ch 7 review (exam 2)

Question 1

management must do what in regards to assessment of internal controls
- ________________ for effectiveness of ICs over financial reporting
- _________________ the effectiveness of ICs over financial reporting
- _________________ to support its evaluation
- _________________ of effectiveness of ICs over financial reporting at the end of the fiscal year

Answer 1

-accept responsibility
- evaluate
-document
-present written assessment

Question 2

what is SOC section 404

Answer 2

management assessment of internal controls

Question 3

what is SOX section 302

Answer 3

CEO and CFO must annually certify, in writing, the effectiveness of ICs over financial reporting only

Question 4

CEO and CFO must annually certify, in writing, _____________________________

Answer 4

the effectiveness of IC over financial reporting only

Question 5

In the PCAOB, an audit of ICFR is ____________ with an audit of financial statements

Answer 5

integrated

Question 6

an auditor must _______________ on whether the company maintained effective internal control over financial reporting

Answer 6

issue an opinion

Question 7

What two audit reports are issued at the conclusion of the audit (separate or combined)

Answer 7

1. opinion on financial statements
2. opinion on ICs

Question 8

what is an integrated audit

Answer 8

two audit reports at the conclusion of the audit

Question 9

what are two types of controls

Answer 9

preventive and detective

Question 10

what is a preventive control

Answer 10

applied to each transaction to stop or prevent error from happening

Question 11

what is a detective controls

Answer 11

applies. after the transaction has occurred

Question 12

what is a manual control

Answer 12

do not rely on the client’s IT environment for their operation

Question 13

what is an automated control

Answer 13

controls generally rely on the client’s IT applications (or software) in some way

Question 14

examples of preventive controls

Answer 14

-accuracy, valuation, and allocation
- occurence
- accuracy
- classification

Question 15

examples of detective controls

Answer 15

• completeness
• occurence
• completeness, occurrence,
  cutoff
• completeness, classification
• accuracy

Question 16

what is the acronym for procedures for testing internal controls

Answer 16

R I I O

Question 17

What do the letters in R I I O stand for

Answer 17

Reperformance, Inquiry, Inspection of physical evidence, Observation

Question 18

what controls should be tested?

Answer 18

matter of professional judgement

Question 19

what are relevant controls

Answer 19

relevant controls are controls the auditor plans to rely on

Question 20

significant changes equals a(n) ___________ in risk

Answer 20

increase

Question 21

the extent that controls should be tested refers to _________

Answer 21

sample size

Question 22

what are three things determined by the auditor before selecting a sample size

Answer 22

-desired level of assurance
-expected rate of deviation in the population
- tolerable deviation rate

Question 23

what is the desired level of assurance

Answer 23

how confident does the auditor need to be that control is working

Question 24

a higher level of desired assurance means a ________ sample size

Answer 24

larger

Question 25

expected rate of deviation

Answer 25

the rate at which the auditor expects controls to NOT function

Question 26

tolerable deviation rate (TDR)-

Answer 26

maximum rate of deviation from the control the auditor is willing to accept and still rely on the control

Question 27

Example of tolerable deviation rate: TDR is 6%. If there were 50 voucher packages sampled for AP and found 4 exceptions would the control function as intended?

Answer 27

NO; 4/50 = 8%; do not rely on the IC

Question 28

Example of tolerable deviation rate: TDR is 6%. If there were 50 voucher packages sampled for AP and found 2 exceptions would the control function as intended?

Answer 28

YES; 2/50=4% ; may rely on internal controls

Question 29

how do auditors determine sampling size

Answer 29

professional judgement

Question 30

when is interim

Answer 30

3rd quarter/ early 4th quarter

Question 31

What part of NET is when should controls be tested?

Answer 31

Timining

Question 32

Updated from interim to YE by ____________ and __________

Answer 32

inquiry and observation

Question 33

benchmarking for computer application control

Answer 33

use evidence from PY of nothing has changed with IT application controls

Question 34

In step 7 of the assessing control risk, your IC testing will

Answer 34

confirm expectations or not

Question 35

in step seven review/ revise ___________ as needed

Answer 35

audit strategy

Question 36

what is step 8 in assessing control risk

Answer 36

reporting IC deficiencies to managememt

Question 37

What is the management letter

Answer 37

An in writing communication from the auditors to those charged with governance with observations regarding material weaknesses and significant deficiencies

Question 38

Which reporting standards require a management letter

Answer 38

ASB and PCAOB (private and public)

Question 39

are management letters provided to the public for private companies?

Answer 39

NO

Question 40

are management letters provided to the public for public companies?

Answer 40

NO

Question 41

Can there be more than one management letter throughout the audit?

Answer 41

Yes

Question 42

management letter allows management to ________________________

Answer 42

take action to improve ICs in a timely manner

Question 43

For public companies, auditors form an _________________

Answer 43

opinion on the effectiveness of IC over financial reporting

Question 44

is an opinion on the effectiveness of IC over financial reporting provided for private companies

Answer 44

no

Question 45

what is an unqualified opinion on ICFR

Answer 45

no material weaknesses in internal controls (company maintained effective internal controls)

Question 46

what is an adverse opinion on the effectiveness of ICFR

Answer 46

1 material weakness (or more) ; did not maintain effective internal controls

Question 47

what is a disclaimer on ICFR

Answer 47

material scope limitation; could not do work; no opinion

Question 48

is an attestation service say __________ instead of audit

Answer 48

examined

Question 49

a SOC 1 Type 2 report is prepared by __________ and _______________

Answer 49

service organization and service auditor

Question 50

the SOC 1 Type 2 report in provided to the ____________- and _______________

Answer 50

user entity and user auditor