Evaluating Internal Control Flashcards
In obtaining an understanding of an entity’s internal control relevant to audit planning, an auditor is required to obtain knowledge about the
Design of the controls pertaining to internal control components.
Effectiveness of controls that have been implemented.
Consistency with which controls are currently being applied.
Controls related to each principal transaction class and account balance.
Design of the controls pertaining to internal control components.
The requirement is to identify the knowledge that an auditor must obtain when obtaining an understanding of an entity’s internal control sufficient for audit planning. Answer (a) is correct because an auditor must obtain an understanding that includes knowledge about the design of relevant controls and records and whether the client has placed those controls in operation. Answers (b) and (c) are incorrect because auditors may choose not to obtain information on operating effectiveness of controls and their consistency of application. Answer (d) is incorrect because there is no such explicit requirement relating to controls; see AU-C 315 for the necessary understanding of internal control.
When an auditor discovered that certain control activities were ineffective, the auditor most likely would increase the
Level of detection risk.
Extent of tests of details.
Level of inherent risk.
Extent of tests of controls.
Extent of tests of details.
This answer is correct because an increase in the extent of tests of details (a type of substantive test) will decrease detection risk, which is appropriate because of the increase in control risk.
After obtaining an understanding of internal control and assessing control risk of an entity, an auditor decided not to perform tests of controls. The auditor most likely decided that
The available audit evidence obtained through tests of controls would not support an increased level of control risk.
A reduction in the assessed level of control risk is justified for certain financial statement assertions.
It would be inefficient to perform tests of controls that would result in a reduction in planned substantive tests.
The assessed level of inherent risk exceeded the assessed level of control risk.
It would be inefficient to perform tests of controls that would result in a reduction in planned substantive tests.
This answer is correct because an auditor may conclude that it is inefficient to obtain additional audit evidence through tests of controls and may use the assessed level of control risk to plan the substantive tests for those assertions.
The objective of tests of details of transactions performed as tests of controls is to
Monitor the design and use of entity documents such as prenumbered shipping forms.
Determine whether controls have been implemented.
Detect material misstatements in the account balances of the financial statements.
Evaluate whether controls operated effectively.
Evaluate whether controls operated effectively.
The requirement is to identify the objective of tests of details of transactions performed as tests of controls. Answer (d) is correct because the purpose of tests of controls is to evaluate whether internal control operates effectively. Answer (a) is incorrect because while monitoring the design and use of entity documents may be viewed as a test of controls, it is not the objective. Answer (b) is incorrect because determining whether internal control is implemented is not directly related to tests of controls; see AU-C 315 for the distinction between “implemented” and “operating effectiveness.” Answer (c) is incorrect because substantive tests, not tests of controls, are focused on detection of material mis-statements in the account balances of the financial statements.
An independent auditor has concluded that the client’s records, procedures, and representation can be relied upon based on tests made during the year when internal control was found to be effective. The auditor should test the records, procedures, and representations again at year-end if
Inquiries and observations lead the auditor to believe that conditions have changed significantly.
Comparisons of year-end balances with balances at prior dates revealed significant fluctuations.
Unusual transactions occurred subsequent to the completion of the interim audit work.
Client records are in a condition that facilitates effective and efficient testing.
Inquiries and observations lead the auditor to believe that conditions have changed significantly.
This answer is correct because auditors should retest records and transactions if year-end inquiries and observations lead the auditor to believe conditions have changed significantly.
For certain controls, such as segregation of duties, documentary evidence may not exist. An auditor would most likely test the procedures by
Reperformance and corroboration.
Observation and inquiry.
Inspection and vouching.
Confirmation and recomputation.
Observation and inquiry.
This answer is correct because auditing procedures suggests that when no audit trail exists an auditor should use the observation and inquiry techniques.
Which of the following represents an inherent limitation of internal controls?
Bank reconciliations are not performed on a timely basis.
The CEO can request a check with no purchase order.
Customer credit checks are not performed.
Shipping documents are not matched to sales invoices.
The CEO can request a check with no purchase order.
This answer is correct because internal control is ordinarily subject to management override of controls—here requesting a check without adequate support. Such a situation is very difficult to control due to management’s authority.
Tests of controls are performed in order to determine whether
Controls are functioning as designed.
Necessary controls are absent.
Incompatible functions exist.
Material dollar errors exist.
Controls are functioning as designed.
This answer is correct because the purpose of tests of controls is to provide reasonable assurance that the internal control procedures are designed and operating effectively.
Which of the following is not a step in an auditor’s decision to conclude that controls operate effectively?
Evaluate the effectiveness of the controls with tests of controls.
Obtain an understanding of the entity’s accounting system and control environment.
Perform tests of details of transactions to detect material misstatements in the financial statements.
Consider whether controls can have a pervasive effect on financial assertions.
Perform tests of details of transactions to detect material misstatements in the financial statements.
This answer is correct because performing tests of details of transactions to detect material misstatements pertains more directly to detection risk rather than inherent or control risk.
Which of the following is ordinarily considered a test of a control?
Send confirmation letters to banks.
Count and list cash on hand.
Examine signatures on checks.
Test the clerical accuracy of inventory listings as of the balance sheet date.
Examine signatures on checks.
This answer is correct because tests of controls are directed toward the effectiveness of the design or operation of controls. In this case the control procedure is to determine that only authorized persons sign checks.
cash count is a test of transactions and balances which is a substantive test rather than a test of a control.
testing the clerical accuracy of inventory listings as of the balance sheet date is primarily a substantive test to determine whether inventory listings are accurately compiled.
Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity’s internal control?
Incompatible duties.
Management override.
Mistakes in judgment.
Collusion among employees.
Incompatible duties.
The requirement is to identify the reply that most likely would not be considered an inherent limitation of the potential effectiveness of an entity’s internal control. Answer (a) is correct because incompatible duties may generally be divided among individuals in such a manner as to control the problem. Answers (b), (c), and (d) are all incorrect because management override, mistakes of judgment, and collusion among employees are all inherent limitations of internal control.
When tests of controls reveal that controls are not operating as anticipated, it is most likely that the assessed level of the risk of material misstatement will
Be less than the planned level.
Equal the planned level.
Be greater than the planned level.
Be less than the actual level.
Be greater than the planned level.
This answer is correct because when controls are not operating as anticipated the risk of material misstatement will be greater than the planned assessed level of control risk.
Which of the following would be least likely to be included in an auditor’s tests of controls?
Inspection.
Observation.
Inquiry.
Confirmation.
Confirmation.
This answer is correct because tests of controls provide reasonable assurance that prescribed control procedures are being followed. Confirmation is used primarily to substantiate the existence of an account balance and, therefore, is considered a substantive test.
The auditor should perform tests of controls of
Those controls that the auditor plans to use to support a conclusion that controls operate effectively.
Those controls in which significant deficiencies were identified.
Those controls that have a material effect upon the financial statement balances.
A random sample of the controls that were reviewed.
auditor plans to use to support a conclusion that controls operate effectively.
This answer is correct because tests of controls are only performed on controls that the auditor plans to consider is assessing the risk of material misstatement. Performance of tests of controls on these controls may reduce the scope of substantive procedures needed.
Which of the following is a basic tool used by the auditor to control the audit work and review the progress of the audit?
Time and expense summary.
Engagement letter.
Progress flowchart.
Audit plan.
Audit plan.
This answer is correct because the audit plan aids in instructing assistants in the work and includes audit procedures to accomplish the objectives of the examination. Thus, it allows the auditor to control the audit work and to review the progress of the audit.
Which of the following would be least likely to suggest to an auditor that the client’s management may have overridden internal control?
There are numerous delays in preparing timely internal financial reports.
Management does not correct internal control weaknesses that it knows about.
Differences are always disclosed on a computer exception report.
There have been two new controllers this year.
Differences are always disclosed on a computer exception report.
This answer is correct because differences are expected to be disclosed on a computer exception report; disclosing these differences is the primary purpose of the report. Thus, this would not indicate that there are problems in the client’s internal control.
In which of the following circumstances is the performance of tests of controls least likely?
The auditor’s risk assessment includes an expectation of operating effectiveness of controls.
Substantive procedures alone do not provide sufficient audit evidence.
The planned level of the risk of material misstatement is at the maximum level.
Performance of tests of controls appears cost effective.
The planned level of the risk of material misstatement is at the maximum level.
This answer is correct because when the planned level of the risk of material misstatement is at the maximum level, no tests of controls are performed.
When considering internal control, an auditor should be aware of the concept of reasonable assurance, which recognizes that
Internal control may be ineffective due to mistakes in judgment and personal carelessness.
Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability.
Establishing and maintaining internal control is an important responsibility of management.
The cost of an entity’s internal control should not exceed the benefits expected to be derived.
The cost of an entity’s internal control should not exceed the benefits expected to be derived.
The requirement is to identify the meaning of the concept of reasonable assurance. Answer (d) is correct because reasonable assurance recognizes that the cost of internal control should not exceed the benefits expected to be derived.
Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertion and risks?
The relevant internal control components are not well documented.
The internal auditor already has tested the relevant controls and found them effective.
Testing the operating effectiveness of the relevant controls would not be efficient.
The cost of substantive procedures will exceed the cost of testing the relevant controls.
Testing the operating effectiveness of the relevant controls would not be efficient.
This is correct because auditors attempt to perform the audit in a cost-effective manner, and when the use of tests of controls to address operating effectiveness is not efficient, such procedures will not be performed.
An auditor is concerned about a policy of management override as a limitation of internal control.
Which of the following tests would best assess the validity of the auditor’s concern?
Matching purchase orders to accounts payable.
Verifying that approved spending limits are not exceeded.
Tracing sales orders to the revenue account.
Reviewing minutes of board meetings.
Verifying that approved spending limits are not exceeded.
This answer is correct because management override often evidences itself through exceeding approved spending limits—thus, finding that those limits have not been exceeded provides some evidence that at least that form of management override did not occur.
Which of the following is required documentation in an audit in accordance with generally accepted auditing standards?
All audit findings.
A flowchart depicting the segregation of duties and authorization of transactions.
An audit plan.
A memorandum setting forth details on every change made during the audit engagement to the overall audit strategy.
An audit plan.
This answer is correct because auditors should develop and document an audit plan that presents the nature, timing, and extent of audit procedures.
Which of the following is an inherent limitation in internal control? Incompatible duties. Lack of segregation of duties. Faulty human judgment. Lack of an audit committee.
Faulty human judgment
This answer is correct because even the best controls may fail if they rely upon human judgment, and that judgment is faulty.