Chapter 7

Question 1

What does COSO stand for?

Answer 1

Committee of Sponsoring Organizations. They make some rules of Internal Control

Question 2

The three broad internal control objectives are

Answer 2

Compliance with laws and regulations

Reliability of financial reporting

Efficiency/effectiveness of operations

Question 3

Internal Control is defined as

Answer 3

a process, effected by the entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding achievement of objectives in the following categories:

• Reliability of financial reporting
• Effectiveness and efficiency of operations
• Compliance with applicable laws and regulations

Question 4

Auditor’s focus towards internal control is the on internal control over _____, or ICOFR

Answer 4

Internal Control Over Financial Reporting

Question 5

This act, in addition to making bribes to foreign officials illegal, requires an effective system of internal control

Answer 5

Foreign Corrupt Practices Act of 1977

Question 6

Define Segregation of Duties, a component

Answer 6

No one department or person shall handle all aspects of transaction from beginning to end to perpetrate and conceal errors/fraud.
• MUST segregate duties along the “arc” – must separate the authorizing of transactions, recording of transactions, and custody of related assets

Question 7

Does management or the internal auditor establish internal controls?

Answer 7

Management does, along with preparation of financial statements.

Question 8

Is reasonable or absolute assurance required?

Answer 8

Reasonable

Question 9

Name the five components of internal control

Answer 9

The Control Environment

Risk Assessment Process

Control Activities

The Accounting Information and Communication system

Monitoring of Controls

Question 10

Detailed employee responsibilities, open communication channels, and reporting exceptions/unusual items to management are also key in information and communication system. True or False?

Answer 10

True

Question 11

Define Physical Controls, a component

Answer 11

providesw physical security over records and assets
 Physical Controls – provide physical security over records and assets
• Maintaining control over unissued pre-numbered documents
• Restricting access to computer programs and data
• Restricting physical access in safes, locks, fences, guards etc
• Accounting records should be maintained independent of custody-related assets, and company should periodically compare/reconcile accounting records to assert on hand (to detect loss, waste, or theft)

Question 12

Define the Risk Assessment Process component

Answer 12

management’s process for identifying, analyzing, and responding to such risks.

• Financial Reporting Risks
 Changes in the regulatory or operating environment
 Changes in personnel
 Implementation of a new or modified information system
 Rapid growth of the organization
 Changes in technology affecting production processes or information systems
 Introduction of new lines of business, products, or processes

Question 13

Define a Performance Review

Answer 13

provide management with an overall indication of employee effectiveness at meeting objectives. By investigating deviations¸ management takes timely action to change strategy or take and other appropriate action.

Question 14

Control Activities, a component of internal control, can be defined as

Answer 14

policies and procedures that address and mitigate risks identified by risk assessment process.

Question 15

Actions, policies, and procedures that reflect overall attitudes of top management, directors, and owners of an entity establish which component of Internal control?

Answer 15

The Control Environment.

• Commitment to integrity and ethical values
• Effective BOD and audit committee
• Effective organizational structure
• Commitment to attract, develop, and retain competent employees
• Individual accountability for internal control responsibilities

Question 16

Describe the six limitations of Internal Control

Answer 16

Human Errors

Systematic Errors

Collusion circumventing segregation of Duties

Override of internal Control by Management

Cot considerations

Compliance deteriorating over time

Question 17

Should management perform ongoing monitoring to determine if controls are present and functioning?

Answer 17

Yes

Question 18

Describe The Accounting Information and Communication System

Answer 18

Information is needed throughout company to meet objectives. Therefore, management must obtain, use, and communicate relevant, quality information to support controls.

Question 19

Monitoring activities assess the quality of internal control over time. True or False?

Answer 19

True

Question 20

What does ERM stand for?

Answer 20

Enterprise Risk Management.

• COSO, but doesn’t replace internal control framework
• Goes beyond internal control to focus on how organizations may be able to maximize value for stakeholders most effectively by managing risks and opportunities
• More robust, or strong and stable, for companies to manage business risk

Question 21

Define Corporate Governance

Answer 21

“the system by which companies are directed and controlled.” It includes the policies, procedures, and mechanism that are established to ensure that the company operates in the best interests of its major stakeholders - including owners, customers, suppliers, employees, and society as a whole.

For example, for a corporation, the major instruments of corporate governance include management compensation systems, the boards of directors (including major committees), external auditors, internal auditors, attorneys, regulators, creditors, securities analysts, and internal control systems.governance

Question 22

Define how systematic errors may occur

Answer 22

in designing, maintaining, or monitoring automated controls

Question 23

Once again - steps of audit in order

Answer 23

Plan Audit - Obtain Understanding - Assess Risks of Material Misstatement - Perform further audit procedures - Complete the Audit - Form an Opinion - Issue audit report

Question 24

Corporate Governance Mechanisms include

Answer 24

	External auditors
	Regulators (such as the SEC)
	Creditors
	Securities analysts
	Major shareholders

Question 25

revenue, purchases, and cash receipts and disbursements are names of what types of transactions?

Answer 25

routine transactions

Question 26

Stage 2, obtaining understanding, regarding internal control:

Answer 26

 Identify types of potential misstatements and consider factors that affect risk
 Design tests of controls
 Auditors must first understand the internal control design, so the client can provide narratives here or flowcharts of controls
 Only test controls that work. No point in testing ineffective ones, because cant increase detection.

Also, Auditors must consider all five of the internal control components

Question 27

Corporate Governance would be considered ____ (broader/smaller) than internal control

Answer 27

Broader, it also encompasses ethical treatment of all major stakeholders, compliance with laws, regulations, customary business practices, and effective risk management

Question 28

Determining the allowance for doubtful accounts would be an example of which type of transaction?

Answer 28

Estimation

Question 29

Test of controls include the following: (there are four)

Answer 29

Inquiries of appropriate client personnel

Inspection of documents and reports

Observation of the application

Reperformance of the controls

Question 30

taking of inventory, calculating depreciation expense are examples of what type of transactions?

Answer 30

nonroutine

Question 31

Results of ____ are often used to determine nature, extent, and timing of substantive proceudres

Answer 31

Tests of Controls

Question 32

Which of the three types of transactions generally has the strongest control compared the other two?

Answer 32

Routine transactions

Question 33

If controls have changed from prior year, new controls must be tested. True or false?

Answer 33

True

Question 34

Advantages and disadvantages of Internal Control Questionnaires

Answer 34

A: Asks a series of questions about controls in each transaction cycle in order to identify deficiencies

D: 1. Inability to provide a system overview

2. Inapplicability of many questions for some audits, especially smaller ones

Question 35

Define a Narrative

Answer 35

Written description of each transaction cycle in

an accounting system

Question 36

If controls have not changed, can one rely on past tests of controls?

Answer 36

Sure, but in a limited fashion.

AICPA and International Auditing Standards – tests of control must be performed at least every third year

PCAOB – more stringent – tests of controls must be performed to some extent annually when controls are relied upon

Question 37

The four procedures to obtain understanding of control design and implementation include (usually a combo of):

Answer 37

• Inquiring of entity personnel
• Observing the application of specific controls
• Inspecting documents and reports
• Tracing transactions through the information system relevant to financial reporting (walk-throughs)

Question 38

If tests of control show numerous control deviations, is substantive testing expanded or reduced?

Answer 38

Expanded to test the assertions

Question 39

• Auditing standards require auditors to obtain and document an understanding of internal control. True or False?

Answer 39

True, through

• Internal Control Questionnaires
• Narratives
• Flowcharts
• Walk-throughs

Question 40

Is a walk-through the same as a tour of the audit property?

Answer 40

No

Question 41

Define a significant deficiency

Answer 41

control deficiency that is important but less severe than material weakness

Question 42

Describe considerations taken if the work of internal auditors must be used

Answer 42

• CPA may rely on work of internal audit to reduce amount of testing if found to be effective
• CPA must assess internal audit competence (education, experience, certifications) and objectivity (report directly to audit committee?) and quality of their work (examine working papers)
• If intent is to rely upon work of internal audit, must test that work

Question 43

Define Flowcharts

Answer 43

Diagram of each cycle in an accounting system that

serves as a visual representation of the series of procedures that occur in each sequence of processing

Question 44

Define an advantage of a Narrative

Answer 44

Kind of like writing out a walk-through. Advantage is that it gives a good understanding of what a transaction look like.

Question 45

Which report documents the organization’s suitability and effectiveness?

Answer 45

Type 2

Question 46

Advantages of flowcharts?

Answer 46

Contains the same information as a narrative,
with the advantages of being:
1. Easier to read/visualize
2. Easier to update.

***Narratives/flowcharts to understand the system accompanied
by internal control questionnaires for checklist of potential
deficiencies = highly useful!

Question 47

Define a walk-through

Answer 47

After documentation of internal controls, trace one or two transactions through cycle to ensure proper implementation

If auditor finds implementation of internal controls is different from description, modify working papers accordingly

Question 48

Potential disadvantages of flowcharts are

Answer 48

that it’s not as clearly identifying areas of weakness/omitted controls

Question 49

An Unqualified opinion on Internal Control means that

Answer 49

No material weaknesses or scope restrictions

Question 50

Can a CPA obtain direct assistance from internal auditors?

Answer 50

Sure, for certain procedures (nothing high risk or subjective), but CPA remains responsible for the audit

Question 51

A type _ (1/2) report is Management’s description of the system and the suitability of the design of controls

Answer 51

Type 1

Question 52

• Auditors may also assist in effective internal control and improving client effectiveness and efficiency by communicating the following in a management letter:

Answer 52

• Internal control deficiencies (even less significant ones)
• Explanation of potential effects
• Recommendations for corrective action

Question 53

Audit standards require WRITTEN communication of _____ (significant deficiencies/material weaknesses) to management no later than 60 days after report release date

Answer 53

Both, actually

Question 54

SOX Section 404a Establishes a form 10k each year. This is a report that includes the following affects on management:

Answer 54

Acknowledges responsibility for establishing and maintaining adequate internal control over financial reporting
 Assesses internal control effectiveness as of the last day of the company’s fiscal year using suitable criteria

Question 55

Define a material weakness

Answer 55

control deficiency that creates a reasonable possibility of a material misstatement

Question 56

An adverse opinion on Internal Control means that

Answer 56

there are one or more material weaknesses

Question 57

A Qualified or Disclaimer opinion on Internal control means that

Answer 57

there is a Scope Limitation

Question 58

Due to lack of employees, internal control is generally _____ (strong/weak) in small businesses

Answer 58

weak since, for example, adequate segregation of duties is not feasible. Auditors must rely much more on substantive procedures of account balances and transactions

Question 59

Some key measures to ensure better control include

Answer 59

• Segregation of duties of cash handling and record keeping

* Active oversight and participation by the owner

Question 60

Auditors selected by a service organization to assess systems are called

Answer 60

Service Auditors

Question 61

Define a Service Organization

Answer 61

Organization that performs data processing/computer/or IT services, like payroll processing, for various clients

Question 62

Preventive, Detective, or Corrective control? - Segregation of Duties

Answer 62

Preventive

Question 63

Preventive, Detective, or Corrective control? - Requirement to prepare bank reconciliations

Answer 63

Detective

Question 64

Preventive, Detective, or Corrective control? - Maintaining Backups of Data

Answer 64

Corrective

Question 65

Preventive, Detective, or Corrective control? - Finding a misstatement that has already been made

Answer 65

Detective

Question 66

Preventive, Detective, or Corrective control? - Finding a misstatement

Answer 66

Corrective

Question 67

Preventive, Detective, or Corrective control? - Approving journal entries

Answer 67

Preventive

Question 68

A common way to help detect misstatements that have been made is to

Answer 68

Prepare bank Reconciliations

Question 69

Lifo calculations, Depreciation, Physical inventory, and financial statement closes are what type of transactions?

Answer 69

Nonroutine

Question 70

Bad debt expense is what type of transaction?

Answer 70

Estimation

Question 71

Cash receipts, payroll, cash disbursement, and inventory costing is considered what type of transaction?

Answer 71

Routine

Question 72

The significance of accounts should be considered ______ (with/without) regard to internal control.

Answer 72

without

Question 73

The first step of planning steps of the audit of internal control is

Answer 73

Management’s report on internal control

Question 74

What kind of approach is sued to identify controls to a tesT?

Answer 74

top-down

Question 75

An account is significant if there is a reasonable possibility that it could contain a misstatement that has a material effect on the financial statements. True or False

Answer 75

True

Question 76

Accounting ______ (disclosures/estimates) involve management’s judgment or assumptions.

Answer 76

estimates

Question 77

Is design or operating effectiveness tested first?

Answer 77

Design

Question 78

Efficient planning of the evaluation of internal control requires coordination the financial statement audit. True or false?

Answer 78

True

Question 79

Evidence as to the design of internal control and its operating effectiveness should be considered ____________ (as of, before, or after) the date specified in the assessment

Answer 79

as of

Question 80

The audit committee is especially important as it exercises oversight responsibility over the financial statements. True or False

Answer 80

True

Question 81

Who should develop a statement of ethical values?

Answer 81

Senior Management

Question 82

Management’s evaluation process of internal control ____________ (concludes/begins with) with the management report on internal control–the first step of the audit process.

Answer 82

concludes

Question 83

Organizational structure provides a basis for planning, directing, and controlling operations. True or False?

Answer 83

True

Question 84

To enhance the control environment, management develops job descriptions. True or False?

Answer 84

True!

Question 85

For well controlled operations, the same employee that maintains custody of assets should also keep the accounting records for the assets. True or False?

Answer 85

False

Question 86

An employee has incompatible duties if the person is in a position to perpetrate and conceal errors or fraud in the normal course of performing his or her duties. True or False?

Answer 86

True

Question 87

The controls over a client’s sales cycle are part of that client’s control environment. True or False?

Answer 87

False

Question 88

The establishment of sales terms is an example of a control. True or False?

Answer 88

True

Question 89

The internal audit function is an important part of the monitoring component of internal control. True or False?

Answer 89

True

Question 90

All material weaknesses are also control deficiencies. True or False??

Answer 90

True

Question 91

Both the design of controls and the operating effectiveness of controls is considered in an audit of internal control performed under PCAOB standards. True or False?

Answer 91

True

Question 92

A control activity that leaves evidence of compliance is usually tested by inquiry and observation. True or False?

Answer 92

True

Question 93

An advantage of an internal control questionnaire is that weaknesses in internal control are highlighted by the questionnaire. True or False?

Answer 93

True

Question 94

In audits of both public and nonpublic companies significant deficiencies and material weaknesses noted by the auditors must be communicated to management in writing. True or false??

Answer 94

True

Question 95

Before assessing control risk at a level lower than the maximum, the auditor obtains reasonable assurance that controls are in use and operating effectively. This assurance is most likely obtained in part by:

Analyzing tests of trends and ratios

preparing flowcharts

inspecting documents

performing substantive procedures

Answer 95

inspecting documents

Question 96

Examine signatures on checks is considered a test of control?

Answer 96

Yes

Question 97

When performing an audit of internal control, the period or date on which the opinion relates under PCAOB standards is the: as of date or the entire period under audit?

Answer 97

As of Date

Question 98

Counting and listing cash on hand considered a test of control?

Answer 98

No

Question 99

No one particular form of documentation of client’s internal control is required, and the extent of documentation may vary. True or false?

Answer 99

True

Question 100

Obtaining or preparing reconciliations of bank accounts as of the balance sheet date considered a test of control?

Answer 100

No

Question 101

Observation of client personnel applying the control is most likely to provide an auditor with utmost assurance about the effectiveness of the operation of internal control. True or false?

Answer 101

True

Question 102

An auditor’s flowchart of a client’s internal control is a diagrammatic representation which depicts the auditors’:

documentation of control risk

understanding of the system

planned tests of controls

program for tests of controls

Answer 102

understanding of the system

Question 103

Is monitoring considered a component of internal control?

Answer 103

Yes