Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AUD > MCQ 3 > Flashcards

MCQ 3 Flashcards

1
Q

Computer Services Company (CSC) processes payroll transactions for schools. Drake, CPA, is engaged to report on CSC’s policies and procedures placed in operation as of a specific date. These policies and procedures are relevant to the schools’ internal control, so Drake’s report will be useful in providing the school’s independent auditors with information necessary to plan their audits. Drake’s report expressing an opinion on CSC’s policies and procedures placed in operation as of a specific date should contain a (an)

A.
Description of the scope and nature of Drake’s procedures. (44%)

B.
Statement that CSC’s management has disclosed to Drake all design deficiencies of which it is aware. (4%)

C.
Opinion on the operating effectiveness of CSC’s policies and procedures. (42%)

D.
Paragraph indicating the basis for Drake’s assessment of control risk. (7%)

A

Choice A (Correct) and Choices B, C, D (Incorrect): A report from the auditor of a service organization will include a reference to the service or products that are covered by the report, a description of the scope and nature of the auditor’s procedures, and an indication of the purpose of the engagement. Since the procedures performed by Drake were related to the audit of the service organization’s client, Drake would only be interested in those controls that related to the processing of the school’s transactions and not all design deficiencies. In addition, Drake would not assess control risk in an engagement of this sort. Since Drake was engaged to report on policies and procedures placed in operation, but not on their operating efficiency, it would be inappropriate for Drake to express an opinion on operating efficiency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following internal control procedures is not usually performed in the vouchers payable department?

A.
Matching the vendor’s invoice with the related receiving report. (5%)

B.
Approving vouchers for payment by having an authorized employee sign the vouchers. (22%)

C.
Indicating the asset and expense accounts to be debited. (38%)

D.
Accounting for unused pre-numbered purchase orders and receiving reports. (33%)

A

Choice D (Correct) and Choices A, B, C (Incorrect): The vouchers payable department is responsible for matching all of the appropriate documents including the purchase order, receiving report, and vendor’s invoice and preparing a voucher for payment. The purchasing department accounts for unused purchase orders and the receiving department accounts for unused receiving reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following components of internal control best describes the process of requiring a key card to enter the warehouse?

A.
Control environment.

B.
Monitoring.

C.
Risk assessment.

D.
Control activities

A

D
There are five components of internal control (I/C) under the COSO framework. Control activities (as represented in PIPS) are policies, procedures, and standards that diminish risk and help ensure management directives are carried out. An example of a control activity (ie, physical control) is requiring that employees use a keycard to enter a facility (eg, warehouse). Restricting access to a warehouse mitigates the risk that assets are stolen and keeps them available for future use by the entity.

(Choice A) The component of control environment is the foundation of all other components of I/C because it relates to employee awareness and attitudes about the entity’s internal controls. Management influences the environment (ie, tone) based on its philosophy and operating style (eg, commitment to integrity/competence).

(Choice B) Monitoring is the means by which a company ensures that its control activities (ie, policies and procedures) are followed appropriately. An internal audit function is an example of monitoring.

(Choice C) Risk assessment is the identification, analysis, and management of risks relevant to preparing financial statements in conformity with a financial reporting framework (eg, GAAP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An increase in the assessed level of control risk will increase:

Test of controls Detection risk Substantive testing Inherent risk

A.
Yes No Yes Yes
(17%)

B.
No No Yes No
(76%)

C.
Yes Yes No Yes
(2%)

D.
No Yes No No
(3%)

A

Choice B (Correct) and Choices A, C, D (Incorrect): When an auditor assesses control risk at a higher level, substantive testing (test of details) will be increased to detect material misstatements to the financial statements that may not be detected or prevented through the internal controls. Because control risk is higher, the auditor will rely less, not more on tests of controls. To achieve an acceptable level of audit risk, detection risk will be set as lower, not higher, thus increasing the test of details, and inherent risk will remain unaffected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An audit client failed to maintain copies of its procedures manuals and organizational flowcharts. What should the auditor do in an audit of financial statements?

A.
Issue a qualified opinion on the basis of a scope limitation. (5%)

B.
Document the auditor’s understanding of internal controls. (54%)

C.
Assess control risk at the maximum level. (36%)

D.
Restrict the auditor’s responsibility to assess the effectiveness of controls in the audit engagement letter.

A

Choice B (Correct) and Choices A, C, D (Incorrect): An auditor is required to obtain and document an understanding of internal control. A client’s lack of documentation does not affect the scope of the audit, nor does it necessarily represent an internal control deficiency requiring control risk to be assessed at maximum as long as controls are communicated and monitored. The auditor’s responsibility to assess control risk is not affected by the client’s documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Payroll Data Co. (PDC) processes payroll transactions for a retailer. Cook, CPA, is engaged to express an opinion on a description of PDC’s internal controls placed in operation as of a specific date. These controls are relevant to the retailer’s internal control, so Cook’s report may be useful in providing the retailer’s independent auditor with information necessary to plan a financial statement audit. Cook’s report should

A.
Contain a disclaimer of opinion on the operating effectiveness of PDC’s controls. (22%)

B.
State whether PDC’s controls were suitably designed to achieve the retailer’s objectives. (35%)

C.
Identify PDC’s controls relevant to specific financial statement assertions. (35%)

D.
Disclose Cook’s assessed level of control risk for PDC.

A

Choice A (Correct): An engagement to express an opinion on a description of internal controls placed in operation as of a specific date is an attestation engagement that will result in a type 1 report. Such a report will express an opinion on management’s description of internal controls placed in operation and, to avoid any misunderstanding, will disclaim an opinion as to their effectiveness, which could only be evaluated by performing procedures for the entire period for which the opinion is expected to cover. The accountant could provide an opinion as to the suitability of the design of controls, but only if engaged to do so and if tests are performed to support such an opinion. The report would not, however, identify controls relevant to specific assertions. Nor would it disclose the accountant’s assessed level of control risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

X Company prepares a sales invoice, using a pre-printed sequentially numbered form, upon receipt of a copy of a bill of lading from the shipping department indicating that goods have been shipped. An auditor wishes to obtain evidence that all sales that that were recorded during the period actually occurred. Which of the following procedures would likely be most effective for that purpose?

A.
Trace entries from the sales journal to sales invoices and bills of lading. (47%)

B.
Trace a sample of receiving reports to the sales journal. (4%)

C.
Trace a sample of sales invoices to bills of lading. (21%)

D.
Trace a sample of bills of lading to the sales journal.

A

Choice A (Correct): To obtain evidence as to the occurrence assertion, an auditor would trace a sample from the accounting records to source documents to determine if each entry recorded is supported by evidence that a sale occurred. This would be accomplished by tracing entries from the sales journal to source documents. Receiving reports would relate to purchases, not sales. Tracing sales invoices to bills of lading would provide evidence that those transactions for which sales invoices were prepared for actually occurred, but would not indicate if all recorded transactions actually occurred. Tracing a sample of bills of lading to the sales journal would provide evidence about completeness, not occurrence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following most likely would be an internal control procedure designed to detect errors and irregularities concerning the custody of inventory?

A.
Periodic reconciliation of work in process with job cost sheets. (9%)

B.
Segregation of functions between general accounting and cost accounting. (2%)

C.
Independent comparisons of finished goods records with counts of goods on hand. (84%)

D.
Approval of inventory journal entries by the storekeeper

A

Choice C (Correct) and Choices B, D (Incorrect): Conducting periodic inventory counts and noting discrepancies enables the entity to promptly determine if inventory was misappropriated. Reconciling work in process with job cost sheets, segregating the functions of general accounting from cost accounting, and approval of inventory journal entries are controls related to the proper recording of inventory, not its custody.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following could be difficult to determine because electronic evidence may not be retrievable after a specific period?

A.
The acceptable level of detection risk.

B.
The timing of control and substantive tests.

C.
Whether to adopt substantive or reliance test strategies.

D.
The assessed level of inherent risk.

A

Choice B (Correct) and Choices A, C, D (Incorrect): The availability of electronic evidence affects the timing of audit procedures as they must be performed while evidence is available. The acceptable level of detection risk is determined by the auditor on the basis of the assessed risk of material misstatement and is not influenced by the availability of electronic evidence, although control risk is. Whether to adopt a substantive or a reliance approach will be based on the auditor’s perception of the effectiveness of internal control and the perceived efficiency of testing controls and reducing substantive tests, rather than the length of time electronic evidence is available. The assessed level of inherent risk is not within the control of the auditor and is not affected by the availability of evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following activities by small business clients best demonstrates management integrity in the absence of a written code of conduct?

A.
Emphasizing ethical behavior through oral communication and management example. (89%)

B.
Developing and maintaining formal descriptions of accounting procedures. (3%)

C.
Documenting internal control procedures using flowcharts rather than narratives. (4%)

D.
Reporting regularly to the board of directors about operations and finances.

A

A
There are five components of internal control (I/C) under the COSO framework. The control environment is the foundation of I/C because it relates to employee awareness and attitudes about the entity’s I/C.

Although the importance of integrity is normally communicated through a written code of conduct, small businesses may not have a formal written code. In these cases, management can demonstrate integrity through oral communication and with their actions, such as adhering to all relevant control procedures.

(Choices B and C) Formal descriptions of accounting procedures and documentation of I/C using flowcharts are procedures relevant to control activities, not the control environment. Documentation alone does not demonstrate management’s integrity.

(Choice D) Reporting regularly to the board of directors is related to the information and communication component of I/C. This component focuses on effective communication and quality information both inside and outside the entity, not on ethical values and integrity. In addition, depending on its size, a small business may not have a board of directors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An auditor is selecting prenumbered purchase orders for testing an entity’s internal control activities related to their proper approval before office equipment is ordered. The auditor is matching random numbers with the purchase order numbers to determine which purchase orders to inspect. If a random number matches a voided purchase order, the auditor ordinarily would replace the voided purchase order with another if the voided purchase order

A.
Represents office equipment ordered and never received. (4%)

B.
Has been properly voided in the normal course of business. (72%)

C.
Represents office equipment ordered and canceled before being processed by the vendor. (18%)

D.
Has been electronically deleted from the purchase order file.

A

B
Auditors can use simple random sampling to select items from a population when performing tests of controls or tests of details. If a voided item (eg, purchase order [PO]) is selected during sampling, the auditor can replace it only after verifying that it was properly voided and that all control procedures were followed.

(Choices A, C, and D) Situations in which POs were canceled, deleted, or not received may indicate a deviation from control procedures; however, more information is needed. Rather than replacing the item, the next step is to investigate by verifying if the event is considered a deviation from the control (eg, PO should not have been deleted). If it is a deviation, the auditor will document it and will not replace the item.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following audit techniques ordinarily would provide an auditor with the least assurance about the operating effectiveness of an internal control activity?

A.
Inquiry of client personnel. (24%)

B.
Inspection of documents and reports. (8%)

C.
Observation of client personnel. (1%)

D.
Preparation of system flowcharts.

A

Choice D (Correct) and Choices A, B, C (Incorrect): Preparing flowcharts is a means of documenting an auditor’s understanding of a client’s internal control but does not enhance the understanding. The understanding can be enhanced through inquiry of client personnel, inspection of documents and reports, and observation of client personnel because each provides evidence relevant to the functioning of internal controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following factors most likely would be considered an inherent limitation to an entity’s internal control?

A.
The ineffectiveness of the entity’s audit committee.

B.
Collusion of employees in circumventing internal controls.

C.
The lack of resources to monitor internal controls.

D.
The complexity of the entity’s electronic order processing system.

A

B
An entity’s internal control (I/C) is designed to provide reasonable assurance that the entity will achieve reliable financial reporting, maintain effective and efficient operations, and comply with laws and regulations. The inherent limitation of I/C is that fraud or error still may occur even when strong controls are in place. These limitations include collusion, management override, and human error.

An entity may have effective I/C that prevents the same employee from authorizing and recording transactions. However, if two or more employees work together to circumvent I/C (ie, collude), fraud can occur.

(Choices A and C) Inherent limitations of I/C are limitations that are always present, even when an effective control is in place. An entity may have a system of I/C even without an audit committee or resources to monitor it; therefore, the limitations cannot be inherent.

(Choice D) The complexity of the electronic ordering system is not an inherent limitation. It is a risk that can be mitigated by implementing effective I/C (eg, validating inputs and verifying outputs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company employs three clerks and one purchasing manager. Their responsibilities are as follows:

Employee

Responsibility

Purchasing Manager

Approves purchase requests before they are processed and negotiates terms with vendors.

Clerk 1, Purchasing

Places orders with vendors.

Clerk 2, Accounts Payable

Prepares payment vouchers after verifying accuracy of vendor invoices and comparing supporting documents.

Clerk 3, Receiving

Receives delivery of goods from vendors

Which of the following would indicate a weakness in the company’s internal control?

A.
Clerk 3 conducts manual counts of goods received, unaware of the quantities actually ordered. (8%)

B.
The Purchasing Manager frequently attends vendor events with all expenses-paid by the company. (7%)

C.
Clerk 2 has access to unused purchase orders. (77%)

D.
Clerk 1 reports to the Purchasing Manager, who has significant influence over Clerk 1’s pay and career progression.

A

Choice C (Correct) and Choices A, B, D (Incorrect): Since Clerk 2 prepares payment vouchers, having custody of unused purchase orders would enable the clerk to commit fraud by preparing a payment voucher supported by an unauthorized purchase order. A lack of knowledge of quantities ordered would require Clerk 3 to perform a manual count, which allows for comparing goods received to what was ordered, an enhancement, not a weakness, in internal control. Attending vendor events allows the purchasing manager to learn about what vendors are available and differences among them, which will enable the purchase manager to make better purchasing decisions. Since Clerk 1 is performing clerical functions related to the authorization of purchases, it is appropriate for the clerk to report to the purchasing manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following must be included in the written communication of significant deficiencies and material weaknesses in internal control identified in an audit of financial statements of a non-issuer company?

Limited use statement.
A statement that part of the purpose of an audit is to express an opinion on the effectiveness of internal control.
A statement that no material weaknesses or significant deficiencies were identified, if this is the case.

A.
I and III only (25%)

B.
I only (42%)

C.
I, II, and III (13%)

D.
None of the above

A

Choice B (Correct) and Choices A, C, D (Incorrect): Written communication of significant deficiencies and material weaknesses in internal control is designed for those responsible for governance and, sometimes, management. It is not designed for third parties and the report will indicate such a limitation on the use of the statement. The purpose of an audit is to express an opinion on the financial statements, not internal control, and the report would not state otherwise. An auditor’s report on internal control may indicate a lack of material weaknesses since, due to their magnitude, it is considered the auditor’s responsibility to be able to identify them, similarly to a material misstatement to the financial statements. It would not, however, indicate a lack of significant deficiencies as it is more likely that they may exist and go undetected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When there are numerous property and equipment transactions during the year, an auditor who plans to assess control risk at a low level usually performs

A.
Analytical procedures for property and equipment balances at the end of the year. (10%)

B.
Tests of controls and extensive tests of property and equipment balances at the end of the year. (27%)

C.
Analytical procedures for current year property and equipment transactions. (10%)

D.
Tests of controls and limited tests of current year property and equipment transactions

A 
D
Control risk (CR) is the risk that an entity's controls will not prevent or detect (and correct) a material misstatement.  CR affects the overall risk of material misstatement (RMM).  If controls are unreliable, there is a greater chance that a misstatement will occur (ie, CR is high).  In contrast, reliable controls reduce the RMM (ie, CR is low).

To set CR low, auditors must plan and perform tests of controls on the design and the operating effectiveness of the control. If the test results indicate that the control is effective, CR can be reduced. Because effective controls reduce the RMM, the amount of audit work can also be reduced. This is useful when there are numerous transactions because reducing CR permits the auditor to limit, not extend, testing (Choice B).

(Choices A and C) Performing analytical procedures alone would not justify setting the CR low. Controls must be tested.

Things to remember:
When auditors consider reducing the level of control risk (CR), they perform tests of controls. If the control is considered effective, auditors can reduce CR and limit the amount of additional substantive testing.

17
Q

A company employs three accounts payable clerks and one treasurer. Their responsibilities are as follows:

Employee Responsibility
Clerk 1 Reviews vendor invoices for proper signature approval
Clerk 2 Enters vendor invoices into the accounting system and verifies payment terms
Clerk 3 Posts entered vendor invoices to the accounts payable ledger for payment and mails checks
Treasurer Reviews the vendor invoices and signs each check.

Which of the following would indicate a weakness in the company’s internal control?

A.
Clerk 1 opens all of the incoming mail. (3%)

B.
Clerk 2 reconciles the accounts payable ledger with the general ledger monthly. (25%)

C.
Clerk 3 mails the checks and remittances after they have been signed. (66%)

D.
The treasurer uses a stamp for signing checks.

A

Choice C (Correct) and Choices A, B, D (Incorrect): Mailing signed checks gives the employee custody of assets. When that same employee is responsible for posting vender invoices into the accounts payable ledger, the incompatible duties of custody of assets and recording of transactions allows the individual to modify a signed check and hide the fact by recording it in the altered amount. Reviewing vendor invoices for signature approval and opening the incoming mail are not incompatible duties. The same person entering vendor invoices into the accounting system and reconciling the accounts payable ledger with the general ledger does not allow that individual to perpetrate and conceal fraud. It is not unusual for a treasurer to use a stamp for signing checks. It would be considered a weakness if the stamp was not securely maintained.

18
Q

In assessing Risk of Material Misstatement (Control Risk), an auditor ordinarily selects from a variety of techniques, including

A.
Inquiry and recalculation. (8%)

B.
Reperformance and observation. (77%)

C.
Comparison and confirmation. (5%)

D.
Inspection and verification

A

Choice B (Correct) and Choices A, C, D (Incorrect): Although an auditor will generally make inquiries in assessing RMM, recalculation is a substantive test, not a risk assessment procedure nor a test of controls. Reperformance, such as of a control procedure, and observation are both risk assessment procedures used in assessing RMM. Comparison and confirmation are both substantive procedures and, while inspection may be either a risk assessment procedure or a substantive test, verification is generally more closely associated with substantive testing.

19
Q

After obtaining an understanding of the internal control structure and assessing control risk of an entity, an auditor decided not to perform tests of controls. The auditor most likely decided that

A.
The available evidential matter obtained through tests of controls would not support an increased level of control risk. (19%)

B.
A reduction in the assessed level of control risk is justified for certain financial statement assertions. (6%)

C.
It would be inefficient to perform tests of controls that would result in a reduction in planned substantive tests. (65%)

D.
The assessed level of inherent risk exceeded the assessed level of control risk.

A

Choice C (Correct): An auditor would decide not to test internal controls if the controls are not likely to be effective at preventing or detecting misstatements or if it is more efficient to simply perform substantive tests.

Choice A (Incorrect): The auditor would test controls to decrease, not increase, the assessed level of control risk. An auditor would decide not to test internal controls if the controls are not likely to be effective at preventing or detecting misstatements or if it is more efficient to simply perform substantive tests.

Choice B (Incorrect): If a reduction in control risk is justified, the auditor would perform tests of controls. An auditor would decide not to test internal controls if the controls are not likely to be effective at preventing or detecting misstatements or if it is more efficient to simply perform substantive tests.

Choice D (Incorrect): There is no relationship between inherent and control risk. An auditor would decide not to test internal controls if the controls are not likely to be effective at preventing or detecting misstatements or if it is more efficient to simply perform substantive tests.

20
Q

Which of the following statements is correct concerning internal control matters that are noted in an audit and are required to be communicated to the appropriate level of the client’s governance?

A.
They represent material weaknesses in the design or operation of specific internal control structure elements. (56%)

B.
The auditor is obligated to search for internal control deficiencies that could adversely affect the entity’s ability to record and report financial data. (8%)

C.
Internal control matters that are required to be communicated to the client’s governance are not required to be re-communicated each year, even if management has acknowledged its understanding of such deficiencies. (6%)

D.
The auditor may separately communicate those internal control matters considered to be material weaknesses.

A

Choice D (Correct): A material weakness is an internal control deficiency that could result in a material misstatement to the financial statements. Material weaknesses and significant deficiencies in internal control are both required to be communicated to the client, although material weaknesses may be reported to the client separately.

Choice A (Incorrect): Although material weaknesses in internal control are required to be communicated to the client in a written communication, significant deficiencies are as well. As a result, internal control matters that are required to be communicated both, not only material weaknesses.

Choice B (Incorrect): An auditor is not required to search for internal control deficiencies that are required to be communicated to the client’s governance, but is required to understand internal controls to determine the potential misstatements to the financial statements. The auditor may become aware of material weaknesses or significant deficiencies, however, while obtaining and documenting that understanding.

Choice C (Incorrect): Material weaknesses and significant deficiencies in internal control are both required to be communicated to the client. The written communication is also required to re-communicate any reportable conditions that have not been corrected, even when management has acknowledged its understanding of such deficiencies.

21
Q

Lake, CPA, is auditing the financial statements of Gill Co. Gill uses the EDP Service Center, Inc. to process its payroll transactions. EDP’s financial statements are audited by Cope, CPA, who recently issued a report on EDP’s internal control structure. Lake is considering Cope’s report on EDP’s internal control structure in assessing control risk on the Gill engagement. What is Lake’s responsibility concerning making reference to Cope as a basis, in part, for Lake’s own opinion?

A.
Lake may refer to Cope only if Lake is satisfied as to Cope’s professional reputation and independence. (38%)

B.
Lake may refer to Cope only if Lake relies on Cope’s report in restricting the extent of substantive tests. (15%)

C.
Lake may refer to Cope only if Lake’s report indicates the division of responsibility. (18%)

D.
Lake may not refer to Cope under the circumstances above

A

Choice D (Correct) and Choices A, B, C (Incorrect): When evaluating the internal controls of an entity, the auditor may rely on the report of a service auditor as is the case with Lake relying on the report issued by Cope on EDP service center. Since the reliance on this report is for the purposes of assessing control risk, the auditor will not refer to the service center reporting when issuing his or her opinion on the financial statements.

22
Q

Green, CPA, is auditing the financial statements of Ajax Co. Ajax uses the DP Service Center to process its payroll. DP’s financial statements are audited by Blue, CPA, who recently issued a report on DP’s policies and procedures regarding the processing of other entity’s transactions. In considering whether Blue’s report is satisfactory for Green’s purposes, Green should

A.
Make inquiries concerning Blue’s professional reputation. (36%)

B.
Assess control risk at the maximum level. (5%)

C.
Review the audit programs followed by Blue. (50%)

D.
Perform tests of controls at the DP Service Center.

A

Choice A (Correct) and Choices B, C, D (Incorrect): When considering whether or not to rely on the report of a service auditor, a user auditor will evaluate the service auditor’s professional competence and independence from the service organization, which can be assessed by making inquiries about the service auditor’s reputation, and whether the standards under which the report was prepared are appropriate. The user auditor would assess control risk at maximum if the user auditor decided not to rely on the service auditor’s report. If the auditor is not satisfied with the competence and independence of the service auditor, the user auditor will apply other procedures to obtain sufficient appropriate audit evidence that payroll is fairly stated but would not likely review the work of Blue or perform tests of controls at the service entity.

23
Q

Equipment acquisitions that are misclassified as maintenance expense most likely would be detected by an internal control procedure that provides for

A.
Segregation of duties of employees in the accounts payable department. (3%)

B.
Independent verification of invoices for disbursements recorded as equipment acquisitions. (36%)

C.
Investigation of variances within a formal budgeting system. (39%)

D.
Authorization by the board of directors of significant equipment acquisitions.

A

Choice C (Correct): Expensing acquisitions of equipment to the maintenance account is a recording error. Investigating variances in a budget system could detect such an error because the maintenance account would be significantly higher than expected. Segregating duties protects the assets from misappropriation, not misclassification. Independent verification of invoices for disbursements recorded as equipment acquisitions would be a test to ensure no expenses are capitalized not a test to determine if assets were expensed. Authorization controls do not ensure proper recording.

24
Q

In an audit of financial statements in accordance with generally accepted auditing standards, an auditor is always required to

A.
Document the auditor’s understanding of the entity’s internal control. (80%)

B.
Search for significant deficiencies in the operation of the internal control. (1%)

C.
Perform tests of controls to evaluate the effectiveness of the entity’s accounting system. (2%)

D.
Determine whether control procedures are sufficiently effective to prevent or detect material misstatements.

A

Choice A (Correct): The auditor is always required to obtain and document an understanding of the entity’s internal control during an audit conducted in accordance with generally accepted auditing standards.

Choice B (Incorrect): Although an auditor may learn of deficiencies in internal control during the course of an audit, the auditor is not required to search for such deficiencies. The auditor is always required to obtain and document an understanding of the entity’s internal control during an audit conducted in accordance with generally accepted auditing standards.

Choice C (Incorrect): The auditor will perform tests of controls only if the auditor assesses control risk below the maximum. The auditor is always required to obtain and document an understanding of the entity’s internal control during an audit conducted in accordance with generally accepted auditing standards.

Choice D (Incorrect): The auditor will determine whether control procedures are sufficiently effective to prevent or detect fraud only if the auditor assesses control risk below the maximum. The auditor is always required to obtain and document an understanding of the entity’s internal control during an audit conducted in accordance with generally accepted auditing standards.

25
Q

Which of the following factors is most relevant when an auditor considers the client’s organizational structure in the context of control risk?

A.
Management’s attitude toward information processing and accounting departments. (52%)

B.
The organization’s recruiting and hiring practices. (9%)

C.
Physical proximity of the accounting function to upper management. (6%)

D.
The suitability of the client’s lines of reporting.

A

Choice D (Correct) and Choices A, B, C (Incorrect): The client’s organizational structure includes the lines of reporting. Management’s attitude toward information processing and accounting are part of the control environment. The recruiting and hiring practices relate to the entity’s commitment to competence and to reliable financial reporting but does not relate to the organizational structure. The physical proximity of accounting to management is not particularly relevant to the organizational structure.

26
Q

Which of the following are considered control environment factors?

I. Detection Risk

II. Personnel Policies and Practices

A.
Both I and II. (4%)

B.
I only. (5%)

C.
II only. (81%)

D.
Neither I nor II

A

Choice C (Correct) and Choices A, B, D (Incorrect): Detection risk is the risk that the auditor will not detect a material misstatement. Detection risk exists only within the context of the audit so it is not part of the client’s control environment. The control environment includes a Commitment to competence, Human resource policies and practices, the Organizational structure, Participation by those charged with governance, Philosophy of management, Ethical values, and Responsibility assignment (Roger Mnemonic: CHOPPER).

27
Q

When assessing control risk at below the maximum level, an auditor is required to document the auditor’s understanding of the

I. Entity’s control activities that help ensure management directives are carried out.

II. Entity’s control environment factors that help the auditor plan the engagement.

A.
I only. (13%)

B.
II only. (19%)

C.
Both I and II. (58%)

D.
Neither I nor II.

A

Choice C (Correct) and Choices A, B, D (Incorrect): Assessing control risk below maximum indicates that the auditor believes that internal controls can be relied upon to reduce the risk of material misstatement. The auditor would document the understanding of internal control, which will include the control activities that ensure that management’s directives are carried out and factors in the entity’s control environment that are expected to be effective.

28
Q

Which of the following statements indicates that the auditor has gained a sufficient understanding of a client’s internal controls related to the sales order process?

A.
The auditor noted in a narrative that the documentation for the sales order system showed the printing of a shipment-exception report listing noninvoiced shipments. (44%)

B.
In a statistically valid sample of 100 sales transactions, the auditor found five undiscovered exceptions and concluded that the system was weak. (14%)

C.
The auditor interviewed the company’s supervisor of salesclerks and reviewed six shipment-exception reports that were randomly selected and that showed significant unrecorded balances. (31%)

D.
The auditor compared sales orders processed to processing clerk head count for three years and noted that processed orders significantly declined while clerk head count remained the same

A

A
Auditors can obtain an understanding of I/C by various means, including performing walk-throughs, observing control procedures, and creating flowcharts. A process narrative, usually provided by the client and sometimes combined with a flowchart, is typically used to document an auditor’s understanding of I/C.

Tests of controls (performed after planning) are used to evaluate the effectiveness of the I/Cs. To test controls, auditors look for exceptions to the control process and document their frequency for a given sample size. Unrecorded balances are considered exceptions (Choice C). When five exceptions for 100 tested items are noted, a 5% deviation exists. When exceptions are noted, auditors may expand their testing to determine whether the exceptions are isolated or systemic errors (Choice B).

(Choice D) Comparing sales orders for a three-year period is an analytical procedure most likely used to obtain an understanding of the entity’s business environment, not its I/C.

Things to remember:
Auditors typically use client-provided process narratives to document their understanding of internal control during planning. After planning, auditors test the controls they plan to rely on by identifying exceptions to the controls and documenting their frequency.

29
Q

Dunn, CPA, is auditing the financial statements of Taft Co. Taft uses Quick Service Center (QSC) to process its payroll. Price, CPA, is expressing an opinion on a description of the controls placed in operation at QSC regarding the processing of its customers’ payroll transactions. Dunn expects to consider the effects of Price’s report on the Taft engagement. Price’s report should contain a (an)

A.
Description of the scope and nature of Price’s procedures. (37%)

B.
Statement that Dunn may assess control risk based on Price’s report. (8%)

C.
Assertion that Price assumes no responsibility to determine whether QSC’s controls are suitably designed. (13%)

D.
Opinion on the operating effectiveness of QSC’s internal controls.

A

Choice A (Correct) and Choices B, C, D (Incorrect): An engagement to express an opinion on a description of internal controls placed in operation is an engagement to report on controls at a service organization, performed in accordance with attestation standards. The report will include a reference to a description of the service auditor’s tests of controls and the results. It is up to Dunn, not Price, to determine if Dunn will assess control risk based on Price’s report. In an engagement to express an opinion on a description of the controls placed in operation, the accountant does have the responsibility to determine if the controls are suitably designed. The accountant would only provide an opinion on the operating effectiveness of the controls if preparing a report on both controls placed in operation and their effectiveness.

30
Q

As a part of understanding the internal control structure of a nonissuer during a GAAS audit, an auditor is not required to

A.
Consider factors that affect the risk of material misstatement. (3%)

B.
Ascertain whether internal control structure policies and procedures have been placed in operation. (19%)

C.
Identify the types of potential misstatements that can occur. (23%)

D.
Obtain knowledge about the operating effectiveness of the internal control structure.

A

Choice D (Correct): When obtaining an understanding of internal control in the course of an audit of a nonissuer, the auditor is not required to determine the effectiveness of the controls. The auditor will, however, obtain knowledge about operating effectiveness through the performance of tests of controls if the auditor intends to assess control risk below the maximum. When obtaining an understanding of internal controls, the auditor considers factors that affect the risk of misstatement, determines if the controls were placed in operation, seeks to understand the design of the internal controls, and identifies the potential types of misstatements that may occur.

31
Q

Certain internal control matters that come to an auditor’s attention should be communicated to an entity’s audit committee because they represent

A.
Manipulation or falsification of accounting records or documents from which financial statements are prepared. (4%)

B.
Disclosures of information that significantly contradict the auditor’s going concern assumption. (0%)

C.
Material fraud or illegal acts perpetrated by high-level management. (24%)

D.
Significant deficiencies in the design or operation of the internal control structure.

A

Choice D (Correct): Internal control matters that are required to be communicated to the client’s governance include material weaknesses and significant deficiencies, which are deficiencies in the design or operation of the internal control structure. This includes those deficiencies that are sufficiently significant that they could result in a material misstatement to the financial statements, referred to as a material weakness.

AUD (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions