CHAP 7-DOT- Internal Control

Question 1

A concept applied to internal control reporting by the Sarbanes-Oxley Act of 2002
and PCAOB AS 2201. The internal control reports of both management and the auditors are as of the
final day of the reporting period—the “as-of date.

Answer 1

As-of date

Question 2

The level of control risk used by the auditors in determining the
acceptable detection risk for a financial statement assertion and, accordingly, in deciding on the nature,
timing, and extent of substantive procedures

Answer 2

Assessed level of control risk

Question 3

A standard checklist, form, or computer program that assists auditors in
making audit decisions by ensuring that they consider all relevant information or that aids them in
weighting and combining the information to make a decision.

Answer 3

Audit decision aid

Question 4

A model for enabling on-demand user network access to a shared pool of
computing resources (e.g., servers, storage, applications, and services), often through a web browser,
with minimal effort on the part of the user. For example, an independent service provider may maintain
databases for a client that can be accessed in a number of locations by client personnel.

Answer 4

Cloud (computing)

Question 5

A control that reduces the risk that an existing or potential control weakness
will result in a failure to meet a control objective (e.g., avoiding misstatements). Compensating controls
are ordinarily controls performed to detect, rather than prevent, the original misstatement from occurring.

Answer 5

Compensating control

Question 6

Controls that function together to achieve the same control objective.

Answer 6

Complementary controls

Question 7

A control established to remedy control problems (e.g., misstatements) that
are discovered through detective controls.

Answer 7

Corrective control

Question 8

Analyses applied to raw data with the purpose of drawing conclusions about
relationships. Data analytics is being used by management to get insights into how to improve the
effectiveness and efficiency of operations. It is also used as a part of the management review to monitor
the performance of other internal controls. Auditors are increasingly using data analytics to improve the
effectiveness of certain audit procedures.

Answer 8

Data analytics

Question 9

A situation in which the design or operation of a control does not
allow management or employees, in the normal course of performing their functions, to prevent or detect
misstatements on a timely basis. A deficiency in design exists when either a control necessary to meet a control
objective is missing or the existing control is not designed to operate effectively. A deficiency in operation
exists when a properly designed control does not operate as designed, or when the person performing the
control does not possess the necessary authority or qualifications to perform the control effectively.

Answer 9

Deficiency in internal control

Question 10

Controls designed to discover control problems soon after they occur.

Answer 10

Detective controls

Question 11

A form of insurance in which a bonding company agrees to reimburse an
employer for losses attributable to theft or embezzlement by bonded employees.

Answer 11

Fidelity bonds

Question 12

Federal legislation prohibiting payments to foreign officials for
the purpose of securing business. The act also requires all companies under SEC jurisdiction to maintain
a system of internal control providing reasonable assurance that transactions are executed only with the
knowledge and authorization of management.

Answer 12

Foreign Corrupt Practices Act

Question 13

Substantive procedures for all relevant assertions and tests of
controls when the auditors’ risk assessment includes an expectation that controls are operating
effectively. The auditors perform risk assessment procedures to obtain an understanding of the client
and its environment, including internal control. They then conduct a risk assessment and determine the
appropriate further audit procedures.

Answer 13

Further audit procedures

Question 14

Assigned duties that place an individual in a position to both perpetrate
and conceal errors or fraud in the normal course of job performance.

Answer 14

Incompatible duties

Question 15

The risk of a material misstatement of a financial statement assertion before
considering any related controls.

Answer 15

Inherent risk

Question 16

An audit where auditors, in addition to an opinion on the financial statements,
express an opinion on the effectiveness of a company’s internal control over financial reporting, in
accordance with PCAOB AS 2201. Public companies with a market capitalization of $75,000,000 or
more are required to undergo integrated audits.

Answer 16

Integrated audit

Question 17

Corporation employees who design and execute audit programs to test
the effectiveness and efficiency of all aspects of internal control. The primary objective of internal
auditors is to evaluate and improve the effectiveness and efficiency of the various operating units of an
organization rather than to express an opinion as to the fairness of financial statements.

Answer 17

Internal auditors

Question 18

A process, effected by the entity’s board of directors, management, and other
personnel, designed to provide reasonable assurance regarding the achievement of objectives in the
categories of (1) operations, (2) reporting, and (3) compliance.

Answer 18

Internal control

Question 19

One of several methods of describing internal control in
audit working papers. Questionnaires are usually designed so that “no” answers prominently identify
weaknesses in internal control.

Answer 19

Internal control questionnaire

Question 20

A report to management containing the auditors’ recommendations for
correcting any deficiencies disclosed by the auditors’ consideration of internal control. In addition to
providing management with useful information, a management letter also may help limit the auditors’
liability in the event a control weakness subsequently results in a loss by the client.

Answer 20

Management letter

Question 21

Reviews conducted by management of estimates and other
kinds of financial information for reasonableness. They often involve the use of significant judgment,
knowledge, and experience in comparing recorded amounts with expectations of the reviewers. They
often are considered monitoring controls but may relate to any of the other COSO components that
have the common characteristic of management review of information to identify misstatements or
breakdowns in other controls.

Answer 21

Management review controls

Question 22

A deficiency in internal control over financial reporting (or a combination
of deficiencies) such that there is a reasonable possibility that a material misstatement of the company’s
financial statements will not be prevented or detected on a timely basis.

Answer 22

Material weakness

Question 23

The division of authority, responsibility, and duties among members
of an organization.

Answer 23

Organizational structure

Question 24

The level of control risk the auditors assume in designing
further audit procedures, which include an appropriate combination of tests of controls and substantive
procedures.

Answer 24

Planned assessed level of control risk

Question 25

Controls that deter control problems before they occur.

Answer 25

Preventive controls

Question 26

Duplicate controls that achieve a control objective.

Answer 26

Redundant controls

Question 27

Assertions that have a meaningful bearing on whether an account
balance, class of transaction, or disclosure is fairly stated. For example, valuation may not be relevant to the cash account unless currency translation is involved; however, existence and
completeness are always relevant.

Answer 27

Relevant assertions

Question 28

Audit procedures performed to obtain an understanding of
the client and its environment, including its internal control. Some of the information obtained by
performing these procedures may be used by the auditor as audit evidence to support assessments of the
risks of material misstatement. Risk assessment procedures include (a) inquiries of management and
others within the entity, (b) analytical procedures, and (c) observation and other procedures, including
inquiries of others outside the entity.

Answer 28

Risk assessment procedures

Question 29

The acceptable level of variation in performance relative to the achievement of
objectives. For example, a company may expect staff to respond to all customer complaints within 24
hours, but accept that up to 10 percent of complaints receive a response within 36 hours.

Answer 29

Risk tolerance

Question 30

A practitioner who reports on the internal controls at a service organization.

Answer 30

Service auditor

Question 31

An organization or segment of an organization that provides services to
user entities that are relevant to the user entities’ internal control over financial reporting.

Answer 31

Service organization

Question 32

A deficiency in internal control over financial reporting (or combination
of deficiencies) that is less severe than a material weakness, yet important enough to merit attention by
those responsible for oversight of the company’s financial reporting.

Answer 32

Significant deficiency

Question 33

Procedures performed by the auditor to detect material
misstatements in account balances, classes of transactions, and disclosures.

Answer 33

Substantive procedures (tests)

Question 34

Criteria are the standards or benchmarks used to measure and present the
subject matter and against which the CPA evaluates the subject matter. Suitable criteria are established
or developed by groups composed of experts that follow due process procedures, including exposure of
the proposed criteria for public comment. Suitable criteria must have each of the following attributes:
objectivity, measurability, completeness, and relevance.

Answer 34

Suitable criteria

Question 35

A symbolic representation of a system or series of procedures with each
procedure shown in sequence. Systems flowcharts are a widely used method of describing internal
control in audit working papers.

Answer 35

Systems flowchart

Question 36

Procedures performed by the auditor to test the operating effectiveness of
controls in preventing or detecting material misstatements at the relevant assertion level. These tests
are performed when the auditor’s risk assessment includes an expectation of the operating effectiveness
of controls, including circumstances in which planned substantive procedures alone do not provide
sufficient appropriate audit evidence.

Answer 36

Tests of controls

Question 37

The sequence of procedures applied by the client in processing a particular
type of recurring transaction. The auditors’ working paper description of internal control often is
organized around the client’s major transaction cycles

Answer 37

Transaction cycle

Question 38

An auditor who audits and reports on the financial statements of a user entity.

Answer 38

User auditor

Question 39

An entity that uses the services of a service organization and whose financial
statements are being audited.

Answer 39

User entity

Question 40

A procedure in which an auditor follows a transaction from origination through
the company’s processes, including information systems, until it is reflected in the company’s financial
records, using the same documents and information technology that company personnel use. Walkthrough procedures usually include a combination of inquiry, observation, inspection of relevant
documentation, and reperformance of controls.

Answer 40

Walk-through

Question 41

A written summary of internal control for inclusion in
audit working papers. Written narratives are more flexible than questionnaires, but by themselves are
practical only for describing relatively small, simple systems.

Answer 41

Written narrative of internal control