M8-Risk Assessment:Part 2 Flashcards
One of information technology’s potential benefits is the enhanced timeliness of information. (true or false)
true
Observation and inspection may be used to evaluate the design of controls. Observation of entity personnel applying control activities is a procedure that would likely provide evidence about the design of the activities. (true or false)
true
The control environment reflects the overall attitude, awareness and actions of those charged with governance (i.e., the board of directors, management, owners, and others) concerning the importance of control and its emphasis in the entity. (true or false)
true
The control environment represents the collective effect of various factors on establishing, enhancing, or mitigating the effectiveness of specific policies and procedures. Such factors include management’s philosophy and operating style, the entity’s organizational structure, the participation of those charged with governance, methods of assigning authority and responsibility, and human resource policies and practices. (true or false)
true
The auditor should obtain sufficient knowledge of the client’s information system relevant to financial reporting to understand the types of transactions processed, and how the transactions are initiated, recorded and summarized. Included in the information system relevant to financial reporting is the preparation of significant accounting estimates. (true or false)
true
“Substance over form” concerns relate to controls that appear on the surface to exist but in reality are not operating effectively. When obtaining an understanding of a client’s internal controls, an auditor should concentrate on the substance of controls rather than the form because even when appropriate procedures are established, management may not enforce compliance. (true or false)
true
The control environment element of an entity’s internal control relates to the tone of the organization, which includes human resource policies and practices. (true or false)
true
The concept of reasonable assurance recognizes that the cost of an entity’s internal control should not exceed the benefits that are expected to be derived. The cost-benefit relationship is a primary criterion that should be considered in designing internal control. (true or false)
true
Knowledge about the design and implementation of relevant internal controls should be used to identify types of misstatements that could occur. (true or false)
true
Services performed by another organization are not considered to be part of the client’s information system if the services provided are limited to executing transactions that are specifically authorized by the client. (true or false)
true
Manual controls would most likely be more suitable than automated controls for large, unusual, or nonrecurring transactions. (true or false)
true
An inherent limitation of internal control exists when, although good controls are instituted, management can override those controls. When the CEO requests a check with no purchase order, this is an example of management override. (true or false)
true
The suitability of the client’s lines of reporting is an important part of the organizational structure, which in turn is a key component of the control environment. Since the control environment has a pervasive effect on the auditor’s risk assessment, consideration of the suitability of the client’s lines of reporting is quite relevant in evaluating control risk. (true or false)
true
The more complex the IT system, the more extensive the documentation (such as flowcharts, narratives, questionaires, decision tables, etc.). The less complex the IT system, more limited documentation, such as a memorandum, may be sufficient. (true or false)
true
The best compensating control for the lack of segregation of duties in smaller organizations is to have more management oversight of incompatible functions. (true or false)
true