M1-Integrated Audit Procedures Flashcards
In order for an auditor to audit and report on a nonissuer’s internal control, management must present its written assessment about the effectiveness of internal control. (true or false)
true
It is management’s responsibility to assess and report on internal control, but the auditor is also required to assess and report on internal control. (true or false)
true
An engagement to audit internal control will generally be more extensive in scope than the assessment of control risk made during a financial statement audit of a non-issuer. This occurs because assessing control risk is the primary purpose of an engagement to express an opinion on internal control, whereas it is an incidental result of an audit of a non-issuer(true or false)
true
PCAOB standards surrounding internal control apply only to audits of issuers, not to audits of nonissuers. (true or false)
true
An evaluation of an entity’s information technology risk and controls should utilize the top-down approach. The top-down approach is used in selecting controls to test in an integrated audit. (true or false)
true
The “top-down approach” used during an audit of internal control over financial reporting begins by understanding the overall risks to internal control over financial reporting at the financial statement level. (true or false)
true
An auditor that is testing controls at a company with multiple business units should test controls over specific risks at business units that are material to the company’s consolidated financial statements. (true or false)
true
Entity level controls include controls related to the control environment, the risk assessment process, and the policies over risk management practices. Controls regarding the company’s annual stockholder meeting are controls related to a specific event, rather than the entity as a whole. (true or false)
true
