Test Bank Answers Ch6 Client Internal Control System - Auditing Data Analytics 1e Test Bank by Raymond N. Johnson. DOCX document preview.
Chapter 6
Gaining an Understanding of the Client’s System of Internal Control
Question Type: True or False
An integrated audit refers to the audit of the financial statements as well as the system of internal control.
A. True
B. False
The most commonly accepted global auditing framework for internal control is the integrated framework developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission.
A. True
B. False
The control environment helps to set the foundation for effective internal control and provides discipline and structure.
A. True
B. False
Management, with the oversight of the internal control department, selects and develops control activities to assure that the entity achieves its objectives.
A. True
B. False
Entity-level controls are controls that affect a particular transaction or group of transactions.
A. True
B. False
A shipping document which serves as acknowledgement of receipt of goods for delivery by a freight carrier is referred to as a bill of lading.
A. True
B. False
An IT system that produces a transaction trail that is available for audit for only a short period of time is an example of an IT system risk.
A. True
B. False
Flowcharts are a form of documenting internal controls in smaller and less complex organizations.
A. True
B. False
A deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness is referred to as a significant deficiency.
A. True
B. False
The management letter prepared by the auditor should only discuss internal control related issues discovered during the audit.
A. True
B. False
Question Type: Multiple choice
What does COSO define as a process effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting and compliance?
A. Internal control
B. Compliance
C. Reporting
D. Risk assessment
One of the seventeen COSO principles of internal control states that “the organization holds individual accountable for their internal control responsibilities in the pursuit of objectives.” To which component of internal control does this principle belong?
A. Control Environment
B. Risk Assessment
C. Control Activities
D. Information and Communication
.
The control environment ________.
A. describes the auditor’s system of internal control
B. refers to both the financial statements of the client and the audit work being conducted
C. sets the foundation for effective internal control, and provides discipline and structure
D. speaks to the ability of the client to gain funding in capital markets
An integrated audit focuses on ________.
A. integrating the internal and external audit functions
B. auditing both internal control over financial reporting(ICFR) and the financial statements
C. integrating component auditors
D. comparing prior year results with the current year to look for abnormalities
Internal control ________.
A. relates only to a client’s IT systems
B. relates to the efficiency of the internal audit function
C. is a very broad concept and can encompass all of the elements of an organization
D. is unrelated to the audit
The COSO Framework identifies three objectives of internal control that allow organizations to focus on the differing purposes of internal control. One of these is ________.
A. client acceptance and continuance
B. compliance objectives which pertain to adherence to laws and regulations to which the entity is subject
C. internal control analysis
D. risk of material misstatement
An effective and robust system of internal control ________.
A. will guarantee that the entity will meet its objectives
B. will eliminate all risks related to entity objectives
C. can only provide an entity with reasonable assurance in achieving its financial reporting objectives
D. should be carefully examined to see if the benefits outweigh the costs of providing such a system
Common inherent limitations in internal control include ________.
A. ineffective understanding of the purpose of a control
B. controls within a software system are never overridden
C. no evidence or history of collusion within the organization
D. top management agree as to the type and extent of system to implement
Compensating controls are described as ________.
A. controls that deal with monetary compensation for employees and contractors
B. controls that compensate for another control’s potential ineffectiveness
C. controls that are determined to be redundant after analysis
D. controls that have been determined by the auditor to be effective
The external auditor’s primary concern should be ________.
A. adequately controlling the entities operations and its financial reporting
B. adequately supervising the internal audit function
C. with the reporting objective and the operations objectives related to safeguarding of assets
D. ensuring management is immediately made aware of any errors regardless of size
An example of an entity level control would be ________.
A. an entity’s risk assessment process
B. a detective control pertaining to accounts receivable
C. a preventive control relating to an IT function
D. a physical lock on a storage facility
As per the COSO Framework, the operations objectives of internal control include ________.
A. the safeguarding of assets against loss
B. the adherence to laws and regulations
C. reliability and timeliness
D. timeliness and transparency
As per the COSO Framework, one of the reporting objectives of internal control pertains to ________.
A. reliability and transparency
B. efficiency of the entity’s operations,
C. adherence to laws and regulations
D. safeguarding of assets against loss
Which of the following principles is within the control environment component of the seventeen COSO principles of internal control?
A. The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives.
B. The organization specifies objectives with sufficient clarity to enable the identification and assessment of risks relating to objectives.
C. The organization identifies risks to the achievement of its objectives across the entity and analyzes risk as a basis for determining how the risks should be managed.
D. The organization considers the potential for fraud in assessing the risks to the achievement of objectives.
A control ensuring that sales are recorded in the sales ledger is a/an _______-level control.
A. transaction
B. entity
C. division
D. function
In a top-down approach to understanding internal control over financial reporting and selecting the specific internal controls to test, the auditor focuses on _______-level controls.
A. entity
B. division
C. operating unit
D. function
Which of the following is comprised of the attitudes, awareness and actions of management and those charged with governance concerning the entity’s internal control and its importance in the entity?
A. Control environment
B. Entity-level controls
C. Monitoring activities
D. Information and communication
Compared to other types of entity-level controls, the auditor finds _______the easiest to test because their operation is readily verifiable.
A. control activities
B. control environment
C. risk assessment
D. information and communication
Which process involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions?
A. Monitoring
B. Risk assessment
C. Control activities
D. Information and communication
A top-down approach begins by _____.
A. considering what can go wrong in the financial statements
B. considering which members of top management might be committing fraud
C. assigning the highest ranking and most experienced members of an audit team to an audit
D. sending questionnaires to top management to complete before interviewing any mid-level management employees
Establishing an appropriate level of professional skepticism is achieved by ________.
A. gaining an understanding of the entity-level (or entity-wide) internal control components
B. talking to the internal audit function
C. discussions with the client’s attorney
D. a directive from the audit partner in charge
Integrity and ethical behavior ________.
A. are provided by the auditor to the client in training sessions
B. are of no concern, for they are always present
C. are the products of the organization’s ethical and behavioral standards
D. should start at the bottom and work their way up the organization
An entity’s risk assessment process ________.
A. should be reevaluated every five years to respond to changing market conditions and threats
B. should only solicit feedback from and be crafted by top management
C. is its process for identifying and responding to risks that an organization will not achieve its objectives
D. is the same as the auditor’s consideration of risk
In an audit, the purpose of risk assessment is to ________.
A. form an ultimate opinion on the financial statements based on management’s directives
B. assess the combined inherent, control and detection risks to evaluate the likelihood that material misstatements could occur in the financial statements.
C. audit the system of internal control only
D. ultimately ensure that the internal audit function is performing properly
Policies and procedures enacted by the entity which help ensure that management’s directives are carried out are generally referred to as ________.
A. management activities
B. control activities
C. legislative activities
D. company procedures
Physical controls are concerned with limiting ________.
A. physical access to assets to those authorized to have access
B. the informational output of the firm
C. investors access to certain records of the firm which should be kept private
D. access to accounting information to senior managers only
Reports that summarize the detail of account balances such as an aged trial balance of accounts receivable are an example of which category of control activities?
A. Performance reviews
B. Information processing controls
C. Physical controls
D. Segregation of duties
If an employee who has access to the custody of assets steals a cash remittance and covers the theft by recording a bad-debt write off, there was likely a failure in the category of __________.
A. segregation of duties
B. performance reviews
C. authorization control
D. physical controls
Transaction-level controls are those controls that ________.
A. respond to things that can go wrong with transactions.
B. are used reactively to determine where problems have occurred.
C. deal with the financial statements in general.
D. management have suggested the auditor implement.
Risks related to the prelisting of cash receipts and remittance advices relate to ________.
A. cash sales may not be recorded
B. errors may be made in journalizing cash receipts
C. checks received may not agree with prelist of cash
D. receipts may be posted to the wrong customer account
When an auditor decides to follow a particular transaction from initiation through where it is recorded in the financial records, this is known as ________.
A. reperformance
B. walkthrough
C. recalculation
D. vouching
A report sent to each customer showing the beginning receivable balance, transactions during the month, and the ending receivable balance is best described as ________.
A. a statement of cash receipts
B. an aging of accounts receivable
C. monthly statements of receivable balances
D. a general ledger receivables report
Documents and files relating to recording sales would be ________.
A. bill of lading and sales database
B. sales invoice and sales database
C. sales invoice, sales cycle database, and monthly statements of receivables balances
D. bill of lading and monthly receivables balances
Key assertions pertaining to the audit of credit sales are ________.
A. completeness and valuation
B. accuracy and occurrence
C. valuation and allocation
D. rights and obligations
Key assertions pertaining to the delivery of goods are ________.
A. accuracy, completeness, and occurrence
B. completeness, occurrence, and cutoff
C. accuracy, occurrence, and rights and obligations
D. presentation and disclosure
The key assertion an auditor would be testing when examining a sales invoice to determine if it was billed to the correct customer would be ________.
A. valuation and accuracy
B. classification
C. rights and obligations
D. cutoff
Which of the following is a report sent to each customer showing the beginning receivable balance, transactions during the month, and the ending receivable balance?
A. Monthly statement of receivable balances
B. Sales invoice
C. Sales cycle database
D. Customer master file
Which of the following documents contains the customer shipping and billing information and the customer credit limit?
A. Customer master file
B. Packing slip
C. Bill of landing
D. Sales invoice
A bill of lading is a (an) ________.
A. shipping document serving as acknowledgement of receipt of goods for delivery by a freight carrier.
B. client prepared document with the details of items included in a shipment.
C. electronic file that accumulates data on sales, cash receipts, and accounts receivables.
D. electronic file containing the customer shipping and billing information and the customer credit limit.
If you place a control that only a limited number of individuals can change the customer master file and all file changes are reviewed by appropriate levels of management, which of the following risks will you be addressing?
A. Sales made to unauthorized customers
B. Goods released from warehouse for unauthorized orders
C. Some shipments going unbilled
D. Sales invoices recorded in the incorrect amount
If you place a control that the computer checks run-to-run total of beginning receivables, plus sales transactions with the sum of ending receivables, which of the following risks will you be addressing?
A. Invoices not journalized or posted to customer accounts
B. Sales invoices recorded in the incorrect accounting period
C. Products shipped without shipping documents being generated
D. Sale made without credit approval
IT dependent manual controls are controls that chiefly involve manual review of the _________ of computer- generated information.
A. completeness and accuracy
B. cutoff and classification
C. rights and obligations
D. valuation and allocation
Which of the following are designed to provide reasonable assurance that the recording, processing, and reporting of data by an IT system are properly performed for specific applications?
A. Computer application controls
B. Computer general controls
C. IT dependent manual controls
D. None of these options are correct.
IT general controls are ________-level controls.
A. entity
B. division
C. transaction
D. function
Which of the following types of control are designed to control program development, program changes, computer operations, and access to programs and data?
A. Computer general controls
B. Computer application controls
C. IT dependent manual controls
D. None of these options are correct.
Applications controls will ________.
A. differ for each transaction cycle
B. remain the same for each transaction cycle
C. be closely related to transaction processing controls
D. always consist of input controls and processing controls
Documents and files related to initiating credit sales would be ________.
A. customer master file and sales order
B. sales order and sales invoice
C. bill of lading and packing slip
D. credit sales order
A major benefit of an IT system is ________.
A. elimination of mistakes
B. elimination of the need for personnel
C. greater consistency in processing than manual systems
D. increased workload created by exception reports
An example of a risk created by an IT system is ________.
A. increased efficiency in processing transactions
B. less documentary evidence
C. potential availability of real-time financial information
D. the extra cost of staffing an IT support function
The concept of computer general controls, controlling computer systems, and programs is an example of a(an) ________.
A. layering activity
B. IT activity
C. general control activity
D. auditing process activity
When the computer system checks the validity of a customer number or whether a customer has reached their credit limit is an example of a(an) _____.
A. internal audit control
B. internal system control
C. computer application control
D. systems application control
Controlling program development, program changes, computer operations, and securing access to programs and data is the purpose of ________.
A. independent controls
B. manual controls
C. IT general controls
D. tech controls
Computer general controls pertain to ________.
A. only the IT environment
B. only IT activities
C. the IT environment and all IT activities
D. individual IT applications
Input controls are designed to provide reasonable assurance that ________.
A. data received for processing have been properly authorized and converted into machine-sensible form
B. data received for processing have been properly authorized only
C. the computer processing has been performed as intended for the particular application
D. reports generated by the accounting system are accurate and reliable
When an output is reviewed for completeness and apparent reasonableness, it is known as ________.
A. a reasonableness test
B. visual scanning
C. a comparison to source documents
D. statistical accuracy checking
An automated procedure to verify that only alphabetical, numerical, or other special characters appear as required in data fields is known as ________.
A. missing data check
B. valid character check
C. valid code check
D. sequence test check
Access controls include a combination of ________ safeguards.
A. physical, software, and procedural
B. administrative and legal
C. software and hardware
D. transaction-level
What group or groups of application controls are widely recognized?
A. Input, timing, and service controls
B. Timing, service, and processing controls
C. Processing, output, and service controls
D. Input, processing, and output controls
Which of the following application controls is a processing control?
A. Before-and-after report
B. Missing data check
C. Visual scanning
D. Reconciliation of totals
Which application control matches the classification (or transaction) code against the master list of codes permitted for the type of transaction to be processed?
A. Valid code check
B. Missing data check
C. Limit check
D. Valid character check
Run-to-run totals compare ________.
A. ending balances with beginning balances plus known transactions processed.
B. contents of a master file before and after each update.
C. data with an expected limit.
D. actual results and estimated results.
A logic diagram is best described as ________.
A. a complex system of flowcharts detailing the audit procedures conducted and key audit findings
B. a narrative surmise of the key audit findings
C. being similar to a flowchart but including little detail
D. being completed by the client and the auditor upon conclusion of the audit
The most common forms of documentation that auditor uses to signify their understanding of the system of internal control include ________.
A. audit plan
B. only flowcharts
C. flowcharts, narratives, and logic diagrams
D. logic diagrams only
The auditor’s understanding of the client’s system of internal control should be ________.
A. discussed among audit team members only
B. submitted to the client’s internal audit function for agreement/approval
C. well documented so it can be referred back to at any time
D. in documentary form only and submitted to the client’s attorneys for risk assessment
An auditor’s documentation of the client’s system of internal controls ________.
A. should always be written and updated regularly as the auditor gains further understanding
B. is the client’s responsibility, and should be provided to the auditor by the client
C. should be jointly drafted by the auditor and the client
D. should be retained in the permanent audit file and never shared with the client
One disadvantage of flowcharts is they ________.
A. are technically complex and thus misunderstood
B. are too simplistic
C. usually take longer to prepare than narratives or checklists
D. are more expensive to prepare due to the number of audit hours involved
Good use of a narrative method of understanding a client’s system of internal control would be when the ________.
A. client is large and complicated
B. is relatively small and not overly complex
C. requests the auditor do so
D. inherent risk is deemed to be high
What are the most common forms of documentation for client internal controls, particularly in smaller environments where accounting and internal control activities are simple?
A. Narratives
B. Logic diagrams
C. Flow charts
D. Preformatted questionnaires
Which of the following is a form of documenting internal controls that is typically a page divided into two sections?
A. Combinations of narratives and flowcharts
B. Checklists
C. Preformatted questionnaires
D. Narratives
What kind of internal control documentation is particularly helpful in industries that the auditor may not personally be familiar with?
A. Checklists and preformatted questionnaires
B. Combinations of narratives and flowcharts
C. Flowcharts and logic diagrams
D. Narratives and logic diagrams
Logic diagrams provide ________.
A. a visual perspective of the flow of the transactions and key controls throughout the flow that is often simpler for the reader or reviewer to understand
B. a description (in words) of each step of the flow of a transaction from start to finish (that is, from initiation to reporting in the financial report
C. a process flowchart on the left-hand side and the narrative describing each step in the flow on the right-hand side
D. extensive description of steps detailing all aspects of transaction in the internal control processes
Which of the following is a deficiency in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented on a timely basis?
A. Material weakness
B. Deficiency in internal control
C. Significant deficiency
D. Immaterial weakness
An inherent limitation of internal control is that it ________.
A. is only as good as those that designed it
B. often fails to provide complete assurance of misstatements
C. can only provide an entity with reasonable assurance in achieving its financial reporting objectives
D. may be costly to implement, and seldom yields any tangible benefits
Upon consideration of a client’s system of internal control, when an auditor identifies areas with weaknesses, ________.
A. reduced substantive testing in this area will be appropriate to reach the desired level of assurance
B. increased substantive testing in this area will be appropriate to reach the desired level of assurance
C. the auditor should document the weaknesses and refer to them during next year’s audit
D. the auditor should disclaim an opinion on those areas
When the auditor identifies internal control strengths, ________.
A. inherent risk is increased
B. control risk is unaffected
C. control risk is decreased
D. there is no relationship between strength of internal control and inherent risk
When the auditor identifies internal control weaknesses, ________.
A. control risk is increased
B. control risk is decreased
C. risk of material misstatement decreases
D. inherent risk is decreased
A deficiency in internal controls is described as ________.
A. a combination of deficiencies in internal control which are as severe as material weaknesses
B. a deficiency in the design or operation of a single control that does not allow management to prevent and correct misstatements on a timely basis
C. a deficiency, or combination of deficiencies in internal control
D. a deficiency that has created a reasonable possibility of a material misstatement
An important outcome of understanding the client’s system of internal control is the auditor’s ability to ________.
A. guarantee there are no misstatements in the financial statements
B. make recommendations on costs savings related to internal control
C. make observations, draw conclusions and offer recommendations regarding the strengths and weaknesses observed
D. ensure an unqualified audit opinion in regard to the financial statements
A deficiency in an operation exists when ________.
A. a properly designed control does not operate as designed or the person performing the control does not possess the necessary authority or competence to perform the control effectively
B. properly designed control operates as designed and the person performing the control possesses the necessary authority or competence to perform the control effectively
C. it has become clear to the auditor that performance of the operation creates significant risk that a material misstatement will not be detected by the client system
D. an improperly designed control does not operate as designed or the person performing the control possesses the necessary authority or competence to perform the control effectively
A deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis is best described as ________.
A. a material weakness
B. a significant deficiency
C. a material deficiency
D. a deficiency
An auditor’s understanding of a client’s system of internal control ________.
A. is unrelated to the level of substantive procedures an auditor will conduct
B. will help the auditor to determine areas of risk to direct audit attention and resources to
C. is optional, and should only be conducted for larger clients
D. is a helpful tool to determine the accuracy of account balances and transactions
The management letter should ________.
A. be prepared by the audit team, be provided to the client, and discuss internal control weaknesses and other matters discovered during the audit
B. only discuss internal control weaknesses
C. be sent at the beginning of the engagement
D. also be sent to the client’s attorneys as a matter of course
By whose standards are internal control weaknesses commonly categorized into three groups?
A. Both PCAOB and U.S. GAAS
B. PCAOB only
C. U.S. GAAS only
D. Neither PCAOB nor U.S. GAAS
A purpose of the management letter is to ________.
A. communicate internal control matters in writing on a timely basis with those charged with governance
B. identify, analyze, and manage the risks that affect an entity’s ability to achieve its operational effectiveness
C. ensure that every transaction is authorized by management personnel acting within the scope of their authority
D. control program development, program changes, and computer operations and to secure access to programs and data
PCAOB Audit Standard No. 2201 requires that ________.
A. an auditor issues a qualified opinion on all accounts that were not tested in their entirety
B. the audit partner should solely make the determination as to whether any material weaknesses have been identified as part of the audit
C. all companies with a market capitalization of $75,000,000 or more file documentation with the Securities and Exchange Commission (SEC) detailing all deficiencies identified as part of the audit
D. in an audit of ICFR, material weaknesses are reported to the public in the auditor report on ICFR
Those charged with governance of an organization ________.
A. should always be sure to look out for their own interests as well as those of the company
B. cannot be legally held responsible for the actions of the company
C. should rely on the auditors for guidance
D. have an obligation to be concerned with the entity’s financial reporting to shareholders and the investing public
A management letter is sometimes also referred to as a ________.
A. representation letter
B. audit letter
C. letter of recommendations
D. confirmation
A management letter is ________.
A. formally sent by the auditor to the client before acceptance of the engagement
B. a deliverable prepared by the audit team and provided to those charged with governance
C. sent from management to the auditor, detailing management’s assessment of the auditor’s performance during the audit
D. sent to the auditor by management, giving permission to contact the predecessor auditor
The management letter discusses ________.
A. all issues that management wishes to bring to the attention of the auditor
B. all current and pending litigation against the client
C. internal control weaknesses and other matters discovered during the course of the audit
D. management’s disagreements with the auditors regarding certain accounting principles
The purpose of the management letter is to ________.
A. meet the auditor’s responsibility for communicating internal control matters in writing on a timely basis with those charged with governance
B. inform management of the auditors pending desire to withdraw from the engagement
C. meet the auditor’s responsibility for communicating external control matters in writing on a timely basis with those charged with governance
D. request management confirm the makeup and composition of its board of directors and any associated conflicts of interest
One of the key functions of a management letter is to ________.
A. provide management with some idea as to the audit opinion they will likely receive
B. advise management of the auditor’s requirements with respect to filing reports with the Securities and Exchange Commission (SEC)
C. attempt to resolve differences of opinion on accounting estimated used by management in which the auditor disagrees
D. inform those charged with governance of the auditor’s recommendations for improving its internal controls
Which
Question Type: Text Entry
_______ is a key component of the overall audit risk assessment and provides evidence that influences the resulting audit strategy developed by the auditor.
A. |[Control risk |] Inherent risk | Audit risk | Client risk
The _______ also sets the foundation for effective internal control, and provides discipline and structure
A. risk environment | industry in which the client operates | [control environment] | audit partner in charge
The transaction flow in a typical sales process for a client that sells goods begins with processing the orders and ends with _________.
A. recording sales and trade receivables
_______ are controls that affect a particular transaction or group of transactions
A. Entity level controls | [ Transaction level controls] | Audit controls | Client controls
_______ are designed to provide assurance that changes to computer applications are introduced in a controlled and coordinated manner.
A. Access controls | [Program change controls] | Manual controls | Auditing controls
_______ controls are designed to provide reasonable assurance that IT records, processes and reports data properly for specific applications.
A. manual | independent | [computer application ] | IT system
_______ are internal controls that are performed by individuals but rely on computer generated information.
A. Manual controls | [IT dependent manual controls |] IT controls | Process controls
A _______ involves the auditor describing (in words) each step of the flow of a transaction from start to finish
A. flowchart | [narrative] | reperformance procedure | logic diagram
A management letter is sometimes referred to as a _________.
A. letter of recommendations
Question Type: Multiple choice multi select
Which two of the following principles are within the monitoring component of the seventeen COSO principles of internal control?
A. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
B. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
C. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
D. The organization communicates with external parties regarding matters affecting the functioning of internal control.
Which three of the following are included in common inherent limitation in internal control?
A. Human error that results in a breakdown in internal control
B. Ineffective understanding of the purpose of a control
C. Collusion by two or more individuals to circumvent a control
D. A control within a software that cannot be overridden or disabled
Which three of the following are among the five components of internal control?
A. The control environment
B. Risk assessment
C. Information and communication
D. Reward and Punishment
Which two of the following require the auditor to obtain an understanding of an entity’s internal control on all audit engagements?
A. AS 2201 An Audit of Internal Control over Financial Reporting that is Integrated with an Audit of Financial Statements
B. AU-C 315 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
C. AS 2815 The Meaning of "Present Fairly in Conformity with Generally Accepted Accounting Principles"
D. AS 6110 Compliance Auditing Considerations in Audits of Recipients of Governmental Financial Assistance
Which two of the following are external risk factors that an entity might consider?
A. Technological development can affect the nature and timing of research and development or lead to changes in procurement.
B. Changing customer needs or expectations can affect product development, production processes, customer service, pricing or warranties.
C. The quality of personnel hired and methods of training and motivation can influence the level of control consciousness within the entity.
D. The nature of the entity‘s activities, and employee accessibility to assets can contribute to misappropriation of resources.
Which three of the following are true of monitoring?
A. Much of the information used in monitoring is produced by the entity’s information systems.
B. Ongoing monitoring procedures are built into the normal recurring activities of the entity.
C. One of the most common monitoring activities is the internal audit function.
D. Monitoring excludes information obtained from communications with external parties.
In the context of internal controls, which three of the following are true of a smaller entity? (choose three options)
A. It has limitations surrounding its ability to put effective internal controls in place.
B. The small number of its employees limits its ability to segregate duties.
C. The risk of management override can be reduced by establishing documented policies and procedures.
D. It is easier for smaller entities to have a paper trail of documentation supporting an assessment of internal controls.
Which two of the following are true of a sales invoice?
A. It states the particulars of a sale, including the amount owed, terms, and date of sale.
B. It is used to bill customers, and it provides the basis for recording a sale in the sales journal.
C. It is a client prepared document with the details of items included in a shipment.
D. It serves as acknowledgement of receipt of goods for delivery by a freight carrier.
While initiating sales, errors in which two of the following documents or files could mean the risk of sales being made to unauthorized customers?
A. Customer master file
B. Sales order
C. Sales invoice
D. Perpetual inventory
Which three of the following are possible risks during the specific transaction of delivering goods?
A. Goods may be released from warehouse for unauthorized orders.
B. Products are shipped without shipping documents being generated.
C. Goods ordered may not be shipped.
D. Some shipments may not be billed.
A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that ________ ________. (choose two options).
A. is less severe than a material weakness
B. merits attention by those charged with governance
C. is more severe than a material weakness
D. does not merit attention by those charged with governance
Which of the following statements relating to identifying strengths and weaknesses in a system of internal controls are true? (choose two options)
A. If the auditor identifies internal control weaknesses, the risk of material misstatements being undetected by management’s processes and controls increases.
B. The auditor typically performs additional substantive testing in the areas of internal control weakness in order to identify and quantify potential material misstatement.
C. There is no link between weaknesses in internal controls (that is, observations that controls being tested did not operate as intended) and the level of substantive procedures required.
D. When the auditor identifies internal control weaknesses, the auditor will consider a lower assessed level of control risk approach for assertions influenced by these weaknesses.
Question Type: Drop down
Match each of the common documents and files that are found in the process of selling goods, listed here in the left column, with its definition in the right column.
A. Customer master file
||An electronic file containing the customer shipping and billing information and the customer credit limit.
B. Sales order
||A client prepared prenumbered document that includes customer information, description and quantity of what was ordered, and terms of sale.
C. Bill of lading
||A shipping document that serves as acknowledgement of receipt of goods for delivery by a freight carrier.
D. Packing slip
||A client prepared document with the details of items included in a shipment.
Question Type: Short Answer
Auditors are required to obtain a sufficient understanding of an entity's internal control. This understanding is required by the performance principle of GAAS. What are some of the goals (purposes) for conducting an evaluation of an entity's internal control?
List several elements of a company's control environment.
What kind of error or fraud could happen if the inventory warehouse manager also had responsibility for making the physical inventory count and reconciling discrepancies to the perpetual inventory records?
Brian's wife, Susan, owns a printing business in town.
You have been hired to help a small start-up coffee shop set up their accounting information system and internal controls. The owner of the coffee shop, Patrick Lawson, asks you if he really needs to have a computerized system or if he can just use a manual system. Explain the benefits and risks of an IT system over a manual system to Patrick.
- IT systems can provide greater consistency in processing than manual systems because they uniformly subject all transactions to the same controls,
- More timely computer-generated accounting reports may provide management with more effective means of analyzing, supervising, and reviewing the operations of the company, and
- IT systems enhance the ability to monitor the entity’s performance and activities.
- The IT system may produce a transaction trail that is available for audit for only a short period of time,
- There is often less documentary evidence of the performance of control procedures in computer systems,
- Files and records in IT systems are usually in machine-sensible form and cannot be read without a computer,
- The decrease of human involvement in computer processing can obscure errors that might be observed in manual systems,
- IT systems may be more vulnerable to physical disaster, unauthorized manipulation, and mechanical malfunction than information in manual systems,
- Various functions may be concentrated in IT systems, with a corresponding reduction in the traditional segregation of duties followed in manual systems,
- Changes in the system are often more difficult to implement and control in IT systems than in manual systems,
- IT systems are vulnerable to unauthorized changes in programs, systems, or data in master files,
- Reliance is placed on systems that process inaccurate data, process data inaccurately, or both,
- Unauthorized access to data may result in the destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions, or inaccurate recording of transactions, and
- There may be inappropriate or unauthorized manual intervention.
Compare and contrast computer general controls with computer application controls.
- Data center and network operations controls
- System software acquisition, change and maintenance controls
- Program change controls
- Access controls
- Application system acquisition, development and maintenance controls
- Input controls
- Processing controls
- Output controls
By eliminating the intermediary and harnessing the power of peer-to-peer networks, blockchain technology may provide opportunities to reduce transaction costs and decrease settlement time. However, blockchain technology is still emerging and, as such, so are the audit implications. Describe at least three audit risks associated with blockchain technology.
- Unauthorized, fraudulent, or illegal.
- Executed between related parties.
- Linked to a side agreement that is “off chain.”
- Incorrectly classified in the financial statements.
- Unauthorized, fraudulent, or illegal.
- Executed between related parties.
- Linked to a side agreement that is “off chain.”
- Incorrectly classified in the financial statements.
Your new client, Dallas Bread & Pastry, is a small bakery located in Dallas, TX. All sales are made at the local storefront on a cash or credit card basis. Dallas Bread & Pastry has 3 employees. The owner bakes and does the purchasing of ingredients and supplies. There is a second baker who arrives at 3am daily to bake and clean up the kitchen at the end of the day. There is an administrative employee who handles payroll and accounts payable processes. Describe which form of documentation you would use to document your understanding of Dallas Bread & Pastry's internal controls and provide a rationale for your decision.
Compare the advantages and disadvantages of narratives, flowcharts, and internal control questionnaires.
Lucas Edgerton is a staff auditor at Jansen, Smith, and Bryan, LLP. During the audit of a regional pizza franchise, Lucas discovers several deficiencies in internal controls. Explain how Lucas should determine whether or not these deficiencies are significant and/or material weaknesses.
What kind of error or fraud could happen if the inventory warehouse manager also had responsibility for making the physical inventory count and reconciling discrepancies to the perpetual inventory records?
What constitutes a material weakness?
A material weakness in internal control is defined as a deficiency, or combination of deficiencies, that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis. The following circumstances should be regarded as strong indicators that a material weakness exists:
· Restatement of previously issued financial statements to reflect the correction of a misstatement.
· Evidence of material misstatements (caught by the audit team) that were not prevented or detected by the client's internal controls.
· Ineffective oversight of the financial reporting process by the entity's audit committee.
· Indication of fraud (either material or immaterial) by senior management.