Study and Evaluation of Internal Control

Question 1

Process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objectives

Answer 1

Internal control

Question 2

Policies/procedures that entity establishes to achieve the control objectives of management or those charged with governance

Answer 2

Controls

Question 3

Statements of what should (or should not) be done within the entity to effect control

Answer 3

Policies

Question 4

True or false: Procedures may be enforced through the actions permitted by the IT applications used by the entity

Answer 4

True

Question 5

Controls that are precise enough to address risk of material misstatement at the assertion level

Answer 5

Direct controls

Question 6

Controls that support direct controls

Answer 6

Indirect controls

Question 7

Which of the following is not a characteristic of internal control?

a. It is a process
b. It is effected by entity’s personnel
c. It provides absolute assurance of achieving its objectives
d. Choices a and b

Answer 7

c.

Reasonable, not absolute, assurance

Question 8

Inherent limitations that may affect internal controls (COC CHA)

Answer 8

1. Cost-benefit consideration
2. Overriding by management of controls
3. Collusion with parties outside the entity or with employees (in which controls may be circumvented)
4. Changes in condition and compliance with procedures
5. Human error
6. Anticipated/routine transactions are the ones that controls only tend to focus, rather than unusual/non-routine transactions

Question 9

Consists of plan of organization & procedures and records that are concerned with the decision processes leading to management’s authorization of transactions

Answer 9

Administrative control

Hint: “…MANAGEMENT’S AUTHORIZATION of transactions”

Question 10

Plan of organization and the procedures and records that are concerned with the safeguarding of assets and the reliability of financial records

Answer 10

Accounting control

Hint: “…reliability of FINANCIAL RECORDS”

Question 11

Policies and procedures adopted by management to assist in achieving orderly and efficient conduct of business, safeguarding of assets, prevention and detection of fraud and error, accuracy and completeness of accounting records, and timely preparation of reliable financial information.

Answer 11

Internal control system

Question 12

Set of standards, processes, and structures that provide the basis for carrying out internal control across the organization.

Answer 12

Control environment

Question 13

The following understandings shall be obtained by the auditor for risk assessment process, except:

a. How to manage risks
b. Assignment of authority and responsibility
c. Identifying business risk relevant to FR objectives
d. Assessing significance of risks and likelihood of occurrence

Answer 13

b.

Question 14

Enables the entity to have the ability to generate timely and meaningful information.

Answer 14

Information system

Question 15

Components of an information system:

Answer 15

1. Infrastructure
2. Software
3. People
4. Input/data
5. Output/meaningful information

Question 16

Actions that help management mitigate risks in order to ensure the achievement of objectives.

Answer 16

Control activities

Hint: Control = mitigate

Question 17

True or false: Control activities may be preventive, but never detective in nature and may be performed at all levels of the organization

Answer 17

False.

Preventive AND detective

Question 18

Process of assessing the quality of internal control performance over time

Answer 18

Monitoring

Hint: Assessing = monitoring

Assess is to check.

To monitor is to see/check

Question 19

How can monitoring be accomplished?

a. Performance by persons within same line function
b. Performed by internal auditors, audit committee, and/or external auditors
c. Both choices a and b
d. None of the choices

Answer 19

c.

Question 20

When obtaining an understanding of relevant controls, how shall the auditor evaluate such controls?

Answer 20

1. Inquiry of personnel;
2. Design of controls; and
3. Determination of such have been implemented

Question 21

Way in which the entity’s system of internal control is designed, implemented and maintained varies with an entity’s ________ and _________

Answer 21

Size; complexity

Question 21

How is an auditor’s understanding of the entity’s system of internal control obtained?

Answer 21

Risk assessment procedures

Question 21

Specific audit procedures when obtaining audit evidence ( I O I T)

Answer 21

Inquiry
Observation
Inspection
Tracing transactions (aka walk-through tests)

Question 22

Further audit procedures for internal controls involve:

Answer 22

1. Tests of control
2. Re-assessment of control risk
3. Substantive procedures

Question 22

Which of the following are primarily indirect controls?

a. Control environment
b. Information system and communication
c. Control activities
d. Risk assessment process
e. Options a and d
f. Options b and c

Answer 22

e.

Question 23

When shall an auditor design and perform tests of control?

a. Auditor’s assessment of risks of material misstatement at assertion level includes an expectation that the controls are operating effectively
b. Substantive procedures cannot provide sufficient appropriate evidence at the assertion level
c. Either a or b
d. Both a and b, simultaneously

Answer 23

c

Question 24

Tests of controls over the design of a policy or procedure includes:

Answer 24

Inquiry
Observation
Inspection
Reperformance

Question 25

If the auditor obtains evidence about whether significant changes in controls have occurred subsequent to the previous audit and changes have been observed that will affect the relevance of the evidence, the action of the auditor is to:

Answer 25

Test the controls in the current audit

Question 26

If the auditor obtains evidence about whether significant changes in controls have occurred subsequent to the previous audit and no changes have been observed that will affect the relevance of the evidence, the action of the auditor is to:

Answer 26

Test the controls at least once in every third audit

Question 27

An identified and assessed risk of material misstatement that requires special audit consideration

Answer 27

Significant risk

Question 28

If reassessment of control risk is changed to high, what would be the:

1. Audit approach; and
2. Effect on substantive test?

Answer 28

1. No reliance approach
2. More effective procedures, tests moved to nearer or at year-end, and will involve a larger sample size

Question 29

If reassessment of control risk remains at less than high, what would be the:

1. Audit approach; and
2. Effect on substantive test?

Answer 29

1. Reliance approach
2. Less effective procedures, interim testing, and smaller sample size