CHAPTER 5

Question 1

A process, affected by an entity’s board of directors, management and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives

Answer 1

internal control

Question 2

3 categories of internal control:

Answer 2

• Reliability of financial reporting
• Effectiveness and efficiency of operations
• Compliance with applicable laws and regulations

Question 3

management’s responsibilities

Answer 3

• in charge of establishing internal control
• responsible for internal controls.
• identifies the framework that they use to implement internal controls
• gives their assessment of whether they think controls are working or not.

Question 4

auditor’s responsibilities

Answer 4

• assessing control risk and fraud risk
• expressing an opinion on ICFR (internal controls over financial reporting) for certain public companies

Question 5

COSO stands for…

Answer 5

Committee Of Sponsoring Organizations of the National Commission of Fraudulent Financial Reporting

Question 6

Components of COSO

Answer 6

1. Control environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Monitoring

Question 7

control environment

Answer 7

• The tone of the organization
• Foundation for all other components
• Includes things like the integrity of management & level of oversight that the board and audit committee give to the company

Question 8

risk assessment

Answer 8

• client identifying its own risks and assessing the likelihood that those risks could occur

Question 9

audit committee consists of

Answer 9

3-6 “outside” board members, ALL must be “financially literate” and at least one must be a “financial expert”

Question 10

Enterprise Risk Management (ERM) Framework

Answer 10

1. Objective setting
2. Event identification
3. Risk assessment
4. Risk response
5. Control procedures

• Objective setting & Control procedures both related to Information & Communication
• Entire framework inside Monitoring

Question 11

control activities

Answer 11

• policies and procedures put in place to ensure that management’s objectives are met
• auditors document their understanding of the client’s internal control system, including whether controls address risks of material misstatement.

Question 12

types of control activities

Answer 12

• Management review controls (budget variances)
• Information processing controls (access, authorization, verification, and reconciliation)
• Physical security controls (limit access to assets, forms, computer equipment)
• Preventative vs detective controls
• Manual vs automated controls
• Separation of duties

Question 13

information and communication

Answer 13

• identifying and capturing information so that employees can carry out their responsibilities

Question 14

monitoring

Answer 14

• Assessing the quality of internal controls over time

Question 15

ways of monitoring

Answer 15

• Internal auditing
• Supervisory review of controls
• Follow-up of reporting errors / customer complaints
• Audit committee inquiries

Question 16

why would an auditor choose to NOT rely on internal controls?

Answer 16

• if they are not designed well
• if they are not functioning
• if the cost to test controls is MORE than the costs (effort) to perform substantive procedures (ex. testing the account balance)

Question 17

Auditing controls:
top down process

Answer 17

Identifying areas of risk and then testing controls over those risks

Question 18

Auditing controls:
Operating and design deficiencies

Answer 18

As auditors test controls they may find problems with some controls

Question 19

Auditing controls:
entity level controls

Answer 19

Something not directly tied to a particular account / affects multiple accounts

Question 20

operating deficiency

Answer 20

A control is not working as it is designed to work

Question 21

design deficiency

Answer 21

Deals with the control that even if it were operating as designed,
it wouldn’t do anything to prevent or detect a specific type of misstatement

Question 22

material weakness

Answer 22

Occurs when a deficiency results in a reasonable possibility that a material misstatement would not be prevented or detected

Question 23

significant deficiencies

Answer 23

• Less severe than a material weakness.
• Exists if the potential misstatement is either less likely or smaller in magnitude than a material weakness.

Question 24

audit opinions:
Unqualified

Answer 24

internal controls work

Question 25

audit opinions:
Adverse

Answer 25

There is at least one material weakness

Question 26

audit opinions:
Disclaimer

Answer 26

They were unable to or did not test controls

Question 27

Auditors cannot give a Qualified opinion for internal controls bc

Answer 27

there is no “except for ‘’, if there’s a problem, auditors give it an Adverse opinion

Question 28

regarding internal control, auditors are most concerned with

Answer 28

the reliability of financial statements

• since they give an opinion on financial statements

Question 29

why do auditors assess control risk?

Answer 29

to determine the nature, timing, and extent of substantive audit procedures

to determine the appropriate levels of detection risk

to determine the risk of material misstatement

Question 30

a company implements an automated program that counts the number of people using each ride, the number of people entering the gift shop, and the number of people eating at each restaurant. The program compiles the data into a report and sends it to the company’s management.

Which component of COSO does this best illustrate?

Answer 30

information & communication

Question 31

Which ERM framework step?

If the workload gets too heavy, they will hire another plumber.

Answer 31

risk response

Question 32

Which ERM framework step?

If more than 2 service calls took more than 24 hours in the last week, their office assistant will post an ad to hire another plumber.

Answer 32

control procedure

Question 33

Which ERM framework step?

Each week, their office assistant compiles a report of response times for calls from the previous week

Answer 33

information and communication

Question 34

Which ERM framework step?

The plumbing company become so popular that everyone wants to hire them.

Answer 34

event identification

Question 35

Which ERM framework step?

The plumbing company’s desire to respond within 24 hours.

Answer 35

objective setting