CHAPTER 1 - AUDITING, ASSURANCE AND INTERNAL CONTROLS

Question 1

_________is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and establishing criteria and communicating the results to interested users.

Answer 1

Auditing

Question 2

_____independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization

Answer 2

Internal Auditing

Question 3

The _________________requires all publicly traded companies be subject to a financial audit annually.

Answer 3

Securities and Exchange Commission (SEC)

Question 4

Provide audit services where processes or data, or both, are embedded in technologies.

Answer 4

IT audits

Question 5

An __________ is an independent attestation performed by an expert—the auditor—
who expresses an opinion regarding the presentation of financial statements.

Answer 5

external audit

Question 6

________ is an engagement in which a practitioner is engaged to issue, or does issue, a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party

Answer 6

Attest service

Question 7

_______are professional services offered by public accounting firms to improve their client organizations’ operational efficiency and effectiveness.

Answer 7

Advisory Services

Question 8

_________are often certified as a Certified Internal Auditor (CIA) or a Certified Information Systems Auditor (CISA).

Answer 8

Internal auditors

Question 9

True or false

External auditors represent outsiders, internal auditors represent the interests of the organization.

Answer 9

True

Question 10

The objective of this type of audit is to investigate anomalies and gather evidence of fraud that may lead to criminal conviction.

Answer 10

fraud audit

Question 10

Fraud auditors have earned the ___________ certification, which is governed by the Association of Certified Fraud Examiners (ACFE)

Answer 10

Certified Fraud Examiner (CFE)

Question 11

The ________of publicly traded companies form a subcommittee known as the audit committee, which has special responsibilities regarding audits

Answer 11

board of directors

Question 12

This committee usually consists of three people who should be outsiders (not associated with the families of executive management nor former officers, etc.). With the advent of the Sarbanes-Oxley Act, at least one member of this committee must be a “financial expert.”

Answer 12

audit committee

Question 13

The ________serves as an independent “check and balance” for the internal audit function and liaison with external auditors.

Answer 13

audit committee

Question 14

who hire and fire auditors and resolve disputes?

Answer 14

Audit Committee

Question 15

The product of the attestation function is a________ that expresses an opinion about the reliability of the assertions contained in the financial statements.

Answer 15

formal written report

Question 16

The _____________affirms that all assets and equities contained in the balance sheet exist and that all transactions in the income statement actually occurred

Answer 16

existence or occurrence assertion

Question 17

The ______ assertion declares that no material assets, equities, or transactions have been omitted from the financial statements

Answer 17

completeness

Question 18

The ________assertion maintains that assets appearing on the balance sheet are owned by the entity and that the liabilities reported are obligations.

Answer 18

rights and obligations

Question 19

The __________ assertion states that assets and equities are valued in accordance with GAAP and that allocated amounts such as depreciation expense are calculated on a systematic and rational basis

Answer 19

valuation or allocation

Question 20

The ____________ assertion alleges that financial statement items are correctly classified (e.g., long-term liabilities will not mature within one year) and that footnote disclosures are adequate to avoid misleading the users of financial statements

Answer 20

presentation and disclosure

Question 21

_______ is the probability that the auditor will render an unqualified (clean) opinion
on financial statements that are, in fact, materially misstated.

Answer 21

Audit risk

Question 22

_______is associated with the unique characteristics of the business or industry of
the client. This is also the probability that material misstatements have occurred

Answer 22

Inherent Risk

Question 23

PPT definition: The probability that the internal controls will fail to detect material misstatements
Book Definition: is the likelihood that the control structure is flawed because controls
are either absent or inadequate to prevent or detect errors in the accounts.

Answer 23

Control Risk

Question 24

PPT: The probability that the audit procedures will fail to detect material misstatements
Book: is the risk that auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor

Answer 24

Detection risk

Question 25

The audit risk model is:

Answer 25

AR = IR × CR × DR

Question 26

An_________ focuses on the computer-based aspects of an organization’s information system; and modern systems employ significant levels of technology.

Answer 26

IT audit

Question 27

Before the auditor can determine the nature and extent of the tests to perform, he or she must gain a thorough understanding of the client’s business. A major part of this phase of the audit is the analysis of audit risk.

Answer 27

Audit Planning

Note: This is the first step in the IT audit

Review Organization’s Policies, Practices, and Structure
I
Review General Controls and Application Controls
I
Plan Tests of Controls and Substantive Testing Procedures

Question 28

The techniques for gathering evidence at this phase include conducting questionnaires, interviewing management, reviewing systems documentation, and observing activities.

Answer 28

Audit planning

Question 29

The objective of the this phase is to determine whether adequate internal
controls are in place and functioning properly.

> > The evidence-gathering techniques used in this phase may include both manual techniques and specialized computer audit techniques.

Answer 29

Tests of controls

Note: This is the 2nd step in an IT audit.

Perform Tests of Controls
I
Perform Tests of Controls
I
Determine Degree of Reliance on Controls

Question 30

At the conclusion of the_______ phase, the auditor must assess the quality of the internal controls by assigning a level for control risk.

Answer 30

tests-of-controls

Question 31

The third phase of the audit process focuses on financial data.

This phase involves a detailed investigation of specific account balances and transactions through what are called substantive tests.

Answer 31

Substantive Testing

Question 32

In an IT environment, the data needed to perform substantive tests (such as account balances and names and addresses of individual customers) are contained in data
files that often must be extracted using _________________software.

Answer 32

Computer-Assisted Audit Tools and Techniques (CAATTs)

Question 33

is … policies, practices, procedures … designed to …
»safeguard assets
»ensure accuracy and reliability
»promote efficiency
»measure compliance with policies

Answer 33

Internal Control

Question 34

The __________ had two main objectives:
(1) require that investors receive financial and other significant information concerning securities being offered for public sale; and
(2) prohibit deceit, misrepresentations, and other fraud in the sale of securities.

Answer 34

Securities Act of 1933

Question 35

the ________, created the Securities and Exchange Commission (SEC) and empowered it with broad authority over all aspects of the securities industry, which included authority regarding auditing standards.

Answer 35

Securities Exchange Act 1934

Question 36

This law, which has had multiple revisions, added software and other intellectual properties into the existing copyright protection laws

Answer 36

Copyright Law–1976

Question 37

Following the series of S&L scandals of the 1980s, a committee was formed to address
these frauds. Originally, the committee took the name of its chair, Treadway, but eventually the project became known as COSO (Committee of Sponsoring Organizations). The sponsoring organizations included:

Answer 37

Financial Executives International (FEI)
Institute of Management Accountants (IMA)
American Accounting Association (AAA), AICPA, and the IIA.

Question 38

this law supports efforts to increase public confidence in capital markets by seeking to improve corporate governance, internal controls, and audit quality.

Answer 38

Sarbanes-Oxley Act of 2002

Question 39

This concept holds that the establishment and maintenance of a system of internal control is a management responsibility. Although the FCPA supports this principle, SOX
legislation makes it law!

Answer 39

Management Responsibility

Question 40

The internal control system should provide _______ that the four broad objectives of internal control are met

Answer 40

reasonable assurance

Question 40

___________is a shield that protects the firm’s assets from numerous undesirable events that bombard the organization

Answer 40

internal control system

Question 41

What are the three levels of control?

Answer 41

Preventive Control
Detective Control
Corrective Control

Question 42

This is the first line of defense in the control structure.

Also, these are passive techniques designed to reduce the frequency of occurrence of undesirable events.

Answer 42

Preventive controls

Question 43

These are devices, techniques, and procedures designed to identify and expose undesirable events that elude preventive controls. ________also reveal specific types of errors by comparing actual occurrences to preestablished standards.

Answer 43

Detective Controls

Question 44

Detective controls identify undesirable events and draw attention to the problem; _______ actually fix the problem.

Answer 44

corrective controls

Question 45

The _________is conceptually pleasing but offers little practical guidance or designing or auditing specific controls

Answer 45

PDC control model

Question 46

The_________sets the tone for the organization and influences the control awareness of its management and employees.

Answer 46

control environment

Question 47

Organizations must perform a___________to identify, analyze, and manage risks relevant to financial reporting.

Answer 47

risk assessment

Question 48

> > Initiate, identify, analyze, classify and record economic transactions and events.
Identify and record all valid economic transactions
Provide timely, detailed information
Accurately measure financial values
Accurately record transactions

Answer 48

Information and Communication

Question 49

______ is the process by which the quality of internal control design and operation can
be assessed. This may be accomplished by separate procedures or by ongoing activities.

Answer 49

Monitoring

Question 50

_________ are the policies and procedures used to ensure that appropriate actions
are taken to deal with the organization’s identified risks.

Answer 50

Control activities

Question 51

This class of controls relates primarily to the human activities employed in accounting
systems. These activities may be purely manual, such as the physical custody of assets,
or they may involve the physical use of computers to record transactions or update
accounts.

Answer 51

Physical Controls

Question 52

The purpose of____________ is to ensure that all material transactions processed by the information system are valid and in accordance with management’s objectives. A

Answer 52

transaction authorization

Question 53

One of the most important control activities is the segregation of employee duties to minimize incompatible functions.

Answer 53

Segregation of duties

Examples of incompatible duties:
Authorization vs. processing [e.g., Sales vs. Auth. Cust.]
Custody vs. recordkeeping [e.g., custody of inventory vs. DP of inventory]
Fraud requires collusion [e.g., separate various steps in process]

Question 54

This is often called a compensating control.

Answer 54

supervision

Question 55

Serves as compensating control when lack of segregation of duties exists by necessity

Answer 55

Supervision

Question 56

The _______ of an organization consist of source documents, journals, and ledgers. These records capture the economic essence of transactions and provide an audit trail of economic events.

Answer 56

accounting records

Question 57

The _______helps employees respond to customer inquiries by showing the current status of transactions in process

Answer 57

audit trail

Question 58

The purpose of _________ is to ensure that only authorized personnel have access to the firm’s assets. Unauthorized access exposes assets to misappropriation, damage, and theft. Therefore, access controls play an important role in safeguarding assets.

Answer 58

access controls

Question 59

_________ are independent checks of the accounting system to identify errors and misrepresentations

Answer 59

Verification procedures

Question 60

The objectives of ___________are to ensure the validity, completeness, and accuracy of financial transactions.

Answer 60

application controls

Question 61

_______include controls over IT governance, IT infrastructure, security and access to operating systems and databases, application acquisition and development, and program change procedures.

Answer 61

General controls

Question 62

Are labor intensive and time consuming, which drives up audit costs and cause disruption

Answer 62

Substantive tests

Question 63

Key concept of external audits

Answer 63

Independence

Question 64

Three classes of auditing standards:

Answer 64

1. General qualification
2. Field work
3. Reporting