Study Unit 5: questions

Question 1

is incompatible duties considered inherent limitations?

Answer 1

NO, The performance of incompatible duties, is a failure to assign different people the functions of authorization, recording, and asset custody, not an inevitable limitation of internal control. Segregation of duties is a category of control activities.

Question 2

What is the limitation inherent to internal control in regards to cost?

Answer 2

The cost of an entity’s internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.

Question 3

In an audit of financial statements, an auditor’s primary consideration regarding an internal control is whether the control

Answer 3

Affects management’s financial statement assertions.

Question 4

Internal control is a process designed to provide reasonable assurance regarding the achievement of the entity’s objectives. It can provide reasonable assurance regarding:

Answer 4

(1) reliability of financial reporting,
(2) compliance with applicable laws and regulations, and (3) effectiveness and efficiency of operations. Because of inherent limitations, however, no system can be designed to eliminate all fraud (AU-C 315).

Question 5

Internal controls are designed to provide reasonable assurance that

Answer 5

Material errors or fraud will be prevented, or detected and corrected, within a timely period by employees in the course of performing their assigned duties.

Question 6

An auditor uses the knowledge provided by the understanding of internal control and the assessed risks of material misstatement primarily to

Answer 6

Determine the nature, timing, and extent of substantive procedures for financial statement assertions.

Question 7

The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with

Answer 7

Knowledge necessary for audit planning.

Question 8

Responsibility for the performance of each duty must be fixed. True or False?

Answer 8

True: Effective internal control may be obtained by decentralization of responsibilities and duties. Fixing the responsibility for each performance or duty makes it easier to trace problems to the person(s) responsible and hold them accountable for their actions.

Question 9

The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include:

Answer 9

(1) participation of those charged with governance,
(2) integrity and ethical values,
(3) organizational structure,
(4) management’s philosophy and operating style,
(5) assignment of authority and responsibility,
(6) human resource policies and practices, and
(7) commitment to competence.

Question 10

The control environment may decrease the effectiveness of control activities when

Answer 10

Management has substantial incentives for meeting earnings projections. The control environment may reduce the effectiveness of other components of internal control. For example, when the nature of management incentives increases the risks of material misstatement of financial statements, the effectiveness of control activities may be reduced.

Question 11

A proper segregation of duties requires that an individual

Answer 11

Recording a transaction not compare the accounting record of the asset with the asset itself.

Question 12

What is a specific transaction authorization?

Answer 12

A specific transaction authorization is applicable to a unique decision. A general authorization establishes criteria and authorizes the routine making of decisions subject to the criteria. Approving a detailed construction budget for a warehouse is a one-time decision.

Question 13

After obtaining an understanding of the entity and its environment, including its internal control, the auditor assesses

Answer 13

Control risk and inherent risk to determine the acceptable level of detection risk.

Question 14

In an audit of financial statements in accordance with generally accepted auditing standards, an auditor should

Answer 14

The auditor should document

(1) the understanding of the entity and its environment and the components of internal control,
(2) the sources of information regarding the understanding, and
(3) the risk assessment procedures performed. The form and extent of the documentation are influenced by the nature and complexity of the entity’s controls (AU-C 315).

Question 15

In all audits, the auditor should obtain an understanding of the components of internal control to identify and assess the RMMs and to design further audit procedures. An understanding is obtained by performing risk assessment procedures to evaluate the design of controls relevant to the audit and determine whether they have been implemented. Risk assessment procedures performed to obtain evidence about the design and implementation of relevant controls include

Answer 15

(1) inquiries,
(2) observation of the application of specific controls,
(3) inspection of documents and reports, and
(4) tracing transactions. Inquiries alone are not sufficient.

Question 16

For the audit of a nonissuer, the primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with

Answer 16

Knowledge necessary to plan the audit.

Question 17

As part of understanding internal control relevant to the audit of a non issuer, an auditor does not need to

Answer 17

Obtain knowledge about the operating effectiveness of internal control.

Question 18

An auditor should obtain an understanding of an entity’s information system, including

Answer 18

Process used to prepare significant accounting estimates.The auditor should obtain an understanding of the information system, including (1) the classes of significant transactions; (2) the ways those transactions are initiated, authorized, recorded, processed, corrected, transferred to the general ledger, and reported; (3) the accounting records, whether electronic or manual; (4) how significant events and conditions other than transactions are captured; (5) the financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures; and (6) controls over journal entries (AU-C 315 and AS No. 12).

Question 19

Is an auditor required to search for significant deficiencies in internal control?

Answer 19

NO, in an audit, the auditor is not obligated to search for significant deficiencies or material weaknesses

Question 20

The understanding (1) evaluates the design of relevant controls and (2) determines whether they have been implemented. This knowledge is used to :

Answer 20

(1) identify the types of potential misstatements,
(2) identify the factors that affect the risks of material misstatements, and
(3) design further audit procedures.

Question 21

The auditor’s understanding of internal control is documented to substantiate

Answer 21

Compliance with generally accepted auditing standards.

Question 22

A conceptually logical approach to the auditor’s consideration of relevant controls consists of the following four steps:
Determine whether the relevant controls are capable of preventing, or detecting and correcting, material misstatements and have been implemented.
Evaluate the operating effectiveness of relevant controls.
Assess the risks of material misstatement.
Design further audit procedures.
What is the most logical order in which these four steps are performed?

Answer 22

Evaluate the design of relevant controls and determine whether they have been implemented,
Assess the RMMs,
Design further audit procedures, and
Test controls.

Question 23

The ultimate purpose of understanding internal control is to contribute to the auditor’s evaluation of the risk that

Answer 23

Material misstatements may exist in the financial statements. The understanding of internal control assists the auditor to (1) identify types of potential misstatements; (2) consider factors that affect the RMMs; and (3) design the nature, timing, and extent of further audit procedures (AU-C 315 and AS No. 12).

Question 24

Which of the following factors is least likely to affect the extent of the auditor’s understanding of the entity’s internal controls?
A. The inherent limitations of an audit.
B. The amount of time budgeted to complete the engagement.
C. The nature of specific relevant controls.
D. The size and complexity of the entity.

Answer 24

The amount of time budgeted to complete the engagement.

Question 25

Decision tables differ from program flowcharts in that decision tables emphasize

Answer 25

Logical relationships among conditions and actions.

Question 26

What is a decision table?

Answer 26

A decision table identifies the contingencies considered in the description of a problem and the appropriate actions to be taken relative to those contingencies. Decision tables are logic diagrams presented in matrix form. Unlike flowcharts, they do not present the sequence of the actions described.

Question 27

The normal sequence of documents and operations on a well-prepared systems flowchart is

Answer 27

Top to bottom and left to right.

Question 28

When documenting internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a

Answer 28

Symbolic representation of a system or series of sequential processes.

Question 29

What is encryption?

Answer 29

Encryption technology converts data into a code. Encoding data before transmission over communications lines makes it more difficult for someone with access to the transmission to understand or modify its contents.

Question 30

What is a hot site?

Answer 30

A hot site is a service facility that is fully operational and is promptly available in the case of a power outage or disaster.

Question 31

Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because

Answer 31

Transactions in a batch computer system are grouped together, or batched, prior to processing. Batches may be processed either daily, weekly, or even monthly. Thus, considerable time may elapse between the initiation of the transaction and the discovery of an error.

Question 32

What is a hash total?

Answer 32

The hash total is a control total without a defined meaning, such as the total of employee numbers or invoice numbers, that is used to verify the completeness of data.

Question 33

What is a check digit verification?

Answer 33

Check digit verification is used to identify incorrect identification numbers. The digit is generated by applying an algorithm to the ID number. During input, the check digit is recomputed by applying the same algorithm to the entered ID number.

Question 34

What is a firewall?

Answer 34

A firewall separates an internal from an external network (e.g., the Internet) and prevents passage of specific types of traffic. It identifies names, Internet Protocol (IP) addresses, applications, etc., and compares them with programmed access rules.

Question 35

What is a trojan horse?

Answer 35

A Trojan horse is a computer program, for example, a game, that appears friendly but that actually contains an application destructive to the computer system.

Question 36

The use of message encryption software

Answer 36

Increases system processing costs. Encryption software uses a fixed algorithm to manipulate plain text and an encryption key (a set of random data bits used as a starting point for the application of the algorithm) to introduce variation. The machine instructions necessary to encrypt and decrypt data require additional processing. As a result, processing costs increase.

Question 37

So that the essential control features of a client’s computer system can be identified and evaluated, the auditor of a nonissuer must, at a minimum, have

Answer 37

A sufficient understanding of the entire computer system. The audit should be performed by a person having adequate technical training and proficiency as an auditor. That auditor is required to obtain a sufficient understanding of internal control to plan the audit and determine the nature, timing, and extent of tests to be performed. Hence, the auditor should have the training and proficiency that are necessary to understand controls relevant to the computer system.

Question 38

The firewall system that limits access to a computer by routing users to replicated Web pages is

Answer 38

A proxy server. A proxy server maintains copies of web pages to be accessed by specified users. Outsiders are directed there, and more important information is not available from this access point.

Question 39

What is a validity check?

Answer 39

Validity checks test identification numbers or transaction codes for validity by comparison with items already known to be correct or authorized. For example, a validity check may identify a transmission for which the control field value did not match a pre-existing record in a file.

Question 40

The online data entry control called preformatting is

Answer 40

The display of a document with blanks for data items to be entered by the terminal operator. To avoid data entry errors in online systems, a preformatted screen approach may be used. It is a screen prompting approach that involves the display on a monitor of a set of boxes for entry of specified data items. The format may even be in the form of a copy of a transaction document. This technique is best suited to conversion of data from a source document.

Question 41

What are local area networks? LAN

Answer 41

Local area networks are privately owned networks that provide high speed communication among nodes. They are usually restricted to limited areas, such as a particular floor of an office building.