Internal Control Flashcards
Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity’s internal control?
a. ) Incompatible duties
b. ) Management override
c. ) Mistakes in judgment
d. ) Collusion among employees
(a)Incompatible duties maybe divided among different employees to control the problem.
Control Limitations:
- Controls can’t stop collusion or bad judgment
- Controls can be overriden by Management
- Cost constraints (cost should not exceed benefit)
When considering internal control, an auditor should be aware of the concept of reasonable assurance, which recognizes that
a. ) Internal control may be ineffective due to mistakes in judgement and personal carelessness
b. ) Adequate safeguards over access to assets and records should permit an entity to maintain proper accountability
c. ) Establishing and maintaining internal control is an important reponsibility of management
d. ) The cost of an enitity’s internal control should not exceed the benefits expected to be derived
(d) Resonable assurance recognizes the following Limitations of Internal Control…
- Controls cannot stop collusion or bad judgment
- Controls can be overriden by Management
- Cost of internal control should not exceed the benefit expected to be derived
Proper segregation of functional responsibilities calls for separation of the functions of
a. ) Authorization, execution, and payment
b. ) Authorization, recording, and custody
c. ) Custody, execution, and reporting
d. ) Authorization, payment, and recording
(b) Duties requiring segregation are
- Authorization
- Recording
- Custody
ARC
An entity’s ongoing monitoring activities often include
a. ) Periodic audits by the audit committee
b. ) Reviewing the purchasing function
c. ) The audit of the annual financial statements
d. ) Control risk assessment in conjunction with quarterly reviews
(b) Ongoing monitoring activities are often designed into recurring activities such as sales and purchases.
The overall attitude and awareness of an entity’s board of directors concerning the importance of internal control usually is reflected in its
a. ) Computer-based controls
b. ) System of segregation of duties
c. ) Control environment
d. ) Safeguards over access to assets
(c) Control Environment - sets the tone of an organization
I - Integrity and ethical values
C - Commitment to competence
H - Human resource policies and practices
A - Assignment of authority and responsibilities
M - Management philisophy and style
B - Board of Director or Audit Committee’s participation
O - Organization structure
ICHAMBO
Management philosophy and operating style most likely would have a significant influence on an entity’s control environment when
a. ) The internal auditor reports directly to management
b. ) Management is dominated by one individual
c. ) Accurate management job descriptions delineate specific duties
d. ) The audit committee actively oversees the financial reporting process
(b) When an entity’s management is dominated by one individual; the control risk of management’s override is higher.
Which of the following factors are included in an entity’s control environment?
Audit Integrity and
Committee ethical values Organizational
a. ) Yes Yes No
b. ) Yes No Yes
c. ) No Yes Yes
d. ) Yes Yes Yes
(d) Audit Commitee’s participation, Entity’s ethical values, and Entity’s Organizational struture are all part of the the entity’s control environment.
Control Environment - sets the tone of an organization
I - Integrity and ethical values
C - Commitment to competence
H - Human resource policies and practices
A - Assignment of authority and responsibilities
M - Management philisophy and style
B - Board of Director or Audit Committee’s participation
O - Organizational structure
Which of the following is not a component of an entity’s internal control?
a. ) Control risk
b. ) Control activities
c. ) Monitoring
d. ) Control environment
(a) Control risk is not a component of internal control.
Components of Internal Control
- Control activities
- Risk assessments
- Information and communication
- Monitoring
- Control Environment
CRIME
Which of the following is a provision of the Foreign Corrupt Practices Act?
a. ) It is a criminal offense for an auditor to fail to detect and report a bribe paid by an American business entity to a foreign official for the purpose of obtaining business.
b. ) The auditor’s detection of illegal acts committed by officials of the auditor’s publicly held client in conjunction with foreign officials should be reported to the Enforcement Division of the Securities and Exchange Commission.
c. ) If the auditor of a publicly held company concludes that the effects on the financial statements of a bribe given to a foreign official are not susceptible of reasonable estimation, the auditor’s report should be modified.
d. ) Every publicly held company must devise, document, and maintain internal control sufficient to provide reasonable assurances that internal control objectives are met.
(d) The Foreign Corrupt Practices Act makes payment of bribes to foreign officials illegal and requires publicly held companies to maintain systems of internal control sufficient to provide reasonable assurances that internal control objectives are met.
An auditor suspects that certain client employees are ordering merchandise for themselves over the Internet without recording the purchase or receipt of the merchandise. When vendors’ invoices arrive, one of the employees approves the invoices for payment. After the invoices are paid, the employee destroys the invoices and the related vouchers. In gathering evidence regarding the fraud, the auditor most likely would select items for testing from the file of all
a. ) Cash disbursements
b. ) Approved vouchers
c. ) Receiving reports
d. ) Vendors’ invoices.
(a) is correct because the disbursement will be recorded and the auditor may thus sample from that population.
Which of the following procedures most likely would provide an auditor with evidence about whether an entity’s internal control activities are suitably designed to prevent or detect material misstatements?
a. ) Reperforming the activities for a sample of transactions.
b. ) Performing analytical procedures using data aggregated at a high level.
c. ) Vouching a sample of transactions directly related to the activities.
d. ) Observing the entity’s personnel applying the activities.
(d)AU-C 315 indicates an auditor will observe the entity’s personnel applying the procedures to determine whether controls have been implemented. Answer (a) is incorrect because reperforming the activities is a test of control to help assess the operating effectiveness of a control. Answer (b) is incorrect because analytical procedures are not performed to determine whether controls are suitably designed. Answer (c) is incorrect because vouching a sample of transactions is a substantive test not directly aimed at determining whether controls are suitably designed.
Which statement is correct concerning the relevance of various types of controls to a financial audit?
a. ) An auditor may ordinarily ignore a consideration of controls when a substantive audit approach is taken.
b. ) Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls may also be relevant.
c. ) Controls over safeguarding of assets and liabilities are of primary importance, while controls over the reliability of financial reporting may also be relevant.
d. ) All controls are ordinarily relevant to an audit.
(b)is correct because, generally, controls that are relevant to an audit pertain to the entity’s objective of preparing financial statements for external purposes. Answer (a) is incorrect because AU-C 315 makes clear that an auditor may not ignore consideration of controls under any audit approach. Answer (c) is incorrect because control over financial reporting are of primary importance. Answer (d) is incorrect because many operational and compliance related controls are not ordinarily relevant to an audit.
In an audit of financial statements in accordance with generally accepted auditing standards, an auditor is required to
a. ) Document the auditor’s understanding of the entity’s internal control.
b. ) Search for significant deficiencies in the operation of internal control.
c. ) Perform tests of controls to evaluate the effectiveness of the entity’s internal control.
d. ) Determine whether controls are suitably designed to prevent or detect material misstatements.
(a) AU-C 315 requires that the auditor document the understanding of the entity’s internal control.
In obtaining an understanding of an entity’s internal control relevant to audit planning, an auditor is required to obtain knowledge about the
a. ) Design of the controls pertaining to internal control components.
b. ) Effectiveness of controls that have been implemented.
c. ) Consistency with which controls are currently being applied.
d. ) Controls related to each principal transaction class and account balance.
(a) an auditor must obtain an understanding that includes knowledge about the design of relevant controls and records and whether the client has placed those controls in operation.
An auditor should obtain sufficient knowledge of an entity’s information system to understand the
a. ) Safeguards used to limit access to computer facilities.
b. ) Process used to prepare significant accounting estimates.
c. ) Controls used to assure proper authorization of transactions.
d. ) Controls used to detect the concealment of fraud.
(b) AU-C 315 states that the auditor should obtain sufficient knowledge of the information (including accounting) system to understand the financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures. It also states that this knowledge is obtained to help the auditor to understand (1) the entity’s classes of transactions, (2) how transactions are initiated, (3) the accounting records and support, and (4) the accounting processing involved from initiation of a transaction to its inclusion in the financial statements.
