Auditing and Assurance Services, 15e (Arens) Chapter 10 Internal Control, Control Risk, and Section 404 Audits Learning !"ective 10#1 1) $hich o% the %ollo&ing is not one o% the three pri'ar o!"ectives o% e%%ective internal control A) Relia!ilit o% %inancial reporting *) +%%icienc and e%%ectiveness o% operations C) Co'pliance &ith la&s and regulations
D) Assurance of elimination of business risk Ans&er -
.) $hich o% 'anage'ent/s assertions &ith respect to i'ple'enting internal controls is the auditor pri'aril concerned concerned A) +%%icienc o% operations
B) Reliability of financial reporting C) +%%ectiveness o% operations -) Co'pliance &ith applica!le la&s and regulations Ans&er *
) Internal controls A) are i'ple'ented ! and are the responsi!ilit o% the auditors
B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals. C) guarantee that the co'pan co'plies &ith all la&s and regulations -) onl appl to S+C co'panies Ans&er * 4) Internal controls are not designed to provide reasona!le assurance that
A) all frauds will be detected. *) transactions are e2ecuted in accordance &ith 'anage'ent/s 'anage'ent/s authori3ation C) the co'pan/s resources are used e%%icientl and e%%ectivel e%%ectivel -) co'pan personnel co'pl &ith applica!le rules and regulations Ans&er A 5) -escri!e each o% the three !road o!"ectives 'anage'ent tpicall has %or internal control $ith &hich o% these o!"ectives is the auditor pri'aril concerned Ans&er he three o!"ectives are Relia!ilit o% %inancial reporting anage'ent has !oth a legal and pro%essional
•
responsi!ilit to !e sure that the in%or'ation is %airl presented in according &ith reporting re6uire'ents such as 7S 8AA9 and I:RS
•
+%%icie +%%icienc nc and e%%ecti e%%ectivenes venesss o% operation operations s Controls Controls &ithin &ithin an organi3ati organi3ation on are 'eant to
encourage e%%icient e%%icient and e%%ective use o% its resources to opti'i3e the co'pan/s goals Co'pliance &ith la&s and regulations 9u!lic, non#pu!lic, and not#%or#pro%it organi3ations are
•
re6uired to %ollo& 'an la&s and regulations So'e relate to accounting onl indirectl, such as environ'ental protection and civil rights la&s thers are closel related to accounting, such as inco'e ta2 regulations and anti#%raud legal provisions he auditor/s %ocus in !oth the audit o% %inancial state'ents and the audit o% internal controls is on the controls over the relia!ilit o% %inancial reporting plus those controls over operations and co'pliance &ith la&s and regulations that could 'ateriall a%%ect %inancial reporting er's hree !road o!"ectives 'anage'ent has %or internal control ;) Section 404 o% the Sar!anes#2le Act re6uires that pu!lic co'panies issue an internal control report
A) True
<) anage'ent has a legal and pro%essional responsi!ilit to !e sure that the %inancial state'ents are prepared in accordance &ith reporting re6uire'ents o% applica!le accounting %ra'e&orks
A) True
Learning !"ective 10#. 1) $hich o% the %ollo&ing is responsi!le %or esta!lishing a private co'pan/s internal control
A) enior !anagement Ans&er
.) &o ke concepts that underlie 'anage'ent/s design and i'ple'entation o% internal control are
") inherent limitations and reasonable reasonable assurance Ans&er C
) he 9CA* places responsi!ilit %or the relia!ilit o% internal controls over the %inancial reporting
process on
")
management
Ans&er
C
4) $hich o% the %ollo&ing parties provides an assess'ent o% the e%%ectiveness o% internal control over %inancial reporting %or pu!lic co'panies
Ans&er A
5) An act o% t&o or 'ore e'ploees to steal assets and cover their the%t ! 'isstating the accounting records &ould !e re%erred to as
A) collusion. Ans&er A ;) Sar!anes#2le re6uires 'anage'ent to issue an internal control report that includes t&o speci%ic ite's $hich o% the %ollo&ing is one o% these t&o re6uire'ents
A) A statement that management is responsible for establishing and maintaining an ade#uate internal control structure and procedures for financial reporting Ans&er
A
<) $hen 'anage'ent is evaluating the design o% internal control, 'anage'ent evaluates &hether the control can do &hich o% the %ollo&ing
Ans&er C
=) $hen one 'aterial &eakness is present at the end o% the ear, 'anage'ent o% a pu!lic co'pan 'ust conclude that internal control over %inancial reporting is A) insu%%icient *) inade6uate
") ineffective -) ine%%icient
Ans&er C
>) he auditors pri'ar purpose in auditing the client/s sste' o% internal control over %inancial reporting is A) to prevent %raudulent %inancial state'ents %ro' !eing issued to the pu!lic
B) to evaluate the effectiveness of the company$s internal controls over all relevant assertions in the financial statements. C) to report to 'anage'ent that the internal controls are e%%ective in preventing 'isstate'ents %ro' appearing on the %inancial state'ents -) to e%%icientl conduct the Audit o% :inancial State'ents Ans&er *
10) anage'ent 'ust disclose 'aterial &eaknesses in internal control in its audit report A) &henever the &eakness is dee'ed signi%icant to a single class o% transactions *) &henever the &eakness is signi%icant to overall %inancial reporting o!"ectives
") if the weakness e%ists at the end of the year. -) onl i% the auditor identi%ies the &eakness as signi%icant Ans&er C 11) In per%or'ing the audit o% internal control over %inancial reporting the auditor e'phasi3es internal control over class o% transactions !ecause
A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing. Ans&er A
1.) Internal controls can never !e regarded as co'pletel e%%ective +ven i% co'pan personnel could design an ideal sste', its e%%ectiveness depends on the A) ade6uac o% the co'puter sste' *) proper i'ple'entation ! 'anage'ent C) a!ilit o% the internal audit sta%% to 'aintain it
D) competency and dependability of the people using it. Ans&er -
1) $hen considering internal controls, an i'portant point to consider is that A) auditors can ignore controls a%%ecting internal 'anage'ent in%or'ation
B) auditors are concerned with the client$s internal controls over the safeguarding of assets if they affect the financial statements. C) 'anage'ent is responsi!le %or understanding and testing internal control over %inancial reporting -) co'panies 'ust use the CS %ra'e&ork to esta!lish internal controls Ans&er *
14) % the %ollo&ing state'ents a!out internal controls, &hich one is least likel to !e correct A) ?o one person should !e responsi!le %or the custodial responsi!ilit and the recording responsi!ilit %or an asset *) ransactions 'ust !e properl authori3ed !e%ore such transactions are processed C) *ecause o% the cost#!ene%it relationship, a client 'a appl controls on a test !asis
D) "ontrol procedures reasonably ensure that collusion among employees cannot occur. Ans&er -
15) he Sar!anes#2le Act re6uires
A) all public companies to issue reports on internal controls. *) all pu!lic co'panies to de%ine ade6uate internal controls C) the auditor o% pu!lic co'panies to design e%%ective internal controls -) the auditor o% pu!lic co'panies to &ithdra& %ro' an engage'ent i% internal controls are &eak Ans&er A
1;) he %inancial state'ents 'a not correctl re%lect accounting %ra'e&orks such as 8AA9 or I:RS i% the A) controls a%%ecting the relia!ilit o% %inancial reporting are inade6uate *) co'pan/s controls do not pro'ote e%%icienc C) co'pan/s controls do not pro'ote e%%ectiveness -) co'pan/s controls do not pro'ote co'pliance &ith applica!le rules and regulations Ans&er A 1<) he pri'ar e'phasis ! auditors is on controls over A) classes o% transactions *) account !alances C) !oth A and *, !ecause the are e6uall i'portant -) !oth A and *, !ecause the var %ro' client to client Ans&er A
1=) An auditor should consider t&o ke issues &hen o!taining an understanding o% a client/s internal controls hese issues are A) the e%%ectiveness and e%%icienc o% the controls *) the %re6uenc and e%%ectiveness o% the controls C) the design and operating e%%ectiveness o% the controls -) the i'ple'entation and operating e%%ectiveness o% the controls Ans&er C
1>) $hen a co'pan designs and i'ple'ents internal controls, cost o% the controls is not a valid consideration *) :alse Ans&er *
.0) Reasona!le assurance allo&s %or A) lo& likelihood that 'aterial 'isstate'ents &ill not !e prevented or detected ! internal controls *) no likelihood that 'aterial 'isstate'ents &ill not !e prevented or detected ! internal control C) 'oderate likelihood that 'aterial 'isstate'ents &ill not !e prevented or detected ! internal control -) high likelihood that 'aterial 'isstate'ents &ill not !e prevented or detected ! internal control Ans&er A
.1) $hich o% the %ollo&ing is 'ost correct regarding the re6uire'ents under Section 404 o% the Sar!anes 2le Act A) he audits o% internal control and the %inancial state'ents provide reasona!le assurance as to 'isstate'ents *) he audit o% internal control provides a!solute assurance o% 'isstate'ent C) he audit o% %inancial state'ents provides a!solute assurance o% 'isstate'ent -) he audits o% internal control and the %inancial state'ents provide a!solute assurance as to 'isstate'ents Ans&er A
..) o issue a report on internal control over %inancial reporting %or a pu!lic co'pan, an auditor 'ust A) evaluate 'anage'ent/s assess'ent process *) independentl assess the design and operating e%%ectiveness o% internal control C) evaluate 'anage'ent/s assess'ent process and independentl assess the design and operating e%%ectiveness o% internal control -) test controls over signi%icant account !alances Ans&er C
Learning !"ective 10#
1) $hich o% the %ollo&ing activities &ould !e least likel to strengthen a co'pan/s internal control A)
Separating accounting other
%ro'
%inancial
operations *) aintaining insurance %or %ire and the%t C) :i2ing responsi!ilit %or the per%or'ance o% e'ploee duties -) Care%ull selecting and training e'ploees Ans&er *
.) $hich o% the %ollo&ing co'ponents o% the control environ'ent de%ine the e2isting lines o% responsi!ilit and authorit A) rgani3ational structure *) anage'ent philosoph and operating stle C) @u'an resource policies and practices -) anage'ent integrit and ethical values Ans&er A
) $hich o% the %ollo&ing %actors 'a increase risks to an organi3ation
Ans&er A
4) $hich o% the %ollo&ing state'ents is 'ost correct &ith respect to separation o% duties A) A person &ho has te'porar or per'anent custod o% an asset should account %or that asset *) +'ploees &ho authori3e transactions should not have custod o% related assets C) +'ploees &ho open cash receipts should record the a'ounts in the su!sidiar ledgers -) +'ploees &ho authori3e transactions should have recording responsi!ilit %or these transactions Ans&er *
5) Authori3ations can !e either general or speci%ic $hich o% the %ollo&ing is not an e2a'ple o% a general authori3ation A) Auto'atic reorder points %or ra& 'aterials inventor *) A sales 'anager/s authori3ation %or a sales return C) Credit li'its %or various classes o% custo'ers -) A sales price list %or 'erchandise Ans&er *
;) $hich o% the %ollo&ing is correct &ith respect to the design and use o% !usiness docu'ents A) he docu'ents should !e in paper %or'at *) -ocu'ents should !e designed %or a single purposes to avoid con%usion in their use C) -ocu'ents should !e designed to !e understanda!le onl ! those &ho use the' -) -ocu'ents should !e prenu'!ered consecutivel to %acilitate control over 'issing docu'ents Ans&er -
<) $hich o% the %ollo&ing !est descri!es the purpose o% control activities A) he actions, policies and procedures that re%lect the overall attitudes o% 'anage'ent *) he identi%ication and analsis o% risks relevant to the preparation o% %inancial state'ents C) he policies and procedures that help ensure that necessar actions are taken to address risks to the achieve'ent o% the entit/s o!"ectives -) Activities that deal &ith the ongoing assess'ent o% the 6ualit o% internal control ! 'anage'ent Ans&er C
=) $hich o% the %ollo&ing deal &ith ongoing or periodic assess'ent o% the 6ualit o% internal control ! 'anage'ent A) ualit 'onitoring activities *) onitoring activities C) versight activities -) anage'ent activities Ans&er *
>) $hich o% the %ollo&ing !est descri!es an entit/s accounting in%or'ation and co''unication sste'
Ans&er -
10) An audit procedure that &ould 'ost likel !e used ! an auditor in per%or'ing tests o% control procedures in &hich the segregation o% %unctions and that leaves no BauditB trail is A) inspection *) o!servation C) reper%or'ance -) reconciliation Ans&er * 11) Internal controls nor'all include procedures designed to provide reasona!le assurance that A) e'ploees act &ith integrit &hen per%or'ing their assigned tasks *) transactions are e2ecuted in accordance &ith 'anage'ent/s authori3ation C) decision processes leading to 'anage'ent/s authori3ation o% transactions are sound -) collusive activities &ould !e detected ! segregation o% e'ploee duties Ans&er *
1.)
$hich
%ollo&ing o%
is
o%
the
not
one
the
su!co'ponents o% the control environ'ent A) anage'ent/s philosoph and operating stle *) rgani3ational structure C) Ade6uate separation o% duties -) Co''it'ent to co'petence Ans&er C 1) It is i'portant %or the C9A to consider the co'petence o% the clients/ personnel !ecause their
co'petence has a direct i'pact upon the A) cost!ene%it relationship o% the sste' o% internal control *) achieve'ent o% the o!"ectives o% internal control C) co'parison o% recorded accounta!ilit &ith assets -) ti'ing o% the tests to !e per%or'ed Ans&er *
14) 9roper segregation o% %unctional responsi!ilities calls %or separation o% A) authori3ation, e2ecution, and pa'ent *) authori3ation, recording, and custod C) custod, e2ecution, and reporting -) authori3ation, pa'ent, and recording Ans&er *
15) $ithout an e%%ective DDDDDDDD, the other co'ponents o% the CS %ra'e&ork are unlikel to result in e%%ective internal control, regardless o% their 6ualit A) risk assess'ent polic *) 'onitoring polic C) control environ'ent -) sste' o% control activities Ans&er C
1;) $hich o% the %ollo&ing groups esta!lishes and 'aintains the co'pan/s internal controls A) Internal auditors *) *oard o% -irectors C) anage'ent -) Audit co''ittee Ans&er C
1<) I% a co'pan has an e%%ective internal audit depart'ent A) the internal auditors can e2press an opinion on the %airness o% the %inancial state'ents *) their &ork cannot !e used ! the e2ternal auditors per 9CA* Standard 5 C) it can reduce e2ternal audit costs ! providing direct assistance to the e2ternal auditors -) the internal auditors 'ust !e C9As in order %or the e2ternal auditors to rel on their &ork Ans&er C
1=) o pro'ote operational e%%icienc, the internal audit depart'ent &ould ideall report to A) line 'anage'ent *) 9CA* C) Chie% Accounting %%icer -) audit co''ittee Ans&er -
1>) @anlon Corp 'aintains a large internal audit sta%% that reports directl to the accounting depart'ent Audit reports prepared ! the internal auditors indicate that the sste' is %unctioning as it should and that the accounting records are relia!le An independent auditor &ill pro!a!l A) eli'inate tests o% controls *) increase the depth o% the stud and evaluation o% ad'inistrative controls C) avoid duplicating the &ork per%or'ed ! the internal audit sta%% -) place li'ited reliance on the &ork per%or'ed ! the internal audit sta%% Ans&er -
.0) +2ternal %inancial state'ent auditors 'ust o!tain evidence regarding &hat attri!utes o% an internal audit (IA) depart'ent i% the e2ternal auditors intend to rel on IA/s &ork A) Integrit *) !"ectivit C) Co'petence -) All o% the a!ove Ans&er -
.1) o o!tain an understanding o% an entit/s control environ'ent, an auditor should concentrate on the su!stance o% 'anage'ent/s policies and procedures rather than their %or' !ecause A) 'anage'ent 'a esta!lish appropriate policies and procedures !ut not act on the' *) the !oard o% directors 'a not !e a&are o% 'anage'ent/s attitude to&ard the control environ'ent C) the auditor 'a !elieve that the policies and procedures are inappropriate %or that particular entit -) the policies and procedures 'a !e so &eak that no reliance is conte'plated ! the auditor Ans&er A ..) Control activities help assure that the necessar actions are taken to address risks to the
achieve'ent o% the co'pan/s o!"ectives List the %ive tpes o% control activities Ans&er 1 Ade6uate separation o% duties . 9roper authori3ation o% transactions and activities Ade6uate docu'ents and records 4 9hsical control over assets and records 5 Independent checks on per%or'ance
.) Certain principles dictate the proper design and use o% docu'ents and records *rie%l descri!e several o% these principles Ans&er -ocu'ents should !e prenu'!ered consecutivel to %acilitate control over 'issing docu'ents
•
and as an aid in locating docu'ents &hen the are needed at a later date -ocu'ents and records should !e prepared at the ti'e a transaction takes place, or as soon as
•
possi!le therea%ter, to 'ini'i3e ti'ing errors -ocu'ents and records should !e designed %or 'ultiple uses, &hen possi!le, to 'ini'i3e the
•
nu'!er o% di%%erent %or's :or e2a'ple, a properl designed and used shipping docu'ent can !e the !asis %or releasing goods %ro' storage to the shipping depart'ent, in%or'ing !illing o% the 6uantit o% goods to !ill to the custo'er and the appropriate !illing date, and updating the perpetual inventor records -ocu'ents and records should !e constructed in a 'anner that encourages correct preparation
•
his can !e done ! providing internal checks &ithin the %or' or record :or e2a'ple, co'puter screen pro'pts 'a %orce online data entr o% critical in%or'ation !e%ore the record is electronicall routed %or authori3ations and approvals Si'ilarl, screen controls can validate the in%or'ation entered, such as &hen an invalid general ledger account nu'!er is auto'aticall re"ected &hen the account nu'!er does not 'atch the chart o% accounts 'aster %ile .4) anage'ent/s identi%ication and analsis o% risk is an ongoing process and is a critical co'ponent o% e%%ective internal control An i'portant %irst step is %or 'anage'ent to identi% %actors that 'a increase risk Identi% at least %ive %actors, o!serva!le ! 'anage'ent, &hich 'a lead to increased risk in a t pical !usiness organi3ation Ans&er here are 'an %actors that 'a lead to increased risk in an organi3ation So'e e2a'ples include %ailure to 'eet prior o!"ectives,
•
6ualit o% personnel,
•
geographic dispersion o% co'pan operations,
•
signi%icance and co'ple2it o% core !usiness processes,
•
introduction o% ne& in%or'ation technologies
•
entrance o% ne& co'petitors and,
•
econo'ic do&nturns
•
.5) Separation o% duties is essential in preventing errors and intentional 'isstate'ents on the
%inancial state'ents List !elo& the %our general guidelines Ans&er 1 Separation o% custod o% the assets %ro' accounting . Separation o% the authori3ation o% transactions %ro' custod o% related assets Separation o% operational responsi!ilit %ro' record keeping responsi!ilit 4 Separation o% I duties %ro' user depart'ents
.;) In developing an understanding o% the client/s accounting in%or'ation sste' the auditor %ollo&s a se6uential process -escri!e the p rocess !elo& Ans&er 1 a"or classes o% transactions o% the entit . @o& these transactions are initiated and recorded $hat accounting records e2ist and their nature 4 @o& the sste' captures other events that are signi%icant to the %inancial state'ents 5 he nature and details o% the %inancial reporting process %ollo&ed .<) he internal control %ra'e&ork developed ! CS includes %ive so#called Bco'ponentsB o% internal control -iscuss each o% these %ive co'ponents Ans&er :ive co'ponents o% internal control are he control environ'ent he control environ'ent consists o% the actions, policies, and
•
procedures that re%lect the overall attitudes o% top 'anage'ent, directors, and o&ners o% an entit a!out internal control and its i'portance to the co'pan Risk assess'ent his is 'anage'ent/s identi%ication and analsis o% risks relevant to the
•
preparation o% %inancial state'ents in accordance &ith appropriate accounting %ra'e&orks such as 8AA9 or I:RS In%or'ation and co''unication hese are the 'ethods used to initiate, record, process, and
•
report the entit/s transactions and to 'aintain accounta!ilit %or the related assets Control activities hese are the policies and procedures that 'anage'ent has esta!lished to
•
'eet its o!"ectives %or %inancial reporting onitoring his is 'anage'ent/s ongoing and periodic assess'ent o% the 6ualit o% internal
•
control per%or'ance to deter'ine &hether controls are operating as intended and are 'odi%ied &hen needed
.=) -iscuss &hat is 'eant ! the ter' Bcontrol environ'entB and identi% %our control environ'ent su!co'ponents that the auditor should consider Ans&er he control environ'ent consists o% the actions, policies, and procedures that re%lect the overall attitudes o% top 'anage'ent, directors, and o&ners o% an entit a!out control and its i'portance to the entit Su!co'ponents include
integrit and ethical values
•
co''it'ent to co'petence
•
!oard o% director or audit co''ittee participation
•
'anage'ent/s philosoph and operating stle
•
organi3ational structure
•
hu'an resource policies and practices
•
.>) List the three steps in 'anage'ent/s assess'ent o% risk and then list t&o o% the categories o% 'anage'ent assertions that 'ust !e satis%ied during the risk assess'ent process Ans&er he steps taken ! 'anage'ent in the risk assess'ent process are identi% the %actors a%%ecting risk
•
assess the signi%icance o% risks and likelihood o% occurrence
•
deter'ine actions necessar to 'anage the risks
•
he categories o% 'anage'ent assertions that 'ust !e satis%ied are assertions a!out classes o% transactions and other events
•
assertions a!out account !alances
•
assertions a!out presentation and disclosure
•
0) Control activities are a su!co'ponent o% the in%or'ation and co''unication co'ponent o% internal control *) :alse Ans&er *
1) Ade6uate docu'ents and records is a su!co'ponent o% the control environ'ent *) :alse
.) he chart o% accounts is help%ul in preventing classi%ication errors i% it accuratel descri!es &hich tpe o% transaction should !e in each account A) rue
) Auditing standards prohi!it reliance on the &ork o% internal auditors due to the lack o% independence o% the internal auditors *) :alse
4) I% an auditor &ishes to rel on the &ork o% internal auditors (IA), the auditor 'ust o!tain satis%actor evidence related to the IA/s co'petence, integrit, and o!"ectivit
A) rue
Learning !"ective 10#4 1) $hen the auditor atte'pts to understand the operation o% the accounting sste' ! tracing a %e& transactions through the accounting sste', the auditor is said to !e A) tracing *) vouching C) per%or'ing a &alk#through -) testing controls Ans&er C .) he purpose o% phase in the Bprocess %or understanding internal control and assessing control riskB is to A) design, per%or' and evaluate tests o% controls *) o!tain and docu'ent an understanding o% internal control design an operation C) assess control risk -) decide planned detection risk and su!stantive tests Ans&er A ) ?arratives, %lo&charts, and internal control 6uestionnaires are three co''on 'ethods o% A) testing the internal controls *) docu'enting the auditor/s understanding o% internal controls C) designing the audit 'anual and procedures -) docu'enting the auditor/s understanding o% a client/s organi3ational structure Ans&er *
4) $hen dealing &ith the docu'entation o% internal control A) in a narrative, 'ost 6uestions si'pl re6uire a B esB or BnoB response *) 6uestionnaires o%%er use%ul checklists to re'ind the auditor o% the 'an di%%erent tpes o% internal controls that should e2ist C) 6uestionnaires and %lo&charts should not !e used together -) %lo&charts %ail to sho& the segregation o% duties in the co'pan Ans&er *
5) Audit evidence regarding the separation o% duties is nor'all !est o!tained ! A) preparing %lo&charts o% operational processes *) preparing narratives o% operational processes C) o!servation o% e'ploees appling control activities -) in6uiries o% e'ploees appling control activities Ans&er C
;) $alkthroughs co'!ine o!servation, inspection, and in6uir to assure that the controls designed ! 'anage'ent have !een i'ple'ented A) rue
<) A narrative should descri!e the disposition o% ever docu'ent and record in the sste' A) rue
=) :or 'ost uses, %lo&charts are superior to narratives as a 'ethod o% co''unicating the characteristics o% internal control A) rue
>) $hen docu'enting their understanding o% a client/s internal controls, auditors are re6uired to use narratives *) :alse
Learning !"ective 10#5 1) he person responsi!le %or reconciling sales invoices to custo'er orders does not access to the co'pan/s 'aster price list in order to correctl co'pute sales his is an e2a'ple o% a(n) A) operating de%icienc *) design de%icienc C) training de%icienc -) 'anage'ent de%icienc Ans&er *
.) Eou are per%or'ing the audit o% internal control %or Cli%ton Co'pan $hich o% the %ollo&ing &ould represent a 'aterial &eakness in internal control A) he co'pan/s audit co''ittee has e2perienced unusual turnover o% 'e'!ers *) he co'pan/s C: &as indicted %or e'!e33ling %ro' the co'pan C) *ank reconciliations are done 'onthl -) he C+ retired a%ter t&ent ears o% service to the co'pan Ans&er *
) he e'ploee in charge o% authori3ing credit to the co'pan/s custo'ers does not %ull understand the concept o% credit risk his lack o% kno&ledge &ould constitute A) a de%icienc in operation o% internal controls *) a de%icienc in design o% internal controls C) a de%icienc o% 'anage'ent -) not constitute a de%icienc Ans&er A
4) $hen assessing &hether the %inancial state'ents are audita!le, the auditor 'ust consider A) that the integrit o% 'anage'ent and the ade6uac o% accounting records are the t&o pri'ar %actors deter'ining audita!ilit *) that the integrit o% 'anage'ent and the ade6uac o% risk 'anage'ent are the t&o pri'ar %actors deter'ining audita!ilit C) that i% all o% the transaction in%or'ation is availa!le onl in electronic %or' &ithout a visi!le audit trail, the co'pan cannot !e audited -) the control risk !e%ore deter'ining i% the entit is audita!le Ans&er A
5) nce auditors deter'ine that entit level controls are designed and placed in the operation the A) 'ake a preli'inar assess'ent %or each transaction#related audit o!"ective %or each 'a"or tpe o% transaction *) 'ake a preli'inar assess'ent o% control risk C) o!tain an understanding o% the design and i'ple'entation o% internal control -) prepare audit docu'entation in order to opine on the co'pan/s internal control sste' Ans&er A
;) $hich o% the %ollo&ing is the correct de%inition o% Bcontrol de%iciencB A) A control de%icienc e2ists i% the design or operation o% controls does not per'it co'pan personnel to prevent or detect 'isstate'ents on a ti'el !asis
*) A control de%icienc e2ists i% one or 'ore de%iciencies e2ist that adversel a%%ect a co'pan/s a!ilit to prepare e2ternal %inancial state'ents relia!l C) A control de%icienc e2ists i% the design or operation o% controls results in a 'ore than re'ote likelihood that controls &ill not prevent or detect 'isstate'ents -) A control de%icienc e2ists i% the design or operation o% controls results in a 'ore than pro!a!le likelihood that controls &ill prevent or detect 'isstate'ents Ans&er A
<) $hich o% the %ollo&ing de%icienc e2ists i% a necessar control is 'issing or not properl %or'ulated A) Control *) Signi%icant C) -esign -) perating Ans&er C
=) o deter'ine i% signi%icant internal control de%iciencies are 'aterial &eaknesses, the 'ust !e evaluated on their
Ans&er A
>) he auditor 'ust co''unicate A) onl 'aterial &eaknesses in internal control to those charged &ith governance
*) !oth signi%icant de%iciencies and 'aterial &eaknesses in internal control to those charged &ith governance C) an signi%icant de%iciencies in internal control to those charged &ith governance using a 'anage'ent letter -) issues regarding internal control to those charged &ith governance in &riting &ithin >0 das %ollo&ing the audit report release Ans&er *
10) *e%ore 'aking the %inal assess'ent o% internal control at the end o% an integrated audit, the auditor 'ust
Ans&er A
11) Signi%icant de%iciencies and 'aterial &eaknesses in internal control o% a pu!lic co'pan 'ust !e reported in &riting to &hich o% the %ollo&ing A) 9u!lic Co'pan Accounting versight *oard *) e'!ers o% 'anage'ent &ho are responsi!le %or the related area o% the co'pan C) Audit co''ittee o% the co'pan/s !oard o% directors and to 'anage'ent -) AIC9A Ans&er C
1.) Signi%icant de%iciencies are 'atters that co'e to an auditor/s attention and should !e co''unicated to an entit/s audit co''ittee !ecause the represent A) 'aterial %rauds perpetrated ! high#level 'anage'ent *) internal control de%iciencies that could adversel a%%ect a co'pan/s a!ilit to initiate, record, process, or report e2ternal %inancial state'ents relia!l C) %lagrant violations o% the entit/s docu'ented con%lict#o%#interest policies -) intentional atte'pts ! client personnel to li'it the scope o% the auditor/s %ield &ork Ans&er *
1) @o& 'ust signi%icant de%iciencies and 'aterial &eaknesses !e co''unicated to those charged
&ith governance A) +ither oral or &ritten co''unication is accepta!le *) ral co''unication is re6uired C) $ritten co''unication is re6uired -) $ritten co''unication is re6uired %or 'aterial &eaknesses, !ut oral co''unication is allo&ed %or signi%icant de%iciencies Ans&er C 14) A %ive#step approach can !e used to identi% de%iciencies, signi%icant de%iciencies, and 'aterial &eaknesses he %irst step in this approach is A) identi% the a!sence o% ke controls *) consider the possi!ilit o% co'pensating controls C) deter'ine potential 'isstate'ents that could result -) identi% e2isting controls Ans&er 15) $hen assessing control risk A) 'an auditors use actuarial ta!les to assist in the control risk assess'ent process *) each control can !e used to satis% onl one audit o!"ective C) 'an auditors use a control risk 'atri2 to assist in the control risk assess'ent process -) all controls, including ke controls, should !e considered Ans&er C 1;) $hen a co'pensating control e2ists, the a!sence o% a ke control A) is no longer a concern !ecause there is no longer a signi%icant de%icienc or 'aterial &eakness *) is still a 'a"or concern to the auditor C) could cause a 'aterial loss, so it 'ust !e tested using su!stantive procedures -) is 'agni%ied and 'ust !e re'oved %ro' the sa'pling process and e2a'ined in its entiret Ans&er A 1<) Eou are the audit 'anager %or a ne& audit client Eour sta%% auditors are unsure o% &hat constitutes a control de%icienc -iscuss the ter's control de%icienc, design de%icienc, and operating de%icienc Ans&er A control de%icienc e2ists i% the design or operation o% controls does not per'it co'pan personnel to prevent or detect 'isstate'ents on a ti'el !asis in the nor'al course o% per%or'ing assigned %unctions A design de%icienc e2ists i% a necessar control is 'issing or not properl designed An operating de%icienc e2ists i% a &ell#designed control does not operate as designed or i% the person per%or'ing the control is insu%%icientl 6uali%ied or authori3ed 1=) -e%ine the %ollo&ing ter's control de%icienc, signi%icant de%icienc, and 'aterial &eakness Ans&er A control deFcienc e2ists i% the design or operation o% controls does not per'it co'pan
•
personnel to prevent or detect 'isstate'ents on a ti'el !asis in the nor'al course o% per%or'ing
their assigned %unctions A signiFcant deFcienc e2ists i% one or 'ore control deFciencies e2ist that is less severe than a
•
'aterial &eakness !ut i'portant enough to 'erit attention ! those responsi!le %or oversight o% the co'pan/s %inancial state'ents A 'aterial &eakness e2ists i% a signiFcant deFcienc, ! itsel%, or in co'!ination &ith other
•
signiFcant deFciencies, results in a reasona!le possi!ilit that internal control &ill not prevent or detect 'aterial Fnancial state'ent 'isstate'ents on a ti'el !asis
1>) -escri!e the auditor/s responsi!ilities related to re6uired co''unications !et&een the auditor and those charged &ith governance (re'ove auditor co''ittee) regarding internal control Ans&er he auditor 'ust co''unicate signiFcant deFciencies and 'aterial &eaknesses in &riting to those charged &ith governance as soon as the !eco'e a&are o% their e2istence he co''unication is usuall addressed to the audit co''ittee and to 'anage'ent i'el co''unications 'a provide 'anage'ent an opportunit to address control deFciencies !e%ore 'anage'ent/s report on internal control 'ust !e issued In so'e instances, deFciencies can !e corrected su%%icientl earl such that !oth 'anage'ent and the auditor can conclude that controls are operating e%%ectivel as o% the !alance sheet date hese co''unications 'ust !e 'ade no later than ;0 das %ollo&ing the audit report release
.0) he te2t suggested a %ive#step approach to identi% de%iciencies, signi%icant de%iciencies, and 'aterial &eaknesses -escri!e this approach Ans&er 1 Identi% e2isting controls *ecause deFciencies and 'aterial &eaknesses are the a!sence o% ade6uate controls, the auditor 'ust %irst kno& &hich controls e2ist . Identi% the a!sence o% ke controls Internal control 6uestionnaires, Go&charts, and &alkthroughs are use%ul tools to identi% &here controls are lacking and the likelihood o% 'isstate'ent is there%ore increased Consider the possi!ilit o% co'pensating controls A co'pensating control is one else&here in the sste' that o%%sets the a!sence o% a ke control $hen a co'pensating control e2ists, there is no longer a signiFcant deFcienc or 'aterial &eakness 4 -ecide &hether there is a signiFcant deFcienc or 'aterial &eakness he likelihood o% 'isstate'ents and their 'aterialit are used to evaluate i% there are signiFcant deFciencies or 'aterial &eaknesses 5 -eter'ine potential 'isstate'ents that could result his step is intended to identi% speciFc 'isstate'ents that are likel to result !ecause o% the signiFcant deFcienc or 'aterial &eakness he i'portance o% a signiFcant deFcienc or 'aterial &eakness is directl related to the likelihood and 'aterialit o% potential 'isstate'ents
.1) he assess'ent o% control risk is the 'easure o% the auditor/s e2pectation that internal controls &ill prevent 'aterial 'isstate'ents %ro' occurring or detect and correct the' i% the have
occurred A) rue
Learning !"ective 10#; 1) I% the results o% tests o% controls support the design and operations o% controls as e2pected, the auditor uses DDDDDDDD control risk as the preli'inar assess'ent A) a lo&er *) the sa'e C) a higher -) either a lo&er or higher Ans&er *
.) An auditor is likel to use %our tpes o% procedures to support the operating e%%ectiveness o% internal controls $hich o% the %ollo&ing &ould generall not !e used A) ake in6uiries o% appropriate client personnel *) +2a'ine docu'ents, records, and reports C) Reper%or' client procedures -) Inspect design docu'ents Ans&er -
) $hich o% the %ollo&ing represents a correct state'ent regarding internal control testing A) $hen auditors plan to use evidence a!out the operating e%%ectiveness o% internal control contained in prior audits, auditing standards re6uire tests o% the controls/ e%%ectiveness at least ever other ear *) he greater the risk, the less audit evidence the auditor should o!tain that controls are operating e%%ectivel C) he auditor uses control risk assess'ent and results o% tests o% controls to deter'ine planned detection risk and the related su!stantive tests %or the %inancial state'ent audit -) esting o% internal controls can onl !e per%or'ed ! the auditor at the end o% the %iscal ear Ans&er C
4) In evaluating the operational e%%ectiveness o% internal controls the auditor is likel to use %our tpes o% audit procedures List the procedures !elo& Ans&er ake in6uiries o% appropriate client personnel
•
+2a'ine docu'ents, records, and reports
•
!serve control#related activities
•
Reper%or' client procedures
•
5) he procedures to o!tain an understanding o% internal control are onl applied &hen the assessed control risk is high *) :alse Ans&er * ;) Controls that are applied throughout the accounting period 'ust !e tested !oth at an interi' date and then again on the !alance sheet date *) :alse Ans&er *
Learning !"ective 10#< 1) $hen deter'ining &hat tpe o% report to issue on internal control under Section 404 A) an adverse opinion on internal control 'ust !e given i% an &eaknesses in a ke internal control is discovered *) a scope li'itation re6uires the auditor to disclai' an opinion on internal controls C) i% the auditor gives a 6uali%ied opinion on the %inancial state'ents, the 'ust give a 6uali%ied opinion on internal controls -) a scope li'itation re6uires the auditor to e2press a 6uali%ied opinion or a disclai'er o% opinion on internal controls Ans&er .) he scope o% the auditor/s report on internal control is li'ited to o!taining reasona!le assurance that signi%icant &eaknesses in internal control are identi%ied *) :alse Ans&er *
) o issue an un6uali%ied opinion on internal control over %inancial reporting, there 'ust !e no identi%ied 'aterial &eaknesses and no restrictions on the scope o% the audit A) rue Ans&er A
Learning !"ective 10#= 1) A control availa!le in a s'all co'pan, &hich 'a !e necessitated !ecause o% lack o% co'petent personnel, is A) a &ider segregation o% duties
*) a voucher sste' C) %e&er transactions to process -) the o&ner#'anager/s direct involve'ent in the control process Ans&er -
.) $hen auditing a private co'pan, the auditor should o!tain an understanding o% internal control su%%icient to A) provide reasona!le protection against client %raud and de%alcations ! client e'ploees *) assess control risk C) provide a !asis %or suggestions to the client %or i'proving the accounting sste' -) provide a 'ethod %or sa%eguarding assets, checking the accurac and relia!ilit o% accounting data, pro'oting operational e%%icienc, and encouraging adherence to prescri!ed 'anagerial policies Ans&er *
) In the audit o% a private co'pan, the auditor &ill test internal controls &hen control risk is initiall assessed at
Ans&er C
4) he auditor/s consideration o% a private co'pan/s internal control is A) re6uired ! 8AA9 *) re6uired ! 8AAS C) re6uired ! the IRS -)
reco''ended ! the S+C
Ans&er
*
5) $hich o% the %ollo&ing 'a represent the !iggest challenge s'aller pu!lic co'panies %ace in i'ple'enting e%%ective internal control A) A lack o% e2pertise
*) Reduced i'portance C) Li'ited resources -) Li'ited availa!le guidance Ans&er C
;) $hich o% the %ollo&ing is 'ost correct %or audits o% non#pu!lic co'panies A) An audit o% internal control is re6uired *) An audit o% internal control is not re6uired C) An audit o% the design o% internal controls is re6uired -) An audit o% the operational e%%ectiveness o% internal controls is re6uired Ans&er *
<) atch seven o% the ter's (a#i) &ith the de%initions provided !elo& (1#<) a Control environ'ent ! Control activities c Independent checks on per%or'ance d Internal control e onitoring % Separation o% duties g 8eneral authori3ation h Speci%ic authori3ation i Risk assess'ent DDDDDDDD 1 anage'ent/s ongoing and periodic assess'ent o% the 6ualit o% internal control per%or'ance to deter'ine that controls are operating as intended and are 'odi%ied &hen needed DDDDDDDD . Co'pan#&ide policies %or the approval o% all transactions &ithin stated li'its DDDDDDDD he actions, policies, and procedures that re%lect the overall attitudes o% top 'anage'ent, directors, and o&ners o% an entit a!out internal control and its i'portance to the entit DDDDDDDD 4 Segregation o% the %ollo&ing activities in an organi3ation custod o% assets, accounting, authori3ation, and operational responsi!ilit DDDDDDDD 5 anage'ent/s identi%ication and analsis o% risks relevant to the preparation o% %inancial state'ents in accordance &ith an applica!le accounting %ra'e&ork DDDDDDDD ; 9olicies and procedures that help ensure that necessar actions are taken to address risks in the achieve'ent o% the entit/s o!"ectives DDDDDDDD < A process designed to provide reasona!le assurance regarding the achieve'ent o% 'anage'ent/s o!"ectives in the %ollo&ing categories (1) relia!ilit o% %inancial reporting, (.) e%%ectiveness and e%%icienc o% operations, and () co'pliance &ith applica!le la&s and regulations Ans&er 1 +
. 8 A 4 : 5 I ; * < -
=) I%, &hen o!taining an understanding o% control activities o% a relativel s'all client, the auditor identi%ied no control activities, the auditor &ould pro!a!l set a high assess'ent o% control risk A) rue Ans&er A >) I%, &hen o!taining an understanding o% control activities o% a relativel s'all client, the auditor identi%ied no control activities, the auditor &ould pro!a!l reassess &hether the client is audita!le A) rue Ans&er A
10) Auditors o% private co'panies 'a rel on prior periods/ tests o% controls A) rue Ans&er A
11) In an audit o% a non#pu!lic co'pan, the less control risk there is, the s'aller the a'ount o% planned su!stantive evidence that is re6uired A) rue Ans&er A
1.) he auditor o% a private co'pan is not re6uired ! auditing standards to issue a &ritten report on signi%icant de%iciencies in internal control *) :alse Ans&er *
1) A co'pan/s si3e should have no i'pact on the nature o% internal control and the controls that are i'ple'ented *) :alse
Ans&er *
14) Control risk is generall set at 'ini'u' %or 'ost private co'panies *) :alse Ans&er *