Internal Control - Concepts and Stds

Question 1

Analytical procedures used during risk assessment may enhance the auditor’s understanding of the client’s :

Answer 1

Analytical procedures used during risk assessment may enhance the auditor’s understanding of the client’s business and significant transactions and events that have occurred since the prior audit and also may help to identify the existence of unusual transactions or events and amounts, ratios, and trends that might indicate matters that have audit implications.

Question 2

In assessing control risk, an auditor ordinarily selects from a variety of techniques, including

Answer 2

Auditors perform tests of controls to obtain evidence on the operating effectiveness of controls to assess control risk. Tests of controls include inquiries of appropriate entity personnel, inspection of documents and reports, observation of the application of the policy or procedure, and reperformance of the application of the policy or procedure.

Question 3

AU-C 315 Assessing control risk

Answer 3

AU-C 315 indicates that assessing control risk may be performed concurrently during an audit with obtaining an understanding of internal control.

Question 4

Assessment of Control Risk

Answer 4

• When Control Risk is assessed to be at Maximum No Internal Control testing is performed
• When Control Risk is below Maximum:
  
  • Auditor tests Internal Controls
  • Auditor evaluates Control Risk based on tests
  • Auditor adjusts substantive tests accordingly
    
    • Weaker Internal Control = More testing
    • Stronger Internal Control = Less testing

Question 5

AU-C 610 states that internal auditors may assist the CPA in:

Answer 5

AU-C 610 states that internal auditors may assist the CPA in obtaining an understanding of internal control, in performing tests of controls, and in performing substantive tests.

Question 6

a basic tool used by the auditor to control the audit work and review the progress of the audit

Answer 6

audit plan aids in instructing assistants in the work and includes audit procedures to accomplish the objectives of the examination. Thus, it allows the auditor to control the audit work and to review the progress of the audit.

Question 7

An auditor reviews a client’s accounting policies and procedures when considering planning matters, for what purpose?

Answer 7

Understanding of the client’s operations and business. Such information provides overall guidance to help an auditor understand the client’s operations and business

Question 8

What judgments may an independent auditor share responsibility with an entity’s internal auditor who is assessed to be both competent and objective?

Answer 8

None

The auditor is required to make all significant judgments in the audit, including evaluating significant accounting estimates and determining the materiality of misstatements; other significant judgments include:

• assessing the risks of material misstatement
• evaluating the sufficiency of tests performed
• evaluating the going concern assumption
• evaluating the adequacy of disclosures

Question 9

Can an independent auditor share responsibility with an entity’s internal auditor who is assessed to be both competent and objective

Answer 9

An independent auditor responsibility cannot be shared with the internal auditors for any judgments; the responsibility to report on the financial statements rests solely with the independent auditor

Question 10

AU-C 265 compensating control

Answer 10

A compensating control is a control that lessens the severity of a deficiency (AU-C 265).

Question 11

Components of Internal Control

Answer 11

The components of internal control:

• control environment,
• control activities,
• monitoring
• risk assessment
• information/communications are the components of internal control, but not inherent risk.

Inherent Risk is not part of internal control

CRIME

• Control
• Risk
• Info/Communications
• Monitoring
• Environment

Question 12

Re-Testing Controls

Answer 12

Concerning current audit use of audit evidence about the operating effectiveness of controls obtained in prior year audits, professional standards allow the length of time permissable before retesting controls if the related controls are tested at least every third year.

Question 13

Confirmations of Accounts Receivable

Answer 13

Confirmation of accounts receivable is a substantive test not a test of a control.

Question 14

CONTROL ACTIVITIES

Answer 14

• Performance Reviews
• Information Processing
• Physical Controls
• Segregation of Duties

Question 15

Control Environment Assessment

Answer 15

• Sets tone for the entire company
• How is Management Integrity/Ethics?
• Is Management Competent?
• Healthy Organizational Structure?
• Appropriate HR Policies?
• Authority/Responsibility Assignments?
• What is Managements’ Style?
• Riskier with a dominant, aggressive individual(s)
• Are the Board/Audit Committee Actively Involved?

Question 16

Control Limitations

Answer 16

• Controls can’t stop collusion or bad judgment
• Management can override controls
• Cost vs. Benefit relationship of Internal Control

Question 17

The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that

Answer 17

Auditors are ultimately concerned with the existence of material misstatements in the financial statements.

Question 18

An auditor assesses control risk because

Answer 18

An auditor uses the assessed levels of control and inherent risk to establish the level of detection risk that the auditor may accept.

Question 19

An auditor assesses control risk because it

Answer 19

• Affects the level of detection risk that the auditor may accept
• Assessed levels of control risk and inherent risk are used to determine the acceptable level of detection risk for financial statement assertions.

audit risk = cr x ir x dr

Question 20

An auditor assesses control risk because

Answer 20

An auditor uses the assessed levels of control and inherent risk to establish the level of detection risk that the auditor may accept.

Question 21

Control risk should be assessed in terms of

Answer 21

AU-C 315 requires that control risk be assessed in terms of financial statement assertions

Question 22

Controls Not Reliable

Answer 22

• Control Risk = Higher
• Aceptable Dection Risk = Lower
• Stop testing controls and do more substantive audit procedures

Question 23

Controls Reliable

Answer 23

• Control Risk = Lower
• Aceptable Dection Risk = Higher
• Can continue substantive procedures for audit engagement as planned

Question 24

Decision tables differ from program flowcharts in that decision tables emphasize

Answer 24

Logical relationships among conditions and actions. Decision tables include various combinations of conditions that are matched to one of several actions. In an internal control setting, the various important controls are reviewed and, based on the combination of answers received, an action such as a decision on whether to perform tests of controls is determined. Program flowcharts simply summarize the steps involved in a program.

Question 25

Deficiencies in Internal Controls

Answer 25

If Internal Controls are deficient:

• Control Risk increases
• Scope of Substantive Procedures increases
• Detection Risk decreases
• Potential for Material Weakness
  
  • resonable possibility that a material misstatement in F/s would not be found

Question 26

Define control deficiency

Answer 26

A control deficiency is a condition in which the operation of a control does not allow management, or employees, in the normal course of performing their functions to prevent or detect misstatements on a timely basis—it does not explicitly consider likelihood of loss.

Question 27

Documentation of Internal Control

Answer 27

Auditor must Document understanding of Internal
Control via:

• Memos
• Flowcharts (easy to follow)
• Questionnaires (easy to complete)

Question 28

Five Components of Internal Control

Answer 28

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communciation
5. Monitoring

Question 29

the function of internal control, from the viewpoint of the independent auditor, is to

Answer 29

function of internal control, from the viewpoint of the independent auditor, is to provide reasonable assurance that material misstatements may either be prevented or discovered with reasonable promptness, thus assuring the reliability and integrity of the financial records.

Question 30

A government internal audit function is presumed to be free from organizational independence impairments for reporting internally when the head of the organization

Answer 30

Is removed from political pressures to conduct audits objectively, without fear of political reprisal . When the head of the organization is removed from political pressures, such independence may be obtained

Question 31

How would an auditor of a nonissuer most appropriately respond to a heightened assessed risk of material misstatement?

Answer 31

Heightened assessed risk of material misstatement may result in:

• the assignment of more experienced staff and/or those with specialized skills to high-risk areas; examples of other responses include
• providing more supervision and emphasizing the need for professional skepticism
• incorporating additional elements of unpredictability into audit procedures
• increasing the overall scope of audit procedures.

Question 32

If the independent auditors decide that the work performed by the internal auditor may have a bearing on their own procedures, they should consider the internal auditor’s

Answer 32

The AICPA’s Professional Standards require independent auditors to consider internal auditor’s:

• competence
• objectivity
• work performance

Question 33

In an audit of financial statements, an auditor’s primary consideration regarding a control risk should be assessed in terms of :

Answer 33

control risk should be assessed in terms of financial statement assertions.

Question 34

In comparison to the external auditor, an internal auditor is more likely to be concerned with

Answer 34

Operational auditing, a broader concept than included in financial statement audits, is more important to the internal auditor because it includes budgets and other control devices.

Question 35

In obtaining an understanding of an entity’s internal control relevant to audit planning, an auditor is required to obtain knowledge about

Answer 35

• An auditor must obtain an understanding of an entity’s internal control sufficient for audit planning.
• An auditor must obtain an understanding that includes knowledge about the design of relevant controls and records and whether the client has placed those controls in operation

Question 36

Ineffective oversight of financial reporting by those charged with governance is

Answer 36

Ineffective oversight of financial reporting by those charged with governance is an indicator of a material weakness—AU-C 265

Question 37

INFORMATION AND COMMUNICATION

Answer 37

Auditor needs to understand:

• Major transaction classes
• Transaction initiation
• Support records/documents
• Transaction processing
• Financial Statement Internal Reporting process
• Financial Statement External Reporting process

Question 38

Inherent Limitation in an Internal Control System

Answer 38

Inherent Limitations

• Human judgment can be faulty and result in a breakdown in internal control because of human errror
• collusion of two or more people
• inappropriate management override of internal control.

Question 39

Inspection of documents

Answer 39

• Inspection of documents is a form of a test of controls
• Such tests are used to obtain reasonable assurance that controls are in use and operating effectively.

Question 40

An internal auditor’s work would most likely affect the nature, timing, and extent of an independent CPA’s auditing procedures when

Answer 40

An internal auditor’s work would most likely affect the nature, timing, and extent of a CPA’s auditing procedures.

When considering the effect of the internal auditors’ work, the CPA considers:

• (1) the materiality of financial statement amounts
• (2) the risk of material misstatement of the assertions
• (3) the degree of subjectivity involved in the evaluation of the audit evidence.

Question 41

May an independent auditor share responsibility with an entity’s internal auditor who is assessed to be both competent and objective?

Answer 41

AU-C 610 requires that judgments about inherent and control risk always be those of the independent auditor. It also requires that judgments about the materiality of misstatements, the sufficiency of tests performed, the valuation of significant accounting estimates, and other matters affecting the auditor’s report should always be those of the independent auditor.

Question 42

An independent auditor should assess the organizational status of the director of internal audit.

Answer 42

Correct - an auditor assesses the organizational status of the director of internal audit as a method of addressing the function’s likely independence from management.

Question 43

AU-C 610 Internal Auditor Competence

Answer 43

AU-C 610 indicates when assessing internal auditors’ competence, auditors consider:

• the quality of internal auditors’ working paper documentation
• educational level
• professional experience
• professional certification
• audit policies
• practices regarding assignment, supervision and performance

Question 44

An auditor uses the knowledge provided by the understanding of internal control and the assessed level of the risk of material misstatement primarily to

Answer 44

The auditor uses such knowledge in determining the nature, timing, and extent of substantive tests for financial statement assertions.

Question 45

An auditor uses the knowledge provided by the understanding of internal control and the assessed level of the risks of material misstatements primarily to

Answer 45

• Determine the nature, timing, and further audit procedures.
• The auditor uses the knowledge provided by his/her understanding of internal control and the assessed level of the risks of material misstatement in determining the nature, timing, and extent of further audit procedures.

Question 46

List the five components of internal control

Answer 46

1. risk assessment
2. control environment,
3. control activities
4. information system relevant to financial reporting
5. monitoring of controls.

Question 47

Observation

Answer 47

AU-C 315 indicates an auditor will observe the entity’s personnel applying the procedures to determine whether controls have been implemented

Question 48

Internal Control Testing

Answer 48

Strong as IRON

• Inquiry - interview company personnel
• Re-Performance - can it be replicated
• Observation - Watch the control applied
• INspection - Dig into the details / documents

Question 49

Internal Control Testing

Answer 49

Reasonalble Assurance that controls are functioning as designed and effective

Question 50

AU-C 315 Understanding of Internal Control

Answer 50

AU-C 315 requires that the auditor document the understanding of the entity’s internal control.

This is a requirement when an audit of financial statements in accordance with generally accepted accounting principles (GAAP).

Question 51

An auditor may compensate for a weakness in internal control by increasing

Answer 51

Increasing analytical procedures decreases detection risk in a manner which may counterbalance the condition in internal control. In effect, the weakness in internal control is compensated for by increased substantive testing.

audit risk and its component risks—inherent risk, control risk, and detection risk

AR = IR x CR X DR

Question 52

The reliance placed on substantive tests in relation to the reliance placed on internal control varies in a relationship that is ordinarily

Answer 52

Inverse : as internal control is relied upon to a lesser extent, substantive tests are relied upon to a greater extent.

Question 53

Letter to Audit Committee on Internal Control

Answer 53

AU-C 265 indicates that such a letter to the audit committee should

(1) indicate that the audit’s purpose was to report on the financial statements and not to express an opinion on internal control,
(2) include the definition of a significant deficiency
(3) restrict distribution of the report.

Question 54

Ongoing Monitoring

Answer 54

Ongoing monitoring involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions and such an approach may be followed in reviewing the purchasing function.

Question 55

Planned level of the risk of material misstatement at maximum level

Answer 55

When the planned level of the risk of material misstatement is at the maximum level, no tests of controls are performed

Question 56

Reasonable Assurance

Answer 56

Internal Control provides reasonable assurance that:

• Material Misstatements will be prevented
• Reliability & Integrity of Financial Statements will be preserved
• Assets are protected against misuse

Question 57

Define Reasonable Assurance

Answer 57

The concept of reasonable assurance recognizes that the cost of internal control should not exceed the benefits expected to be derived.

Question 58

Report on Internal Control

Answer 58

Report on Internal Control now required for integrated audits

SAS 130

Question 59

Risk Assessment

Answer 59

• Risk of Material Misstatement determines acceptable level of Detection Risk
• Detection Risk determines Nature, Timing, Extent of Auditing Procedures

Question 60

Risk Assessment

Answer 60

• Rapid Growth - risky
• How does Management:
  
  • Identify Risk
  • Estimate Significance

Question 61

A CPA will most likely perform during the risk assessment phase of a financial statement audit using

Answer 61

analytical procedures often include a comparison of financial information with nonfinancial operating data and because analytical procedures must be performed during risk assessment

Question 62

Analytical procedures performed during the risk assessment phase of an audit should focus on

Answer 62

Analytical procedures used for risk assessment in the audit should focus on

• enhancing the auditor’s understanding of the client’s business and the transactions and events that have occurred since the last audit date
• identifying areas that may represent specific risks relevant to the audit.

Question 63

Risk Assessment

Answer 63

Major Changes:

• Operations
• Personnel
• Systems
• IT
• Products
• Corporate Organization
• Foreign Ops

Question 64

Risk Assessment

Answer 64

Risk assessment is a component of internal control—the other four components are

• control environment,
• control activities,
• information system relevant to financial reporting
• monitoring of controls.

Question 65

While obtaining an understanding of a client’s risk assessment policies, an auditor ordinarily considers how management:

Answer 65

• how management identifies risks
• estimates risk significance
• assesses the likelihood of risk occurrence, and relates them to financial reporting.

Question 66

Assessing the risk of material misstatement below the maximum based on controls involves

Answer 66

Assessing the risk of material misstatement below the maximum based on controls involves:

• Identifying specific controls relevant to specific assertions
• Performing tests of controls to evaluate their effectiveness.

Question 67

Assessed level of the risk of material misstatement

Answer 67

An auditor uses the risk of material misstatement to determine the acceptable level of detection risk for financial statement assertions. The auditor then uses the acceptable level of detection risk to determine the nature, timing, and extent of the auditing procedures to be used to detect material misstatements in the financial statement assertions.

Question 68

One use of assessed level of risk of material misstatement is

Answer 68

• Risk of material misstatement is used to determine the acceptable level of detection risk for financial statement assertions.
• The auditor then uses the acceptable level of detection risk to determine the nature, timing, and extent of the auditing procedures to be used to detect material misstatements in the financial statement assertions.

Question 69

Risk of Material Misstatement

Answer 69

• Were all transactions recorded?
• Were they recorded timely?
• Recorded in the correct period?
• Presented and disclosed properly?
• Did Management communicate their
  responsibilities?

Question 70

In order to obtain an initial understanding of internal control sufficient to assess the risk of material misstatement what proceedures would be applied

Answer 70

Risk assessment procedures to evaluate the design of relevant controls are performed to assess the risk of material misstatement throughout the financial statements

Question 71

Substantive Procedures

Answer 71

If results are as expected, substantive procedures do
not need to be adjusted

Question 72

Test of Controls

Answer 72

Tests of controls are used to:

• Test the effectiveness of the design or operation of a control.
• The auditor’s examination of sales invoices for specific initials would be an example of a procedure which provides assurance concerning the effectiveness of the operation of a control.

Question 73

When tests of controls reveal that controls are not operating as anticipated:

Answer 73

When tests of controls reveal that controls are not operating as anticipated, it is most likely that the assessed level of the risk of material misstatement will be greater than the planned level.

When controls are not operating as anticipated the risk of material misstatement will be greater than the planned assessed level of control risk.

Question 74

Tests of Controls Involve :

Answer 74

Tests of controls involve:

• inquiry (interviews)
• inspection
• observation
• reperformance.

Question 75

Tests of controls will be performed when:

Answer 75

Tests of controls will be performed when they are expected to result in a cost effective reduction in planned substantive tests.

Question 76

Tests of Internal Controls

Answer 76

• Controls tested by auditor in prior year can be used in current year if they are re-tested every 3rd year
• Exception: Control has changed since audit

Question 77

Control Activities Include

Answer 77

Control activities include:

• performance reviews
• information processing
• physical controls
• segregation of duties

Question 78

Examples of Inherent Limitation in Internal Control

Answer 78

• Human judgment is an inherent limitation since that judgment can be faulty and result in a breakdown in internal control because of human error
• additional inherent limitations of internal control include
• (1) collusion of two or more people and
• (2) inappropriate management override of internal control.

Question 79

Three Objectives of Internal Control

Answer 79

1. Reliability of Financial Reporting
2. Operational Efficiency/Effectiveness
3. Compliance with Law and Regulations

Question 80

Understanding Internal Control

Answer 80

Understanding Internal Control allows the auditor to determine:

• Nature, Timing, and Extent of planned Audit Procedures
• Risk of Material Misstatement

Question 81

Walk-throughs provide evidence that helps auditors

Answer 81

Walk-throughs provide evidence to confirm the understanding of the flow of transactions and the design of controls, to evaluate the effectiveness of the design of controls and to confirm whether controls have been implemented

Question 82

Observation and Inquiry

Answer 82

When documentary evidence may not exist. An auditor would most likely test the procedures by Observation and Inquiry

Auditing procedures suggests that when no audit trail exists an auditor should use the observation and inquiry techniques

Question 83

Which factors are included in an entity’s control environment?

Answer 83

audit committee, integrity and ethical values, and organization structure

Question 84

In designing written audit plans, an auditor should establish specific audit objectives that relate primarily to

Answer 84

Financial statement assertions.

In obtaining audit evidence to support financial statement assertions, the auditor develops specific audit objectives in light of those assertions

Question 85

Analytical procedures used in planning generally use data aggregated

Answer 85

Analytical procedures used in planning generally use data aggregated at a high level, data such as account balances from the prior year or from quarterly financial statements.

Question 86

Audit procedures are primarily designed to

Answer 86

Audit procedures are primarily designed to gather audit evidence which forms the basis for the auditor’s opinion.

Completion of the audit program and any additional audit procedures should provide sufficient competent audit evidence for an opinion on the financial statements as required by the third standard of fieldwork

Question 87

Internal Control - Substantive Testing

Answer 87

Has Inverse relationship with Substantive Testing

• Stronger Internal Controls = Less Testing Needed
• Weaker Internal Controls = More Testing Needed

Question 88

planning analytical procedures use information aggregated at a high level

Answer 88

planning analytical procedures use information aggregated at a high level—often, both financial and nonfinancial information.

Question 89

Segregation of Functional Responsibilites

Answer 89

The following should be segregated:

• Authorizing transactions
• Recording transactions
• Maintaining custody of assets