.
b. Search for signifi cant defi ciencies in the operation of
internal control.
c. Perform tests of controls to evaluate the effectiveness
of the entity’s internal control.
d. Determine whether controls are suitably designed to
prevent or detect material misstatements
A
- (a) The requirement is to identify the statement that
represents a requirement when an audit of fi nancial statements
in accordance with generally accepted accounting principles is
performed. Answer (a) is correct because AU-C 315 requires that
the auditor document the understanding of the entity’s internal
control. Answer (b) is incorrect because while an auditor might
fi nd signifi cant defi ciencies in the operation of internal control,
no such search is required. Answer (c) is incorrect because an
auditor might use a substantive approach in performing an audit
and thereby perform few (if any) tests of controls. Answer
(d) is incorrect because while auditors must obtain knowledge
of internal control suffi ciently to identify types of potential
misstatements, they are not required to obtain the detailed
knowledge of internal control suggested by this reply.
14
Q
- In obtaining an understanding of an entity’s internal
control relevant to audit planning, an auditor is required to
obtain knowledge about the
a. Design of the controls pertaining to internal control
components.
b. Effectiveness of controls that have been implemented.
c. Consistency with which controls are currently being
applied.
d. Controls related to each principal transaction class and
account balance.
A
- (a) The requirement is to identify the knowledge that
an auditor must obtain when obtaining an understanding
of an entity’s internal control suffi cient for audit planning.
Answer (a) is correct because an auditor must obtain an
understanding that includes knowledge about the design of
relevant controls and records and whether the client has placed
those controls in operation. Answers (b) and (c) are incorrect
because auditors may choose not to obtain information on
operating effectiveness of controls and their consistency of
application. Answer (d) is incorrect because there is no such
explicit requirement relating to controls; see AU-C 315 for the
necessary understanding of internal control.
15
Q
- An auditor should obtain suffi cient knowledge of an
entity’s information system to understand the
a. Safeguards used to limit access to computer facilities.
b. Process used to prepare signifi cant accounting
estimates.
c. Controls used to assure proper authorization of
transactions.
d. Controls used to detect the concealment of fraud.
A
- (b) AU-C 315 states that the auditor should obtain
suffi cient knowledge of the information (including accounting)
system to understand the fi nancial reporting process used to
prepare the entity’s fi nancial statements, including signifi cant
accounting estimates and disclosures. It also states that this
knowledge is obtained to help the auditor to understand
(1) the entity’s classes of transactions, (2) how transactions are
initiated, (3) the accounting records and support, and (4) the
accounting processing involved from initiation of a transaction
to its inclusion in the fi nancial statements.
16
Q
- When obtaining an understanding of an entity’s internal
control, an auditor should concentrate on the substance of
controls rather than their form because
a. The controls may be operating effectively but may not
be documented.
b. Management may establish appropriate controls but
not enforce compliance with them.
c. The controls may be so inappropriate that no reliance
is contemplated by the auditor.
d. Management may implement controls whose costs
exceed their benefi ts.
A
- (b) The requirement is to determine why an auditor
should concentrate on the substance of procedures rather
than their form when obtaining an understanding of an
entity’s controls. Answer (b) is correct because management
may establish appropriate controls but not act on them,
thus creating a situation in which the form differs from the
substance. Answer (a) is incorrect because documentation
is not directly related to the issue of substance over form.
Answer (c) is incorrect because inappropriate controls is only
a part of an auditor concern; for example, a control may be
appropriate, but it may not be operating effectively. Answer (d)
is incorrect because while an auditor might suggest to
management that the cost of certain controls seems to exceed
their likely benefi t, this is not the primary reason auditors are
concerned with the substance of controls.
17
Q
- Decision tables differ from program fl owcharts in that
decision tables emphasize
a. Ease of manageability for complex programs.
b. Logical relationships among conditions and actions.
c. Cost benefi t factors justifying the program.
d. The sequence in which operations are performed.
A
- (b) Decision tables include various combinations
of conditions that are matched to one of several actions. In
an internal control setting, the various important controls
are reviewed and, based on the combination of answers
received, an action such as a decision on whether to perform
tests of controls is determined. Program fl owcharts simply
summarize the steps involved in a program. Answer (a)
is incorrect because decision tables do not emphasize the
ease of manageability for complex programs. Answer (c) is
incorrect because while decision tables may be designed using
various cost benefi t factors relating to the various conditions
and actions, they do not justify the program. Answer (d) is
incorrect because program fl owcharts, not decision tables,
emphasize the sequence in which operations are performed.
18
Q
- During the consideration of internal control in a fi nancial
statement audit, an auditor is not obligated to
a. Search for signifi cant defi ciencies in the operation of
the internal control.
b. Understand the internal control and the information
system.
c. Determine whether the control activities relevant to
audit planning have been implemented.
d. Perform procedures to understand the design of
internal control.
A
- (a) The requirement is to identify the procedure that
is not required to be included in an auditor’s consideration
of internal control. Answer (a) is correct because the auditor
need not obtain evidence relating to operating effectiveness
when control risk is to be assessed at the maximum level.
Answer (b) is incorrect because an auditor must obtain an
understanding of the internal control environment and the
information system. Answers (c) and (d) are incorrect because
an auditor is obligated to obtain information on the design of
internal control and on whether control activities have been
implemented.
19
Q
- A primary objective of procedures performed to
obtain an understanding of internal control is to provide an
auditor with
a. Knowledge necessary to assess the risks of material
misstatements.
b. Evidence to use in assessing inherent risk.
c. A basis for modifying tests of controls.
d. An evaluation of the consistency of application of
management’s policies.
A
- (a) The requirement is to identify the primary
objective of procedures performed to obtain an understanding
of internal control. Answer (a) is correct because the auditor
obtains a suffi cient understanding of internal control to assess
the risks of material misstatement and to design the nature,
timing, and extent of further audit procedures. Answer (b)
addresses inherent risk, the susceptibility of an assertion to
material misstatement, assuming that there are no related
controls. Answer (b) is incorrect since the concept of inherent
risk assumes no internal control and is therefore not the
primary objective. Answer (c) is incorrect because answer (a)
is more complete and because decisions on modifying tests of
controls are often made at a later point in the audit. Answer (d)
is incorrect because the consistency of application of
management’s policies relates more directly to tests of controls
than to obtaining an understanding of internal control.
20
Q
- Which of the following statements regarding auditor
documentation of the client’s internal control is correct?
a. Documentation must include fl owcharts.
b. Documentation must include procedural write-ups.
c. No documentation is necessary although it is
desirable.
d. No one particular form of documentation is necessary,
and the extent of documentation may vary.
A
- (d) The requirement is to determine the correct
statement with respect to the auditor’s required documentation
of the client’s internal control. An auditor may document his/
her understanding of the structure and his/her conclusions
about the design of that structure in the form of answers to a
questionnaire, narrative memorandums, fl owcharts, decision
tables, or any other form that the auditor considers appropriate
in the circumstances. Answers (a) and (b) are, thus, incorrect
because they suggest restrictions which do not exist in
practice. Answer (c) is incorrect since at a minimum a list of
reasons for nonreliance must be provided.
21
Q
- When an auditor increases the assessed level of control
risk because certain control activities were determined to be
ineffective, the auditor would most likely increase the
a. Extent of tests of controls.
b. Level of detection risk.
c. Extent of tests of details.
d. Level of inherent risk.
A
- (c) Increases in the assessed level of the risk of
material misstatement lead to decreases in the acceptable
level of detection risk. Accordingly, the auditor will need to
increase the extent of substantive tests such as tests of details.
Answer (a) is incorrect because tests of controls are performed
to reduce the assessed level of control risk only when controls
are believed to be effective. Answer (b) is incorrect because
the level of detection risk must be decreased, not increased.
Answer (d) is incorrect because the level of inherent risk
pertains to the susceptibility of an account to material
misstatement independent of related controls.
22
Q
- Which of the following may not be required on a
particular audit of a nonissuer (nonpublic) company?
a. Risk assessment procedures.
b. Tests of controls.
c. Substantive procedures.
d. Analytical procedures.
A
- (b) Answer (b) is correct because tests of controls
are only required when the auditor relies on the controls or
substantive tests alone are not suffi cient to audit particular
assertions. Answers (a), (c), and (d) are incorrect because these
procedures are required on every audit.
23
Q
- Control risk should be assessed in terms of
a. Specifi c controls.
b. Types of potential fraud.
c. Financial statement assertions.
d. Control environment factors.
A
- (c) The requirement is to identify the terms in which
control risk should be assessed. Answer (c) is correct because
AU-C 315 requires that control risk be assessed in terms of
fi nancial statement assertions.
24
Q
- After assessing control risk, an auditor desires to seek a
further reduction in the assessed level of control risk. At this
time, the auditor would consider whether
a. It would be effi cient to obtain an understanding of the
entity’s information system.
b. The entity’s controls have been implemented.
c. The entity’s controls pertain to any fi nancial statement
assertions.
d. Additional audit evidence suffi cient to support a
further reduction is likely to be available
A
- (d) The requirement is to identify a situation in which
an auditor may desire to seek a further reduction in the
assessed level of control risk. Answer (d) is correct because
such a reduction is only possible when additional evidence,
evaluated by performing additional tests of controls, is
available. Answer (a) is incorrect because auditors at this
point will ordinarily already have obtained the understanding
of the information system to plan the audit. Furthermore,
an understanding of internal control is needed on all audits.
Answer (b) is incorrect because auditors must determine that
controls have been implemented in all audits. Answer (c) is
incorrect because a signifi cant number of controls always
pertain to fi nancial statement assertions.
25
Q
- Assessing control risk at a low level most likely would
involve
a. Performing more extensive substantive tests with
larger sample sizes than originally planned.
b. Reducing inherent risk for most of the assertions
relevant to signifi cant account balances.
c. Changing the timing of substantive tests by omitting
interim-date testing and performing the tests at year-end.
d. Identifying specifi c controls relevant to specifi c
assertions.
A
- (d) Assessing control risk at a low level involves
(1) identifying specifi c controls relevant to specifi c assertions
that are likely to prevent or detect material misstatements
in those assertions, and (2) performing tests of controls to
evaluate the effectiveness of such controls. Answer (a) is
incorrect because assessing control risk at a low level may
lead to less extensive, not more extensive substantive tests.
Answer (b) is incorrect because the actual level of inherent risk
is not affected by the level of control risk. Also, one would not
expect a change in the assessed level of control risk to result
in a change in the assessed level of inherent risk. Answer (c) is
incorrect because assessing control risk at a low level may lead
to interim-date substantive testing rather than year-end testing.
26
Q
- An auditor assesses control risk because it
a. Is relevant to the auditor’s understanding of the
control environment.
b. Provides assurance that the auditor’s materiality levels
are appropriate.
c. Indicates to the auditor where inherent risk may be the
greatest.
d. Affects the level of detection risk that the auditor may
accept.
A
- (d) The requirement is to determine why an auditor
assesses control risk. Answer (d) is correct because the
assessed levels of control risk and inherent risk are used to
determine the acceptable level of detection risk for fi nancial
statement assertions.
27
Q
- Before assessing control risk at a level lower than the
maximum, the auditor obtains reasonable assurance that
controls are in use and operating effectively. This assurance is
most likely obtained in part by
a. Preparing fl owcharts.
b. Performing substantive tests.
c. Analyzing tests of trends and ratios.
d. Inspection of documents
A
- (d) The requirement is to identify the type of audit test
most likely to provide assurance that controls are in use and
operating effectively. Answer (d) is correct because inspection
of documents is a form of a test of controls, and such tests are
used to obtain reasonable assurance that controls are in use and
operating effectively. Answer (a) is incorrect because auditors
prepare fl owcharts to document a company’s internal control,
not to obtain assurance that controls are in use and operating
effectively. Answer (b) is incorrect because substantive tests
relate to the accuracy of accounts and assertions rather than
testing controls directly. Answer (c) is incorrect because
analyzing tests of trends and ratios is an analytical procedure
that does not directly test controls.
28
Q
- An auditor generally tests the segregation of duties related
to inventory by
a. Personal inquiry and observation.
b. Test counts and cutoff procedures.
c. Analytical procedures and invoice recomputation.
d. Document inspection and reconciliation.
A
- (a) The requirement is to identify the appropriate
procedures for testing the segregation of duties related to
inventory. Answer (a) is correct because AU-C 315 suggests
that when no audit trail exists (as is often the case for the
segregation of duties) an auditor should use the observation
and inquiry techniques.
29
Q
- The objective of tests of details of transactions performed
as tests of controls is to
a. Monitor the design and use of entity documents such
as prenumbered shipping forms.
b. Determine whether controls have been implemented.
c. Detect material misstatements in the account balances
of the fi nancial statements.
d. Evaluate whether controls operated effectively
A
- (d) The requirement is to identify the objective of
tests of details of transactions performed as tests of controls.
Answer (d) is correct because the purpose of tests of controls
is to evaluate whether internal control operates effectively.
Answer (a) is incorrect because while monitoring the
design and use of entity documents may be viewed as a test
of controls, it is not the objective. Answer (b) is incorrect
because determining whether internal control is implemented
is not directly related to tests of controls; see AU-C 315
for the distinction between “implemented” and “operating
effectiveness.” Answer (c) is incorrect because substantive
tests, not tests of controls, are focused on detection of
material misstatements in the account balances of the fi nancial
statements
30
Q
- After obtaining an understanding of internal control and
assessing the risk of material misstatement, an auditor decided
to perform tests of controls. The auditor most likely decided
that
a. It would be effi cient to perform tests of controls that
would result in a reduction in planned substantive
tests.
b. Additional evidence to support a further reduction in
the risk of material misstatement is not available.
c. An increase in the assessed level of the risk of
material misstatement is justifi ed for certain fi nancial
statement assertions.
d. There were many internal control weaknesses that
could allow misstatements to enter the accounting
system.
A
- (a) The requirement is to identify a circumstance in
which an auditor may decide to perform tests of controls.
Answer (a) is correct because tests of controls will be
performed when they are expected to result in a cost effective
reduction in planned substantive tests. Answer (b) is incorrect
because tests of controls are only performed when they are
likely to support a further reduction in the assessed level of the
risk of material misstatement. Answer (c) is incorrect because
tests of controls are designed to decrease the assessed level of
the risk of material misstatement, not increase it. Answer (d) is
incorrect because internal control weaknesses normally result
in more substantive testing and less tests of controls.
31
Q
37. In assessing control risk, an auditor ordinarily selects from a variety of techniques, including a. Inquiry and analytical procedures. b. Reperformance and observation. c. Comparison and confi rmation. d. Inspection and verifi cation.
A
- (b) The requirement is to identify the most appropriate
procedures for assessing control risk. Auditors perform tests
of controls to obtain evidence on the operating effectiveness
of controls to assess control risk. Answer (b) is correct
because tests of controls include inquiries of appropriate entity
personnel, inspection of documents and reports, observation of the application of the policy or procedure, and reperformance
of the application of the policy or procedure.
32
Q
- Which of the following types of evidence would an
auditor most likely examine to determine whether controls are
operating as designed?
a. Confi rmations of receivables verifying account
balances.
b. Letters of representations corroborating inventory
pricing.
c. Attorneys’ responses to the auditor’s inquiries.
d. Client records documenting the use of computer
programs.
A
- (d) The requirement is to identify the type of evidence
an auditor most likely would examine to determine whether
controls are operating as designed. Answer (d) is correct
because inspection of client records documenting the
use of computer programs will provide evidence to help
the auditor evaluate the effectiveness of the design and
operation of internal control; the client’s control over use
of its computer programs in this case is documentation of
the use of the programs. In order to test this control, the
auditor will inspect the documentation records. See AU-C
330 for information on the nature of tests of controls.
Answer (a) is incorrect because the confi rmation process
is most frequently considered a substantive test, not a test
of a control. Answer (b) is incorrect because letters of
representations provide corroborating information on various
management representations obtained throughout the audit
and therefore only provides limited evidence on internal
control. Answer (c) is incorrect because attorneys’ responses
to auditor inquiries most frequently pertain to litigation,
claims, and assessments.
33
Q
- Which of the following is not a step in an auditor’s
assessment of control risk?
a. Evaluate the effectiveness of internal control with tests
of controls.
b. Obtain an understanding of the entity’s information
system and control environment.
c. Perform tests of details of transactions to detect
material misstatements in the fi nancial statements.
d. Consider whether controls can have a pervasive effect
on fi nancial statement assertions.
A
- (c) The requirement is to identify the procedure
that is not a step in an auditor’s assessment of control risk.
Answer (c) is correct because performing tests of details of
transactions to detect material misstatements pertains more
directly to detection risk rather than inherent or control
risk. Answer (a) is incorrect because auditors evaluate
the effectiveness of internal control with tests of controls.
Answer (b) is incorrect because obtaining an understanding
of the entity’s information system and control environment is
a preliminary step for considering control risk. Answer (d) is
incorrect because auditors will consider the effect of internal
control on the various fi nancial statement assertions
