Auditing & Assurance Services William Messier 11e - Test Bank

Auditing & Assurance Services William Messier 11e – Test Bank

 

Instant Download – Complete Test Bank With Answers

 

 

Sample Questions Are Posted Below

 

Auditing & Assurance Services: A Systematic Approach, 11e (Messier)

Chapter 7   Auditing Internal Control over Financial Reporting

 

1) All companies must follow the Sarbanes-Oxley Act requirements.

 

Answer:  FALSE

Difficulty: 1 Easy

Topic:  Management Responsibilities under Section 404

Learning Objective:  07-01 Understand management’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

2) Most public companies must follow Sarbanes-Oxley requirements.

 

Answer:  TRUE

Difficulty: 1 Easy

Topic:  Management Responsibilities under Section 404

Learning Objective:  07-01 Understand management’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

3) In a public company, management must assess and report on internal control over financial reporting.

 

Answer:  TRUE

Difficulty: 1 Easy

Topic:  Management Responsibilities under Section 404

Learning Objective:  07-01 Understand management’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

 

4) In a public company, management’s report on internal control must be signed by the members of the audit committee.

 

Answer:  FALSE

Difficulty: 1 Easy

Topic:  Management Responsibilities under Section 404

Learning Objective:  07-01 Understand management’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

5) Based on PCAOB guidelines, the audit of ICFR and financial statements audit should be conducted as an “integrated audit.”

 

Answer:  TRUE

Difficulty: 1 Easy

Topic:  Auditor Responsibilities under Section 404 and AS 2201

Learning Objective:  07-02 Understand the auditor’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

6) The PCAOB makes it clear that the CEO and CFO are responsible for the internal control over financial reporting and the preparation of the statements.

 

Answer:  TRUE

Difficulty: 1 Easy

Topic:  Internal Control over Financial Reporting Defined

Learning Objective:  07-03 Know the definition of internal control over financial reporting (ICFR).

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

7) The likelihood of an event is “more than remote” when it is “reasonably possible.”

 

Answer:  FALSE

Difficulty: 1 Easy

Topic:  Internal Control Deficiencies Defined

Learning Objective:  07-04 Be able to explain the differences between a control deficiency, a significant deficiency, and a material weakness.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

8) When auditing a public company, the auditor must form an opinion on the effectiveness of internal control over financial reporting, or issue a disclaimer in the event of a scope limitation.

 

Answer:  TRUE

Difficulty: 1 Easy

Topic:  Performing an Audit of ICFR

Learning Objective:  07-06 Know how auditors conduct an audit of ICFR.; 07-14 Understand auditor reporting for the audit of ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

9) In order for an external auditor to complete an audit of a public company, the entity’s management must comply with all of the following except:

1. A) accept responsibility for the effectiveness of the entity’s internal control over financial reporting.
2. B) evaluate the effectiveness of the entity’s internal control over financial reporting using suitable control criteria.
3. C) support its evaluation with sufficient evidence, including documentation.
4. D) present an oral assessment of the effectiveness of the entity’s internal control over financial reporting as of the end of the entity’s most recent fiscal year.

 

Answer:  D

Difficulty: 1 Easy

Topic:  Management Responsibilities under Section 404

Learning Objective:  07-01 Understand management’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

 

10) An “integrated audit” as stated in Section 404 of the Sarbanes-Oxley Act means:

1. A) the auditor must consider the integrated thoughts and ideas of everyone on the audit staff.
2. B) the auditor must conduct two audits, one on the effectiveness of internal control and one on the financial statements, in an integrated way.
3. C) the auditor must integrate the same objectives whether auditing internal control or auditing the financial statements.
4. D) two independent CPA firms must work together on the audit.

 

Answer:  B

Difficulty: 1 Easy

Topic:  Auditor Responsibilities under Section 404 and AS 2201

Learning Objective:  07-02 Understand the auditor’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  FN Decision Making; BB Legal

 

11) The PCAOB Auditing Standards require the auditor to provide which of the following?

1. A) Reasonable assurance on the financial statements, absolute assurance on internal control.
2. B) Reasonable assurance on internal control, absolute assurance on the financial statements.
3. C) Absolute assurance on both the financial statements and internal control.
4. D) Reasonable assurance on both the financial statements and internal control.

 

Answer:  D

Difficulty: 1 Easy

Topic:  Auditor Responsibilities under Section 404 and AS 2201

Learning Objective:  07-02 Understand the auditor’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

 

12) According to the PCAOB, who is responsible for the reliability of the internal controls over financial reporting process of an entity?

1. A) The entity’s CEO and/or CFO.
2. B) The entity’s board of directors.
3. C) An internal control specialist.
4. D) The external auditor.

 

Answer:  A

Difficulty: 1 Easy

Topic:  Internal Control over Financial Reporting Defined

Learning Objective:  07-03 Know the definition of internal control over financial reporting (ICFR).

Bloom’s:  Remember

AACSB:  Communication

AICPA:  FN Decision Making; BB Legal

 

13) The person in charge of authorizing credit to customers does not properly understand what constitutes a credit risk. This is an example of:

1. A) A material weakness.
2. B) A design deficiency.
3. C) A deficiency in operation.
4. D) This is not an internal control deficiency.

 

Answer:  C

Difficulty: 1 Easy

Topic:  Internal Control Deficiencies Defined; Evaluating Identified Control Deficiencies

Learning Objective:  07-10 Understand how to evaluate identified control deficiencies.; 07-04 Be able to explain the differences between a control deficiency, a significant deficiency, and a material weakness.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Risk Analysis

 

 

14) A deficiency that implies that there is a reasonable possibility of misstatement in the financial statements that is significant but not material is:

1. A) a material weakness.
2. B) a significant deficiency.
3. C) an insignificant deficiency.
4. D) a probable deficiency.

 

Answer:  B

Difficulty: 1 Easy

Topic:  Internal Control Deficiencies Defined; Evaluating Identified Control Deficiencies

Learning Objective:  07-10 Understand how to evaluate identified control deficiencies.; 07-04 Be able to explain the differences between a control deficiency, a significant deficiency, and a material weakness.

Bloom’s:  Understand

AACSB:  Communication

AICPA:  BB Industry; FN Risk Analysis

 

15) Which of the following is not a topic that requires special consideration by management during management’s internal control assessment process and by the auditor during the audit of internal control?

1. A) Multiple locations and business units.
2. B) Service organizations.
3. C) The role of the auditor in internal control.
4. D) Safeguarding assets.

 

Answer:  C

Difficulty: 1 Easy

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

 

16) Management documentation of the ICFR assessment should include all of the following except:

1. A) documentation regarding every control in a process.
2. B) documentation regarding reasonable support for the basis for management’s assessment and conclusion.
3. C) documentation regarding the design of controls management has placed in operation.
4. D) documentation on the controls management concludes are adequate to address the entity’s financial reporting risks.

 

Answer:  A

Difficulty: 1 Easy

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

17) Which of the following is not a primary objective of internal control as established by COSO?

1. A) Efficiency and effectiveness of operations.
2. B) Effective purchasing systems.
3. C) Compliance with laws and regulations.
4. D) Reliable financial reporting.

 

Answer:  B

Difficulty: 1 Easy

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

18) An auditor performing an audit of internal control over financial reporting would be required to:

1. A) rely on the work of internal auditors.
2. B) test all of the entity’s internal controls.
3. C) form an opinion on the effectiveness of internal control.
4. D) randomly identify accounts for an audit of internal control.

 

Answer:  C

Difficulty: 1 Easy

Topic:  Performing an Audit of ICFR

Learning Objective:  07-06 Know how auditors conduct an audit of ICFR.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

19) In determining the extent to which the auditor may use the work of others in the audit of ICFR, the auditor should do all of the following except:

1. A) be ready to document the extent to which he or she relied on the work.
2. B) evaluate the risks associated with the controls subjected to the work of others.
3. C) evaluate the competence and objectivity of the individuals who performed the work.
4. D) All of these are required.

 

Answer:  D

Difficulty: 1 Easy

Topic:  Plan the Audit of ICFR

Learning Objective:  07-07 Understand how the auditor plans the audit of ICFR.; 07-13 Be familiar with the auditor’s documentation requirements.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  FN Decision Making; BB Resource Management

 

20) Which of the following is least likely to represent a material weakness in internal control for Flynt Corporation?

1. A) Flynt Corporation’s computer systems were not working properly for two days; consequently, employees needed to do all reconciliations manually.
2. B) Flynt Corporation’s CFO was arrested last year for embezzling money from the entity.
3. C) For the current year, the auditor found a material misstatement in Flynt’s sales recognition that was undetected by the internal controls.
4. D) Flynt’s audit committee is deemed to be ineffective.

 

Answer:  A

Difficulty: 1 Easy

Topic:  Evaluating Identified Control Deficiencies

Learning Objective:  07-10 Understand how to evaluate identified control deficiencies.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Risk Analysis

 

 

21) S&H Associates has just performed an audit of Bob’s Bikes. S&H was unable to obtain a written representation from management about internal control. Which of the following is true?

1. A) S&H must still assume that management has assessed the effectiveness of internal control.
2. B) Depending on other factors in the audit, S&H can still issue an unqualified opinion.
3. C) S&H should consider this situation a limitation on the scope of the audit.
4. D) Management does not need to give S&H a letter if it has disclosed all known internal control deficiencies.

 

Answer:  C

Difficulty: 1 Easy

Topic:  Written Representations

Learning Objective:  07-12 Know the written representations that the auditor must obtain from management.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

22) Public reporting on the effectiveness of internal control over financial reporting, as required by the Sarbanes-Oxley Act, includes:

1. A) a statement that the public accounting firm that audited the financial statements has provided input on the design of internal controls.
2. B) the auditor provides an opinion on whether the entity maintained, in all material respects, effective ICFR as of the specified date, based on the control criteria.
3. C) an explicit statement as to whether management agrees with the public accounting firm’s assessment of internal controls.
4. D) a detailed statement describing changes or additions to the internal control environment that occurred in the current year.

 

Answer:  B

Difficulty: 1 Easy

Topic:  Auditor Reporting on ICFR

Learning Objective:  07-14 Understand auditor reporting for the audit of ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

 

23) Which of the following concerning the auditor’s report on internal control over financial reporting is correct?

1. A) The auditor’s report contains an opinion on the effectiveness of internal control over financial reporting based on the auditor’s independent work.
2. B) In the report on internal control over financial reporting, the auditor can issue only a qualified or an unqualified opinion.
3. C) The auditor needs to state management’s assessment of internal control over financial reporting, but does not necessarily need to comment on whether he or she agrees.
4. D) An unqualified opinion is required if a material weakness is identified.

 

Answer:  A

Difficulty: 1 Easy

Topic:  Evaluating Identified Control Deficiencies; Auditor Reporting on ICFR

Learning Objective:  07-10 Understand how to evaluate identified control deficiencies.; 07-14 Understand auditor reporting for the audit of ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

24) Prior to issuing a report on internal controls over financial reporting, an auditor is required to:

1. A) perform procedures sufficient to identify all control deficiencies.
2. B) communicate to management, in writing, all control deficiencies previously included in written communication from the internal auditors.
3. C) communicate to management, in writing, all control deficiencies identified during the audit and inform the audit committee when such a communication has been made.
4. D) represent that no significant deficiencies were noted during the audit of internal control.

 

Answer:  C

Difficulty: 1 Easy

Topic:  Additional Required Communications in an Audit of ICFR

Learning Objective:  07-15 Know the auditor’s communication responsibilities on an audit of ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

 

25) Which of the following is not true?

1. A) The auditor should not communicate with management until the audit of internal control over financial reporting is finished.
2. B) Written communication between the auditor and management about internal control over financial reporting should include the definitions of control deficiencies, significant deficiencies, and material weaknesses.
3. C) The auditor should not include in the audit report that no significant deficiencies were noted during an audit of internal control over financial reporting.
4. D) If fraud is discovered, the auditor must report it to the appropriate level of management.

 

Answer:  A

Difficulty: 1 Easy

Topic:  Additional Required Communications in an Audit of ICFR

Learning Objective:  07-15 Know the auditor’s communication responsibilities on an audit of ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

26) An “integrated audit”:

1. A) will, in most cases, lead to a substantive audit strategy.
2. B) denies the auditor access to information about the entity’s controls.
3. C) may be performed by two separate audit firms.
4. D) is comprised of audits of internal control over financial reporting and of financial statements.

 

Answer:  D

Difficulty: 1 Easy

Topic:  Auditor Responsibilities under Section 404 and AS 2201

Learning Objective:  07-02 Understand the auditor’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

 

27) One of the advantages of generalized audit software is that:

1. A) it involves auditing after the entity has processed the data rather than while the data are being processed.
2. B) it provides a limited ability to verify programming logic because its application is usually directed to testing entity files or databases.
3. C) it is limited to audit procedures that can be conducted on data available in electronic form.
4. D) limited IT expertise or programming skills are required.

 

Answer:  D

Difficulty: 1 Easy

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

28) Which of the following audit procedures would an auditor be least likely to perform using a generalized audit software?

1. A) Searching records of accounts receivable balances for credit balances.
2. B) Investigating inventory for possible damaged goods.
3. C) Selecting accounts receivable for positive and negative confirmations.
4. D) Listing of unusually large inventory balances.

 

Answer:  B

Difficulty: 1 Easy

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

29) The auditor is least likely to use generalized audit software to:

1. A) perform analytical procedures on the entity’s data.
2. B) access information stored on the entity’s IT files.
3. C) identify material weaknesses in the entity’s IT controls.
4. D) test the accuracy of the entity’s computations.

 

Answer:  C

Difficulty: 1 Easy

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

 

30) The five step process in the audit of ICFR includes:

1. A) form an opinion on the safeguarding of the entity’s assets.
2. B) identify controls to test using a top-down, risk-based approach.
3. C) form an opinion on the fairness of the presentation of the financial statements.
4. D) plan the audit of the financial statements.

 

Answer:  B

Difficulty: 1 Easy

Topic:  Performing an Audit of ICFR

Learning Objective:  07-06 Know how auditors conduct an audit of ICFR.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

31) Which of the following is an advantage of generalized audit software?

1. A) They are all written in one identical computer language.
2. B) They can be used for audits of entities that use differing IT equipment and file formats.
3. C) They have reduced the need for the auditor to study input controls for IT-related procedures.
4. D) Their use can be substituted for a relatively large part of the required compliance testing.

 

Answer:  B

Difficulty: 1 Easy

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Remember

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

32) IDEA is an example of:

1. A) an EDI software package.
2. B) custom Audit Software.
3. C) a GAS program that is widely used in practice.
4. D) a type of networking.

 

Answer:  C

Difficulty: 1 Easy

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

 

33) Which of the following is not an element of management’s assessment process for the effectiveness of internal control?

1. A) Identifying financial reporting risks and related controls.
2. B) Determining the locations and business units to include in the evaluation.
3. C) Evaluating evidence about the operating effectiveness of ICFR.
4. D) Obtaining the auditor’s assessment of the internal control effectiveness.

 

Answer:  D

Difficulty: 2 Medium

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

34) Which of the following is true regarding management’s documentation of internal controls?

1. A) Some documentation should focus on controls management has placed in operation to adequately address identified financial reporting risks.
2. B) Documentation should focus on controls over the interim financial reporting process.
3. C) Documentation must be done on paper.
4. D) Inadequate documentation is usually considered an insignificant deficiency in internal control.

 

Answer:  A

Difficulty: 2 Medium

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

35) Which of the following statements is false?

1. A) Management identifies controls that are in place to address the financial reporting risks.
2. B) Management is required to base internal controls on a recognized control framework.
3. C) Nearly all reporting companies use the internal control framework developed by COSO.
4. D) All controls relevant to financial reporting are accounting controls.

 

Answer:  D

Difficulty: 2 Medium

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

 

36) Management’s written representations concerning internal control are:

1. A) addressed to the users of the financial statements.
2. B) normally drafted by management.
3. C) included in the auditor’s final report.
4. D) signed by the CEO and CFO.

 

Answer:  D

Difficulty: 2 Medium

Topic:  Written Representations

Learning Objective:  07-12 Know the written representations that the auditor must obtain from management.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

37) In the context of an audit of internal controls, the auditor must document all of the following except:

1. A) the extent to which he or she relied upon work performed by others.
2. B) the auditor’s understanding and evaluation of the design of each of the components of the entity’s internal control over financial reporting.
3. C) transcripts of the auditor’s discussion with management concerning the points at which misstatements could occur.
4. D) the evaluation of any deficiencies discovered that could result in a modification of the auditor’s report.

 

Answer:  C

Difficulty: 2 Medium

Topic:  Auditor Documentation Requirements

Learning Objective:  07-13 Be familiar with the auditor’s documentation requirements.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

38) Examples of entity-level controls include:

1. A) management’s risk assessment process.
2. B) controls to monitor results of operations.
3. C) the period-end financial reporting process.
4. D) All of these are examples of entity-level controls.

 

Answer:  D

Difficulty: 2 Medium

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

39) Which of the following statements included in management’s assessment of the effectiveness of internal control over financial reporting would not cause the auditor to disclaim an opinion?

1. A) Management includes disclosures about corrective actions taken by the entity after the date of management’s assessment.
2. B) The entity plans to implement new controls.
3. C) Management believes the cost of correcting a material weakness would exceed the benefits derived from implementing the new controls.
4. D) Disclosure of material weaknesses corrected during the period.

 

Answer:  D

Difficulty: 2 Medium

Topic:  Auditor Reporting on ICFR

Learning Objective:  07-14 Understand auditor reporting for the audit of ICFR.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

40) A modification of the standard report is required for all of the following conditions except:

1. A) there is a restriction on the scope of the engagement.
2. B) the presence of a material weakness at the end of the period.
3. C) management has concluded that internal controls are effective.
4. D) the auditor was not able to apply all the procedures necessary.

 

Answer:  C

Difficulty: 2 Medium

Topic:  Auditor Reporting on ICFR

Learning Objective:  07-14 Understand auditor reporting for the audit of ICFR.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

 

41) AAA & Associates recently finished auditing LinktheEarth Corporation’s internal control over financial reporting. AAA found a number of material weaknesses in the entity’s internal control. LinktheEarth’s management remediated all of the weaknesses that AAA found. However, the auditors did not have sufficient time to retest the controls. What report should AAA issue with regards to internal control over financial reporting at year-end?

1. A) Unqualified report.
2. B) Adverse report.
3. C) Qualified report.
4. D) Disclaimer on opinion.

 

Answer:  B

Difficulty: 2 Medium

Topic:  Auditor Reporting on ICFR

Learning Objective:  07-14 Understand auditor reporting for the audit of ICFR.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

42) According to the COSO definition of safeguarding of assets:

1. A) controls over financial reporting are effective if they provide reasonable assurance that asset losses will not occur.
2. B) controls over financial reporting are effective if they provide reasonable assurance that losses are properly reflected in the financial statements.
3. C) controls over financial reporting are effective if they provide reasonable assurance that asset losses will not occur and that losses are properly reflected in the financial statements.
4. D) there is no way to create controls that will provide reasonable assurance that asset losses will not occur.

 

Answer:  B

Difficulty: 2 Medium

Topic:  Safeguarding of Assets

Learning Objective:  07-17 Know management’s and the auditor’s responsibilities for controls that provide reasonable assurance for safeguarding entity assets.

Bloom’s:  Remember

AACSB:  Analytical Thinking

AICPA:  BB Industry; FN Decision Making

 

 

43) An auditor will use the IT test data method in order to gain certain assurances with respect to the

1. A) Input data.
2. B) Machine capacity.
3. C) Application controls contained within the program.
4. D) Degree of keypunching accuracy.

 

Answer:  C

Difficulty: 2 Medium

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

44) Which of the following is true of generalized audit software packages?

1. A) They can be used only in auditing online computer systems.
2. B) It involves auditing while data is being processed.
3. C) They can be used to examine an entire population and eliminate the need for sampling.
4. D) They enable the auditor to perform all manual test procedures less expensively.

 

Answer:  C

Difficulty: 2 Medium

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

45) The advantages of generalized audit software include all of the following except:

1. A) it involves auditing while the data are being processed (real-time).
2. B) it is easy to use.
3. C) the time to develop the application is usually short.
4. D) an entire population can be examined in some instances.

 

Answer:  A

Difficulty: 2 Medium

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Remember

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

 

46) Section 404 of the Sarbanes-Oxley Act includes which of the following?

1. A) A requirement that management of a publicly traded company issues an assessment of internal control that covers the entire year.
2. B) Specific guidance on what constitutes adequate internal control.
3. C) A requirement that management of a publicly traded company accepts responsibility for establishing and maintaining adequate internal controls.
4. D) A requirement that management of a publicly traded company issues an assessment regarding the efficiency of internal control for the year.

 

Answer:  C

Difficulty: 3 Hard

Topic:  Management Responsibilities under Section 404

Learning Objective:  07-01 Understand management’s responsibilities for reporting on internal control under Section 404 of the Sarbanes-Oxley Act.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  FN Decision Making; BB Legal

 

47) For which of the following internal controls would an auditor be least likely to perform tests of internal controls closer to the “as of” date?

1. A) Withdrawals from Federal Bank of more than $5 million must include a manager’s signature.
2. B) At the end of each day at Federal Bank, the total cash in the vault is reconciled with daily registers of deposits and withdrawals.
3. C) Federal Bank has just started establishing trusts for its customers and it has only set up ten such trusts. Before making an investment for a trust, bank employees must verify that the investment is in accordance with stated investment policies.
4. D) On an annual basis, Federal Bank management performs credit checks on its loan customers before determining the value of loans it will not be able to collect on.

 

Answer:  B

Difficulty: 3 Hard

Topic:  Evaluate the Design and Test Operating Effectiveness of Controls

Learning Objective:  07-09 Understand how to test the design and operating effectiveness of controls.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Risk Analysis

 

 

48) Which of the following is false?

1. A) Regardless of the achieved level of control risk in connection with the audit of the financial statements, auditing standards require the auditor to perform some substantive procedures for all significant accounts and disclosures.
2. B) The absence of misstatements in financial statements is considered convincing evidence that existing controls are effective.
3. C) The audit of internal control is intended to draw conclusions about the effectiveness of internal control over financial reporting as of a specific date.
4. D) The auditor is required by AS5 to evaluate the implications of the financial statement audit for the effectiveness of internal control over financial reporting.

 

Answer:  B

Difficulty: 3 Hard

Topic:  Performing an Audit of ICFR

Learning Objective:  07-06 Know how auditors conduct an audit of ICFR.

Bloom’s:  Apply

AACSB:  Analytical Thinking

AICPA:  BB Industry; FN Decision Making

 

49) When testing a computerized accounting system, which of the following is false regarding the test data approach?

1. A) The test data need to consist of only those valid and invalid conditions in which the auditor is interested.
2. B) Only one transaction of each type needs be tested.
3. C) Test data are processed by the entity’s computer programs under the auditor’s control.
4. D) The test data must consist of all possible valid and invalid conditions.

 

Answer:  D

Difficulty: 3 Hard

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

 

50) When an auditor tests a computerized accounting system, which of the following is true of the test data approach?

1. A) Test data are processed by the entity’s computer programs under the auditor’s control.
2. B) Test data must consist of all possible valid and invalid conditions.
3. C) Testing a program at year end provides assurance that the entity’s processing was accurate for the entire year.
4. D) Several transactions of each type must be tested.

 

Answer:  A

Difficulty: 3 Hard

Topic:  Advanced Module 2: Using Technology in the Audit of ICFR

Learning Objective:  07-18 Be familiar with computer-assisted audit techniques.

Bloom’s:  Apply

AACSB:  Technology

AICPA:  BB Leveraging Technology; FN Leveraging Technology

 

51) You are an experienced audit senior. The new staff accountant on your audit team does not understand what a control deficiency is. Give him a definition of “control deficiency.” Include examples of two types of control deficiencies.

 

Answer:  A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A design deficiency exists when (1) a control necessary to meet the relevant control objective is missing or (2) an existing control is not properly designed so that, even if the control operates as designed, the control objective would not be met. A deficiency in operation exists when a properly designed control does not operate as designed or when the person performing the control does not possess the necessary authority or qualifications to perform the control effectively.

 

Specific examples of control deficiencies will vary.

Difficulty: 1 Easy

Topic:  Internal Control Deficiencies Defined; Evaluating Identified Control Deficiencies

Learning Objective:  07-10 Understand how to evaluate identified control deficiencies.; 07-04 Be able to explain the differences between a control deficiency, a significant deficiency, and a material weakness.

Bloom’s:  Understand

AACSB:  Communication

AICPA:  BB Industry; FN Risk Analysis

 

 

52) You are performing an audit on North South Natural Gas (NSNG). Alana, an NSNG employee, has responsibility for reconciling bank statements with the entity’s cash accounts. You determine, however, that Alana has never been taught how to reconcile statements. In effect, the statements have not been properly reconciled for two years. How would you judge the significance of this control deficiency? How would you classify this deficiency?

 

Answer:  To judge the materiality of a control deficiency, the auditor could consider the problem in terms of magnitude and likelihood. The likelihood of an event must be either reasonably possible or probable to be a significant deficiency or a material weakness. This deficiency is obviously probable, because the auditor knows the control has not operated for two years. After the likelihood is determined, the auditor could consider the magnitude of a possible misstatement. A misstatement is not material if a reasonable person would conclude, after considering the possibility of further undetected misstatements, that the misstatement, either individually or when aggregated with other misstatements, would be clearly immaterial to the financial statements. A remote likelihood and insignificant magnitude would result in an insignificant deficiency. A significant deficiency occurs when there is reasonable possibility that a misstatement in the financial statements is not material but significant. A material weakness is a significant deficiency that results when the likelihood is reasonably possible and its magnitude is material.

 

Note: Students should then make and defend a judgment on whether this problem is an insignificant deficiency, significant deficiency, or material weakness.

Difficulty: 2 Medium

Topic:  Internal Control Deficiencies Defined; Evaluating Identified Control Deficiencies

Learning Objective:  07-10 Understand how to evaluate identified control deficiencies.; 07-04 Be able to explain the differences between a control deficiency, a significant deficiency, and a material weakness.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

 

53) CBA Associates is auditing a large publicly traded company. The audit of internal controls over financial reporting has been properly planned and the auditors have already identified controls to test using a top-down, risk-based approach. What is the next step? Give three examples of procedures that may be completed in the next step in the audit.

 

Answer:  The next step is evaluating the design and testing the operating effectiveness of selected controls. For a public company, the auditor must obtain an understanding of the design of controls related to each component of internal control. The procedures the auditor can perform to evaluate the design of specific controls include

 

• inquiring of appropriate management, supervisory, and staff personnel,
• inspecting entity documents,
• observing the application of specific controls, and
• tracing a sample of transactions through the information system.

Difficulty: 2 Medium

Topic:  Performing an Audit of ICFR

Learning Objective:  07-06 Know how auditors conduct an audit of ICFR.

Bloom’s:  Apply

AACSB:  Analytical Thinking

AICPA:  BB Industry; FN Decision Making

 

54) Identify indicators of a material weakness in internal control over financial reporting.

 

Answer:  Indicators of a material weakness in ICFR include (see Table 7-7):

 

• Identification of fraud, whether or not material, committed by senior management;
• Restatement of previously issued financial statements to reflect the correction of a material misstatement;
• Identification by the auditor of a material misstatement of financial statements in the current period in circumstances that indicate that the misstatement would not have been detected by the entity’s ICFR; and
• Ineffective oversight of the entity’s external financial reporting and ICFR by the entity’s audit committee.

Difficulty: 1 Easy

Topic:  Internal Control Deficiencies Defined; Evaluating Identified Control Deficiencies

Learning Objective:  07-10 Understand how to evaluate identified control deficiencies.; 07-04 Be able to explain the differences between a control deficiency, a significant deficiency, and a material weakness.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

 

55) AS5 requires that the auditor appropriately document the processes, procedures, judgments, and results relating to the audit of internal control. Specifically, what must this documentation include?

 

Answer:  The auditor’s documentation must include the auditor’s understanding and evaluation of the design of each of the components of the entity’s internal control over financial reporting. The auditor also documents the process used to determine and the points at which misstatements could occur within significant accounts and disclosures. The auditor must justify and document the extent to which he or she relied upon work performed by others. Finally, the auditor must describe the evaluation of any deficiencies discovered, as well as any other findings, that could result in a modification to the auditor’s report.

Difficulty: 2 Medium

Topic:  Auditor Documentation Requirements

Learning Objective:  07-13 Be familiar with the auditor’s documentation requirements.

Bloom’s:  Remember

AACSB:  Communication

AICPA:  BB Legal; FN Reporting

 

 

56) What is wrong with the following report on internal control over financial reporting for AB Corporation? The auditor believes an unqualified opinion on the effectiveness of internal control over financial reporting is warranted.

 

Report of Registered Public Accounting Firm

We have audited AB Corporation’s internal control over financial reporting as of December 31, 2013, based on criteria established in Internal Control – Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). AB’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting. Our responsibility is to express an opinion on the entity’s internal control over financial reporting based on our audit.

We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, testing and evaluating the design and operating effectiveness of internal control, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

An entity’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. An entity’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the entity; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the entity are being made only in accordance with authorizations of management and directors of the entity; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the entity’s assets that could have a material effect on the financial statements.

In our opinion, AB Corporation maintained, in all material respects, effective internal control over financial reporting as of December 31, 2013, based on criteria established in Internal Control – Integrated Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated financial statements of AB Corporation, and our report dated February 20, 2014 expressed an unqualified opinion.

 

Protzman & Hull

Morgan Hill, CA

February 10, 2014

 

 

Answer:  First, the title of the report should include the word “independent.” Second, the report should include a paragraph stating that, because of inherent limitations, internal control over financial reporting may not prevent or detect misstatements and that projections of any evaluation of effectiveness to future periods are subjected to certain risks and uncertainties. Finally, the date of both the auditor’s report on the entity’s financial statements and the auditor’s report on the entity’s internal control over financial reporting should be the same.

Difficulty: 2 Medium

Topic:  Auditor Reporting on ICFR

Learning Objective:  07-14 Understand auditor reporting for the audit of ICFR.

Bloom’s:  Analyze

AACSB:  Communication

AICPA:  BB Industry; FN Reporting

 

57) On the audit of Technology Unlimited, a leading manufacturer of computer chips, the external audit staff discovers that the internal audit staff has performed extensive evaluation and testing on the control environment. What should the external auditors do to determine the extent to which they may use the work of the internal audit staff? Can the external audit staff rely on the internal audit staff for evaluating and testing the control environment?

 

Answer:  AS 2201 allows the auditor to use the work performed by, or receive direct assistance from, internal auditors, entity personnel, and third parties hired by management or the audit committee. If the work of others is to be used, the auditor should assess the objectivity and competence of the persons whose work will be used. AS 2201 refers to the relevant guidance for assessing competence and objectivity. The risk associated with the control being tested also plays a role in using the work of others. As the risk associated with the control increases, the auditor should perform more of the work. For example, the auditor will rely less on the work of others for a control relating to transactions that involve subjective judgments or that are highly susceptible to manipulation than for a control that relates to routine, objective transactions.

Difficulty: 2 Medium

Topic:  Plan the Audit of ICFR

Learning Objective:  07-07 Understand how the auditor plans the audit of ICFR.

Bloom’s:  Apply

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

 

58) Discuss the differences between a control deficiency, a significant deficiency, a material weakness, and the two dimensions of the control deficiency—likelihood and magnitude.

 

Answer:  Control Deficiency. A control deficiency exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis. A design deficiency exists when: (1) a control necessary to meet the relevant control objective is missing or (2) an existing control is not properly designed so that, even if the control operates as designed, the control objective is not always met. A deficiency in operation exists when a control is designed effectively, but is not effectively implemented.

Significant Deficiency. A significant deficiency is a control deficiency, or combination of control deficiencies, in ICFR that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the entity’s financial reporting.

Material Weakness. A material weakness is a deficiency, or combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis.

Likelihood and Magnitude. According to the above definitions, in judging the significance of a control deficiency, management and the auditor must consider two dimensions of the deficiency: likelihood and magnitude. The definition of material weakness includes the phrase “reasonable possibility.” This term is to be interpreted using the guidance in ASC Topic 450, Contingencies. Accordingly, the likelihood of an event is a “reasonable possibility” if it is either reasonably possible or probable. Magnitude refers to the size of the potential misstatement that could occur due to the deficiency. In determining whether it is reasonably possible that a financial statement misstatement resulting from a deficiency is material, the auditor relies on the same concept of materiality as is used in determining financial statement materiality.

Difficulty: 2 Medium

Topic:  Internal Control Deficiencies Defined

Learning Objective:  07-04 Be able to explain the differences between a control deficiency, a significant deficiency, and a material weakness.

Bloom’s:  Understand

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making

 

 

59) Discuss entity-level controls and provide examples of these types of controls.

 

Answer:  Entity-level controls can have a pervasive effect on the entity’s ability to meet the COSO control criteria. If general controls are not effective, the specific controls are probably unreliable. Entity-level controls addressing management’s ability to override specific controls are thus of central importance. The pervasiveness of entity-level controls suggests that it may be appropriate for the auditor to test and evaluate them before evaluating the other aspects of internal control over financial reporting. However, testing entity-level controls alone is not sufficient for the purpose of expressing an opinion on the effectiveness of an entity’s internal control over financial reporting. Examples of entity-level controls include:

 

1. Controls within the control environment, which includes the tone at the top, assignment of authority and responsibility, consistent policies and procedures, and entitywide programs that apply to all locations and business units (such as codes of conduct and fraud prevention).
2. Controls over management override.
3. Management’s risk assessment process.
4. Centralized processing and controls, including shared service environments.
5. Controls to monitor results of operations.
6. Controls to monitor other controls, including activities of the internal audit function, the audit committee, and self-assessment programs.
7. Period-end financial reporting process.
8. Policies that address significant business control and risk management practices.

Difficulty: 2 Medium

Topic:  Management’s Assessment Process

Learning Objective:  07-05 Understand management’s process for assessing ICFR.

Bloom’s:  Understand

AACSB:  Communication

AICPA:  BB Industry; FN Decision Making