Internal Control

Question 1

The primary objective of procedures performed to obtain an understanding of the internal control structure is to provide an auditor with

Answer 1

the knowledge necessary for audit planning.

Question 2

Auditor uses the assessed level of control risk (the risk that the internal control structure will not detect or prevent a material misstatement) to

Answer 2

determine the acceptable level of detection risk for financial statement assertions.
The auditor assesses control risk (the risk that the internal control structure will not prevent or detect a material misstatement) and inherent risk (the risk of a material misstatement occurring) in order to determine the acceptable level of detection risk.

Question 3

The auditor tests controls in order to rely on them and to reduce substantive testing

Answer 3

If testing controls will not reduce substantive testing efficiently the auditor won’t perform test of controls.

Question 4

In obtaining an understanding of an entity’s internal control structure, an auditor is required to obtain knowledge about the

Answer 4

Design of policies and procedures, the auditor is NOT required to determine operating effectiveness of controls by testing controls unless control risk is assessed at below the maximum level. An assessment of control risk below maximum must be supported by the collection of evidence indicating the controls are operating effectively. An assessment of control risk at maximum does not require the collection of evidence about the operation of the controls; however, it does require documentation of the basis for the assessment at maximum. Control risk may be assessed at the maximum level for certain assertions because the auditor believes that evaluating the effectiveness of the controls would be inefficient.

Question 5

On the basis of audit evidence gathered and evaluated, an auditor decides to increase the assessed level of control risk from that originally planned. To achieve an overall audit risk level that is substantially the same as the planned audit risk level, the auditor would

Answer 5

Decrease detection risk and increase substantive tests in order to achieve the planned audit risk level.

Question 6

inherent limitation of the potential effectiveness of an entity’s internal control structure?

Answer 6

fallibility of human judgement, and performance, possibility of collusion, management override

Question 7

After obtaining an understanding of the internal control structure and assessing control risk, an auditor decided not to perform additional tests of controls.

Answer 7

The performance of additional tests of controls would be performed only if such performance were considered cost-beneficial.

Question 8

In assessing control risk, an auditor ordinarily selects from a variety of techniques, including

Answer 8

Tests of controls directed toward effectiveness or operation of a control would ordinarily include inquiries, inspections of documents, observation, and reperformance of the application of a control.

Question 9

When considering the internal control structure, an auditor should be aware of the concept of reasonable assurance, which recognizes that

Answer 9

The cost of an entity’s internal control structure should not exceed the benefits expected to be derived. Internal control can provide only reasonable assurance as a limiting factor is the cost/benefit ratio. The cost of an entity’s internal control should not exceed the benefits derived therefrom.

Question 10

Regardless of the assessed level of control risk, an auditor would perform some

Answer 10

Substantive tests to restrict detection risk for significant transaction classes. An auditor must always perform substantive tests for significant account balances and transaction classes. Although a lowered control risk assessment allows the auditor to reduce substantive testing, it cannot be used to eliminate substantive testing.

Question 11

A letter issued regarding significant deficiencies relating to an entity’s internal control observed during an audit of financial statements should include a

Answer 11

Restriction on the distribution of the report. The letters are intended solely for the use of the audit committee (or those charged with governance), management, and others within the organization.

Question 12

When considering the objectivity of internal auditors, an independent auditor should

Answer 12

Determine the organizational level to which the internal auditors report. In assessing the objectivity of internal auditors, an independent auditor would consider the organizational status and reporting structure of the department as well as policies established to maintain objectivity.
This would include determining the organizational level to which the internal auditors report.

Question 13

Sound internal control procedures dictate that, immediately upon receiving checks from customers by mail, a responsible employee should

Answer 13

Prepare a duplicate listing of checks received. The greatest risk for checks received in the mail is the risk of such checks being lost or misappropriated. Sound internal control, therefore, dictates the preparation of a listing of checks received as soon as possible.

Question 14

An auditor would consider a cashier’s job description to contain compatible duties if the cashier receives remittances from the mailroom and also prepares the

Answer 14

Daily deposit slip. Adequate segregation of duties provides for the separation of authorizing, recording, and custodial duties. Receiving remittances from the mailroom is a custodial duty. It may properly be combined with preparation of the daily deposit slip which would also require custody of the asset.

Question 15

An auditor would be most likely to limit substantive audit tests of sales transactions when control risk is assessed as low for the existence or occurrence assertion concerning sales transactions and the auditor has already gathered evidence supporting

Answer 15

Cash receipts and accounts receivable.
Substantive tests of sales transactions would be limited when control risk is assessed as low for existence/occurrence and evidence has been gathered supporting cash receipts and accounts receivable. Consider the accounts which are impacted by sales transactions, DR Cash or Accounts Receivable and CR Sales. The combination of low control risk in this area plus evidence supporting cash receipts and accounts receivable provides the auditor with assurance that sales transactions have actually occurred.

Question 16

In a well-designed internal control structure, employees in the same department most likely would approve purchase orders, and also

Answer 16

Negotiate terms with vendors. Approval of purchase orders and negotiation of terms with vendors are both authorization functions which are properly performed by employees in the purchasing department.

Question 17

Mailing disbursement checks and remittance advices should be controlled by the employee who

Answer 17

Signs the checks last.
The check signer should also be responsible for mailing disbursement checks and remittance advices as these are all custodial functions.

Question 18

An auditor wishes to perform tests of controls on a client’s cash disbursements procedures. If the control procedures leave no audit trail of documentary evidence, the auditor will be most likely to test the procedures by

Answer 18

Observation and inquiry.

When documentation of a control does not exist, the auditor may use observation and inquiry to test the procedure.

Question 19

An auditor’s primary consideration regarding an entity’s internal control structure policies and procedures is whether they

Answer 19

Affect the financial statement assertions.
The auditor is primarily interested in whether an entity’s internal controls affect the financial statement assertions. Specifically, the auditor is interested in the policies and procedures that pertain to an entity’s ability to record, process, summarize, and report financial data consistent with the assertions embodied in the financial statements.

Question 20

The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the

Answer 20

Risk that material misstatements exist in the financial statements.
The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that material misstatements exist in the financial statements. Assessing control risk and inherent risk help the auditor identify where misstatements might exist; the auditor then performs auditing procedures to detect those misstatements.

Question 21

To obtain evidential matter about control risk, an auditor ordinarily selects tests from a variety of techniques, including

Answer 21

Reperformance.
Procedures performed to evaluate control risk include inquiries of personnel; inspection of documents and records; observation of activities and operations; and reperformance of the control procedure.

Question 22

Assessing control risk at below the maximum level most likely would involve

Answer 22

Identifying specific internal control structure policies and procedures relevant to specific assertions.
In order to assess control risk below maximum the auditor must collect evidence to support the reduction. Collecting such evidence involves identifying specific internal controls relevant to specific assertions and then performing tests of controls to evaluate the effectiveness of the controls.

Question 23

After obtaining an understanding of the internal control structure and assessing control risk, an auditor decided to perform tests of controls. The auditor most likely decided that

Answer 23

It would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.
After obtaining an understanding of internal control and assessing control risk, an auditor will perform tests of controls, if it is believed that such performance will result in a reduction in planned substantive tests. If the performance of tests of controls would not result in a reduction in substantive testing, completing tests of controls would be inefficient and therefore should not be performed.

Question 24

Which of the following procedures would an auditor most likely perform to test controls relating to management’s assertion about the completeness of cash receipts for cash sales at a retail outlet?

Answer 24

Observe the consistency of the employees’ use of cash registers and tapes.
The cardinal rule regarding cash receipts is to ensure that they are recorded. By requiring employees to record all sales in the cash register and to give customers the cash register tape evidencing the sale, companies can ensure that all cash sales are recorded (the completeness of cash receipts for cash sales). The auditor can test controls by observing employees’ use of cash registers and tapes.

Question 25

Which of the following is a step in an auditor’s decision to assess control risk at below the maximum?

Answer 25

Identify specific internal control policies and procedures that are likely to detect or prevent material misstatements.
An auditor’s assessment of control risk at below the maximum requires identification of specific internal controls that are likely to detect or prevent material misstatements and the testing of those controls.

Question 26

Which of the following is not a step in an auditor’s decision to assess control risk at below the maximum?

Answer 26

Perform tests of details of transactions to detect material misstatements in the financial statements.
In assessing control risk below maximum, the auditor must:
1) obtain an understanding of the internal control structure;
2) identify specific controls relevant to specific financial statement assertions; and
3) test the identified controls to determine if they are operating effectively. The auditor would NOT perform tests of details of transactions. These are substantive procedures which would generally be performed after the assessment of control risk is made.

Question 27

As a result of tests of controls, an auditor assesses control risk too high. This incorrect assessment most likely occurred because

Answer 27

Control risk based on the auditor’s sample is greater than the true operating effectiveness of the client’s control activity.
When the auditor assesses control risk too high, it means that the auditor’s sample indicates that the control is NOT working properly when it really is. Thus, control risk based on the auditor’s sample is higher than the true operating effectiveness of the control would warrant.

Question 28

Which of the following is a factor in the control environment?

Answer 28

The control environment is comprised of the following elements: (1) communication and enforcement of integrity and ethical values; (2) commitment to competence; (3) participation of those charged with governance; (4) management’s philosophy and operating style; (5) the entity’s organizational structure; (6) the entity’s assignment of authority and responsibility; and (7) human resource policies and practices. Accordingly, this is a factor to be considered with respect to the control environment.

Question 29

The objective of tests of details of transactions performed as tests of controls is to

Answer 29

Evaluate whether internal control structure procedures operated effectively.
The objective of tests of details of transactions performed as tests of controls is to evaluate whether internal controls operated effectively. A test of details of transactions performed as a test of control will enable the auditor to detect a control failure.

Question 30

An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes

Answer 30

Control policies and procedures are unlikely to pertain to the assertions.
Control risk is assessed in terms of the financial statement assertions. The auditor may assess control risk at maximum because the controls do not pertain to the assertions, or are ineffective, or because testing such controls would not result in a reduction in substantive testing (would be inefficient).

Question 31

Which of the following statements concerning an auditor’s communication of significant deficiencies is correct?

Answer 31

Any report issued on significant deficiencies should indicate that providing assurance on the internal control structure was not the purpose of the audit.
The auditor’s report on significant deficiencies should indicate that the purpose of the audit was to report on the financial statements and not to provide assurance on the internal control structure.

Question 32

In assessing the competence of an internal auditor, an independent CPA would most likely obtain information about the

Answer 32

Quality of the internal auditor’s working paper documentation.
To evaluate competence of an internal auditor, a CPA would obtain information about: 1) educational level and professional experience; 2) professional certification and continuing education; 3) audit policies, programs, and procedures; 4) assignment practices; 5) supervision and review; 6) quality of working paper documentation, reports and recommendations; and 7) performance evaluation.

Question 33

The company being audited has an internal auditor that is both competent and objective. The independent auditor wants to assign tasks for the internal auditor to perform. Under these circumstances, the independent auditor may

Answer 33

Allow the internal auditor to perform tests of internal controls.
The auditor may use internal auditors to provide direct assistance in performing tests of control and/or substantive tests.

Question 34

When considering the objectivity of internal auditors, an independent auditor should

Answer 34

Determine the organizational level to which the internal auditors report.
In assessing the objectivity of internal auditors, an independent auditor would consider the organizational status and reporting structure of the department as well as policies established to maintain objectivity.
This would include determining the organizational level to which the internal auditors report.

Question 35

In assessing the objectivity of internal auditors, the independent CPA who is auditing the entity’s financial statements would most likely consider the

Answer 35

Internal auditing standards developed by The Institute of Internal Auditors.
Internal auditing standards developed by The Institute of Internal Auditors address independence and objectivity and thus might be considered by an independent CPA in assessing the objectivity of internal auditors.
In addition, the independent CPA would consider whether the internal auditor reports to an officer of sufficient status, whether the internal auditor has direct access to the board of directors and the audit committee, whether internal audit employment decisions are overseen by the board of directors and/or the audit committee, and whether policies exist to prohibit the audit of areas in which conflicts of interest exist.

Question 36

An internal auditor’s work would most likely affect the nature, timing, and extent of an independent CPA’s auditing procedures when the internal auditor’s work relates to assertions about the

Answer 36

Existence of fixed asset additions.
Some of the work performed by internal auditors may provide direct evidence about material misstatements in assertions. As a result, the auditor may be able to rely upon such work and reduce the nature, timing, or extent of the auditing procedures to be performed related to those assertions. Internal audit work pertaining to the existence of fixed asset additions would provide direct evidence which could be used to restrict other audit work to be performed.

Question 37

When assessing internal auditors’ objectivity, an independent auditor should

Answer 37

Consider the policies that prohibit the internal auditors from auditing areas where they were recently assigned.
When assessing the internal auditor’s objectivity, the auditor should consider (1) the organizational status of the internal audit function; and (2) the policies affecting the internal auditor’s objectivity about areas audited. The latter includes policies prohibiting the internal auditor from auditing areas where recently assigned.

Question 38

Proper segregation of duties reduces the opportunities to allow persons to be in positions to both

Answer 38

Perpetrate and conceal errors and irregularities.
Segregation of duties involves the separation of the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets. It is intended to reduce the opportunities for any person to be in a position to both perpetrate and conceal errors or irregularities in the normal course of his/her duties.

Question 39

Tracing bills of lading to sales invoices provides evidence that

Answer 39

Shipments to customers were invoiced.
Tracing bills of lading to sales invoices provides evidence that shipments to customers were invoiced. It is a test of the completeness assertion.

Question 40

Which of the following controls would most likely help ensure that all credit sales transactions of an entity are recorded?

Answer 40

The billing department supervisor matches prenumbered shipping documents with entries in the sales journal.
Prenumbering is the standard cure for completeness. Having the billing department supervisor match prenumbered shipping documents with entries in the sales journal will help ensure that all credit sales transactions are recorded.

Question 41

Immediately upon receipt of cash, a responsible employee should

Answer 41

Prepare a remittance listing.
The immediate preparation of a remittance listing upon receipt of cash ensures that a control over cash received is established.

Question 42

An auditor would be most likely to limit substantive audit tests of sales transactions when control risk is assessed as low for the existence or occurrence assertion concerning sales transactions and the auditor has already gathered evidence supporting

Answer 42

Cash receipts and accounts receivable.
Substantive tests of sales transactions would be limited when control risk is assessed as low for existence/occurrence and evidence has been gathered supporting cash receipts and accounts receivable. Consider the accounts which are impacted by sales transactions, DR Cash or Accounts Receivable and CR Sales. The combination of low control risk in this area plus evidence supporting cash receipts and accounts receivable provides the auditor with assurance that sales transactions have actually occurred.

Question 43

Which of the following is usually a benefit of using electronic funds transfer for international cash transactions?

Answer 43

Reduction of the frequency of data entry errors.
Using electronic funds transfer for international cash transactions reduces the manual handling and data entry related to such transfers. As a result, the frequency of data entry errors is reduced. As a general rule, whenever the data must be “touched” by human hands, the opportunity for error is introduced. The less the data are touched, the fewer the opportunities for error.

Question 44

In a properly designed internal control structure, the same employee would most likely match vendors’ invoices with receiving reports and also

Answer 44

Recompute the calculations on vendors’ invoices.
This question pertains to segregation of duties. An employee responsible for matching vendor invoices with receiving reports is performing a step in the authorization process which will result in invoices being approved for payment. The same employee should not have responsibility for posting the accounts payable records, reconciling the accounts payable ledger, or canceling invoices after payment, as each would provide an opportunity for embezzlement or misappropriation to occur. It would be acceptable for the employee to recompute the calculations on vendors’ invoices, which would be an additional step in the same authorization process.

Question 45

In a well-designed internal control structure, the same employee may be permitted to

Answer 45

Mail signed checks, and also cancel supporting documents.
In a well-designed system of internal control, recordkeeping, custodial, and authorization functions are separated. Thus, the same employee would be allowed to mail signed checks and cancel supporting documents as both are custodial functions.

Question 46

When there are numerous property and equipment transactions during the year, an auditor who plans to assess control risk at a low level usually performs

Answer 46

Tests of controls and limited tests of current year property and equipment transactions.
The assessment of control risk at a low level requires that the auditor provide the basis for reducing the assessment. The basis is provided by performing tests of controls and documenting the results which support a lowered control risk assessment. In turn, the low control risk assessment enables the auditor to reduce the amount of substantive testing in that area, thus limiting the testing of current year property and equipment transactions.

Question 47

Which of the following controls would a company most likely use to safeguard marketable securities when an independent trust agent is not employed?

Answer 47

Two company officials have joint control of marketable securities, which are kept in a bank safe-deposit box.
An independent trust agent maintains custody over the marketable securities so that the company does not have physical responsibility for the asset. If an independent trust agent is not employed, the securities will physically come to the company and must be safeguarded. The combination of a bank safe-deposit box and dual access; i.e. requiring two company officials to access the securities, will provide the best security among the choices given.

Question 48

In obtaining an understanding of a manufacturing entity’s internal control structure concerning inventory balances, an auditor would most likely

Answer 48

Review the entity’s descriptions of inventory policies and procedures.
An understanding of the internal control structure is usually obtained by performing such procedures as inquiries of management and staff, inspection of documents and records, and observation of activities and operations. In obtaining an understanding of internal controls pertaining to inventory, an auditor most likely would review the entity’s descriptions of inventory policies and procedures.

Question 49

Which of the following questions would an auditor most likely include on an internal control questionnaire for notes payable?

Answer 49

Are direct borrowings on notes payable authorized by the board of directors?
An internal control questionnaire for notes payable would ask about controls over direct borrowings on notes payable. The concern would be whether it was possible for borrowings to occur without proper authorization.

Question 50

Equipment acquisitions that are misclassified as maintenance expense would most likely be detected by an internal control procedure that provides for

Answer 50

Investigation of variances within a formal budgeting system.
Misclassification of equipment acquisitions as maintenance expenses would most likely be detected through investigation of variances. Equipment acquisitions tend to be large dollar purchases which would distort normal maintenance expenses and thus create variances. Investigation of the variances would then reveal the misclassification.

Question 51

When an entity uses a trust company as custodian of its marketable securities, the possibility of concealing fraud would most likely be reduced if the

Answer 51

Trust company has no direct contact with the entity employees responsible for maintaining investment accounting records.
The concealment of fraud pertaining to marketable securities is best controlled through controlling access and providing for adequate segregation of duties. Use of a trust company aids in both respects. Access to the marketable securities is controlled by the trust company, an independent entity, and the duties of authorization and recording are automatically separated from the duty of custody. By limiting the trust company’s direct contact with employees responsible for recordkeeping, the potential for fraud is further lessened as segregation of duties is increased.