Chapters 6 and 7

Question 1

There is an _____ relationship between the reliability of internal control and the amount of substantive evidence required by the auditor.

Answer 1

Inverse.

Question 2

Internal control is the method by which an entity’s board of directors, management, and other personnel provide reasonable assurance about the achievement of objectives in the following categories:

Answer 2

(1) reliability of financial reporting,
(2) effectiveness and efficiency of operations, and
(3) compliance with applicable laws and regulations.

Question 3

The controls that are of most direct relevance to a financial statement audit are those that contribute to the…

Answer 3

reliability, timeliness, and transparency of external financial reporting.

Question 4

Internal control as defined by the COSO Framework consists of five components:

Answer 4

• Control Environment.
• Entity’s Risk -Assessment.
• Control Activities.
• Information and Communication.
• Monitoring Activities.

Question 5

COSO

Answer 5

The Committee of Sponsoring Organizations of the Treadway Commission

Question 6

Control environment

Answer 6

The board of directors and senior management establish the tone at the top regarding the importance of internal control and expected standards of conduct.

Question 7

Entity’s Risk Assessment

Answer 7

A dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives

Question 8

Information and Communication

Answer 8

Enable personnel to understand internal control responsibilities and their importance to the achievement of objectives.

Question 9

Control activities

Answer 9

The actions established by policies and procedures to help ensure that management directives to mitigate risks to the achievement of objectives are carried out.

Question 10

Control activities are commonly categorized into the following four types:

Answer 10

• Performance reviews (sometimes called “independent checks”).
• Physical controls.
• Segregation of duties.
• Information processing controls, including authorization and document-based controls.

Question 11

Monitoring Activities

Answer 11

Ascertain whether each of the five components of internal control are present and functioning.

Question 12

The effectiveness of any internal control system is subject to certain inherent limitations:

Answer 12

1. Management override of internal control
2. Personnel errors or mistakes
3. Collusion.

Question 13

To set control risk below high (e.g., at moderate or low), the auditor must:

Answer 13

1. Identify specific controls that will be relied upon.
2. Perform tests of the identified controls.
3. Conclude on the achieved level of control risk given results of testing.

Question 14

Interim Tests of Controls

Answer 14

• An auditor might test controls at an interim date because the assertion being tested:
  A. May not be significant
  B. The control has been effective in prior audits
  C. More efficient to conduct the tests at that time.

Question 15

What companies must comply to auditing internal control?

Answer 15

Large publicly traded corporations - called “accelerated filers.”

Question 16

What is an Accelerated filer?

Answer 16

A public company with common equity > 75 million.

Question 17

Section 404 of the Sarbanes-Oxley Act requires managements of publicly traded companies to:

Answer 17

A. Issue a report that accepts responsibility for establishing and maintaining adequate ICFR (internal control over financial reporting).
B. Assert whether ICFR is effective as of the end of the fiscal year

Question 18

What are the auditor’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act?

Answer 18

A. The auditor must audit (give an opinion on) management’s assertion about the effectiveness of ICFR.
B. The auditor must conduct the audit in an integrated way (integrated with the financial statement audit)

Question 19

Control deficiency (REPORT TO MANAGEMENT)

Answer 19

A weakness in the design or operation of a control such that management or employees, in the normal course of performing their assigned functions, fail to prevent or detect misstatements on a timely basis.

Question 20

Significant deficiency (REPORT TO AUDIT COMMITTEE and MANAGEMENT)

Answer 20

A deficiency, or a combination of deficiencies, in ICFR that is less severe than a material weakness yet important enough to merit attention by those responsible for oversight of the entity’s financial reporting.

Question 21

Material weakness (REPORT EXTERNALLY!!, REPORT TO AUDIT COMMITTEE and MANAGEMENT)

Answer 21

A deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis.

Question 22

In order to issue a report on the effectiveness of internal control, management needs to first…

Answer 22

Design and implement an effective system of ICFR and then develop an ongoing assessment process.

Question 23

The evaluation process has three steps:

Answer 23

1. Identify financial reporting risks and related controls.
2. Consider which locations to include in the evaluation.
3. Evaluate evidence about the operating effectiveness of ICFR.