Internal Control

Question 1

What is the primary purpose for obtaining an understanding of internal controls?

Answer 1

to determine the nature, timing, and extent of further audit procedures, including tests of controls and substantive procedures.

Question 2

the A can document the understanding of IC by:

Answer 2

using flow charts of transaction cycles, completing internal control questionnaires, or y preparing written memoranda

Question 3

what is a mgmt control method that could improve mgmt’s ability to supervise company activities effectively

Answer 3

est. budgets and forecasts to identify variances from expectations

Question 4

Detection risk is effectively set by the A when

Answer 4

decisions about the nature, timing, and extent of substantive audit procedures are made.

Question 5

A need to make a preliminary evaluation of the effectiveness of internal control. if ineffective -
if effective -

Answer 5

assess control risk at the maximum level.

Consider the possibility of assessing control risk at less than the max. consider cost-benefit issues

Question 6

What is an example of the inherent limitation of internal controls?

Answer 6

possibility of mgmt override

Question 7

A must collect evidence to support the reduction in control risk below the max. what kind of evidence should they collect?

Answer 7

identifying specific internal controls relevant to specific assertions and then performing test of controls to evaluate the effectiveness of the controls.

Question 8

In what ways does an A gain an understanding of IC?

Answer 8

Consider factors that affect the risk of material misstatement.
Identify the types of potential misstatements that can occur.
Ascertain whether the IC have been placed in operation

Question 9

Why does an A test IC?

Answer 9

in order to rely on them and to reduce substantive testing.

Question 10

Inherent risk

Answer 10

the risk of a MM occuring

Question 11

What makes up Control Activities?

Answer 11

Segregation of Duties
Controls 
Authorization
Review 
EDP/IT (info processing)

Question 12

What should an auditor do if they discover a deviation from the prescribed control procedures?

Answer 12

Make inquiries to understand the potential consequence of the deviation.

Question 13

What is a way to compensate for the lack of segregation of duties in a small organization?

Answer 13

Allowing for mgmt oversight of incompatible activities

Question 14

Does GAAS require tests of controls to be performed?

Answer 14

Only if the auditor plans to assess control risk below maximum.

Question 15

auditors are primarily concerned with internal controls that…

Answer 15

provide reasonable assurance as to an entity’s ability to prepare FSs.

Question 16

the A uses the knowledge provided by the understanding of IC and the assessed level of the risk of MM primarily to…

Answer 16

Determine the nature, timing, and extent of substantive tests for FS assertions.

Question 17

Why does an A obtain sufficient understanding of IC?

Answer 17

To assess the risks of MM.

To design the nature, timing, and extent of further audit procedures.

Question 18

Foreign Corrupt Practices Act

Answer 18

Every publicly held company must devise, document, and maintain internal control sufficient to provide reasonable assurance that IC objectives are met.

Question 19

What should an A do when the Control risk is assessed at the maximum level?

Answer 19

document the assessment of the risks of MM at the FS level and at the relevant assertion level. (this is true whether control risk is assessed at the max level or below)

Question 20

Def: Significant Deficieny

Answer 20

A deficiency in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance

Question 21

Def: Material Weakness

Answer 21

a deficiency in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis.

Question 22

How should deficiencies be communicated?

Answer 22

sig def and mat. weaknesses MUST be communicated in WRITING to mgmt and those charged with governance. (no later than 60 days following the report release date) Lesser matters - may be communicated orally, but should be doc.

Question 23

Can an A include in a statement in the A’s communication related to IC that no sig def or mat weak were found?

Answer 23

Can say no Material weaknesses found. Cannot say no sig def were found.

Question 24

Is an auditor required to search for sig def?

Answer 24

NO

Question 25

What are factors that should be considered in evaluating deficiencies?

Answer 25

Entity’s size
Complexity
The nature and diversity of its business activities

Question 26

A control deficiency that is more than a sig def is most likely to result in what form of audit opinion?

Answer 26

Adverse

Question 27

How does an A evaluate the competence of an internal auditor?

Answer 27

Educational level and professional experience
Professional certification and cont. education
Audit policies programs and procedures
Assignment practices
Supervision and review
Quality of working paper documentation.
Performance evaluation

Question 28

How does an auditor assess the objectivity of internal auditors

Answer 28

Consider the org. status and reporting structure of the dept as well as policies est. to maintain objectivity.. This would include determining the org level to which the internal auditors report and includes policies prohibiting the internal auditor from auditing areas where recently assigned.

Question 29

What are the 2 ways the external auditor might use the work of an internal audit function?

Answer 29

To provide direct assistance

To obtain audit evidence

Question 30

When using the work of an IA function to obtain audit evidence, what 3 matters should the external auditor evaluate?

Answer 30

Objectivity
Competence
Whether the IAF applies a systematic and disciplined approach including quality control

Question 31

What could be so serious that the auditor concludes that a FS audit cannot be performed?

Answer 31

There is a substantial risk of intentional misapplication of acct principles.

Question 32

An auditor may decide to assess the control risk at the max level for certain assertions bc the auditor believes

Answer 32

control policies and procedures are unlikely to pertain to the assertions

Question 33

What is the objective of tests of details performed as tests of controls?

Answer 33

to evaluate whether internal controls operated effectively. It will enable the auditor to detect a control failure

Question 34

regardless of the assessed level of control risk, an auditor would perform some

Answer 34

substantive tests to restrict detection risk for significant transaction classes.

Question 35

An auditor may decide to assess the control risk at the mac level for certain assertions bc the auditor believes

Answer 35

control policies and procedures are unlikely to pertain to the assertions.

Question 36

What are control activities?

Answer 36

policies and procedures that help ensure that mgmt directives are carried out

Question 37

What make up control activities?

Answer 37

SCARE
Segregation of duties
Controls (physical)
Authorization
Review (performance)
EDP/IT (info processing)

Question 38

A transaction cycle

Answer 38

a group of transactions of a similar type

Question 39

How is segregation of duties best tested?

Answer 39

By observing employees as they perform control activities

Question 40

Why do auditors emphasize transaction cycles?

Answer 40

Control risk is generally constant within a particular category of transactions, as all transactions are processed the same way. The trans. cycle is the highest level of aggregation for which control risk may be viewed as a constant.

Question 41

Examples of transaction cycles

Answer 41

revenue/receipts
disbursements
payroll
inventory
fixed assets
investing

Question 42

What are the 3 duties that must be separated?

Answer 42

Authorization of trans. (authorization)
Accounting/record keeping (recording)
Access to assets (custody)

Question 43

Immediately upon receiving checks from customers by mail, a resp employee should

Answer 43

Prepare a duplicate listing of checks received.

Question 44

There should be segregation between receiving cash and..

Answer 44

posting the AR ledger

Question 45

Debit Memo

Answer 45

advises acct that the vendor invoice should not be paid in full due to returned goods. When the shipping dept returns nonconforming goods to a vendor, purchasing should send acct a debit memo.

Question 46

Mailing disbursement checks and remittance advices should be controlled by the EE who

Answer 46

signs the check last

Question 47

The authority to accept incoming goods in receiving should be based on a

Answer 47

approved purchase order. This will prevent the erroneous acceptance of goods never ordered.