Chapter 5 Internal Control
40 Pages

Chapter 5 Internal Control

Course Number: AUDITING 101, Spring 2012

College/University: Binghamton

Word Count: 8759

Rating:

Document Preview

Chapter 5: Internal Control over Financial Reporting Chapter 5: Internal Control over Financial Reporting Student: ___________________________________________________________________________ 1. Internal control is a process designed to guarantee the achievement of the objectives of reliable financial reporting, compliance with laws and regulations and ineffective and inefficient operations. True False 2....

Unformatted Document Excerpt
Coursehero >> New York >> Binghamton >> AUDITING 101

Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

Course Hero has millions of student submitted documents similar to the one below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.

5: Chapter Internal Control over Financial Reporting Chapter 5: Internal Control over Financial Reporting Student: ___________________________________________________________________________ 1. Internal control is a process designed to guarantee the achievement of the objectives of reliable financial reporting, compliance with laws and regulations and ineffective and inefficient operations. True False 2. Auditing standards require that the auditor exercise professional judgment and maintain professional skepticism throughout the planning and performance of the audit. True False 3. If internal controls are not enforced they are useless and can lead to waste and fraud. True False 4. If an organization is too lenient in its treatment of employees who committed fraud, the control environment will be seen as stronger than if the treatment were harsher. True False 5. Weakness in the tone at the top have been associated with most financial frauds during the past decade. True False 6. Virtually all major financial frauds from the past decade were associated with organizations that had weaknesses in the control environment True False 7. Internal control is a process designed to provide reasonable assurance regarding the achievement of the objectives of reliable financial reporting, compliance with laws and regulations and effective and efficient operations, and safeguarding of the assets. True False 8. The quality of an organization's internal control will affect both the audit approach and the amount of testing needed for an engagement. True False 9. Control activities are the policies and procedures that are established to assist in accomplishing objectives and to mitigate risks. True False 10. Computer controls that are pervasive and affect every computerized system are referred as application controls. True False 11. Control is considered to be part of corporate governance. True False 12. Good control means that risks are identified and dealt with effectively. True False 13. Investors do not place much value on the internal control of the companies in which they invest. True False 14. The PCAOB, in Auditing Standard No. 5, indicates that auditors should use a bottom-up approach that begins at the financial statement level. True False 15. Internal control is applied across all activities of the organization. True False 16. The more effective the quality of internal control, the lower the control risk. True False 17. The five major components of an organization's internal control are: the control environment, risk assessment, control activities, information and communication, and materiality. True False 18. A company's internal auditing practices should not be considered when assessing control risk. True False 19. An organization's control environment is established and maintained by the internal auditing department. True False 20. Authorization Procedures include that all senior members of the accounting department have the authority to record any transaction. True False 21. Physical controls are necessary to protect and safeguard assets from accidental or intentional destruction and theft. True False 22. Monitoring of the internal controls involves assessment by appropriate personnel of the design and operation of controls on a timely basis and taking necessary actions. True False 23. An auditor is not required to obtain evidence about the design and operation of the internal controls to reduce the assessment of control risk below maximum. True False 24. Segregation of duties refers to the duties of authorizing a transaction, recording the transaction, and taking physical custody of assets related to the transaction. True False 25. In addition to controls being specific, they may be broad, such as policies regarding a code of ethics. True False 26. Physical controls to safeguard assets are not intended to include simple controls such as fences and locks. True False 27. Self-checking digit algorithms have been developed to test for transposition errors associated with identification numbers. True False 28. When control risk is assessed at a maximum level, the auditor assumes that the internal controls are reliable in preventing or detecting material misstatements. True False 29. When control risk is assessed at a minimum level, the auditor assumes that the internal controls are reliable in preventing or detecting material misstatements. True False 30. Performing a walk-through provides an auditor an understanding of the nature of processing in important accounting applications. True False 31. The payroll department should be responsible for signing payroll checks. True False 32. A strong control environment can reduce all the financial reporting risks to zero. True False 33. The auditor's preliminary assessment of control risk is based on an understanding of the control system as it has operated in the past and is designed to operate. True False 34. When control risk is assessed at less than maximum, the auditor must gain assurance that the control procedures are effective. True False 35. The auditor is obligated to report significant deficiencies in the control structure discovered during an audit to the audit committee or its equivalent. True False 36. One of the advantages of a computerized accounting system is that the computerized system eliminates the need for internal controls. True False 37. Transaction-oriented controls should be tested using the guidelines developed for attribute testing utilizing statistical sampling techniques. True False 38. Control risk can be evaluated on a scale from high to low. True False 39. Testing internal control for effectiveness is done in every audit. True False 40. Walkthroughs and inquiries are often used to obtain an understanding of internal controls. True False 41. The auditor should obtain an understanding of whether the clients controls sufficiently address the risk of material misstatement due to fraud. True False 42. The PCAOBs requirement is that documentation must be able to be interpreted by an auditor not connected to the engagement. True False 43. When the auditor believes the design of controls of a non-public company is effective but does not test the controls, the auditor can assess control risk as moderate in some circumstances but otherwise it should be assessed as high. True False 44. Transaction oriented controls are designed to operate on every transaction throughout the year. True False 45. An external auditor provides a separate opinion on the effectiveness of internal control for large publicly traded companies. True False 46. One of the components of internal control, monitoring, refers to the process of identifying, capturing, and exchanging information in a timely fashion to enable accomplishment of the organizations objectives. True False 47. One of the components of internal control, the control environment, is considered pervasive and the auditor should start the evaluation of controls at this level. True False 48. Control activities may be implemented at the organizational level and at the transactional level. True False 49. Internal control objectives are designed to assist the organization in assuring which of the following: A. the organization has effective and efficient operations related to its overall strategy B. the activities of the organization are in compliance with applicable laws and regulations C. the assets of the organization are safeguarded from theft and fraud D. all of the above. 50. There is a high risk, as well as a history, that fraud is instituted through which of the following: A. adjusting entries. B. closing entries. C. unusual journal entries. D. all of the above. 51. The quality of an organization's internal controls affects A. the reliability of financial data. B. the ability of management to make good decisions. C. the ability to sustain an effective business. D. all of the above. 52. Internal control is a process designed to achieve objectives in which one of the following categories? A. reliability of financial reporting B. compliance with applicable laws C. ineffectiveness of operations D. both A and B 53. Which of the following is not a reason that the auditor must gain an understanding of the clients internal control system? A. to better understand the client, its risks, and how it manages those risks. B. to assess control risk and identify the types of financial statement misstatements that are most likely to occur. C. to plan direct tests of account balances to determine if misstatements have occurred. D. all are reasons why auditors must gain an understanding of the clients internal control system. 54. Which one of the following groups is interested in an organization's control structure? A. board members B. lenders C. auditors D. all of the above 55. The tone of internal control typically originates internally with: A. auditors. B. employees. C. management. D. stockholders. 56. The major components of an organization's internal control structure consist of all of the following except A. control risk. B. the control environment. C. risk assessment. D. control activities. 57. What is managements primary purpose of effective internal control in an organization? A. Obtaining high-quality data for making good business decisions. B. Completion of a successful audit for the entity. C. Shareholder involvement in the companys success. D. Obtaining profitability and financial strength. 58. Which one of the following components of the system of internal controls sets the tone for the organization? A. control risk assessment B. control environment C. information and communication D. monitoring 59. The control environment includes all of the following except A. management philosophy and operating style. B. methods of assigning authority and responsibility. C. personnel policies and practices. D. control activities. 60. Which of the following is not one of the seven underlying principles of an effective control environment as developed by COSO? A. integrity and ethical values. B. managements philosophy and operating style. C. authority and responsibility. D. information and communication. 61. One of the major components of an organization's internal control structure includes: A. major new financing. B. the financial environment. C. risk assessment. D. telecommunication equipment. 62. A component of COSOs internal control system concerns the process of identifying, capturing, and exchanging information in a timely fashion to enable accomplishment of the organizations objective. This component is called A. control activities. B. information and communication. C. monitoring. D. control environment. 63. The PCAOB requires auditors of public companies to perform A. a financial statement audit and an attest audit. B. a financial statement audit and an assurance audit. C. a financial statement audit and agreed upon procedures. D. a financial statement audit and an audit of internal control. 64. The control environment includes which of the following? A. Control activities. B. Management philosophy and operating style. C. Assessing activity level risks. D. Application level controls. 65. Personnel policies and procedures are designed to ensure that the organization A. hires the right people. B. complies with federal and state laws in its hiring and retention decisions. C. has employees that are properly trained and supervised. D. performs all of the above. 66. Management of large public companies is required to report on its internal controls with its financial statements. This report is required to include all of the following except: A. its responsibility for control of financial reporting. B. the framework used for internal control. C. an assessment of the effectiveness of the company's internal control D. the statement that the company is not required to have an audit on internal control. 67. Which one of the following represents a classification of control deficiency by the PCAOB? A. A missing control that is required for achievement of objectives. B. A control that operates as designed. C. A control that ensures the reliability of financial reporting. D. An immaterial individual misstatement in internal control. 68. Which one of the following will an audit of a company's internal control include? A. Reliance on clients internal controls testing. B. Sampling of key controls and related testing. C. Concluding on the accuracy of income statement balances. D. Design of the internal control system by the auditor. 69. All of the following are pervasive computer controls except: A. Planning and controlling the data processing function. B. Controlling access to equipment, data, and programs. C. Ensuring data is accessible to management on a timely basis. D. Controlling applications development and changes to programs. 70. The personnel department should be responsible for: A. authorization of new employees. B. generation of payroll checks. C. timekeeping. D. all of the above. 71. If the auditor of financial statements understands internal control and assesses control risk as low, it is assumed that internal control: A. will be tested to support the assessment. B. is not required to be tested as it is considered strong. C. is considered relatively weak and will not be tested. D. has been assessed erroneously by the auditor. 72. To support an assessment that control risk is low, the auditor of financial statements must: A. achieve the same conclusion after appropriately testing internal control. B. achieve the same conclusion after appropriately performing substantive procedures. C. perform increased substantive procedures in order to compensate for the lower rating. D. perform limited substantive procedures as the assessment is justified. 73. Which of the following is an example of a type of control that may be tested? A. Interest accrued on notes payable. B. Cash surrender value of life insurance classified as long-term asset. C. A spreadsheet used to create a pivot table for the summarization of accounts receivable. D. Reconciliations performed monthly on accounts. 74. A graphic representation of an accounting application that normally identifies key controls that are effective in achieving specific control policies and procedures is: A. an internal control questionnaire. B. a flowchart. C. an internal control narrative. D. a walk-through. 75. Which of the following best represents a walk-through? A. The controller reviews the bank reconciliation prepared by the accountant and its resulting journal entries. B. The auditor walks the production line to find inefficiencies in the inventory process and reports them to management. C. The controller takes a sample of write-offs to ensure they have been adequately documented and recorded. D. The auditor traces three purchasing transactions from the purchase order to the financial statement for observation and understanding. 76. The auditor uses a variety of procedures to test whether controls effectively. These procedures may all of the following except: A. Take a sample of purchase orders and trace them through the system to determine whether (a) there was proper review of credit, and (b) credit authorization or denial was proper. B. Take a sample of recorded items (accounts payable) and send a positive confirmation to the related vendors to determine whether the balance is properly stated. C. Take a sample of recorded items (accounts receivable) and trace back to the credit approval process to determine that it was performed appropriately. D. Use a computer audit program to read all accounts receivable and develop a printout of all account balances that exceed their credit authorization. 77. Which of the following would result in an adverse report issued by an auditor on an audit of internal control? A. The control risk is assessed at a lower level. B. The tests of controls support the documented understanding of controls. C. There is a material weakness in the design or operation of controls. D. A confirmation is not returned by a customer in a timely manner. 78. Physical controls to safeguard assets would include: A. hiring only trustworthy cashiers B. segregation of duties C. locks on the warehouse doors D. safety audits on the production-line 79. A financial statement auditor concludes that internal controls over cash are not functioning as designed. She believes that material misstatements to the cash accounts are possible because of the deficiencies. What is the course of action that the auditor will most likely take? A. Report the audit to the regulatory agencies of the IRS and SEC. B. Develop specific tests for cash balances to determine the extent of misstatement. C. Explain to the client that the audit firm will not be able to complete the audit. D. Test the internal control over cash. 80. Which one of the following is not a control activity implemented in most accounting systems? A. segregation of duties B. competent, trustworthy employees C. authorization procedures D. all of these activities are normally implemented. 81. A material weakness in the design of the operation of controls discovered in an audit of internal controls results in: A. A qualified management letter. B. An adverse report on internal controls. C. The firing of the auditors. D. Adjusting audit journal entries. 82. An auditor obtains evidence of the internal control over the accounting system by all of the following except: A. performing walkthroughs of the accounting system. B. making inquiries of banks and attorneys. C. reviewing system flowcharts. D. taking plant and operational tours. 83. Which of the following will an auditor perform to better understand a client's internal control over accounting systems? A. An auditor will re-test subsequent year working papers. B. An auditor will review previous year working papers. C. An auditor will copy previous year working papers. D. An auditor will re-draft subsequent year working papers. 84. Internal control is a process affected by the organizations board of directors, management, and other personnel to provide reasonable assurance of achieving certain objectives. Which of the following does not fit into one of these categories of objectives? A. reliability of financial reporting. B. compliance with laws and regulations. C. continuing existence. D. effectiveness and efficiency of operations. 85. Which of the following will an auditor use to document an understanding of internal control? A. Checklists, disclosures and procedures. B. The audit report, internal control opinions and confirmations. C. Workpapers, engagement letters and management representation letters. D. Questionnaires, narratives and flowcharts. 86. Which is clearly a test of control? A. Confirmation to a customer of an accounts receivable balance. B. Examination of a sample of purchase order records for electronic, authenticated, authorization. C. Observing the controller's use of company owned equipment. D. Sending a letter to the client's attorney to determine litigation that is pending between plaintiff and the defendant. 87. An auditor's test of transaction processing whereby the auditor is evaluating both the operation and effectiveness of controls and the correctness and completeness of processing and posting to an account balance is: A. a test of controls. B. a substantive test. C. a dual-purpose test. D. an analytical review procedure. 88. An auditor of a client company that has multiple locations must: A. increase control risk to moderate or high. B. conclude that independent business units of the consolidation are immaterial. C. issue multiple audit reports for each segment of the company. D. determine the universal application of controls across the company. 89. In order to further understand internal control, an auditor may use inquiry methods by: A. interviewing key employees to gain further insight into the internal control environment. B. observing the safeguarding of assets by checking locked doors and safes. C. tracing a transaction from the boundary of the organization through to the final reporting. D. documenting thoroughly the internal control through the use of narratives. 90. In a large company, who usually actively performs the monitoring of internal control? A. Internal auditors B. PCAOB C. CFO D. External auditors 91. Which of the following is not true of internal control as defined by COSO? A. it is narrower than internal control over financial reporting. B. it is a process that includes all elements of internal control working together. C. it includes all the people in the organization. D. it starts at the top of the organization in setting a tone. 92. Which of the following is not true of the concepts that are embodied in the COSO framework of internal control? A. Internal control relates to the organizations objectives. B. The six components of internal control are logically and operationally intertwined. C. Internal control applies across all activities of the organization. D. All of the above are important concepts 93. The major components of an organizations internal controls consists of all of the following except A. risk assessment. B. control environment. C. control activities. D. control risk 94. Which of the following is part of the control environment of an organization? A. managements philosophy and operating style. B. organizational structure. C. human resources. D. all of the above 95. When control risk is assessed as high the auditor needs to: A. perform more tests of controls. B. perform more direct testing of account balances. C. perform significantly fewer tests of controls. D. perform significantly less testing of account balances. 96. Which of the following is a detective control designed to detect the occurrence of a misstatement? A. access controls. B. edit controls. C. reconciliations. D. all of the above are detective controls. 97. A component of COSOs internal control system concerns the process that provides feedback on the effectiveness of the other components of internal control. This component is called: A. information and communication. B. monitoring. C. control activities. D. risk assessment. 98. Internal control Define the term "internal control" and identify the major components of an internal control system. 99. Control environment One of the elements of an organization's control system is the "control environment." Identify at least four factors that the auditor should consider when reviewing the control environment and discuss how the auditor would relate this review to the assessment of control risk. 100. Understanding internal control The auditor identifies four phases or steps in the control risk assessment procedure. Phase I involves obtaining an understanding of the internal control structure. Identify at least four methods the auditor might use in gathering the information and briefly describe each one. 101. Documenting internal control understanding Auditors must document their understanding and evaluation of the internal control system. Identify and briefly describe the three most commonly used methods for such documentation. 102. Integrated audit Explain the application of an integrated audit as it relates to regulation. Discuss the reasons that this integrated approach may occur. 103. Assessing control risk Discuss the impact of control risk assessment on an audit of the financial statements. 104. Documenting internal control Discuss how an auditor would utilize a client's flowchart documentation in the audit of financial statements. 105. COSO: A Framework for Internal Control What is internal control as defined by COSO? Also explain, the other elements of the definition that are important to internal control 106. Pervasive control activities Discuss what pervasive control activities are and provide an example of at least three. 107. Auditor Evaluation of Internal Controls What are the steps in integrated audit process? 108. IT Controls Integrated into Internal Control Evaluations Explain Input Controls 109. Relationship of the five internal control components The five components of the COSO internal control system are conceptually and logically integrated. List the five components of the model and describe how they are integrated with each other in the internal control process. Use the following format: Components Description Chapter 5: Internal Control over Financial Reporting Key 1. Internal control is a process designed to guarantee the achievement of the objectives of reliable financial reporting, compliance with laws and regulations and ineffective and inefficient operations. FALSE 2. Auditing standards require that the auditor exercise professional judgment and maintain professional skepticism throughout the planning and performance of the audit. TRUE 3. If internal controls are not enforced they are useless and can lead to waste and fraud. TRUE 4. If an organization is too lenient in its treatment of employees who committed fraud, the control environment will be seen as stronger than if the treatment were harsher. FALSE 5. Weakness in the tone at the top have been associated with most financial frauds during the past decade. TRUE 6. Virtually all major financial frauds from the past decade were associated with organizations that had weaknesses in the control environment TRUE 7. Internal control is a process designed to provide reasonable assurance regarding the achievement of the objectives of reliable financial reporting, compliance with laws and regulations and effective and efficient operations, and safeguarding of the assets. TRUE 8. The quality of an organization's internal control will affect both the audit approach and the amount of testing needed for an engagement. TRUE 9. Control activities are the policies and procedures that are established to assist in accomplishing objectives and to mitigate risks. TRUE 10. Computer controls that are pervasive and affect every computerized system are referred as application controls. FALSE 11. Control is considered to be part of corporate governance. TRUE 12. Good control means that risks are identified and dealt with effectively. TRUE 13. Investors do not place much value on the internal control of the companies in which they invest. FALSE 14. The PCAOB, in Auditing Standard No. 5, indicates that auditors should use a bottom-up approach that begins at the financial statement level. FALSE 15. Internal control is applied across all activities of the organization. TRUE 16. The more effective the quality of internal control, the lower the control risk. TRUE 17. The five major components of an organization's internal control are: the control environment, risk assessment, control activities, information and communication, and materiality. FALSE 18. A company's internal auditing practices should not be considered when assessing control risk. FALSE 19. An organization's control environment is established and maintained by the internal auditing department. FALSE 20. Authorization Procedures include that all senior members of the accounting department have the authority to record any transaction. FALSE 21. Physical controls are necessary to protect and safeguard assets from accidental or intentional destruction and theft. TRUE 22. Monitoring of the internal controls involves assessment by appropriate personnel of the design and operation of controls on a timely basis and taking necessary actions. TRUE 23. An auditor is not required to obtain evidence about the design and operation of the internal controls to reduce the assessment of control risk below maximum. FALSE 24. Segregation of duties refers to the duties of authorizing a transaction, recording the transaction, and taking physical custody of assets related to the transaction. TRUE 25. In addition to controls being specific, they may be broad, such as policies regarding a code of ethics. TRUE 26. Physical controls to safeguard assets are not intended to include simple controls such as fences and locks. FALSE 27. Self-checking digit algorithms have been developed to test for transposition errors associated with identification numbers. TRUE 28. When control risk is assessed at a maximum level, the auditor assumes that the internal controls are reliable in preventing or detecting material misstatements. FALSE 29. When control risk is assessed at a minimum level, the auditor assumes that the internal controls are reliable in preventing or detecting material misstatements. TRUE 30. Performing a walk-through provides an auditor an understanding of the nature of processing in important accounting applications. TRUE 31. The payroll department should be responsible for signing payroll checks. FALSE 32. A strong control environment can reduce the all financial reporting risks to zero. FALSE 33. The auditor's preliminary assessment of control risk is based on an understanding of the control system as it has operated in the past and is designed to operate. TRUE 34. When control risk is assessed at less than maximum, the auditor must gain assurance that the control procedures are effective. TRUE 35. The auditor is obligated to report significant deficiencies in the control structure discovered during an audit to the audit committee or its equivalent. TRUE 36. One of the advantages of a computerized accounting system is that the computerized system eliminates the need for internal controls. FALSE 37. Transaction-oriented controls should be tested using the guidelines developed for attribute testing utilizing statistical sampling techniques. TRUE 38. Control risk can be evaluated on a scale from high to low. TRUE 39. Testing internal control for effectiveness is done in every audit. FALSE 40. Walkthroughs and inquiries are often used to obtain an understanding of internal controls. TRUE 41. The auditor should obtain an understanding of whether the clients controls sufficiently address the risk of material misstatement due to fraud. TRUE 42. The PCAOBs requirement is that documentation must be able to be interpreted by an auditor not connected to the engagement. TRUE 43. When the auditor believes the design of controls of a non-public company is effective but does not test the controls, the auditor can assess control risk as moderate in some circumstances but otherwise it should be assessed as high. TRUE 44. Transaction oriented controls are designed to operate on every transaction throughout the year. TRUE 45. An external auditor provides a separate opinion on the effectiveness of internal control for large publicly traded companies. TRUE 46. One of the components of internal control, monitoring, refers to the process of identifying, capturing, and exchanging information in a timely fashion to enable accomplishment of the organizations objectives. FALSE 47. One of the components of internal control, the control environment, is considered pervasive and the auditor should start the evaluation of controls at this level. TRUE 48. Control activities may be implemented at the organizational level and at the transactional level. TRUE 49. Internal control objectives are designed to assist the organization in assuring which of the following: A. the organization has effective and efficient operations related to its overall strategy B. the activities of the organization are in compliance with applicable laws and regulations C. the assets of the organization are safeguarded from theft and fraud D. all of the above. 50. There is a high risk, as well as a history, that fraud is instituted through which of the following: A. adjusting entries. B. closing entries. C. unusual journal entries. D. all of the above. 51. The quality of an organization's internal controls affects A. the reliability of financial data. B. the ability of management to make good decisions. C. the ability to sustain an effective business. D. all of the above. 52. Internal control is a process designed to achieve objectives in which one of the following categories? A. reliability of financial reporting B. compliance with applicable laws C. ineffectiveness of operations D. both A and B 53. Which of the following is not a reason that the auditor must gain an understanding of the clients internal control system? A. to better understand the client, its risks, and how it manages those risks. B. to assess control risk and identify the types of financial statement misstatements that are most likely to occur. C. to plan direct tests of account balances to determine if misstatements have occurred. D. all are reasons why auditors must gain an understanding of the clients internal control system. 54. Which one of the following groups is interested in an organization's control structure? A. board members B. lenders C. auditors D. all of the above 55. The tone of internal control typically originates internally with: A. auditors. B. employees. C. management. D. stockholders. 56. The major components of an organization's internal control structure consist of all of the following except A. control risk. B. the control environment. C. risk assessment. D. control activities. 57. What is managements primary purpose of effective internal control in an organization? A. Obtaining high-quality data for making good business decisions. B. Completion of a successful audit for the entity. C. Shareholder involvement in the companys success. D. Obtaining profitability and financial strength. 58. Which one of the following components of the system of internal controls sets the tone for the organization? A. control risk assessment B. control environment C. information and communication D. monitoring 59. The control environment includes all of the following except A. management philosophy and operating style. B. methods of assigning authority and responsibility. C. personnel policies and practices. D. control activities. 60. Which of the following is not one of the seven underlying principles of an effective control environment as developed by COSO? A. integrity and ethical values. B. managements philosophy and operating style. C. authority and responsibility. D. information and communication. 61. One of the major components of an organization's internal control structure includes: A. major new financing. B. the financial environment. C. risk assessment. D. telecommunication equipment. 62. A component of COSOs internal control system concerns the process of identifying, capturing, and exchanging information in a timely fashion to enable accomplishment of the organizations objective. This component is called A. control activities. B. information and communication. C. monitoring. D. control environment. 63. The PCAOB requires auditors of public companies to perform A. a financial statement audit and an attest audit. B. a financial statement audit and an assurance audit. C. a financial statement audit and agreed upon procedures. D. a financial statement audit and an audit of internal control. 64. The control environment includes which of the following? A. Control activities. B. Management philosophy and operating style. C. Assessing activity level risks. D. Application level controls. 65. Personnel policies and procedures are designed to ensure that the organization A. hires the right people. B. complies with federal and state laws in its hiring and retention decisions. C. has employees that are properly trained and supervised. D. performs all of the above. 66. Management of large public companies is required to report on its internal controls with its financial statements. This report is required to include all of the following except: A. its responsibility for control of financial reporting. B. the framework used for internal control. C. an assessment of the effectiveness of the company's internal control D. the statement that the company is not required to have an audit on internal control. 67. Which one of the following represents a classification of control deficiency by the PCAOB? A. A missing control that is required for achievement of objectives. B. A control that operates as designed. C. A control that ensures the reliability of financial reporting. D. An immaterial individual misstatement in internal control. 68. Which one of the following will an audit of a company's internal control include? A. Reliance on clients internal controls testing. B. Sampling of key controls and related testing. C. Concluding on the accuracy of income statement balances. D. Design of the internal control system by the auditor. 69. All of the following are pervasive computer controls except: A. Planning and controlling the data processing function. B. Controlling access to equipment, data, and programs. C. Ensuring data is accessible to management on a timely basis. D. Controlling applications development and changes to programs. 70. The personnel department should be responsible for: A. authorization of new employees. B. generation of payroll checks. C. timekeeping. D. all of the above. 71. If the auditor of financial statements understands internal control and assesses control risk as low, it is assumed that internal control: A. will be tested to support the assessment. B. is not required to be tested as it is considered strong. C. is considered relatively weak and will not be tested. D. has been assessed erroneously by the auditor. 72. To support an assessment that control risk is low, the auditor of financial statements must: A. achieve the same conclusion after appropriately testing internal control. B. achieve the same conclusion after appropriately performing substantive procedures. C. perform increased substantive procedures in order to compensate for the lower rating. D. perform limited substantive procedures as the assessment is justified. 73. Which of the following is an example of a type of control that may be tested? A. Interest accrued on notes payable. B. Cash surrender value of life insurance classified as long-term asset. C. A spreadsheet used to create a pivot table for the summarization of accounts receivable. D. Reconciliations performed monthly on accounts. 74. A graphic representation of an accounting application that normally identifies key controls that are effective in achieving specific control policies and procedures is: A. an internal control questionnaire. B. a flowchart. C. an internal control narrative. D. a walk-through. 75. Which of the following best represents a walk-through? A. The controller reviews the bank reconciliation prepared by the accountant and its resulting journal entries. B. The auditor walks the production line to find inefficiencies in the inventory process and reports them to management. C. The controller takes a sample of write-offs to ensure they have been adequately documented and recorded. D. The auditor traces three purchasing transactions from the purchase order to the financial statement for observation and understanding. 76. The auditor uses a variety of procedures to test whether controls effectively. These procedures may all of the following except: A. Take a sample of purchase orders and trace them through the system to determine whether (a) there was proper review of credit, and (b) credit authorization or denial was proper. B. Take a sample of recorded items (accounts payable) and send a positive confirmation to the related vendors to determine whether the balance is properly stated. C. Take a sample of recorded items (accounts receivable) and trace back to the credit approval process to determine that it was performed appropriately. D. Use a computer audit program to read all accounts receivable and develop a printout of all account balances that exceed their credit authorization. 77. Which of the following would result in an adverse report issued by an auditor on an audit of internal control? A. The control risk is assessed at a lower level. B. The tests of controls support the documented understanding of controls. C. There is a material weakness in the design or operation of controls. D. A confirmation is not returned by a customer in a timely manner. 78. Physical controls to safeguard assets would include: A. hiring only trustworthy cashiers B. segregation of duties C. locks on the warehouse doors D. safety audits on the production-line 79. A financial statement auditor concludes that internal controls over cash are not functioning as designed. She believes that material misstatements to the cash accounts are possible because of the deficiencies. What is the course of action that the auditor will most likely take? A. Report the audit to the regulatory agencies of the IRS and SEC. B. Develop specific tests for cash balances to determine the extent of misstatement. C. Explain to the client that the audit firm will not be able to complete the audit. D. Test the internal control over cash. 80. Which one of the following is not a control activity implemented in most accounting systems? A. segregation of duties B. competent, trustworthy employees C. authorization procedures D. all of these activities are normally implemented. 81. A material weakness in the design of the operation of controls discovered in an audit of internal controls results in: A. A qualified management letter. B. An adverse report on internal controls. C. The firing of the auditors. D. Adjusting audit journal entries. 82. An auditor obtains evidence of the internal control over the accounting system by all of the following except: A. performing walkthroughs of the accounting system. B. making inquiries of banks and attorneys. C. reviewing system flowcharts. D. taking plant and operational tours. 83. Which of the following will an auditor perform to better understand a client's internal control over accounting systems? A. An auditor will re-test subsequent year working papers. B. An auditor will review previous year working papers. C. An auditor will copy previous year working papers. D. An auditor will re-draft subsequent year working papers. 84. Internal control is a process affected by the organizations board of directors, management, and other personnel to provide reasonable assurance of achieving certain objectives. Which of the following does not fit into one of these categories of objectives? A. reliability of financial reporting. B. compliance with laws and regulations. C. continuing existence. D. effectiveness and efficiency of operations. 85. Which of the following will an auditor use to document an understanding of internal control? A. Checklists, disclosures and procedures. B. The audit report, internal control opinions and confirmations. C. Workpapers, engagement letters and management representation letters. D. Questionnaires, narratives and flowcharts. 86. Which is clearly a test of control? A. Confirmation to a customer of an accounts receivable balance. B. Examination of a sample of purchase order records for electronic, authenticated, authorization. C. Observing the controller's use of company owned equipment. D. Sending a letter to the client's attorney to determine litigation that is pending between plaintiff and the defendant. 87. An auditor's test of transaction processing whereby the auditor is evaluating both the operation and effectiveness of controls and the correctness and completeness of processing and posting to an account balance is: A. a test of controls. B. a substantive test. C. a dual-purpose test. D. an analytical review procedure. 88. An auditor of a client company that has multiple locations must: A. increase control risk to moderate or high. B. conclude that independent business units of the consolidation are immaterial. C. issue multiple audit reports for each segment of the company. D. determine the universal application of controls across the company. 89. In order to further understand internal control, an auditor may use inquiry methods by: A. interviewing key employees to gain further insight into the internal control environment. B. observing the safeguarding of assets by checking locked doors and safes. C. tracing a transaction from the boundary of the organization through to the final reporting. D. documenting thoroughly the internal control through the use of narratives. 90. In a large company, who usually actively performs the monitoring of internal control? A. Internal auditors B. PCAOB C. CFO D. External auditors 91. Which of the following is not true of internal control as defined by COSO? A. it is narrower than internal control over financial reporting. B. it is a process that includes all elements of internal control working together. C. it includes all the people in the organization. D. it starts at the top of the organization in setting a tone. 92. Which of the following is not true of the concepts that are embodied in the COSO framework of internal control? A. Internal control relates to the organizations objectives. B. The six components of internal control are logically and operationally intertwined. C. Internal control applies across all activities of the organization. D. All of the above are important concepts 93. The major components of an organizations internal controls consists of all of the following except A. risk assessment. B. control environment. C. control activities. D. control risk 94. Which of the following is part of the control environment of an organization? A. managements philosophy and operating style. B. organizational structure. C. human resources. D. all of the above 95. When control risk is assessed as high the auditor needs to: A. perform more tests of controls. B. perform more direct testing of account balances. C. perform significantly fewer tests of controls. D. perform significantly less testing of account balances. 96. Which of the following is a detective control designed to detect the occurrence of a misstatement? A. access controls. B. edit controls. C. reconciliations. D. all of the above are detective controls. 97. A component of COSOs internal control system concerns the process that provides feedback on the effectiveness of the other components of internal control. This component is called: A. information and communication. B. monitoring. C. control activities. D. risk assessment. 98. Internal control Define the term "internal control" and identify the major components of an internal control system. Internal control is defined as a process effected by management to provide reasonable assurance that the following objectives are met: 1. 2. 3. 4. the reliability of financial reporting; compliance with applicable laws and regulations; effectiveness and efficiency of operations; and the safeguarding of assets. The major components of internal control are: 1. control environment; 2. risk assessment; 3. control activities; 4. information and communication; and 5. monitoring. 99. Control environment One of the elements of an organization's control system is the "control environment." Identify at least four factors that the auditor should consider when reviewing the control environment and discuss how the auditor would relate this review to the assessment of control risk. The factors that an auditor should consider when reviewing the control environment would include: management's philosophy and operating style. the entity's organization structure. the functioning of the board of directors and its committees. methods of assigning authority and responsibility. management's control methods for monitoring and following up on performance, including internal auditing. personnel policies and practices. external influences such as bank regulatory agencies. The auditor would examine his or her findings relating to each of the listed factors in determining whether control risk was high, medium or low. For example, if the philosophy of management placed little priority on internal controls the auditor would be concerned about control risk. 100. Understanding internal control The auditor identifies four phases or steps in the control risk assessment procedure. Phase I involves obtaining an understanding of the internal control structure. Identify at least four methods the auditor might use in gathering the information and briefly describe each one. Methods for obtaining an understanding of the internal control structure might include: Walkthroughs - Walkthroughs provide an understanding of the nature of processing in important accounting applications. The auditor actually walks a document through the system to determine how the system actually works. Inquiries - An auditor interviews key employees to learn about segregation of duties, extent of computer usage, the documents the application generates, and the overall nature of transaction processing. Review of accounting manuals and job descriptions - These manuals may contain a description of the accounting policies, a detailed chart of accounts and an outline for processing accounting transactions. Plant and operational tours - Tours give an auditor a chance to determine conscientiousness of operational employees. (Such as, are receiving reports filled out as goods are received?) Prior year working papers - The evaluation of internal controls is an ongoing process. The auditor may use previous work as a basis for review and update. 101. Documenting internal control understanding Auditors must document their understanding and evaluation of the internal control system. Identify and briefly describe the three most commonly used methods for such documentation. The three most commonly used methods for documenting the auditor's understanding of internal control are: Flowcharts - Flowcharts provide a graphic description of an application or a process. Flowcharts can be very detailed or depict a broad overview of an application. Questionnaires - Questionnaires present an efficient alternative, or complementary approach, to document the structure. They are designed to gather information by functional area. Questionnaires have the advantage of being fairly simple to use, but yet are comprehensive. Narratives - Narratives are usually used as supplements to flowcharts and questionnaires. They may be used to document relatively simple applications or for small-business applications. 102. Integrated audit Explain the application of an integrated audit as it relates to regulation. Discuss the reasons that this integrated approach may occur. The Sarbanes-Oxley Act of 2002 requires reporting by management of publicly-held companies on the effectiveness of internal control over financial reporting. The Public Company Accounting Oversight Board (PCAOB) requires the external auditor to perform an integrated audit of the effectiveness of internal controls and financial reporting. In other words, the same auditor must attest to both the financial statements and managements assertions regarding the effectiveness of internal controls over financial reporting. Because of the above mentioned regulatory requirements, auditors will perform an audit on both financial statements and internal controls for all public clients. 103. Assessing control risk Discuss the impact of control risk assessment on an audit of the financial statements. An auditor assesses control risk preliminarily by understanding and documenting controls. This includes a walk-through of a sample of key transactions. This understanding aids the auditor in determining the types of misstatements that may be apparent in certain areas of the financial statements. The assessment of control risk is critical in determining the nature, timing and extent of substantive audit procedures to be applied. Auditors of public companies must report on managements assertion regarding the effectiveness of internal control. Auditors of non-public companies must report to management and the board the existence of significant deficiencies in the design or operation of internal controls that are identified in the normal course of the audit. The preliminary assessment of control risk must be supported by tests of controls if assessed below the maximum. When the auditor has decided to establish control risk at the maximum level the auditor is not required to perform tests of controls to document the assessment. The auditor must take care to perform the substantive tests at the maximum levels and to document the findings in the audit documentation. 104. Documenting internal control Discuss how an auditor would utilize a client's flowchart documentation in the audit of financial statements. A flowchart is a graphic representation of an accounting application or process. The auditor can use the client's flowcharts to obtain an understanding of the overall accounting system, the various accounting cycles and accounting applications. The flowcharts provide an overview of how documents flow into and out of a computerized application or manual process. An auditor can use client's flowcharts to identify key controls that are effective in achieving specific control objectives as part of the auditor's preliminary assessment of control risk. 105. COSO: A Framework for Internal Control What is internal control as defined by COSO? Also explain, the other elements of the definition that are important to internal control COSO defines internal control as a process, effected by an entitys board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: (1) reliability of financial reporting, (2) compliance with applicable laws and regulations, and (3) effectiveness and efficiency of operations. The other elements of the definition that are important. They state that internal control: * Is a process designed to accomplish the organizations objectives. * Starts at the top of the organization with the board of directors and management creating and reinforcing a structure and a tone for controls in the organization. * Directly or indirectly includes all people in the organization, ranging from the shipping clerk to the internal auditor to the chief financial officer. * Is broader than internal control over financial reporting. 106. Pervasive control activities Discuss what pervasive control activities are and provide an example of at least three. Pervasive control activities are those controls activities whose implementation affects almost all accounting systems. Some examples of pervasive control activities include: *segregation of duties *authorization procedures *documented transaction trail *physical controls to safeguard assets *reconciliation of control accounts with subsidiary ledgers, of transactions recorded with transactions submitted for processing, and of physical counts of assets with recorded assets *competent, trustworthy employees 107. Auditor Evaluation of Internal Controls What are the steps in integrated audit process? Integrated audit process includes the following steps: 1. Update information about various risks. 2. Consider the possibility of account misstatements. 3. Complete preliminary analytical procedures. 4. Understand the clients internal controls. 5. Identify controls to test. 6. Make a plan to test the controls and execute that plan. 7. Consider the results of control testing. 8. Conduct substantive audit tests. 108. IT Controls Integrated into Internal Control Evaluations Explain Input Controls The control procedures designed to assure that the organization fully captures all the transactions between itself and another entity, and to properly record those transactions, are referred to as input controls. Input controls are designed to ensure that authorized transactions are correct, complete, and recorded in a timely fashion and that only authorized transactions exist. They include: * Computerized input validation tests * Self-checking digits * Use of stored data reference items to eliminate input of frequently required data * On-screen input verification techniques 109. Relationship of the five internal control components The five components of the COSO internal control system are conceptually and logically integrated. List the five components of the model and describe how they are integrated with each other in the internal control process. Use the following format: Components Description Components Control environment Description The control environment establishes managements commitment to good governance, risk analysis, and control. It sets the tone for the organizations implementation of effective internal control. Risk assessment Management establishes a risk management policy and process to identify risks that affect the organization, including analysis of risks associated with financial reporting. Control activities Management and employees develop and implement controls that reduce the risks to an acceptable level. Accounting controls are designed into accounting information systems and are tested to determine that they are working effectively. Information and communication An effective information and communication system is developed and implemented to process transactions and to develop reports that enable all levels of management to make reliable decisions and to recognize improper processing. Further, information is communicated both up and down in the organization to facilitate effective operation of controls. Monitoring Management monitors the effectiveness of its internal controls by designing on-going monitoring activities. Management also monitors the effectiveness of internal controls by engaging an effective internal audit department to perform separate evaluations of internal control.
MOST POPULAR MATERIALS FROM AUDITING 101
MOST POPULAR MATERIALS FROM AUDITING
MOST POPULAR MATERIALS FROM Binghamton