Chapter 10

Question 1

A measure of the auditor’s expectation that internal controls will neither prevent material misstatements from occurring nor detect and correct them if they have occurred; control risk is assessed for each transaction-related audit objective in a cycle of class of transactions

Answer 1

Assessment of Control Risk

Question 2

A listing of all of the entity’s accounts, which classifies transactions into individual balance sheet and income statement accounts

Answer 2

Chart of Accounts

Question 3

A control elsewhere in the system that offsets the absence of a key control

Answer 3

Compensating Control

Question 4

A cooperative effort among employees to steal assets or misstate records

Answer 4

Collusion

Question 5

Policies and procedures, in addition to those included in the other four components of internal control, that help ensure that necessary actions are taken to address risks in the achievement of the entity’s objectives; They typically include the following five specific control activities: (1) adequate separation of duties, (2) proper authorization of transactions and activities, (3) adequate documents and records, (4) physical control over assets and records, and (5) independent checks on performance

Answer 5

Control Activities

Question 6

A deficiency in the design or operation of controls that does not permit company personnel to prevent or detect and correct misstatements on a timely basis

Answer 6

Control Deficiency

Question 7

The actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal controls and its importance to the entity

Answer 7

Control Environment

Question 8

A methodology used to help the auditor assess control risks by matching key internal controls and internal control deficiencies with transaction-related audit objectives

Answer 8

Control Risk Matrix

Question 9

Controls that have a pervasive effect on the entity’s system of internal controls; also referred to as company-level controls

Answer 9

Entity-level Controls

Question 10

A diagrammatic representation of the client’s documents and records and the sequence in which they are processed

Answer 10

Flowchart

Question 11

Company wide policies for the approval of all transactions within stated limits

Answer 11

General Authorization

Question 12

Internal control activities designed for the continuous internal verification of other controls

Answer 12

Independent Checks

Question 13

The set of manual and/or computerized procedures that initiates, records, processes, and reports an entity’s transactions and maintains accountability for the related assets

Answer 13

Information and Communication

Question 14

A process designed to provide reasonable assurance regarding the achievement of management’s objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and regulations

Answer 14

Internal Controls

Question 15

A series of questions about the controls in each audit area used as a means of indicating to the auditors aspects of internal controls that may be inadequate

Answer 15

Internal Control Questionnaire

Question 16

Controls that are expected to have the greatest effect on meeting the transactions-related audit objectives

Answer 16

Key Controls

Question 17

An optional letter written by the auditor to a client’s management containing the auditor’s recommendations for improving any aspects of the client’s business

Answer 17

Management Letter

Question 18

A significant deficiency in internal control that, by itself, or in a combination with other significant deficiencies, result in a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected

Answer 18

Material Weakness

Question 19

Management’s ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed

Answer 19

Monitoring

Question 20

A written description of a client’s internal controls, including the origin, processing, and disposition of documents and records, and the relevant controls procedures

Answer 20

Narrative

Question 21

Procedures used by the auditor to gather evidence about the design and implementation of specific controls

Answer 21

Procedures to obtain and understanding

Question 22

Management’s identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework

Answer 22

Risk Assessment

Question 23

Separation of the following activities in an organization: (1) custody of assets from accounting, (2) authorization from custody of assets, (3) operational responsibility from record keeping, and (4) IT duties from outside users of IT

Answer 23

Separation of Duties

Question 24

One or more control deficiencies exist that is less severe than a material weakness, but important enough to merit attention by those responsible for oversight of the company’s financial reporting

Answer 24

Significant Deficiency

Question 25

Risks the auditor believes require special audit considerations; the auditor is required to test the operating effectiveness of controls that mitigate these risks in the current year audit if control risk is to be assessed below the maximum

Answer 25

Significant Risks

Question 26

Case-by-case approval of transactions not covered by companywide policies

Answer 26

Specific Authorization

Question 27

Audit procedures to test the operating effectiveness of controls in support of reduced assessed control risk

Answer 27

Test of Controls

Question 28

The person(s) with responsibility for overseeing the strategic direction of the entity and its obligations related to the accountability of the entity, including overseeing the financial reporting and disclosure process

Answer 28

Those charged with governance

Question 29

The tracing of selected transactions through the accounting system to determine that controls are in place

Answer 29

Walkthrough

Question 30

What are the three broad objectives in designing an effective internal control system?

Answer 30

1. Reliability of financial reporting
2. Efficiency and effectiveness of operations
3. Compliance with laws and regulations

Question 31

Section 404(a) of Sarbanes-Oxley Act requires management of all public companies to issue an internal control report that includes the following:

Answer 31

• A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedure for financial reporting
• An assessment of the effectiveness of the internal control structure and procedures for financial reporting as of the end of the company’s fiscal year.

Question 32

The internal control framework used by most U.S. companies is

Answer 32

COSO- the Committee Of Sponsoring Organization of the treadway commission Internal Control - Integrated Framework

Question 33

Put in place to prevent or detect material misstatements in the financial statements

Answer 33

Design of Internal Controls

Question 34

What are the five components to COSO’s Internal Control - Inegrated Framework?

Answer 34

1. Control environment
2. Risk assessment
3. Control activities
4. Information and Communication
5. Monitoring

Question 35

What is essential to have an effective Board of Directors?

Answer 35

An effective Board of Directors is independent of management, and its members stay involved in and scrutinize management’s activities

Question 36

The exchanges will not list any security from a company with an audit committee that:

Answer 36

1. Is not comprised solely of independent directors
2. Is not solely responsible for hiring and firing the company’s auditors
3. Does not establish procedures for the receipt and treatment of complaints regarding accounting, internal control, or auditing matters
4. Does not have the ability to engage its own counsel and other advisors
5. Is inadequately funded

Question 37

IMPORTANT

What are the five types of control activities?

Answer 37

1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance

Question 38

What are the four general guidelines for adequate separation of duties to prevent both fraud and errors?

Answer 38

a. Separation of the custody of assets from accounting
b. Separation of the authorization of transactions from the custody of related assets
c. Separation of operational responsibility from record keeping responsibility
d. Separation of IT duties from user departments

Question 39

Issuance of fixed price lists for the sale of products, credit limits for customers, and fixed reorder points for making acquisitions. What is this an example of?

Answer 39

An example of General Authorization

Question 40

A sales transaction by the sales manager for a used car company. What is this an example of?

Answer 40

An example of Specific Authorization

Question 41

Document and Records should be:

Answer 41

• Prenumbered
• Prepared at the time a transaction takes place
• Designed for multiple use, when possible, to minimize the number of different forms
• Constructed in a manner that encourages correct preparation

Question 42

A control that is closely related to documents and records.

Answer 42

Chart of Accounts

Question 43

The most important type of protective measure for safeguarding assets and records is the use of:

Answer 43

Physical Precautions

Question 44

To maintain adequate internal control, BLANK and BLANK must be protected

Answer 44

Assets and records

Question 45

What is the last category of control activities which is careful and continuously reviews the other four?

Answer 45

Independent checks (or Internal verification)

Question 46

Personnel responsible for performing internal verification procedures must be BLANK of those originally responsible for preparing the data.

Answer 46

Independent

Question 47

The least expensive means of internal verification is the BLANK

Answer 47

Separation of duties

Question 48

To understand the design of the accounting information systems, the auditor determines:

LESS IMPORTANT

Answer 48

1. The major classes of transactions
2. How the transactions are initiated and recorded
3. What accounting records exist and their nature
4. How the system captures other events that are significant to the financial statements, like declines in asset values
5. The nature and details of the financial reporting process followed , including procedures to enter transactions and adjustments in the general ledger

Question 49

What are the four phases of understanding internal control and assessing control risk?

Answer 49

1. Obtain and document understanding of internal control design and operation
2. Assess control risk
3. Design, perform, and evaluate tests of controls
4. Decide planned detection risk and substantive tests

Question 50

A proper narrative of an accounting system and related controls describes four things:

Answer 50

1. The origin of every document and record in the system
2. All processing that takes place
3. The disposition of every document and record in the system
4. An indication of the controls relevant to the assessment of control risk

Question 51

What are the 3 deficiencies that make up the control risk matrix

Answer 51

Control, significant, and material weakness

Question 52

What is the five step approach to identify deficiencies and weaknesses

Answer 52

1) Identify existing controls, 2) Identify the absence of key controls, 3) consider the possibility of compensating controls, 4) decide whether there is a significant deficiency of material weakness, 5) determine potential misstatements that result

Question 53

What are the four types of procedures for test of controls

Answer 53

1) Make inquiries of appropriate client personnel, 2) examine documents, records, and reports, 3) observe control related activities, 4) reperform client procedures

Question 54

When one or more material weakness exists, the auditor must express a BLANK opinion on the effectiveness of internal control

Answer 54

Adverse Opinion

Question 55

There are no identified material weaknesses and there have been no restrictions on the scope of the auditor’s work

Answer 55

Unqualified opinion

Question 56

This type of opinion is issued when the auditor is unable to determine if there are material weaknesses, due to a restriction on the scope of the audit of internal control or where the auditor is unable to obtain sufficient appropriate evidence

Answer 56

Qualified opinion