Auditing & Assurance Services Timothy Louwers 7e - Test Bank

Auditing & Assurance Services Timothy Louwers 7e – Test Bank

 

Instant Download – Complete Test Bank With Answers

 

 

Sample Questions Are Posted Below

 

Auditing & Assurance Services, 7e (Louwers)

Chapter 5   Risk Assessment: Internal Control Evaluation

 

1) An audit team’s responsibility would not include:

1. A) designing client’s internal controls.
2. B) documentation of understanding of a client’s internal controls.
3. C) communicating internal control deficiencies.
4. D) assessing the effectiveness of a client’s internal controls.

Answer:  A

Difficulty: 2 Medium

Topic:  Management versus Auditors’ Responsibility for Internal Control

Learning Objective:  05-02 Distinguish between the responsibilities of management and auditors regarding an entity’s internal control.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

2) The appropriate separation of duties does not include:

1. A) authorization to execute transactions.
2. B) recording of transactions.
3. C) custody of assets involved in the transactions.
4. D) data preparation.

Answer:  D

Difficulty: 1 Easy

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

3) A set of characteristics that helps to define a seriousness about employees’ attitudes about the control activities in a company is referred to as:

1. A) management assertions.
2. B) the control environment.
3. C) control risk assessment.
4. D) functional responsibilities.

Answer:  B

Difficulty: 1 Easy

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

4) When an auditor plans to rely on controls that have changed since they were last tested, which of the following courses of action would be most appropriate?

1. A) Test the operating effectiveness of such controls in the current audit.
2. B) Document that reliance and proceed with the original audit strategy.
3. C) Inquire of management as to the effectiveness of the controls.
4. D) Report the reliance in the report on internal controls.

Answer:  A

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

5) An auditor is concerned about a policy of management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor’s concern?

1. A) Matching purchase orders to accounts payable.
2. B) Verifying that approved spending limits are not
3. C) Tracing sales orders to the revenue account.
4. D) Reviewing minutes of board meeting.

Answer:  B

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

6) Which of the following activities performed by a department supervisor most likely would help in the prevention or detection of a payroll fraud?

1. A) Distributing paychecks directly to department store employees.
2. B) Setting the pay rate for departmental employees.
3. C) Hiring employees and authorizing them to be added to payroll.
4. D) Approving a summary of hours each employee worked during the pay period.

Answer:  D

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

7) Which of the following outcomes is a likely benefit of information technology used for internal control?

1. A) Processing of unusual or nonrecurring transactions.
2. B) Enhanced timeliness of information.
3. C) Potential loss of data.
4. D) Recording of unauthorized transactions.

Answer:  B

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

8) Which of the following procedures is considered a test of controls?

1. A) An auditor reviews the entity’s check register for unrecorded liabilities.
2. B) An auditor evaluates whether a general journal entry was recorded at the proper amount.
3. C) An auditor interviews and observes appropriate personnel to determine segregation of duties.
4. D) An auditor reviews the audit workpapers to ensure proper sign-off.

Answer:  C

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

9) Which of the following factors is most likely to affect the extent of the documentation of the auditor’s understanding of a client’s system of internal controls?

1. A) The industry and the business and regulatory environments in which the client operates.
2. B) The degree to which information technology is used in the accounting function.
3. C) The relationship between management, the board of directors, and external stakeholders.
4. D) The degree to which the auditor intends to use internal audit personnel to perform substantive tests.

Answer:  B

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

10) Which of the following payroll control activities would most effectively ensure that payment is made only for work performed?

1. A) Require all employees to record arrival and departure by using the time clock.
2. B) Have a payroll clerk recalculate all time cards.
3. C) Require all employees to sign their time cards.
4. D) Require employees to have their direct supervisors approve their time cards.

Answer:  D

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

11) Each of the following types of controls is considered to be an entity-level control, except those:

1. A) relating to the control environment.
2. B) pertaining to the company’s risk assessment process.
3. C) regarding the company’s annual stockholder meeting.
4. D) addressing policies over significant risk management practices.

Answer:  C

Difficulty: 3 Hard

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

12) Which of the following is not a component of internal controls?

1. A) Control environment.
2. B) Control activities.
3. C) Inherent risk.
4. D) Monitoring.

Answer:  C

Difficulty: 1 Easy

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

 

13) Which of the following is a definition of control risk?

1. A) The risk that a material misstatement will not be prevented or detected on a timely basis by the client’s internal controls.
2. B) The risk that the auditor will not detect a material misstatement.
3. C) The risk that the auditor’s assessment of internal controls will be at less than the maximum level.
4. D) The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.

Answer:  A

Difficulty: 1 Easy

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

14) Which of the following should an auditor do when control risk is assessed at the maximum level?

1. A) Perform fewer substantive tests of details.
2. B) Perform more tests of controls.
3. C) Document the assessment.
4. D) Document the control structure more extensively.

Answer:  C

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

 

15) Which of the following statements is correct regarding internal control?

1. A) A well-designed internal control environment ensures the achievement of an entity’s control objectives.
2. B) An inherent limitation to internal control is the fact that controls can be circumvented by management override.
3. C) A well-designed and operated internal control environment should detect collusion perpetrated by two people.
4. D) Internal control is a necessary business function and should be designed and operated to detect all errors and fraud.

Answer:  B

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

16) Which of the following is the best way to compensate for the lack of adequate segregation of duties in a small organization?

1. A) Disclosing lack of segregation of duties to the external auditors during the annual review.
2. B) Replacing personnel every three or four years.
3. C) Requiring accountants to pass a yearly background check.
4. D) Allowing for greater management oversight of incompatible activities.

Answer:  D

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

 

17) Obtaining an understanding of an internal control involves evaluating the design of the control and determining whether the control has been:

1. A) authorized.
2. B) implemented.
3. C) tested.
4. D) monitored.

Answer:  B

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

18) Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertions and risks?

1. A) The relevant internal control components are not well documented.
2. B) The internal auditor already has tested the relevant controls and found them effective.
3. C) Testing the operating effectiveness of the relevant controls would not be efficient.
4. D) The cost of substantive procedures will exceed the cost of testing the relevant controls.

Answer:  C

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

 

19) An auditor is evaluating a client’s internal controls. Which of the following situations would be the most difficult internal control issue for an auditor to detect?

1. A) The accounting staff neglects the control, due to increased transactions to be processed.
2. B) The technology department writes a program that does not properly implement the control, due to a lack of understanding.
3. C) Two employees, who work in different departments, are circumventing an internal control.
4. D) Someone erroneously disables edit checks in a software program designed to identify control exceptions.

Answer:  C

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

20) Which of the following is a factor in the control environment?

1. A) Segregation of duties.
2. B) Information processing.
3. C) Performance reviews.
4. D) Management’s philosophy and operating style.

Answer:  D

Difficulty: 1 Easy

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

21) Control activities intended to ensure that transactions are recorded in the right period are designed to achieve the ASB assertion of:

1. A) occurrence.
2. B) accuracy.
3. C) valuation or allocation.
4. D) cutoff.

Answer:  D

Difficulty: 1 Easy

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

22) Sound internal control can be described as separating all of the following duties and responsibilities except for:

1. A) transaction authorization.
2. B) recordkeeping.
3. C) custody of, or direct access to, assets.
4. D) hiring of employees.

Answer:  D

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

23) After obtaining an understanding of the entity’s internal control and assessing control risk, an auditor of a non-public company decided not to perform additional tests of controls. The auditor most likely concluded that the:

1. A) additional evidence to support a further reduction in control risk was not cost beneficial.
2. B) assessed level of inherent risk exceeded the assessed level of control risk.
3. C) internal control structure was properly designed and justifiably may be relied on.
4. D) evidence obtainable through tests of controls would not support an increased level of control risk.

Answer:  A

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

 

24) Regardless of the assessed level of control risk, an auditor of a non-public company would perform some:

1. A) tests of controls to determine the effectiveness of internal control policies.
2. B) analytical procedures to verify the design of internal control activities.
3. C) substantive tests to restrict detection risk for significant transaction classes.
4. D) dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.

Answer:  C

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

25) The “obtaining an understanding” work phase (Phase 1) of internal control evaluation would not give auditors an overall acquaintance with the client’s:

1. A) control environment.
2. B) information and communication system.
3. C) control activity effectiveness.
4. D) monitoring activities.

Answer:  C

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

26) Which of the following is an information technology general control?

1. A) Check digit.
2. B) Run-to-run totals.
3. C) Distribution of computerized output.
4. D) Separation of duties in the IT department.

Answer:  D

Difficulty: 1 Easy

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Technology

Accessibility:  Keyboard Navigation

 

27) Control strengths and weaknesses should be documented in audit documentation, sometimes called:

1. A) questionnaires, narratives, and flowcharts.
2. B) bridge working papers.
3. C) communications of significant deficiencies.
4. D) internal control letters.

Answer:  B

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

28) The internal control in small business is highly dependent on the:

1. A) separation of functional responsibilities.
2. B) complexity of the client’s internal controls.
3. C) owner-manager’s competence, as well as his/her ethics and integrity.
4. D) bonding of employees.

Answer:  C

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

29) Which of the following is not an input control activity?

1. A) Reasonableness tests.
2. B) Record counts.
3. C) Financial totals.
4. D) Hash totals.

Answer:  A

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Technology

Accessibility:  Keyboard Navigation

 

 

 

30) A sales clerk enters a customer’s six-number customer account. The computer program uses the first five numbers to calculate a sixth number. This resulting number is then compared to the sixth number entered by the sales clerk. This is an example of a:

1. A) valid character test.
2. B) missing data test.
3. C) reasonableness test.
4. D) check digit.

Answer:  D

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Technology

Accessibility:  Keyboard Navigation

31) Which of the following is the least important audit reason for the auditor’s obtaining an understanding of a company’s internal control?

1. A) To serve as a basis for constructive suggestions.
2. B) To plan subsequent substantive tests.
3. C) To identify types of possible misstatements that may occur.
4. D) To consider factors that may affect the risk of material misstatement.

Answer:  A

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Understand

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

32) Tracing bills of lading to sales invoices provides evidence that:

1. A) shipments to customers were invoiced.
2. B) shipments to customers were recorded as sales.
3. C) recorded sales were shipped.
4. D) invoiced sales were recorded as sales.

Answer:  A

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

33) Which of the following client internal control activities is not usually performed in the treasurer’s department?

1. A) Verifying the accuracy of checks and vouchers.
2. B) Controlling the mailing of checks to vendors.
3. C) Approving vendors’ invoices for payment.
4. D) Canceling payment vouchers when paid.

Answer:  C

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

34) Which of the following audit procedures most likely would provide an auditor with the most assurance about the effectiveness of the operation of an entity’s internal control?

1. A) Confirmation with outside parties.
2. B) Inquiry of client personnel.
3. C) Successful re-performance of the control activity.
4. D) Observation of client personnel.

Answer:  C

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

35) When obtaining an understanding of an entity’s internal control in a financial statement audit at a non-public company, an auditor is not obligated to:

1. A) determine whether the control activities have been placed in operation.
2. B) perform procedures to understand the design of the internal control system.
3. C) document the understanding of the company’s internal control system.
4. D) search for significant deficiencies in the operation of the internal control system.

Answer:  D

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

36) After obtaining an understanding of a client’s financial reporting control activities, the auditor would next:

1. A) test the client’s control activities.
2. B) assess the final control risk.
3. C) document the understanding obtained.
4. D) plan the remainder of the audit work.

Answer:  C

Difficulty: 1 Easy

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

37) If auditors assess control risk at the maximum level, they will tend to:

1. A) perform a great deal of additional tests of controls.
2. B) perform a great deal of substantive testing during the audit.
3. C) perform substantive tests at an interim date.
4. D) perform more audit procedures using internal evidence.

Answer:  B

Difficulty: 1 Easy

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

38) The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the:

1. A) factors that raise doubts about the auditability of the financial statements.
2. B) operating effectiveness of internal control policies and procedures.
3. C) risk that material misstatements exist in the financial statements.
4. D) possibility that the nature and extent of substantive tests may be reduced.

Answer:  C

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

39) When the audit team increases the planned assessed level of control risk because certain control activities were determined to be ineffective, the audit team would most likely increase the:

1. A) extent of substantive tests of details.
2. B) level of inherent risk.
3. C) extent of tests of controls.
4. D) level of detection risk.

Answer:  A

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

40) In computer systems, the information technology general controls (ITGC) would not include:

1. A) processing control activities.
2. B) separation of various computer system functions.
3. C) appropriate documentation of the data processing system.
4. D) control over physical access to computer hardware.

Answer:  A

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Technology

Accessibility:  Keyboard Navigation

 

 

41) When auditing financial statements of a private company, the minimum work an auditor must perform in connection with a company’s internal control is best described by which of the following statements?

1. A) Perform exhaustive tests of accounting controls and evaluate the company’s control system effectiveness.
2. B) Determine whether the company’s control policies are designed well enough to prevent material misstatements.
3. C) Prepare auditing working papers that document the auditor’s understanding of the company’s internal control.
4. D) Design procedures to search for significant deficiencies in the actual operation of the company’s internal control.

Answer:  C

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

42) Which of the following would most likely be classified as a material weakness?

1. A) Absence of appropriate separation of duties.
2. B) Absence of appropriate reviews and approvals of transactions.
3. C) Evidence of failure of control activities.
4. D) Ineffective oversight of the financial reporting process by the company’s audit committee.

Answer:  D

Difficulty: 3 Hard

Topic:  Responsibilities in Public Company Audits Required by PCAOB Auditing Standard No. 2201

Learning Objective:  05-05 Describe additional responsibilities for management and auditors of public companies required by Sarbanes–Oxley and PCAOB Auditing Standard No. 2201.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

43) If a control total were to be computed on each of the following data items, which would best be identified as a hash total for a payroll IT application?

1. A) Hours worked.
2. B) Total debits and total credits.
3. C) Net pay.
4. D) Department numbers.

Answer:  D

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Technology

Accessibility:  Keyboard Navigation

 

44) Generally accepted auditing standards (GAAS) give auditors considerable discretion to decide the amount of work required to satisfy auditing standards guiding internal control evaluation and related audit planning. Which of the descriptions below best expresses the minimum amount of work permitted by GAAS for nonpublic companies?

1. A) Do not obtain an understanding of client environment, accounting, or control activities. Do not document the decision to assess control risk at maximum. Perform 100% substantive audit on all financial statement transactions and balances.
2. B) Obtain an understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances.
3. C) Obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk below the maximum. Perform restricted substantive audit on financial statement transactions and balances, considering the control risk assessment.
4. D) Obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk at zero. Perform no substantive audit on financial statement transactions and balances, since zero control risk means that no errors or fraud can reach the accounts.

 

Answer:  B

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

45) Proper separation of duties reduces the opportunities to allow persons to be in positions to both:

1. A) journalize entries and prepare financial statements.
2. B) record cash receipts and cash disbursements.
3. C) establish internal controls and authorize transactions.
4. D) perpetrate a fraud and then conceal it in the books.

Answer:  D

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

46) In an audit of financial statements, an auditor’s primary consideration regarding an internal control policy or activity is whether the policy or activity:

1. A) reflects management’s philosophy and operating style.
2. B) affects management’s financial statement assertions.
3. C) provides adequate safeguards over access to assets.
4. D) enhances management’s decision making processes.

Answer:  B

Difficulty: 3 Hard

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

47) Which of the following is a step in an auditor’s decision to assess control risk at below the maximum?

1. A) Apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls.
2. B) Perform tests of details of transactions and account balances to identify potential errors and fraud.
3. C) Identify specific internal control policies and activities that are likely to detect or prevent material misstatements.
4. D) Document that the additional audit effort to perform tests of controls exceeds the potential reduction in substantive testing.

Answer:  C

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

48) Which of the following is not an objective of internal controls over financial reporting as defined by the Sarbanes-Oxley Act?

1. A) Policies and procedures that pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant.
2. B) Policies and procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and receipts and expenditures of the registrant are being made only in accordance with authorizations of management and directors of the registrant.
3. C) Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations.
4. D) Policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the registrant’s assets that could have a material effect on the financial statements.

Answer:  C

Difficulty: 2 Medium

Topic:  Responsibilities in Public Company Audits Required by PCAOB Auditing Standard No. 2201

Learning Objective:  05-05 Describe additional responsibilities for management and auditors of public companies required by Sarbanes–Oxley and PCAOB Auditing Standard No. 2201.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

49) Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity’s internal controls?

1. A) Incompatible duties.
2. B) Management override.
3. C) Mistakes in judgment.
4. D) Collusion among employees.

Answer:  A

Difficulty: 3 Hard

Topic:  Internal Control Defined

Learning Objective:  05-01 Define and describe what is meant by internal control.

Blooms:  Understand

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

50) As part of understanding the internal control, an auditor is not required to:

1. A) consider factors that affect the risk of material misstatement.
2. B) ascertain whether internal control policies and activities have been placed in operation.
3. C) identify the types of potential misstatements that can occur.
4. D) obtain knowledge about the operating effectiveness of the client’s internal control activities.

Answer:  D

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

51) The primary objective of procedures performed to obtain an understanding of the entity’s internal control is to provide an auditor with:

1. A) knowledge necessary for audit planning.
2. B) evidential matter to use in assessing inherent risk.
3. C) a basis for modifying tests of controls.
4. D) an evaluation of the consistency of application of management’s policies.

Answer:  A

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

52) The overall attitude and awareness of an entity’s board of directors concerning the importance of the client’s internal control usually is reflected in its:

1. A) computer-based control activities.
2. B) system of separation of duties.
3. C) control environment.
4. D) safeguards over access to assets.

Answer:  C

Difficulty: 1 Easy

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

53) After obtaining an understanding of internal controls and assessing control risk on the audit of a non-public company, an auditor decided to perform tests of controls. The auditor most likely decided that:

1. A) it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.
2. B) additional evidence to support a further reduction in control risk is not available.
3. C) an increase in the assessed level of control risk is justified for certain financial statement assertions.
4. D) there were many internal control weaknesses that could allow errors to enter the accounting system.

Answer:  A

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

54) In an audit of financial statements of a non-public company in accordance with generally accepted auditing standards, an auditor is required to:

1. A) document the auditor’s understanding of the entity’s internal control.
2. B) search for significant deficiencies in the operation of the internal controls.
3. C) perform tests of controls to evaluate the effectiveness of the entity’s accounting system.
4. D) determine whether control activities are operating effectively to prevent or detect material misstatements.

Answer:  A

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

55) In testing control activities, an auditor ordinarily selects from a variety of techniques, including:

1. A) inquiry and analytical procedures.
2. B) reperformance and observation.
3. C) comparison and confirmation.
4. D) inspection and verification.

Answer:  B

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

56) Assessing control risk at below the maximum level most likely would involve:

1. A) performing more extensive substantive tests with larger sample sizes than originally planned.
2. B) reducing inherent risk for most of the assertions relevant to significant account balances.
3. C) changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end.
4. D) identifying specific internal control activities that are relevant to specific financial statement assertions.

Answer:  D

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Understand

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

57) A report on internal control effectiveness by the management team of public companies is required by:

2002. A) the Sarbanes-Oxley Act of 2002.
2003. B) the PCAOB.
2004. C) the AICPA.
2005. D) the auditors.

Answer:  A

Difficulty: 2 Medium

Topic:  Responsibilities in Public Company Audits Required by PCAOB Auditing Standard No. 2201

Learning Objective:  05-05 Describe additional responsibilities for management and auditors of public companies required by Sarbanes–Oxley and PCAOB Auditing Standard No. 2201.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

58) Management’s report on internal controls must include each of the following except:

1. A) a statement that management is responsible for establishing and maintaining adequate internal control over financial reporting.
2. B) a statement identifying the framework management uses to evaluate the effectiveness of the company’s internal control.
3. C) a statement providing management’s assessment of the effectiveness of the company’s internal control.
4. D) a statement providing management’s evaluation of the company’s control environment.

Answer:  D

Difficulty: 2 Medium

Topic:  Management versus Auditors’ Responsibility for Internal Control

Learning Objective:  05-02 Distinguish between the responsibilities of management and auditors regarding an entity’s internal control.

Blooms:  Remember

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

59) Which of the following areas can external auditors rely on internal auditors’ work in auditing internal controls?

1. A) Evaluation of the auditing environment.
2. B) Testing of low risk internal control activities.
3. C) All testing of the operating effectiveness of internal control activities.
4. D) As providing the principle evidence for the external auditors’ opinion.

Answer:  B

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

Accessibility:  Keyboard Navigation

 

 

60) Below are several of the ASB management assertions.A. OccurrenceB. CompletenessC. Rights and obligationsD. Allocation or valuationE. ClassificationF. ExistenceG. CutoffH. AccuracyI. UnderstandabilityFor each of the following control activities, identify the management assertion that best applies by placing the correct letter in the blank space below.

 

________ 1. Match shipping documents with sales invoices before a sale is recorded.

________ 2. Balance total of individual customers’ receivables with the control account.

________ 3. Sales manager approves taking discounts.

________ 4. Computer check for billing the quantity shipped, list price, and total.

________ 5. Account for numerical sequence of pre-numbered shipping documents.

Answer:  1. A, 2. E, 3. D, 4. H, 5. B

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

 

61) What is the difference between an internal control’s design effectiveness and its operating effectiveness?

 

Answer:  Design effectiveness determines whether the controls over financial reporting, if operating effectively, would be expected to prevent or detect errors or fraud that could result in a material financial misstatement. Operating effectiveness is whether the control is operating as designed and whether the person performing the control possesses the necessary authority and qualifications to perform the control effectively.

Difficulty: 2 Medium

Topic:  Responsibilities in Public Company Audits Required by PCAOB Auditing Standard No. 2201

Learning Objective:  05-05 Describe additional responsibilities for management and auditors of public companies required by Sarbanes–Oxley and PCAOB Auditing Standard No. 2201.

Blooms:  Remember

AACSB:  Analytical Thinking

 

 

62) List several elements of a company’s control environment.

 

Answer:  Some of the elements of a control environment include:

 

* Management’s philosophy and operating style.

* Company organization structure.

* Functioning of the board of directors, particularly its audit committee.

* Methods of assigning authority and responsibility.

* Management’s monitoring methods, including internal auditing.

* Personnel policies and practices.

* External influences.

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Remember

AACSB:  Analytical Thinking

63) List and explain briefly the phases of an internal control evaluation.

 

Answer:

Phase 1: Understanding and document the client’s internal control structure. This phase includes a general knowledge of the control environment, including the identification of entity level controls. In addition, the auditor should gain an understanding of the flow of transactions through the accounting system and document this understanding using a questionnaire, narrative descriptions and perhaps flowcharts.

 

Phase 2: Assessing the control risk on a preliminary basis. At this point of the process, the strengths and weaknesses of the system are analyzed and should be documented in a bridge work paper. A preliminary assessment of internal controls is completed. At this point, a decision is made as to which controls are going tested and a required degree of compliance is determined.

 

Phase 3: Performing tests of controls audit procedures and reassess control risk. When the audit team determines that a specific control activity could have a significant effect in reducing control risk to a low level for a specific assertion, they perform test of that control activity to obtain specific audit evidence about the effectiveness of the design or operation of that control activity. At this point, the actual degree of compliance is compared with the required degree of compliance. The audit team then must determine the final assessment of control risk and then determine whether any changes to the substantive testing plan must be made.

Difficulty: 2 Medium

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Understand

AACSB:  Analytical Thinking

 

 

64) What are some of the problems in establishing an internal control system in small business?

 

Answer:  Internal control problems in small business would include:

 

1. Separation of functional responsibilities would be difficult because of the small number of employees.
2. The owner manager has to assume a greater role to oversee and supervise authorization, recordkeeping, and custodial functions.
3. The owner manager must be diligent, competent, and have a high degree of integrity.

Difficulty: 2 Medium

Topic:  Components of Internal Control

Learning Objective:  05-03 Define and describe the five basic components of internal control and specify some of their characteristics.

Blooms:  Apply

AACSB:  Analytical Thinking

 

65) Explain the different opinions that auditors can issue for an entity’s internal control over financial reporting.

 

Answer:  Auditors can issue the following opinions for an audit of an entity’s internal control over financial reporting:

 

• Unqualified. No material weaknesses exist.
• Disclaimer. The audit team cannot perform all of the procedures considered necessary and therefore cannot issue an opinion.
• Adverse opinion. One or more material weaknesses exist.

Difficulty: 2 Medium

Topic:  Auditor Reports on Internal Control over Financial Reporting

Learning Objective:  05-06 Explain the communication of internal control deficiencies to those charged with governance such as the audit committee and other key management personnel.

Blooms:  Remember

AACSB:  Communication

 

 

 

66) Auditors are required to obtain a sufficient understanding of an entity’s internal control. This understanding is required by the performance principle of GAAS.

 

Required:

 

1. What are some of the goals (purposes) for conducting an evaluation of an entity’s internal control?
2. What is the impact on substantive testing procedures if the auditor assesses control risk at the “maximum” level? What is the impact on substantive testing procedures if the auditor assesses control risk below the “maximum” level?
3. Should auditors always try to obtain enough evidence to assess control risk below the “maximum” level? Explain.

Answer:

1. The audit team has two primary reasons for conducting an evaluation of an entity’s internal control. First, Sarbanes-Oxley requires an audit of the effectiveness of internal control that is an integrated part of the financial statement audit for publicly traded companies. The second reason for evaluating an entity’s internal control is to comply with the performance principle of GAAS: To assess the risk of material misstatement to give the auditors a basis for planning the audit and determining the nature, timing, and extent of audit procedures for the substantive audit plan. The audit team assesses control risk.

 

1. If auditors assess control risk as “maximum” or 100 percent (i.e., poor control), they will tend to perform a great deal of substantive procedures with large sample sizes (extent), at or near the entity’s fiscal year end (timing), using procedures designed to obtain high-quality external evidence (nature). On the other hand, if auditors assess control risk as “low,” usually around 10 to 20 percent (i.e., effective control), they can perform fewer substantive procedures with smaller sample sizes (extent), at an interim date before the entity’s fiscal year end (timing), using a mixture of procedures designed to obtain high-quality external evidence and lower-quality internal evidence (nature). Of course, auditors may assess control risk between “low” and “maximum” (e.g., “moderate,” “high,” or “slightly below maximum”) and adjust the substantive procedures accordingly.

 

1. No. here may be occasions when the audit team chooses to test everything substantively rather than relying on internal controls to reduce substantive testing. For example, for fixed assets, there are usually a small number of very material transactions. Testing controls would not be efficient if the audit team is going to examine every transaction anyway.

Difficulty: 3 Hard

Topic:  Internal Control Evaluation

Learning Objective:  05-04 Explain the process the audit team uses to assess control risk; understand its impact on the risk of material misstatement; and, ultimately, know how it affects the nature, timing, and extent of further audit procedures to be performed on the audit.

Blooms:  Apply

AACSB:  Analytical Thinking

 

 

67) What are the six steps auditors of public companies should use to audit internal control over financial reporting (ICOFR)?

 

Answer:

1. Planning the engagement
2. Using a top-down approach to gain an understanding
3. Testing controls
4. Evaluating control deficiencies
5. Wrapping up: forming an opinion on the effectiveness of internal control over financial reporting
6. Reporting on internal control

Difficulty: 2 Medium

Topic:  Responsibilities in Public Company Audits Required by PCAOB Auditing Standard No. 2201

Learning Objective:  05-05 Describe additional responsibilities for management and auditors of public companies required by Sarbanes–Oxley and PCAOB Auditing Standard No. 2201.

Blooms:  Remember

AACSB:  Analytical Thinking

 

68) What constitutes a material weakness?

 

Answer:  A material weakness in internal control is defined as a deficiency, or combination of deficiencies, that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis. The following circumstances should be regarded as strong indicators that a material weakness exists:

 

• Restatement of previously issued financial statements to reflect the correction of a misstatement.
• Evidence of material misstatements (caught by the audit team) that were not prevented or detected by the client’s internal controls.
• Ineffective oversight of the financial reporting process by the entity’s audit committee.
• Indication of fraud (either material or immaterial) by senior management.

Difficulty: 2 Medium

Topic:  Responsibilities in Public Company Audits Required by PCAOB Auditing Standard No. 2201

Learning Objective:  05-05 Describe additional responsibilities for management and auditors of public companies required by Sarbanes–Oxley and PCAOB Auditing Standard No. 2201.

Blooms:  Remember

AACSB:  Analytical Thinking

 

 

 

69) What is the difference between a significant deficiency and a material weakness?

 

Answer:  The difference between a significant deficiency and a material weakness is the (1) likelihood and (2) materiality that a potential (or actual) misstatement would not be detected on a timely basis.

Difficulty: 2 Medium

Topic:  Responsibilities in Public Company Audits Required by PCAOB Auditing Standard No. 2201

Learning Objective:  05-05 Describe additional responsibilities for management and auditors of public companies required by Sarbanes–Oxley and PCAOB Auditing Standard No. 2201.

Blooms:  Remember

AACSB:  Analytical Thinking