Chapter.7 Testing Client Internal Controls Test Bank - Auditing Canada 4e | Test Bank with Answers by Robyn Moroney. DOCX document preview.
CHAPTER 7
UNDERSTANDING AND TESTING THE CLIENT’S SYSTEM OF INTERNAL CONTROLS
CHAPTER LEARNING OBJECTIVES
1. Define internal control.
Internal control is the process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The term “controls” refers to any aspects of one or more of the components of internal control. Controls include entity-level controls and transaction-level controls.
2. State the seven generally accepted objectives of internal control activities.
Internal controls are designed and implemented to ensure that transactions are real; recorded; correctly valued, classified, summarized, and posted; and timely.
3. Describe the elements of the system of internal control at the entity level.
The system of internal control at the entity level are the control environment, the entity’s risk assessment process, the entity’s information system and communications, control activities, and monitoring. Internal control also includes how the controls are implemented, such as through appropriate segregation of duties.
4. Identify the different types of controls.
There are four different types of controls: manual, automated (otherwise known as application controls), IT general controls (ITGCs), or a combination of control types referred to as IT-dependent manual controls. Each of these types can be described as either a preventive control or a detective control. Preventive controls, as the name suggests, prevent errors from occurring. Detective controls detect the error after it has occurred and rectify the error on a timely basis.
5. Explain how to select and design tests of controls.
The selection of which controls to test is a matter of professional judgement. Deciding which controls to test will be influenced by the control objective, the type of control, the frequency at which the control is performed, and the level of assurance the auditor plans to gain from determining whether the control is designed and implemented effectively. As a general rule, the best controls to test are those that address the WCGWs most effectively with the least amount of testing required. The extent of testing of controls (that is, deciding how many to test) is also a matter of professional judgement, although there are sampling techniques available. The extent of testing is affected by many factors, including how often the control is performed, the degree to which reliance will be placed on the control as part of the audit, the persuasiveness of the evidence produced by the control, the need to be satisfied that the control operated as intended throughout the period of reliance, the existence of a combination of controls that may reduce the level of assurance that might be needed from any one control, the relative importance of the WCGW questions or statements being considered, and any other factors such as the competence of the person carrying out the control, the quality of the control environment, and any changes in the accounting system.
6. Explain the different techniques used to document and test internal controls.
The most common forms of documentation are narratives, flowcharts, combinations of narratives and flowcharts, and checklists and preformatted questionnaires. There are four key techniques used for testing controls: inquiry (questions are asked regarding the operation of the control), observation (the operation of the control is observed to be occurring), inspection (physical evidence resulting from the performance of the control is examined), and re-performance (the control is re-performed to test its effectiveness).
7. Understand how to interpret the results of testing of controls.
If the controls tested are considered to be effective and can be relied on for the purposes of reducing overall audit risk for a particular significant account and assertion, the level of additional substantive testing required is reduced. If the controls tested are considered to be ineffective and are not able to provide any audit evidence that reduces overall audit risk for a particular significant account and assertion, the level of additional substantive testing that is required is increased.
8. Explain how to document tests of controls.
The purpose of the test of controls, the selection of controls to test, the results of the control testing performed, and the conclusion regarding the design and implementation of the controls are all documented in the audit working papers. The working papers are then reviewed by more experienced auditors to determine if sufficient work was performed and if the appropriate conclusion was reached.
9. Describe the importance of identifying strengths and weaknesses in a system of internal controls.
An important outcome of understanding a client’s system of internal controls is the ability to make observations, draw conclusions, and offer recommendations regarding the strengths and weaknesses observed. CAS 260 and CAS 265 require auditors to provide those charged with governance with timely observations arising from the audit. This is generally done through a management letter.
10. Explain how to communicate internal control strengths and weaknesses to those charged with governance.
A management letter is a deliverable prepared by the audit team and provided to the client (including those charged with governance). It informs the client of the auditor’s recommendations for improving its internal controls.
TRUE-FALSE STATEMENTS
1. Internal control is intended to provide reasonable assurance about the achievement of an
entity's objectives.
Difficulty: Easy
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
2. Audit risk is the risk that an entity's internal control system will not prevent or detect material
misstatements.
Difficulty: Easy
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
3. The inherent limitations of internal control include the possibility of collusion by two or more
individuals to circumvent a control.
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
4. The internal control objective of 'valued' refers to controls in place to ensure that transactions
are recorded in the correct accounting period.
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
5. The internal control objective of 'real' refers to controls in place to ensure that fictitious or
duplicate transactions are not included in the books and records of the organization.
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
6. One of the elements of an entity's control environment is management's philosophy and
operating style.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
7. Control risk refers to the risk that the auditor's testing procedures will not be effective in
detecting a material misstatement.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
8. The concept that no one employee should be in a position both to perpetrate and hide errors
or fraud in the normal course of their duties is known as segregation of incompatible duties.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
9. In larger entities, there are often limitations surrounding the entity's ability to put effective
internal controls in place.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
10. Transaction-level controls are implemented by businesses to reduce the risk of
misstatements due to error or fraud and to ensure that processes are operating effectively.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
11. The purpose of preventive controls is to discover fraud or errors that may have occurred
during transaction processing and to rectify those errors.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
12. An example of a purely manual control is a locked inventory stock cage for high dollar-value items.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
13. IT general controls are driven by the particular software application being used.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
14. To improve efficiency, auditors test only those controls that they believe are critical to their opinion.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
15. The greater the degree of reliance on an internal control, the less they test the control to
provide the required assurance.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
16. Attribute sampling is a sampling technique used to reach a conclusion about the total dollar
amount of misstatement in an account balance.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
17. Narratives involve the auditor describing in words each step of the flow of transactions from
start to finish.
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
18. Checklists and preformatted questionnaires are particularly helpful in industries that the
auditor may not personally be familiar with auditing.
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
19. Tests of account balances can often provide evidence about the continued functioning of
controls.
Difficulty: Easy
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
20. If the tests of controls confirm the auditor's preliminary evaluation of controls, the planned
substantive audit procedures are not modified.
Difficulty: Medium
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
21. The more complex the client's operations and its internal controls, the less experienced the
auditor who performs the work needs to be.
Difficulty: Easy
Learning Objective: Explain how to document tests of controls.
Section Reference: 7.8 Documenting conclusions
CPA Competency: Audit and Assurance
AACSB: Analytic
22. If inherent risk is low and a reasonable level of assurance has been gained from controls
testing, extensive substantive procedures need to be performed to estimate the dollar value of
any error in an account balance.
Difficulty: Medium
Learning Objective: Explain how to document tests of controls.
Section Reference: 7.8 Documenting conclusions
CPA Competency: Audit and Assurance
AACSB: Analytic
23. Internal control weaknesses decrease the risk of material misstatements being undetected
by management's processes and controls.
Difficulty: Easy
Learning Objective: Describe the importance of identifying strengths and weaknesses in a system of internal controls.
Section Reference: 7.9 Identifying strengths and weaknesses in a system of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
24. An internal control exception is an observed condition that provides evidence that the control
being tested did not operate as intended.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
25. The purpose of an auditor's management letter is to inform the client of the auditor's
recommendations for improving its internal controls.
Difficulty: Easy
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.10 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
26. Significant professional judgement is never required to decide whether an identified internal
control weakness is significant enough to warrant communicating to management.
Difficulty: Easy
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.10 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
MULTIPLE CHOICE QUESTIONS
27. A partner and his team performed an audit and issued an unmodified audit report. A year
later his firm was sued when a shareholder found out the financial statements were misstated.
This situation best describes
a) poor internal controls.
b) human error.
c) unethical behaviour.
d) audit risk.
Difficulty: Easy
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
28. When internal controls are effective,
a) there will be an increased reliance on substantive tests of transactions and account balances.
b) control risk will also be high.
c) the organization is more likely to achieve its strategic and operating objectives.
d) the organization is less likely to achieve its strategic and operating objectives.
Difficulty: Easy
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
29. Internal control encompasses which of the following elements of an organization?
a) processes
b) culture
c) systems
d) all of the answers are correct
Difficulty: Easy
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
30. Which of the following statements about internal control is incorrect?
a) Internal control is a very broad concept.
b) Internal control eliminates the possibility of fraud and error.
c) Internal control encompasses all of the elements of an organization.
d) Internal control provides reasonable assurance about the achievement of the entity's objectives.
Difficulty: Easy
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
31. Which statement about internal controls is incorrect?
a) Internal controls encompass all of the elements of an organization.
b) Internal controls support the achievement of an organization's objectives.
c) Internal controls only have to be understood if a combined audit approach is adopted.
d) Internal controls comprise a key component of audit risk assessment.
Difficulty: Easy
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
32. As part of her annual review Roma Lazor reviews her client’s draft financial statements to assess that transactions appear to be charged and recorded in the correct account.
This best describes which control objective(s)?
a) posting
b) classification
c) valuation
d) timeliness
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
33. Internal controls in large and medium sized entities can only provide an entity with
reasonable assurance in achieving its financial reporting objectives. Which of the following is not an inherent limitation of internal control?
a) human error that results in a breakdown in internal control
b) collusion by two or more individuals to circumvent a control
c) a control within a software program being overridden or disabled
d) changing audit risk parameters
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
34. The generally accepted objectives of internal control do not include
a) efficiency.
b) classified.
c) recorded.
d) timely.
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
35. The internal control objective of 'classified' means there are controls in place to ensure that
a) fictitious or duplicate transactions are not included in the books of an organization.
b) correct amounts are assigned to transactions.
c) transactions are recorded in the correct accounting period.
d) transactions are charged and allocated to the correct general ledger account.
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
36. Which assertion is not specifically addressed by internal control objectives?
a) cut-off
b) presentation
c) completeness
d) existence
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
37. If controls are in place to ensure that transactions are recorded in the correct accounting
period, this satisfies which internal control objective?
a) timely
b) real
c) valued
d) posted
Difficulty: Medium
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
38. Which of the following is an inherent limitation of internal control?
a) a control within a software program being overridden or disabled
b) human error that results in a breakdown in internal control
c) collusion by two or more individuals to circumvent a control
d) all of the answers are correct
Difficulty: Medium
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
39. Which audit assertion is not addressed by the internal control objectives?
a) valuation
b) allocation
c) classification
d) presentation
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
40. Which of the following is not an inherent limitation of internal controls?
a) human error
b) collusion between two or more employees
c) lack of knowledge of internal controls
d) overriding of a control within a software program
Difficulty: Easy
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
41. Aaron Packham has learned that it is important to be aware of the attitude and actions of
management and those charged with governance concerning the entity's internal control and its
importance in the entity. This best describes dealing with
a) a key control objective.
b) the control environment.
c) mitigation of audit risk.
d) financial statement assertions.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
42. Vayda Badilia decided to list several questions for herself about factors that influence
management's attitudes towards internal control so as to assure herself that she could have
more confidence in management’s abilities and integrity. When she was finished, which control
environment element did she tick off on her working papers?
a) management’s philosophy and operating style
b) communication and enforcement of integrity and ethical values
c) commitment to competence
d) participation by those charged with governance
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
43. As part of her yearly audit plan activities, Jenna Ryan reviews audit working papers of
previous years to determine the risk that a client's system of internal controls will not prevent or
detect a material misstatement. This review refers to
a) audit risk.
b) inherent risk.
c) control risk.
d) detection risk.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
44. Emile Mayer was concerned when she reviewed the operations of her client and noticed
that many of the employees had incompatible duties over the recording of transactions and
custody of assets. This best refers to which desired control?
a) information processing controls
b) physical controls
c) authorization controls
d) segregation of incompatible duties
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
45. When Melissa Lee, a senior auditor, performed an audit of an electronics firm, she reviewed
the control environment, performed a risk assessment, and reviewed the key business
processes and control activities. These activities are part of
a) a review of entity-level controls.
b) a review of the internal control system.
c) establishing audit risk.
d) none of the above
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
46. When Tessa Tessier reviewed the different key activities in the marketing department of
a wholesaler of jewellery, she was performing an entity level review of
a) monitoring controls.
b) the control environment.
c) internal controls.
d) the risk assessment process.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
47. Harry Karas was involved in getting a big picture of his client’s entity controls. He went
about finding out whether periodic evaluations of internal control are made and determining
the extent to which personnel, in carrying out their regular duties, obtain evidence as to
whether the system of internal controls continues to function. These activities are part of
a) internal control activities.
b) documentation controls.
c) monitoring of controls.
d) the inherent risk assessment.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
48. Rina Glickstein is unsure about the best way to evaluate her audit staff. She decides to look at their professional characteristics such as their expertise, experience, knowledge, and training. What best describes what she is looking for?
a) their independence
b) their professional judgement
c) their due care
d) their professional scepticism
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
49. All of the following are components of internal control, except for
a) monitoring of controls.
b) the control environment.
c) audit committees.
d) the information system.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
50. Which of the following is not an element of the control environment?
a) participation by those charged with governance
b) commitment to competence
c) segregation of duties
d) hiring and retaining competent employees
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
51. The control environment does not
a) set the tone of an entity.
b) set the foundation for all other components of internal control.
c) refer to the policies and procedures that help make sure management's directives are carried out.
d) influence the control consciousness of employees.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
52. For identified risks, management
a) assesses the likelihood of their occurrence.
b) decides upon actions to manage them.
c) estimates their significance.
d) all of the answers are correct
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
53. Detection risk refers to
a) the susceptibility of an assertion to a material misstatement, assuming there are no related controls.
b) the risk that the auditor's testing procedures will not be effective in detecting a material misstatement.
c) the risk that a client's system of internal controls will not prevent or detect a material misstatement.
d) the entity’s process for identifying and responding to business risks
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
54. Which of the following statements relating to control activities is incorrect?
a) They include management's philosophy and operating style.
b) They are policies and procedures that help make sure management's directives are carried out.
c) They help guarantee that necessary actions are taken to address risks impacting the achievement of the organization's objectives.
d) They have various objectives and are applied at various organizational and functional levels.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
55. Performance reviews are control activities that include
a) authorization for access to computer programs.
b) segregating incompatible duties.
c) reviews of actual performance versus budgets.
d) periodic counting and comparison with amounts shown on control records.
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
56. In understanding the client's control activities at the entity level, consideration is given to
factors such as
a) the extent to which performance of control activities relies on IT.
b) the extent to which controls included in the organization's policies are being applied.
c) whether adequate safeguards are in place to prevent unauthorized access to or destruction of documents, records and assets.
d) all of the answers are correct
Difficulty: Easy
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
57. When gaining an understanding of the client's monitoring processes at the entity level,
factors ordinarily considered include
a) evaluations or observations made by the external auditors.
b) management's approach to correcting known significant deficiencies on a timely basis.
c) both a and b
d) none of the above
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
58. Edward Fancy is planning to visit an airline company to review the collective assessment of
the client’s control environment, risk assessment process, information system, control activities,
and monitoring of controls. What does this mandate describe?
a) entity-level controls
b) transaction-level controls
c) detective controls
d) industry-level controls
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
59. Susan Struthers will be reviewing those controls that stop fraud or errors from occurring.
This is an example of a review of
a) detective controls.
b) preventive controls.
c) entity-level controls.
d) transaction-level controls.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
60. Sam Fenton wants to ensure that sales in a retail outlet are not recorded at the wrong amount. Which preventive control will help him ensure his objective?
a) the signature of the goods by the warehouse receiver on a receiving report or a bill of lading
b) a credit check by the credit manager
c) automatic pricing of sales invoices using a master price file
d) review of sales invoices at month end
Difficulty: Medium
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
61. Millicent Vonareva was reviewing her IT General Controls program for her client visit. She
noticed an item that she thought did not belong in her “Controls to prevent unauthorized access
to data” section of the program. Which item did not belong there?
a) Data files and critical applications are regularly backed up in offsite locations.
b) Program changes are subject to formal change management procedures.
c) Policies exist to ensure departing employees are denied access to software programs and databases.
d) Procedures exist to protect against computer viruses.
Difficulty: Medium
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
62. Boca Chino, a public accountant, is testing whether his client’s account coding on each
purchase order is checked by the computer to a table of valid account numbers, and that
various logic tests are performed by the computer. He is trying to mitigate the following from
going wrong:
a) detective controls not being in place.
b) amounts being posted to the wrong accounting period.
c) transactions being classified and coded to incorrect accounts.
d) incorrect amounts being posted to the accounts.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
63) Maya Lacasta spent the past week designing audit procedures to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting, material misstatements of a
major bookstore operation at the assertion level. What types of audit procedures did she
employ?
a) entity-level controls
b) detective controls
c) tests of controls
d) preventive controls
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
64. The senior auditor has no physical evidence that a control was performed, who performed it,
or how effectively it was performed. What is the nature of this control?
a) internal control
b) entity-level control
c) detective control
d) preventive control
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
65. The auditor had the following procedures in his audit program for a client:
(i) Review performance versus forecasts
(ii) Review performance indicators
(iii) Review exception reports
What are these instructions related to?
a) detective controls
b) physical controls
c) internal controls
d) entity-wide controls
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
66. Jane Toms, an audit senior, performed a review of certain application controls at a
clothing manufacturing client. Which one of these controls is an input control?
a) Reconciliation of totals where input totals are compared to the output totals.
b) Output is printed to a secure printer where access is limited.
c) Reasonable checks: actual data is compared to expected data for reasonableness.
d) Ensuring all required data is entered.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
67. Theo Lillis performs the following application control procedures:
(i) Control totals: Input totals are balanced and reconciled
(ii) Reasonable checks: Actual data is compared to expected data for reasonableness
(iii) Sequence tests: Sequential data is reviewed and exception reports are produced for missing numbers.
Which of the above application controls do these procedures apply to?
a) processing controls
b) output controls
c) input controls
d) general controls
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
68. One of the main objectives of internal controls is
a) to support the assessment of business risk.
b) to prevent or detect misstatements in the financial statements.
c) to enable the auditor to assess the audit risk.
d) to protect management from all legal liability.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
69. Controls can be classified as
a) information technology general controls.
b) automated controls.
c) manual controls.
d) all of the answers are correct
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
70. Which of the following statements is correct?
a) Preventing errors during processing should not be an important objective of every accounting system.
b) Preventive controls can be applied to each transaction during normal processing to avoid errors occurring.
c) To be effective, controls over transactions should only include detective controls.
d) The purpose of preventive controls is to discover fraud or errors that may have occurred during transaction processing.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
71. Which of the following is an example of a preventive control?
a) management level reviews of actual performance versus budgets
b) credit manager following up on an exception report showing sales made to a customer who has exceeded their credit limit
c) sales invoices are automatically priced using the information in the price master file
d) a bank reconciliation
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
72. A computer program that will not allow a sale to be processed if a customer has exceeded
its credit limit is an example of a
a) preventive control.
b) test of controls.
c) detect control.
d) substantive procedure.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
73. It is important that detective controls
a) identify only materially significant errors.
b) completely and accurately capture some of the relevant data.
c) are performed on a consistent and regular basis.
d) include correction for any material errors identified.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
74. Which of the following is an example of a detective control?
a) account coding on purchase orders being checked by the computer to a table of valid account numbers
b) quarterly reviews of credit balances in accounts receivable to determine their causes
c) amounts are not able to be paid to employees without first matching a valid tax file number to the employee master file
d) sales invoices are automatically priced using a master pricing file
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
75. Manual controls
a) generally rely on the client's IT applications in some way.
b) support the ongoing functioning of the programmed aspects of preventive and detective controls.
c) can be classified as program change controls or logical access controls.
d) do not rely on the client's IT environment for their operation.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
76. An example of a program change control is
a) the accounts receivable clerk does not have access to the cash payments application.
b) regular and timely back-ups of data.
c) program change forms must be authorized by the IT manager.
d) test attempts to log on to terminals using unauthorized user IDs.
Difficulty: Easy
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
77. When the auditor decides to include controls testing in their audit strategy, they select those
controls that
a) are the easiest to test.
b) provide the most efficient and effective audit evidence.
c) provide no assurance that the controls operated effectively throughout the period of reliance.
d) provide the least efficient and effective audit evidence.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
78. The factors to consider when deciding the extent of testing of controls include which of the following?
a) the persuasiveness of the evidence produced by the control
b) the degree to which the auditors intend to rely on the control as a basis for limiting their substantive tests
c) how often the control is performed
d) all of the answers are correct
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
79. Which of the following statements is incorrect?
a) The less frequently a control is performed, the more testing the auditor needs to perform to be satisfied the control is operating effectively.
b) When other controls related to a particular objective are also in place and are tested, the level of assurance that might be needed from any one control is not as high as if the auditor were relying solely on a single control.
c) The less frequently a control is performed, the less testing the auditor needs to perform to be satisfied the control is operating effectively.
d) The results of the tests in prior audits and the current audit to date affect the perception of risk.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
80. A sampling technique used to reach a conclusion about a population in terms of a rate of
occurrence is known as
a) dollar unit sampling.
b) random sampling.
c) attribute sampling.
d) haphazard sampling.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
81. Tests of controls will usually be carried out
a) at an interim date.
b) only after year end.
c) only by the audit engagement partner.
d) by the client's board of directors.
Difficulty: Easy
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
82. Anwar Maris is considering whether to use a checklist or narrative approach to describe the purchasing system of an environmental engineering company. What part of the audit process is he involved in?
a) documenting internal controls
b) risk assessment of company
c) review of control environment
d) assessment of detection risk
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
83. The most common ways of auditors documenting their understanding of internal controls
include
a) flowcharts.
b) narratives.
c) preformatted questionnaires.
d) all of the answers are correct
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
84. Flowcharts involve
a) the auditor summarizing in boxes each step of a transaction from start to finish.
b) the auditor describing in words each step of the flow of transactions from start to finish.
c) an internal control checklist.
d) a questionnaire that is used to systematically identify the most common types of control procedures.
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
85. Checklists and preformatted questionnaires are particularly helpful
a) in industries that the auditor may not personally be familiar with auditing.
b) when control risk is high.
c) when more experienced auditors find it difficult to identify which are the critical controls.
d) in providing a visual representation of the flow of transactions.
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
86. Which of the following is not a method of recording an audit client’s internal control system?
a) narratives
b) organizational charts
c) flowcharts
d) questionnaires
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
87. Flowcharts are used by an auditor to
a) document the generalized computer audit programs.
b) document the audit client’s accounting controls.
c) provide a checklist of internal controls.
d) provide a description of the audit client’s accounting controls.
Difficulty: Easy
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
88. One of the factors considered by the auditor in determining if there is a need for additional detailed tests of controls is
a) evaluation of substantive tests.
b) evidence provided by other tests.
c) timing of audit tests.
d) availability of qualitative and quantitative audit evidence.
Difficulty: Easy
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
89. If tests of controls indicate that internal controls are not as effective as originally assessed, the auditor will
a) increase assessment of control risk.
b) increase assessment of detection risk.
c) place less reliance on substantive procedures.
d) increase level of audit risk.
Difficulty: Easy
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
90. If the tests of controls confirm the auditor's preliminary evaluation of controls, the planned
substantive audit procedures are
a) increased.
b) not modified.
c) reduced.
d) verified by management.
Difficulty: Easy
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
91. In trying to determine whether there is a need for additional detailed tests of controls, which
of the following factors are considered?
a) evidence provided by other tests
b) changes in the overall control environment
c) results of inquiries and observations
d) all of the answers are correct
Difficulty: Easy
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
92. Which of the following statements is correct?
a) Tests of account balances can often provide evidence about the continued functioning of controls.
b) An ineffective entity-level control environment may allow the auditor to limit their tests of controls to inquiry and observation.
c) Auditors do not need to investigate any control exceptions identified during their testing.
d) Tests of account balances never provide evidence about the continued functioning of controls.
Difficulty: Easy
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
93. If inherent risk is high and no assurance has been obtained from controls testing,
a) only overall analytical review procedures need to be performed to reduce detection risk to an acceptable level.
b) no further substantive testing needs to be performed.
c) extensive substantive procedures need to be performed to estimate the dollar value of any error in the account balance.
d) the risk of material misstatement is assessed as low.
Difficulty: Easy
Learning Objective: Explain how to document tests of controls.
Section Reference: 7.8 Documenting conclusions
CPA Competency: Audit and Assurance
AACSB: Analytic
94. Which of the following would not be included in a test of a control working paper?
a) the purpose of the test
b) a conclusion about whether the account balance is materially misstated
c) the work performed
d) the findings/results of the testing
Difficulty: Easy
Learning Objective: Explain how to document tests of controls.
Section Reference: 7.8 Documenting conclusions
CPA Competency: Audit and Assurance
AACSB: Analytic
95. The working papers to document tests of controls
a) detail the audit plan.
b) set out the purpose of the tests of controls identified.
c) provide instructions of details of tests to be conducted.
d) identify the amount of material misstatement.
Difficulty: Easy
Learning Objective: Explain how to document tests of controls.
Section Reference: 7.8 Documenting conclusions
CPA Competency: Audit and Assurance
AACSB: Analytic
96. Internal control weaknesses identified by an auditor
a) decrease the level of substantive tests to be implemented by the auditor.
b) increase the risk of material misstatements being undetected by the auditor’s testing procedures.
c) increase the risk of material misstatement being undetected by management’s processes and controls.
d) decrease the risk of material misstatements being undetected by the auditor's testing procedures.
Difficulty: Easy
Learning Objective: Describe the importance of identifying strengths and weaknesses in a system of internal controls.
Section Reference: 7.9 Identifying strengths and weaknesses in a system of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
97. An internal control exception is
a) only expected to exist when internal controls are effective.
b) an observed condition that provides evidence that the control being tested did not operate as indicated.
c) both a and b
d) an observed condition that provides evidence that the control being tested operated as indicated.
Difficulty: Easy
Learning Objective: Describe the importance of identifying strengths and weaknesses in a system of internal controls.
Section Reference: 7.9 Identifying strengths and weaknesses in a system of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
98. The purpose of the management letter is to inform
a) the auditor with concerns held by the client's management about the audit fee.
b) the client's management of the auditor's opinion on the company's financial statements.
c) the client's audit committee’s disagreements with management.
d) the client of the auditor's recommendations for improving its internal controls.
Difficulty: Easy
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.10 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
99. Which of the following statements is correct?
a) Significant professional judgement is not necessary in deciding whether a weakness identified is significant enough to warrant communicating to management.
b) A management letter is prepared by management.
c) Significant professional judgement is necessary in deciding whether a weakness identified is significant enough to warrant communicating to management.
d) The purpose of a management letter is to inform management of the risk assessment process.
Difficulty: Easy
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.10 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
100. The purpose of management letters is to
a) confirm the terms of the audit engagement.
b) set out the responsibilities of management and the auditor in regards to the audit.
c) discuss weaknesses in internal control and other matters discovered in the audit.
d) make recommendations of substantive procedures to be conducted.
Difficulty: Easy
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.10 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
SHORT ANSWER QUESTIONS
101. Explain the seven generally accepted objectives of internal control activities and identify the relevant assertions.
Difficulty: Medium
Learning Objective: State the seven generally accepted objectives of internal control activities.
Section Reference: 7.2 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
102. Indicate whether you agree or disagree with the following statements and explain your reasoning.
a) During her career as a public accountant, Faye Teller has performed audits of large and medium sized clients. When she visited a small business client, a food wholesaler that has a history of poor controls, she gave a lot of thought to performing her planned audit approach. She decided to use the combined audit approach.
b) Lea Konczynski was discussing with her audit manager how she could assess whether controls are being monitored. Her audit manager mentioned that the internal audit function is a primary source of assessing and monitoring control activities.
c) The audit senior has been reviewing the key controls in the purchasing and payables process. She has been asked by a junior auditor: “When should the client set up the payable?” She answers: “The company can set up the payable when the goods are received in good order and then the client can make the payment when the invoice is received.”
d) The auditor decided to perform all substantive testing at the interim audit and to review transaction-level controls at year end.
Difficulty: Medium
Learning Objective: State the seven generally accepted objectives of internal control activities.
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.2 Objectives of internal controls
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
103. Explain the key elements of the control environment.
Difficulty: Medium
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
104. What are control activities? Explain the major categories of control activities.
Difficulty: Medium
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 System of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
105. Explain the differences between preventive controls and detective controls.
Difficulty: Medium
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
106. Indicate whether you agree or disagree with the following statements and explain your reasoning.
a) The audit senior was explaining how different controls work: “Detective controls can be applied to each transaction during normal processing to avoid errors occurring.”
b) The public accountant was reviewing the audit program and was convinced that the following item did not belong in the IT General Controls (ITGC) part of her audit program: “Program change controls — only appropriately authorized, tested, and approved changes are made to applications, interfaces, databases, and operating systems. All changes are documented so systems documentation is up to date.”
c) The techniques for control testing are made up of inquiry, observation, inspection of physical evidence, and re-performance. Inspection of physical evidence relies on the auditor testing the physical evidence to verify that a control has been performed properly.
d) The manager of a large client realizes that when testing controls, either statistically based sampling techniques or professional judgement can be used to determine the extent of testing. One of the factors to consider when deciding the extent of testing should include the competence of the person who performs the control.
Difficulty: Medium
Learning Objective: Identify the different types of controls.
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.4 Types of controls
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
107. Discuss the factors that relate to the likelihood that an internal control operates as intended.
Difficulty: Medium
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
108. What are the most common forms of documentation used by auditors to document their understanding of internal controls?
Difficulty: Medium
Learning Objective: Explain the different techniques used to document and test internal controls.
Section Reference: 7.6 Documenting and testing internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
109. What are the factors considered by auditors in determining whether there is a need for additional detailed tests of controls?
Difficulty: Medium
Learning Objective: Understand how to interpret the results of testing of controls.
Section Reference: 7.7 Results of the auditor’s testing
CPA Competency: Audit and Assurance
AACSB: Analytic
110. What are the main items commonly included in tests of controls working papers?
Difficulty: Medium
Learning Objective: Explain how to document tests of controls.
Section Reference: 7.8 Documenting conclusions
CPA Competency: Audit and Assurance
AACSB: Analytic
111. What is a management letter and what are its major purposes?
Difficulty: Medium
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.10 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
ESSAY QUESTIONS
112. Why are internal controls so important to companies? What are the implications for companies if their internal controls are not operating effectively?
Difficulty: Medium
Learning Objective: Define internal control.
Section Reference: 7.1 Internal control defined
CPA Competency: Audit and Assurance
AACSB: Analytic
113. The Committee of Sponsoring Organisations (COSO) of the Treadway Commission has produced guidance for designing and implementing effective internal controls, as well as the effective monitoring of a system of internal controls. Explain the various aspects of this guidance and critically evaluate its impact at enhancing internal controls within companies.
Difficulty: Medium
Learning Objective: Identify the different types of controls.
Section Reference: 7.4 Types of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
114. CAS 230 Audit Documentation requires auditors to document each stage of the audit in their working papers. Regarding the contents of working papers, what are the specific requirements in CAS 230? Explain the importance of auditors effectively documenting the tests of controls they have performed.
Difficulty: Hard
Learning Objective: Explain how to document tests of controls.
Section Reference: 7.8 Documenting conclusions
CPA Competency: Audit and Assurance
AACSB: Analytic
115. CAS 260 Communication with Those Charged with Governance requires auditors to communicate audit matters of governance interest arising from the audit of the financial report with those charged with governance of an entity. What are some examples of these matters and why is it important for auditors to communicate them?
Difficulty: Medium
Learning Objective: Describe the importance of identifying strengths and weaknesses in a system of internal controls.
Section Reference: 7.9 Identifying strengths and weaknesses in a system of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
116. In the United States, what have been the major impacts on companies and auditors of section 404 of the Sarbanes-Oxley Act (2002)? Has this section improved the quality of companies' internal controls?
Difficulty: Medium
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.10 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
CASE QUESTIONS
117. In July 2011, Rupert Murdoch, his son, James, and ex-News International chief executive, Rebekah Brooks faced questions from British MPs over a phone hacking scandal at the former News of the World.
It had originally appeared that the News of the World had only hacked the phones of celebrities, politicians and members of the British Royal Family. However, revelations in July 2011, that victims included murdered schoolgirl Milly Dowler, relatives of deceased British soldiers, and victims of the 7/7 London bombings generated widespread public outrage and revulsion. Advertiser boycotts contributed to the closure of the News of the World.
Reacting to the revelation, Prime Minister David Cameron said that the alleged hacking, if true, was "truly dreadful". He added that police ought to pursue a "vigorous" investigation to ascertain what had taken place. Interestingly, the Prime Minister himself came under fire for hiring a former News of the World editor, Andy Coulson. Prime Minister David Cameron called his decision a "catastrophic error of judgment" in hiring the former editor of Rupert Murdoch's News of the World as a spokesman.
Sean Hoare, 47, the journalist who had accused his former News of the World editor, Andy Coulson of complicity in the illegal activity, was found at home dead, days after he had made fresh allegations against executives under whom he had worked.
On 18 July, News Corp announced that its UK management standards committee would be removed from News International. It will now be housed in a separate building, under the chairmanship of Lord Grabiner, and reporting to News Corp director, Joel Klein.
In an analysis of the culture of the Murdoch empire in Newsweek in July 2011, one of Murdoch's former top executives was quoted as saying: "This scandal and all its implications could not have happened anywhere else. Only in Murdoch's orbit. The hacking at News of the World was done on an industrial scale. More than anyone, Murdoch invented and established this culture in the newsroom, where you do whatever it takes to get the story, take no prisoners, destroy the competition, and the end will justify the means." This same executive went on to say, "In the end, what you sow is what you reap. Now Murdoch is a victim of the culture that he created. It is a logical conclusion, and it is his people at the top who encouraged lawbreaking and hacking phones and condoned it."
In 2010, it was also suggested that the journalistic approach of newspapers such as the News of the World had brought into public focus that there had been a shift away from the traditional ethics of journalism, raising serious questions about privacy, freedom of speech, and confidentiality. There were also observations in the North American Press about the ethics employed by the News of the World. NBC New York noted that the old journalistic maxim, "Get it first. But, first, get it right," although speaking for accurate reporting does not address the situation where in the case of the News of the World information was allegedly obtained in an unethical way or by illegal means. The approach was also criticized by Stephen B. Shepard, dean of the CUNY Graduate School of Journalism, who commenting on the phone hacking scandal, said: "It's wrong. It's not a gray area. What they did was illegal and, even if it weren't, it's just plain wrong. There's no defense for it. Even the government needs a warrant to get into a house or a computer. You can't break into something like this and get away with it."
Required:
Discuss the underpinnings of a proper control environment and where appropriate, comment on deficiencies at the former News of the World operations, or in Prime Minister Cameron’s operations, assuming the press reports are correct.
Difficulty: Medium
Learning Objective: Describe the elements of the system of internal control at the entity level.
Section Reference: 7.3 Objectives of internal controls
CPA Competency: Audit and Assurance
AACSB: Analytic
118. (Reproduced from: CICA UFE Question 2009 — Paper 2 — Question 3)
Bazaar buys computers, parts, and related equipment and resells them at a mark-up to a loyal base of corporate customers. Competition is growing, but the market is favourable, and Bazaar offers excellent customer service, giving it a competitive advantage. The owner is very involved in most of the important operating decisions. His capable assistant steps in when necessary. The owner plans to implement a code of ethics at some point and also wishes to improve certain controls.
Bazaar is a medium-sized private company that operates multiple warehouses, each carrying a mix of inventory items. The first type of inventory, which can be quite costly, consists of specialized computer hardware, desktop computers, and laptop computers. The turnover rate for this inventory is high since new technology is always emerging. Because the company orders months in advance, Bazaar occasionally overestimates demand. After three or four months, products are difficult to sell, but they are kept because most cannot be returned to the supplier, and Bazaar is reluctant to hold liquidation sales for fear they would negatively affect the sales at regular prices. The second type of inventory, parts and peripherals, generates a significant portion of Bazaar’s sales. This category includes items such as monitors, printers, and toner cartridges. The third type of inventory includes software packages ranging from sophisticated operating systems to games. This inventory can be returned to suppliers if unsold after a certain period.
This year, Bazaar implemented an integrated computer system to manage the general ledger as well as inventory, purchases, and sales. Sales representatives enter orders into the sales database, and can modify the information, including quantities and selling prices. Any changes are usually made to orders before shipping. Problems result if representatives make changes after shipping, since they should issue credits instead. The timing differences create reconciliation problems for both customers and Bazaar when settling invoices. Also, sometimes credits have been issued in error. For example, the owner described one example where a credit was issued for a price adjustment made by a sales representative. The supporting paperwork stated that the credit had been issued in error (which seems to happen often) and the refund cheque was cancelled. However, the details of the refund cheque could not be located. When asked, the clerk said he left the cheque copies on his desk and the next morning they were gone. He gave up looking for them.
Electronic purchase orders require authorization from either the owner or his assistant through the use of a personal identification number (PIN). Each user has a specific PIN. Orders greater than $5,000 require the owner’s authorization. Occasionally, the owner is not available. He has given one of the accounting clerks he trusts his PIN to be used for emergency situations. Before making a payment, the accounting department matches the invoice to the authorized purchase order and the receiving slip.
Other Information:
The owner noted that Bazaar’s costs seem higher than expected, particularly since this year he decided to pay suppliers faster in order to benefit from discounts. According to his calculation, the cost of goods sold should have decreased by around 2% over last year, since most suppliers offer discounts and did not increase prices. Instead, he noted a 3% increase in costs.
The sales mix has not changed significantly from previous years. Purchases increased and were distributed across the inventory types in amounts similar to the overall sales mix. To help retain the sales team, stock options were given this year for the first time as an added form of compensation. The options are available if Bazaar’s net income after tax is at least $5 million per year.
Customers have 30 days to pay invoices, but most take advantage of a 2% discount offered for payment within 10 days. Customers make payments in full payments and discounts are reimbursed later by system-generated cheques. Cheques may be issued with or without supporting documentation.
The owner noted he just received a memo from a clerk at one of the warehouses. It says the amount of damaged inventory has been gradually increasing over the past eight months. The clerk suggests this is because the forklift is not operating properly and items are being dropped as they are loaded for shipment. He wants the forklift replaced. He asks what he should do with the damaged inventory that has been piling up in a corner of the warehouse. He suggests holding a liquidation sale to get rid of it.
Required:
a) Assess and conclude on inherent risk. Be sure to discuss items that both increase and decrease risk for a balanced discussion.
b) Assess and conclude on the control risk.
c) Based on your inherent and control risk assessment, conclude on detection risk.
d) Based on the risk assessment, what type of audit strategy should be implemented?
e) Identify five control weaknesses at Bazaar. For each weakness, indicate the implication and make a specific recommendation how Bazaar can fix it.
f) What is the auditor’s responsibility with respect to fraud when performing a financial statement audit? Assess the fraud risk at Bazaar and indicate what should be done when planning the audit.
Difficulty: Hard
Bloomcode: Analysis
CPA Competency: Audit and Assurance
AACSB: Analytic
Learning Objective 1: Describe the elements of internal control at the entity level
Section Reference: 7.3 System of internal controls
119. Jorge Yulia was anxious to start the selection and testing of controls at Walley Real Estate Group, a company that specializes in unique coastal properties nestled along the Nova Scotia coastline. A charming collection of coastal communities dots the rocks along the Bay of Fundy. Chaz Walley brings years of talent and experience from being an executive in the marketing, technology and finance world to personally owning, renovating, aggregating and subdividing property. Along with investment analysis and extensive contract negotiation experience, clients are expertly represented in every transaction. Chaz imparts a sense of ease and joy to finding the perfect property for each client, making owning beach and coastal property a dream! Jorge had two main “big picture” objectives: to prevent or detect misstatements in the financial statements.
Jorge was concerned about the following issues:
- Revenue recognition was the trickiest as many of the transactions took over a year to complete. Partial payments and deposits are being made and have to be matched up with proper revenue recognition criteria.
- The entertainment and promotional expenses were high and he was not sure how they compared to industry standards, although they appeared to be consistent with the Walley Real Estate Group’s profile and the deep pockets of its clientele.
Required:
a) What are detective and preventive controls?
b) Can Jorge use these preventive and detective controls to help him resolve the two issues he is concerned about?
c) Which factors will Jorge have to consider when determining the “extent” of tests to be performed?
d) When would Jorge perform substantive testing of revenue?
Difficulty: Medium
Learning Objective: Identify the different types of controls.
Learning Objective: Explain how to select and design tests of controls.
Section Reference: 7.4 Types of controls
Section Reference: 7.5 Selecting and designing tests of controls
CPA Competency: Audit and Assurance
AACSB: Analytic
120. (Reproduced from ICAO — 2006 — Practice Test 2 — Question 3)
Definition Electronics (Definition) is one of Canada’s leading retailers of home video and audio equipment. Ten years ago, Definition began as a local electronics store. It has rapidly grown and it now operates 11 stores across the country and it employs over 200 people. You, CPA, recently joined as a financial analyst in January 2020. It is your first day on the job and you meet with John Gomery, Definition’s controller. John explains that because of the rapid growth, he believes there are significant control weaknesses. Part of the issue is they are using an old proprietary software system called “eDef”. He goes on to tell you how the system works and you note the following:
eDef is used to manage inventory and record sales and purchases. The primary activities used on a daily basis include:
- Recording of sale transactions. Definition does not use cash registers. Salespeople use networked PCs to record sales in eDef. eDef calculates sales taxes and generates invoices. It updates the inventory on hand at the same time.
- Recording returns. A merchandise return results in a refund issued to the customer. However, the item is not added back into inventory as the owner feels very strongly about not selling opened packages. Returned inventory is tracked manually in a spreadsheet on the server and periodically sold through a clearance sale or on eBay.
There is no separate return module. Returns are recorded as negative sales transactions and the system has been programmed not to update inventory quantities for such transactions. - Recording inventory purchases. eDef automatically generates a purchase order when the on-hand quantity for any given SKU falls below a preset limit. When the inventory is received, the quantity on hand can be updated only if an open purchase order exists.
- Calculation of commissions. On a monthly basis, eDef calculates sales staff’s commissions. Definition’s salespeople earn a low base salary and a 5% commission on their net sales.
At month-end, Definition’s accounting staff download sales and inventory transactions from eDef into Quicken, a small business accounting system. They prepare financial statements which are required by the bank within 15 days of month-end. - eDef and the hardware it runs on have lately been unable to cope with the volume of transactions recorded in multiple locations. It has crashed 4 times last month, each time for at least 3 hours.
The controller goes on to discuss the policies currently in place. They are as follows:
1. All merchandise may be returned within 30 days of sale. Whenever possible, the return should be processed by the salesperson that made the original sale in order to maintain the customer relationship.
2. The store manager counts all inventory weekly. An eDef report is generated and the manager then counts the items in the store based on the report. Any discrepancies should be reported to George.
3. Salespeople may, based on their judgement, reduce prices by up to 10% for repeat customers.
4. Daily sales journal by salesperson is generated by eDef and reconciled to the daily cash receipts (or credit card slips) by the store manager. The journal reflects both sales and returns.
5. Salespeople can edit sales records from the same day (in case they make a mistake they discover after the invoice is printed). At the end of the day, once the sales journal is reconciled, the store manager “locks” the day’s records. Subsequent changes must be processed as either additional sales or returns.
6. If the system is temporarily down, salespeople are instructed to prepare invoices using a Microsoft Word template (which to the customer looks like a regular Definition invoice) and keep a copy of it. When the system is back up, the store manager enters these manual invoices into eDef using the normal sales module.
7. Salesperson commission (based on net sales) is paid monthly. Store manager bonus (based on store net sales) is paid quarterly.
Required:
Identify the control weaknesses at Definition. For each item, address the implication of the weakness and make a recommendation.
Difficulty: Hard
Learning Objective: Describe the importance of identifying strengths and weaknesses in a system of internal controls.
Learning Objective: Explain how to communicate internal control strengths and weaknesses to those charged with governance.
Section Reference: 7.9 Identifying strengths and weaknesses in a system of internal controls
Section Reference: 7.5 Management letters
CPA Competency: Audit and Assurance
AACSB: Analytic
LEGAL NOTICE
Copyright © 2021 by John Wiley & Sons Canada, Ltd. or related companies. All rights reserved.
The data contained in these files are protected by copyright. This manual is furnished under license and may be used only in accordance with the terms of such license.
The material provided herein may not be downloaded, reproduced, stored in a retrieval system, modified, made available on a network, used to create derivative works, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without the prior written permission of John Wiley & Sons Canada, Ltd.