Chapter 11

Question 1

Main objectives of a system of internal control: (list 3)

Answer 1

1. Reliability of Reporting
2. Efficiency and Effectiveness of Operations
3. Compliance with Laws and Regulations

Question 2

Management must ______ the entity’s internal controls.

Answer 2

establish and maintain

Question 3

Internal control systems are designed with two concepts in mind:

Answer 3

a. Reasonable Assurance—Management designs a system that provides reasonable assurance considering the costs involved.
b. Inherent Limitations—No system of internal controls can be completely effective

Question 4

Management of all public companies is required by Section 404 of SOX to issue an internal control report that includes the following:

Answer 4

a. Statement of responsibility

b. An assessment of the effectiveness of internal control over financial reporting as of the end of the fiscal year.

Question 5

Management’s assessment of internal control over financial reporting consists of two key aspects:

Answer 5

1. Evaluate the design of internal control.

2. Test the operating effectiveness of the controls.

Question 6

Management must ____the framework used for the evaluation of the internal control structure. The COSO framework , which was developed in 1992 and updated in 2013, is often used.

Answer 6

identify

Question 7

The auditor must obtain an understanding of internal control relevant to the audit. Auditors are primarily concerned about:

Answer 7

a. Controls over the reliability of financial reporting

b. Controls over classes of transactions

Question 8

The Control Environment—

Answer 8

The actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity. The control environment is an umbrella over the other four components.

Question 9

Risk Assessment

Answer 9

A process for identifying and analyzing risks that may prevent the organization from achieving its objectives. There are four underlying principles related to risk assessment:

have clear objectives, determine how risks should be managed, consider potential for fraud, and monitor changes

Question 10

Control Activities (list 5)

Answer 10

Control activities generally fall into the following five types:

a. Adequate separation of duties
b. Proper authorization of transactions and activities
c. Adequate documents and records
d. Physical control over assets and records
e. Independent checks on performance

Question 11

Information and Communication

Answer 11

The entity’s information and communication system’s purpose is to initiate, record, process, and report the entity’s transactions and maintain accountability for related assets.

Question 12

Monitoring

Answer 12

Involves ongoing or periodic assessment of the quality of internal control by management. In larger companies, the internal audit department is essential for this function.

Question 13

Adequate separation of duties (list 4)

Answer 13

1. Separation of the custody of assets from accounting
2. Separation of the authorization of transactions from the custody of related assets
3. Separation of operational responsibility from record-keeping responsibility
4. Separation of IT duties from the user departments

Question 14

Adequate documents and records (list 4)

Answer 14

1. Prenumbered consecutively
2. Prepared at the time a transaction takes place
   3.
   Designed for multiple use
3. Constructed to encourage correct preparation