Ch 6 & 8 - Quiz Flashcards
A primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with
A.) Audit evidence to use in reducing detection risk.
B.) Information necessary to prepare flowcharts.
C.) A basis from which to modify tests of controls.
D.) Knowledge necessary to assess the risk of misstatement.
D.) Knowledge necessary to assess the risk of misstatement.
This answer is correct because the auditor should obtain a sufficient understanding of an entity’s control to assess the risk of material misstatement.
In obtaining an understanding of an entity’s internal control relevant to audit planning, an auditor is required to obtain knowledge about the
A.) Design of the controls pertaining to internal control components.
B.) Effectiveness of controls that have been implemented.
C.) Consistency with which controls are currently being applied.
D.) Controls related to each principal transaction class and account balance.
A.) Design of the controls pertaining to internal control components.
The requirement is to identify the knowledge that an auditor must obtain when obtaining an understanding of an entity’s internal control sufficient for audit planning. Answer (a) is correct because an auditor must obtain an understanding that includes knowledge about the design of relevant controls and records and whether the client has placed those controls in operation. Answers (b) and (c) are incorrect because auditors may choose not to obtain information on operating effectiveness of controls and their consistency of application. Answer (d) is incorrect because there is no such explicit requirement relating to controls; see AU-C 315 for the necessary understanding of internal control.
Which of the following types of control best describes procedures to ensure appropriate systems software acquisition?
A.) Physical.
B.) Monitoring.
C.) General.
D.) Application.
C.) General.
AICPA Professional Standards
(Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement)
point out that general IT controls include controls over the following: (1) data center and network operations; (2) system software acquisition, change, and maintenance; (3) program change; (4) access security; and (5) application system acquisition, development, and maintenance (AU-C 315.A107). Accordingly, controls over systems software acquisition are associated with general controls.
Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee (or otherwise those charged with governance)?
A.) Evidence of a lack of objectivity by those responsible for accounting decisions.
B.) Management’s failure to renegotiate unfavorable long-term purchase commitments.
C.) Management’s current plans to reduce its ownership equity in the entity.
D.) Recurring operating losses that may indicate going concern problems.
A.) Evidence of a lack of objectivity by those responsible for accounting decisions.
A significant deficiency is a control deficiency in the design or operation of internal control that can adversely affect the financial statements.
If those responsible for accounting decisions appear to lack objectivity, the resultant accounting decisions may result in material misstatements of the financial statements.
For example, revenue recognition decisions might be made to increase current period net income (and managerial bonuses).
A letter issued regarding significant deficiencies relating to an entity’s internal control observed during an audit of financial statements should include a
A.) Paragraph describing management’s evaluation of the effectiveness of the control structure.
B.) Description of tests performed to search for material weaknesses.
C.) Statement of compliance with applicable laws and regulations.
D.) Restriction on the distribution of the report.
D.) Restriction on the distribution of the report.
Letters on significant deficiencies are restricted as to distribution. The letters are intended solely for the use of the audit committee (or those charged with governance), management, and others within the organization.
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the
A.) Factors that raise doubts about the auditability of the financial statements.
B.) Risk that material misstatements exist in the financial statements.
C.) Operating effectiveness of internal control policies and procedures.
D.) Possibility that the nature and extent of substantive tests may be reduced.
B.) Risk that material misstatements exist in the financial statements.
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that material misstatements exist in the financial statements. Assessing control risk and inherent risk helps the auditor identify where misstatements might exist; the auditor then performs auditing procedures to detect those misstatements.
Which of the following audit techniques most likely would provide an auditor with the most assurance about the effectiveness of the operation of an internal control procedure?
A.) Confirmation with outside parties.
B.) Recomputation of account balance amounts.
C.) Inquiry of client personnel.
D.) Observation of client personnel.
D.) Observation of client personnel.
Confirmation with outside parties and recomputation of account balances are substantive procedures designed to gather evidence about the fair presentation of account balances. Inquiry of client personnel would provide some evidence about the operation of an internal control, but the best evidence about the effectiveness of operation of an internal control would be provided through the auditor’s observation of client personnel.
An auditor uses the knowledge provided by the understanding of internal control and the assessed level of the risks of material misstatements primarily to
A.) Modify the initial assessments of inherent risk and preliminary judgments about materiality levels.
B.) Determine whether procedures and records concerning the safeguarding of assets are reliable.
C.) Ascertain whether the opportunities to allow any person to both perpetrate and conceal fraud are minimized.
D.) Determine the nature, timing, and further audit procedures.
D.) Determine the nature, timing, and further audit procedures.
This answer is correct because the auditor uses the knowledge provided by his/her understanding of internal control and the assessed level of the risks of material misstatement in determining the nature, timing, and extent of further audit procedures.
After obtaining an understanding of an entity’s internal control structure, an auditor may assess control risk at the maximum level for some assertions because the auditor
A.) Believes the internal control policies and procedures are unlikely to be effective.
B.) Identifies internal control policies and procedures that are likely to prevent material misstatements.
C.) Performs tests of controls to restrict detection risk to an acceptable level.
D.) Determines that the pertinent internal control structure elements are not well documented.
A.) Believes the internal control policies and procedures are unlikely to be effective.
The auditor may assess control risk at maximum for some assertions if he/she believes that the internal controls are not effective. If they are not effective, they cannot be relied upon to reduce substantive testing. Control risk, therefore, may be assessed at maximum and more emphasis placed on substantive testing.
An auditor would most likely be concerned with internal control structure policies and procedures that provide reasonable assurance about the
A.) Entity’s ability to process and summarize financial data.
B.) Appropriate prices the entity should charge for its products.
C.) Efficiency of management’s decision-making process.
D.) Methods of assigning production tasks to employees.
A.) Entity’s ability to process and summarize financial data.
An auditor is primarily concerned with internal controls that provide reasonable assurance as to an entity’s ability to prepare financial statements. As a result, the auditor would be interested in controls over the processing and summarization of financial data.
Which of the following actions should the auditor take in response to discovering a deviation from the prescribed control procedure?
A.) Make inquiries to understand the potential consequence of the deviation.
B.) Assume that the deviation is an isolated occurrence without audit significance.
C.) Increase sample size of tests of controls.
D.) Report the matter to the next higher level of authority within the entity.
A.) Make inquiries to understand the potential consequence of the deviation.
When a deviation from a prescribed control procedure occurs, the auditor should evaluate the significance of the potential effects associated with the deficiency. It would be appropriate to make inquiry of management and other client personnel in evaluating the potential effect of such a control deficiency.
During the audit the independent auditor identified the existence of a weakness in the client’s internal control and communicated this finding in writing to the client’s senior management and those charged with governance. The auditor should
A.) Consider the weakness a scope limitation and therefore disclaim an opinion.
B.) Consider the effects of the condition on the audit.
C.) Suspend all audit activities pending directions from the client’s audit committee.
D.) Withdraw from the engagement.
B.) Consider the effects of the condition on the audit.
The auditor, as outlined throughout AU-C 330, considers and documents his/her understanding of internal control to assist in planning and determining the proper nature, timing, and extent of substantive tests.
When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increase the
A.) Level of inherent risk.
B.) Extent of tests of details.
C.) Extent of tests of controls.
D.) Level of detection risk.
B.) Extent of tests of details.
Increases in the assessed level of the risk of material misstatement lead to decreases in the acceptable level of detection risk. Accordingly, the auditor will need to increase the extent of substantive tests such as tests of details.
The auditor decides which controls to test by considering:
A.) the points at which fraud or error can occur.
B.) the nature of controls implemented by management.
C.) the significance of each control in achieving its control objective.
D.) All of these answer choices are correct.
D.) All of these answer choices are correct.
A software application will not allow a sale to be processed if a customer is over its credit limit. This is an example of a(n):
A.) IT general control.
B.) preventive control.
C.) detective control.
D.) IT-dependent manual control.
B.) preventive control.