Final Exam

Question 1

COSO ERM Framework

Answer 1

I - Internal Environment
S - Objective Setting
E - Event Identification
A - Risk Assessment
R - Risk Response
A - Control Activities
I - Info & Communication
M - Monitoring

Question 2

When a fixed asset has a serial number already listed in the fixed asset database and the same serial number appears on a new supplier invoice:

a. Employees may have stolen the asset and sold it back to the company
b. It was probably moved from one location to another
c. There may be an issue with separation of duties
d. The mid-month depreciation convention may have been used

Answer 2

A

Question 3

List two factors that increase the opportunity to misappropriate assets

Answer 3

1. inadequate segregation of duties or independent checks

2. large amounts of cash on hand or processed

Question 4

Three-way matching involves the matching of:

a. The purchase requisition, purchase order, and supplier invoice
b. The purchase requisition, sales order, and supplier invoice
c. The purchase order, receiving document, and supplier invoice
d. The purchase requisition, receiving document, and supplier invoice

Answer 4

C

Question 5

Risk Appetite

Answer 5

The amount of risk that an enterprise and its individual managers are willing to accept in their pursuit of value. It can be measured in a qualitative sense by looking at risks in such categories as high, medium, and low.

Question 6

What are the four steps of an effective enterprise risk management GRC process?

Answer 6

1 - Risk assessment and planning
2 - Risk identification and analysis
3 - Exploit and develop risk response strategies
4 - Risk monitoring

Question 7

What is the difference between application controls and general IT controls?

Answer 7

Application controls
• Cover a specific process
General IT controls
• Control procedures that go beyond just individual applications and covers overall enterprise IT processes

Question 8

Which element of the internal environment includes clear lines of authority and responsibility?

Answer 8

Enterprise organizational structure

Question 9

Which element of the internal environment includes the shared beliefs and attitudes of management that impact the entire organization?

Answer 9

Risk Management Philosophy

Question 10

Professional Skepticism

Answer 10

An attitude that includes a questioning mind and a critical assessment of the appropriateness and sufficiency of audit evidence. The auditor’s responsibility to the assessed risks of material misstatement, particularly fraud risks, should involve the application of professional skepticism in gathering and evaluating audit evidence.

Question 11

Business Risk

Answer 11

Risks that result from significant conditions, events, circumstances, actions, or inactions that could adversely affect a company’s ability to achieve its objectives and execute its strategies. Business risks also might result from setting inappropriate objectives and strategies or from changes or complexity in the company’s operations or management.

Question 12

Service Organization

Answer 12

Outside provider that manages outside processes through a variety of contractual agreements. Ex: Payroll processing company, data center, etc.

Question 13

Overall attitude and awareness of those charged with governance is reflected in its..

Answer 13

Control Environment

Question 14

Within the COSO Internal Control Framework, which component is designed to ensure that internal controls continue to operate effectively?

Answer 14

Monitoring

Question 15

Which term means that information should be available from information systems when needed?

Answer 15

Timely

Question 16

Which of the following procedures is designed to prevent the purchasing agent from receiving kickbacks?

a. Maintaining a list of approved suppliers and requiring all purchases to be made from suppliers on that list
b. Requiring purchasing agents to disclose any financial investments in potential suppliers
c. Requiring approval of all purchase orders
d. Pre-numbering and periodically accounting for all purchase orders

Answer 16

B

Question 17

List 3 reasons for obtaining a good understanding of the client’s industry and external environment:

Answer 17

1. Specific industry risks may affect the auditor’s assessment of risk levels
2. Specific inherent risks common to certain industries
3. Industry could have unique accounting requirements that the auditor must understand to evaluate whether the client’s financial statements are in accordance with acct standards

Question 18

Explain why auditors need an understanding of the client’s industry. What information sources are commonly used by auditors to learn about the client’s industry?

Answer 18

Understand the events, conditions, and company activities that might be expected to have a significant effect on the risk of material misstatement. This provides a basis for identifying and assessing risks of material misstatement. Auditors can gain this knowledge by touring plants, inquiring management, reading prior year financial statements, the AICPA audit guide, and regulatory requirements.

Question 19

4 functions of Internal Control

Answer 19

1. Safeguard its assets
2. Check the accuracy and reliability of its accounting data
3. promote operational efficiency
4. encourage adherence to prescribed managerial policies

Question 20

As the risk associated with the control being tested increases, does the amount of evidence that the auditor should obtain increase or decrease?

Answer 20

The amount of evidence that the auditor should obtain should also increase as well as the need for the auditor to perform his or her own work on the control

Question 21

The auditor may choose to issue a report containing an opinion on the financial statement and an opinion on internal control over financial reporting in one of two ways. What are those two ways?

Answer 21

1. Combined report (contains opinions on both financial statements and internal controls)
2. Separate reports

Question 22

Completeness

Answer 22

All transactions and events that should have been recorded have been recorded.

Question 23

Right

Answer 23

The entity holds or controls the rights to assets, and liabilities are the obligation on the entity.

Question 24

Accuracy

Answer 24

Amounts and other data relating to recorded transactions and events have been recorded appropriately

Question 25

Cutoff

Answer 25

Transactions and events have been recorded in the correct accounting period.

Question 26

Fraud triangle

Answer 26

Pressure
Rationalization
Opportunity

Question 27

Example of a manual control

Answer 27

Requiring a second signature on a check payment that exceeds a certain amount

Question 28

How does existence affect the financial statements? (i.e. potential misstatement)

Answer 28

The inventory balance includes amounts that don’t physically exist (inventory is overstated)

Question 29

Why isn’t inquiry enough to conclude internal controls are effective?

Answer 29

Some types of tests, by their nature, produce greater evidence of the effectiveness of controls than other tests. To obtain evidence about whether a control is effective, the control must be tested directly; the effectiveness of a control cannot be inferred from the absence of misstatements detected by substantive procedure.

Question 30

List 2 limitations to internal control over financial reporting

Answer 30

1. Human judgment

2. Failure to understand or take action

Question 31

The Accounting cycle

Answer 31

1 - Obtain source docs
2 - Analyze transactions
3 - Record transactions in journals
4 - Post from journals to ledger accounts
5 - Prepare undajusted TB
6 - Record adjusting entries
7 - Prepare adjusted TB
8 - Prepare F/S
9 -  Record closing entries
10 - Prepare postclosing TB

Question 32

What is the purpose of AS No. 5?

Answer 32

This standard established requirements and provides direction that applies when an auditor is engaged to perform an audit of management’s assessment of the effectiveness of internal control over financial reporting that is integrated with an audit of the financial statements. (the audit of internal control over financial reporting)

Question 33

Which type of SOC report does not include a description of the system or a detailed description of the tests of controls and related test results?

Answer 33

SOC 3

Question 34

Which type of SOC report is a general-use report (i.e. may be used by anyone)

Answer 34

SOC 3

Question 35

Billing to the customer is triggered by:

a. Receipt of the initial order
b. Granting of credit by the credit department
c. Picking of goods from stock
d. Shipment of the order

Answer 35

D

Question 36

The separation of duties in cash receipts mandates that:

a. Anyone handling cash should not access the customer billing system
b. Anyone handing cash does not pick inventory
c. Anyone handling cash does not order goods from suppliers
d. Anyone handling cash does not plan production

Answer 36

A

Question 37

The separation of duties mandates that:

a. Anyone handling cash should not access the customer billing system
b. Anyone handling cash does not pick inventory

Answer 37

A

Question 38

A good control over billing fraud is:

a. To compare picked items to the sales order
b. To not let the billing clerk apply cash received from customers
c. To require a credit review for all orders
d. To proofread invoices

Answer 38

B

Question 39

7 primary steps of creating a system of controls:

Answer 39

1. Understand the system
2. Explore possible control breaches
3. Quantify possible control breaches
4. Design controls
5. Implement the controls
6. Test the system
7. Conduct a post-implementation

Question 40

Provide 3 examples of situations in which business risks might result in material misstatement of the financial statements:

Answer 40

1. Industry developments
2. New products and services
3. Use of IT (information technology)

Question 41

Provide 2 examples of performance measures that can affect the risks of material misstatement by creating incentives or pressures for management of the company to manipulate certain accounts or disclosures to achieve certain performance targets (or conceal a failure to achieve those targets).

Answer 41

1. Measures that form a basis for contractual commitments or incentive compensation arrangements
2. Measures used by external parties, such as analysts and rating agencies, to review the company’s performance

Question 42

Provide 3 examples of specific risks to a company’s internal control over financial reporting resulting from IT:

Answer 42

1. Unauthorized changes to data in master files
2. Unauthorized changes to systems or programs
3. Inappropriate manual intervention

Question 43

Why is the risk of not detecting a material misstatement resulting from fraud higher than the risk of not detecting one resulting from error?

Answer 43

This is because fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Such attempts at concealment may be even more difficult to detect when accompanied by collusion. Collusion may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false.

Question 44

Why is the risk of the auditor not detecting a material misstatement resulting from management fraud greater than for employee fraud?

Answer 44

Because management is frequently in a position to directly or indirectly manipulate accounting records, present fraudulent financial information, or override control procedures designed to prevent similar frauds by other employees.

Question 45

Management or those charged with governance may have incentives and/or pressures to commit fraudulent financial reporting. List 3 situations that indicate that the personal financial situation of management or those charged with governance is threatened by the entity’s financial performance.

Answer 45

1. Significant financial interests in the entity
2. Significant portions of their compensations being contingent upon achieving aggressive targets
3. Personal guarantees of debts of the entity

Question 46

COBIT Framework

Answer 46

1 - Meeting stakeholder needs
2 - Covering enterprise end to end
3 - Applying a single integrated framework
4 - Enabling a holistic approach
5 - Separating governance from mgmt

Question 47

10 controls of the revenue cycle

Answer 47

1. Compare purchase order to sales order
2. Verify credit on larger orders
3. Password protect the order entry system
4. Pre-numbered sales orders
5. Separation of duties
6. Proper granting rules be used
7. Sales order be routed to the credit department
8. Compare shipping documents to sales order
9. Management approves credit
10. Review cash receipts

Question 48

Sequential receipt numbers in an employee expense report:

a. Are usually valid receipts
b. Can indicate that fake receipts are being submitted
c. Are of no concern from a controls perspective
d. Are a useful way to record an expense report with a unique invoice number

Answer 48

B

Question 49

Anyone who receives goods:

a. Should not be allowed to engage in collection activities
b. Should not also prepare the bank reconciliation
c. Is allowed to authorize its purchase
d. Should not also authorize its purchase

Answer 49

D

Question 50

5 components of the COSO internal control framework

Answer 50

C - Control Activity
R - Risk Assessment
I - Info & Communication
M - Monitoring
E - Control Environment

Question 51

Principles that make the Control Activity component of the COSO internal control framework

Answer 51

1 - Select and develop control activities
2 - Select and develop general IT controls
3 - Develop controls through policy/proced.

Question 52

Principles that make the Risk Assessment component of the COSO internal control framework

Answer 52

1 - Clear objectives specified
2 - Risks identified to achievement of objectives
3 - Potential for fraud considered
4 - Significant changes identified and assessed

Question 53

Principles that make the Info & Comm. component of the COSO internal control framework

Answer 53

1 - Quality info obtained, generated & used
2 - Internal control info internally communicated
3 - Internal info externally communicated

Question 54

Principles that make the Monitoring component of the COSO internal control framework

Answer 54

1 - Ongoing and/or separate evaluations conducted

2 - Internal control deficiencies evaluated and communicated

Question 55

Principles that make the Control Environment component of the COSO internal control framework

Answer 55

1 - Commitment to integrity and ethical values
2 - Independent board of directors oversight
3 - Structures, reporting lines, authorities & responsibilities
4 - Attract, develop & retain competent people
5 - People held accountable for internal control

Question 56

Expenditure cycle controls

Answer 56

Transaction authority
Segregation of duties
Supervision
Accounting records
Safeguard assets and access
Independent verification

Question 57

Why combo of preventative and detective controls?

Answer 57

Preventative catches issues and detective find what preventative missed. Having both adds greater protection. Preventative are also more involved and restrictive.