Ch 5

Question 0

Internal control is a process that is designed to provide reasonable assurance regarding Achievement of what 3 objectives?

Answer 0

1 reliability of financial reporting

2 effectiveness and efficiency of operations

3 compliance with applicable laws and regulations

Question 1

COSO

Answer 1

Committee of Sponsoring Organizations

Question 2

Management objectives of financial reporting 2

Answer 2

Reliable financial reports

Safe guard assets

Question 3

Management objectives of operations, 5 examples

Answer 3

1 good business reputation
2 ensuring positive return on investment
3 increasing market share
4 promoting new product innovation
5 using assets efficiently

Question 4

Management objectives of compliance

Answer 4

Comply with laws and regulations that affect entity

Question 5

4 common limitations to internal control systems

Answer 5

1 human error due to mistakes in judgement, fatigue, carelessness
2 deliberate circumvention by people in system
3 management can override controls
4 collusion among people who are supposed to act independently
When separation of duties is supposed to occur

Question 6

Reasonable assurance recognizes that costs of controls…

Answer 6

Should not exceed benefits that are expected from the controls

Question 7

Integrated audit process

Answer 7

Describes an audit process that is designed to provide an
Opinion on both the financial statements and internal control
System of entity

Question 8

3 reasons auditors must evaluate entity’s internal control

Answer 8

1 assess effectiveness of internal control
2 identify fraud risk in planning stage of audit
3 assess risk of material misstatement for each relevant assertion

Question 9

Risk of materials misstatement (RMM), why is it assessed?

Answer 9

Give audit team basis for planning audit

And determining nature, timing and extent of further audit
procedures

Question 10

RMM is composed of…

Answer 10

Inherent risk and control risk

Question 11

Inherent risk

Answer 11

Susceptibility of an account to misstatement

Question 12

Control risk

Answer 12

Probability that an entity’s controls will fail to prevent

or detect Material misstatements due to errors or frauds that
Would otherwise have entered the system

Question 13

What should an audit team do when entity’s control risks are high?
Nature, timing, extent?

Answer 13

Audit team would use substantive tests of details to obtain
External evidence (nature) near the entity’s fiscal year end
(Timing)

With large sample sizes (extent)

Question 14

When there is higher control risk, detection risk is…

2) when there is lower control risk, detection risk is…

Answer 14

Lower

2) higher

Question 15

More reliance is placed on internal control when control risk is…

Answer 15

Lower

Question 16

Lower control risk: nature, timing, extent

Answer 16

Nature: less effective tests conducted

Timing: testing can be performed at interim of year

Extent: lower sample size

Question 17

5 interrelated components of internal control

Answer 17

1 control environment
2 risk assessment
3 control activities
4 monitoring
5 information and communication

Question 18

Control environment factors include 3 things

Answer 18

1 integrity

2 ethical values

3 competence of entity’s personnel

Question 19

7 general principles of effective internal control environment

Answer 19

1 integrity and ethical values
2 board of directors 
3 management's philosophy and operating style
4 organizational structure
5 financial reporting competences
6 authority and responsibility
7 human resources

Question 20

Audit committee

Answer 20

Subcommittee of board of directors that is generally composed
Of 3 to 6 independent member (not involved in daily operations)

All members are financially literate and one is financial expert

Question 21

Purpose of including independent members in audit committee

Answer 21

Provide buffer between audit team and operating management

Team

Question 22

Business risks

Answer 22

Factors, events and conditions that prevent organization
From achieving business objectives,

including effective financial reporting

Question 23

Purpose of risk assessment for an entity?

Answer 23

Identify risks, estimate their significance and likelihood

And how to manage risks

Question 24

Control activities

Answer 24

Specific actions a client’s management and employees take to

Ensure that management’s directives are carried out

Question 25

Important reason why professional standards require audit team to document their understanding of internal control system?

Answer 25

Their understanding of whether management has implemented
Control activities

that are sufficient to address risks of material misstatement
For each relevant assertion

Question 26

How audit team should account for Control activity: information technology

Answer 26

Assess whether client has taken advantage of significant
advances in information technology

By using entirely automated control systems

Question 27

How audit team should account for Control activity: level of integration with their risk assessment process

Answer 27

Has audit client’s management addressed identified risks

To achieve financial reporting objectives?

Question 28

How audit team should account for Control activity: selection and development of control activities

Answer 28

Control activities are selected/developed considering their cost

And potential effectiveness in mitigating identified risks

Question 29

How audit team should account for Control activity: policies and procedures

Answer 29

Have policies related to reliable financial reporting been

Documented and communicated throughout company?

Question 30

Preventive controls, define,

Examples

Answer 30

Procedures that prevent misstatements before they occur

Ex. Limiting access, hiring competent people, requiring approval,
Separating duties

Question 31

Detective controls

Answer 31

Procedures that detect misstatements after they occur

Question 32

Performance reviews require what of management?

Answer 32

Require management’s active participation in supervision of

Operations

Question 33

What 4 duties should be separated for entities accounting staff under separation of duties?

Answer 33

1 authorization to execute transactions
2 recording transactions
3 custody of assets involved in transactions
4 periodic reconciliation of existing assets to recorded amounts

Question 34

Incompatible responsibilities

Answer 34

Combinations of responsibilities that place a person alone in
A position to create

and conceal misstatements due to errors Or frauds in his
Normal job

Question 35

Information system

Answer 35

Entity’s system, usually built on technological Platform

that has been designed to produce information necessary for entity
to Operate and control its business operations

Question 36

2 fundamental principles of monitoring

Answer 36

1 ongoing and separate evaluations

2 reporting deficiencies

Question 37

Monitoring: ongoing and separate evaluations

Answer 37

Evaluations enable management to determine whether other

Components of internal control continue to function over time

Question 38

Monitoring: reporting deficiencies

Answer 38

Internal control deficiencies identified and communicated in
Timely manner to parties taking corrective action

Also reported to management and board as appropriate

Question 39

3 phases of internal control evaluation

Answer 39

1 understanding

2 assessment

3 testing

Question 40

What 5 areas must be understood to understand internal control?

Answer 40

1 control environment
2 accounting system
3 risk assessment
4 control activities
5 monitoring

Question 41

3 ways auditors document understanding of internal control?

Answer 41

1 narrative memo
2 questionnaire
3 flow chart

Question 42

An accounts significance is based on its…

Answer 42

Inherent risk

Question 43

Relevant assertions

Answer 43

Those that represent possibility of material misstatement

Question 44

Entity level controls

Answer 44

Controls pervasive to internal control system and reliability of
Financial statements taken as a whole

Question 45

How are the following types of entity level controls assessed? 2 things:
Controls related to control environment
Controls related to management override
Centralized processing and shared service environments
Controls to monitor results of operations
Controls to monitor other controls

Answer 45

1 primary evidence to test controls gather through observation,
inquiry and examination of documents

2 auditor must assess whether managements integrity, values
And operating style promote effective control consciousness throughout entity

Question 46

Entity level control: managements risk assessment

What is audit teams assessment? 2 things

Answer 46

1 audit team needs to gain understanding of how client assesses
And responds to risk

2 if client already uses enterprise risk management, inquiry
And obtaining documentation of ERM is usually enough

Question 47

Entity level control: period end financial reporting process

How does audit team assess? 3 things

Answer 47

1 assess processes used to produce financial statements and
How IT is involved in period end process
2 document who is participating from management team and
Where process takes place
3 needs to understand and document the types of adjusting
Entries that have occurred and understand oversight by
management, board, and audit committee

Question 48

Entity level control: policies that address significant business control and risk management policies

4 aspects of assessment by audit team

Answer 48

1 review and evaluate documentation
2 review previous years audit work with entity
3 responses to inquiries by client personnel
4 examination of documents and records

Question 49

Transaction level controls

Answer 49

Controls that pertain to specific classes of transactions, account
Balances and disclosures

Question 50

The purpose of gaining an understanding of internal control is to evaluate…

Answer 50

Design effectiveness

Question 51

Design effectiveness

Answer 51

Determines whether the controls over financial reporting (if
operating effectively)

would be expected to prevent/detect Errors or fraud that result in material misstatement on financial Statements

Question 52

Walk through

Answer 52

Combination of inquiry of personnel, observation of entity’s
Operations

And document and examination while tracing transactions through
Audit trail from initiation of transaction to recording on financial st.

Question 53

Operating effectiveness

Answer 53

Whether control is operating as designed

Whether person performing the control possesses the necessary
Authority and qualifications to perform control effectively

Question 54

Internal control questionnaire

Answer 54

Organized under headings that identify questions related to
Relevant management assertions

and overall control environment

Question 55

Narrative description (of each important control subsystem)

Answer 55

Describes all environmental elements, accounting system and
All control activities

Effective for audit of small businesses

Question 56

Accounting and control system flow chart

Answer 56

Pictures that help audit team assess key control points in the
process

Can be helpful in identifying missing controls

Question 57

2 reasons why audit team might not test internal controls

Answer 57

1 internal control system is too ineffective at preventing and
detecting misstatements

2 takes more time for the audit team to test the internal Controls
than it would to perform substantive tests for relevant Assertion

Question 58

Phase 2: Assess control risk

Answer 58

Auditors seek to identify internal control activities that are
Explicitly designed to support reliable financial statement reporting

Question 59

If audit assessment is less than maximum level, what does this mean?

Answer 59

Audit team wishes to rely on internal controls to modify the
Nature, timing and extent of further audit procedures

Question 60

If audit assessment is less than maximum level, what must they do?

Answer 60

They must perform tests of controls

Question 61

Perform tests on internal controls: required level of effectiveness is a matter of what?

Answer 61

Professional judgement

Question 62

Generally the most effective test of controls is…

Answer 62

Reperformance

Question 63

4 types of control tests from least persuasive to most persuasive

Answer 63

1 inquiry of client personnel (least persuasive)
2 observation of control activity being performed
3 inspection of relevant documentation
4 reperformance of the control activity (most persuasive)

Question 64

Substantive procedures

Answer 64

Detect material misstatements in account balances and financial
Statement disclosures for each relevant assertion

Question 65

Control risk is almost always raised, what is the one exception where it can be lowered?

Answer 65

If you were in error understanding the controls phase

There are additional controls you were unaware of

Question 66

Dual-purpose tests

Answer 66

Single audit test that produces both control testing and

substantive testing

Question 67

Focus in Auditing Standard 5 (AS 5)

Answer 67

Whether material weakness exists at end of year being reported

Question 68

Scope of Internal control audit

Answer 68

Test each relevant control activity each year

Question 69

Reporting of internal control audit

Answer 69

Opinion on effectiveness of internal control

Question 70

Timing if internal control audit

Answer 70

Evaluate effectiveness of internal control as of fiscal year end

Question 71

Scope of financial statement audit

Answer 71

Test relevant control activities if relying in them

Question 72

Reporting of financial statement audit

Answer 72

No opinion in internal control

Question 73

Timing of financial statement audit

Answer 73

Evaluate effectiveness if internal control throughout fiscal year

Question 74

AS 5 emphasizes 6 step audit process designed to evaluate effectiveness of internal control system over financial reporting

Answer 74

1 planning the engagement
2 using top down approach
3 testing controls
4 evaluating identified deficiencies
5 wrapping up
6 reporting internal control

Question 75

Control risk is used to determine…

Answer 75

The nature, timing and extent of further audit procedures

Question 76

Inherent risk is used to determine…

Answer 76

The nature, timing and extent of tests of controls

Question 77

Top down approach

Answer 77

Focuses on threats of integrity to external financial reporting

Question 78

Internal control deficiency

Answer 78

Exists when either the design or operation of control under
Consideration

doesn’t allow company management or employees To detect
Or prevent material misstatement quick enough

Question 79

Design deficiency

Answer 79

Problem relating to necessary control that is missing

Or existing control that is poorly designed, failing to satisfy
Control’s objective

Question 80

Operating deficiency

Answer 80

Occurs when properly designed control is either ignored
Or inappropriately applied

Ex. Could result from poorly trained employees

Question 81

2 groups of serious internal control deficiencies

Answer 81

1 material weakness

2 significant deficiency

Question 82

Material weakness

Answer 82

Deficiencies that give reasonable possibility that material
misstatement would not be prevented or detected on timely
Basis

Ex. Restatement of previously issued financial statements, fraud by senior management

Question 83

Significant deficiency

Answer 83

Combination of deficiencies in internal control that is less
Severe than material weakness

Important enough to merit attention by those charged with
Governance

Question 84

Managements annual report on internal control over financial reporting

Answer 84

Report required by SOX that states management responsible
For establishing and maintaining internal control over financial
Reporting
Identifies framework management uses to evaluate effectiveness
Of internal control, provides management’s assessment of
Internal control

Question 85

3 written representations audit team must obtain from managment

Answer 85

1 its responsibility for effective internal control over financial
Reporting
2 it’s evaluated effectiveness of internal control over financial
Reporting
3 it has disclosed all internal control deficiencies and frauds to
The audit team

Question 86

AS 5 imposes 2 requirements for SEC registrants related to entity’s internal control over financial reporting at date of financial statements

Answer 86

1 management’s report on its assessment of internal control
Over financial reporting

2 auditor’s report on internal control over financial reporting

Question 87

Auditors’ report on internal control over financial reporting

Answer 87

Provides opinion on effectiveness if entity’s internal control
Over financial reporting

Question 88

Adverse opinion on internal control over financial reporting

Answer 88

Opinion issued when company has material weakness

And not maintained an effective internal control over financial
Reporting

Question 89

Scope limitations

Answer 89

Audit teams could encounter scope limitations on their ability to
Evaluate effectiveness of entity’s internal control over financial
Reporting

Ex, failure to obtain written representations from managment,
Management has implemented new controls in response to
Identified martial weakness

Question 90

Scope limitation may result in…

Answer 90

The issuance of disclaimer of opinion on internal control over
Financial reporting or withdrawal from engagement

Question 91

Management letter

Answer 91

Letter contains commentary and suggestions on variety of
Matters in addition to internal control matters

Report audit teams issue to managment