Deck 12: Assessing Control Risk and Reporting on Internal Controls

A)The company's audit committee has experienced unusual turnover of members.
B)The company's CFO was indicted for embezzling from the company.
C)Bank reconciliations are done monthly.
D)The CEO retired after twenty years of service to the company.

A)A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
B)A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably.
C)A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements.
D)A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.

A)in a narrative,most questions simply require a "yes" or "no" response.
B)questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
C)questionnaires and flowcharts should not be used together.
D)flowcharts fail to show the segregation of duties in the company.

A)inquiry
B)observation
C)confirmation
D)inspection

A)identify and assess the risks of material misstatements.
B)perform preliminary analytical procedures.
C)detect fraud.
D)assess inherent risk.

A)that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability.
B)that the integrity of management and the adequacy of risk management are the two primary factors determining auditability.
C)that if all of the transaction information is available only in electronic form without a visible audit trail,the company cannot be audited.
D)the control risk before determining if the entity is auditable.

A)tracing.
B)vouching.
C)performing a walkthrough.
D)testing controls.

A)audit objectives are identified for classes of transactions,account balances,and presentation and disclosure.
B)the auditor identifies controls to satisfy each objective.
C)it is helpful for the auditor to use the five control activities as reminders of controls.
D)all of the above

A)
B)
C)
D)

A)control
B)significant
C)design
D)operating

A)IT assessment controls.
B)assessment of entity level controls.
C)transaction-related controls.
D)fraud controls.

A)make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
B)make a preliminary assessment of control risk.
C)obtain an understanding of the design and implementation of internal control.
D)prepare audit documentation in order to express their opinion on the company's internal control system.

A)key
B)significant
C)material
D)compensating

A)testing the internal controls.
B)documenting the auditor's understanding of internal controls.
C)designing the audit manual and procedures.
D)documenting the auditor's understanding of a client's organizational structure.

A)
B)
C)
D)

A)is no longer a concern because there is no longer a significant deficiency or material weakness.
B)is still a major concern to the auditor.
C)could cause a material loss,so it must be tested using substantive procedures.
D)is magnified and must be removed from the sampling process and examined in its entirety.

A)make inquiries of appropriate client personnel
B)examine documents,records,and reports
C)reperform client procedures
D)inspect design documents

A)When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits,auditing standards require tests of the controls' effectiveness at least every other year.
B)The greater the risk,the less audit evidence the auditor should obtain that controls are operating effectively.
C)The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
D)Testing of internal controls can only be performed by the auditor at the end of the fiscal year.

A)significant
B)alternate
C)design
D)compensating

A)If an auditor wants a lower assessed control risk than the preliminary assessed control risk,the number of controls tested increases while the extent of the tests for each control decrease.
B)The extent of testing depends on the frequency of the operation of the controls.
C)All controls must be tested only at year-end.
D)The frequency of testing is the same for both manual and computer controls.

A)identify the absence of key controls.
B)consider the possibility of compensating controls.
C)determine potential misstatements that could result.
D)identify existing controls.

A)potential misstatement
B)significant weakness
C)significant deficiency
D)fraud symptom

A)are the procedures used to test the effectiveness of controls in support of a reduced assessed control risk.
B)are used to support the ending balances in the balance sheet and income statement accounts.
C)are performed at the end of the audit.
D)are designed to detect fraud.

A)automated controls are always subject to random error or manipulation.
B)automated controls cannot be altered by making a change to the software application.
C)when there are effective general controls and automated application controls,the auditor will need to select a larger sample size of transactions to verify.
D)the extent of testing depends on whether it is a manual or automated control.

A)many auditors use actuarial tables to assist in the control risk assessment process.
B)each control can be used to satisfy only one audit objective.
C)many auditors use a control risk matrix to assist in the control risk assessment process.
D)all controls,including key controls,should be considered.

A)inquiry
B)observation
C)reperformance
D)examination

A)a lower
B)the same
C)a higher
D)either a lower or higher

A)In obtaining an understanding of internal control,the procedures to obtain an understanding are applied to all controls identified during that phase.
B)Tests of controls are applied only when the assessed control risk has not been satisfied by the procedures to obtain an understanding.
C)Procedures to obtain an understanding are performed only on one or a few transactions.
D)All of the above are correct.

A)The auditor is attesting to the effectiveness of internal controls as of the end of the fiscal year.
B)If the client remedies a material weakness before the end of the fiscal year,the auditor must still issue a qualified opinion or a disclaimer of opinion.
C)A scope limitation requires the auditor to issues an adverse opinion.
D)Section 404 requires that the auditor design the audit to detect all deficiencies in internal control.

A)the auditor can assume that the controls are adequate because it is an independent enterprise.
B)auditing standards require the auditor to test the service center's controls if the service center application involves processing significant financial data.
C)and the user auditor decides to rely on the service auditor's report,the user audit must make reference to the report of the service auditor in the opinion on the user organization's financial statements.
D)none of the above

A)adverse opinion.
B)Section 404 report.
C)management letter.
D)Type 1 report.

A)there are no identified material weaknesses as of the end of the fiscal year.
B)there have been no restrictions on the scope of the auditor's work.
C)both a and b
D)either a or b

A)
B)
C)
D)

A)An audit of internal control is required.
B)An audit of internal control is not required.
C)An audit of the design of internal controls is required.
D)An audit of the operational effectiveness of internal controls is required.

A)unqualified opinion
B)disclaimer of opinion
C)adverse opinion
D)qualified opinion

A)The auditor uses the control risk assessment and results of tests of controls to determine planned detection risk.
B)The auditor links the inherent risk assessments to the balance-related audit objectives.
C)The audit risk model is used determine the level of audit risk.
D)All of the above are correct statements.

A)a lack of competent,trustworthy personnel
B)no clear lines of authority
C)no adequate separation of duties
D)a lack of adequate documents and records

A)is assessed above the maximum.
B)is assessed below the maximum.
C)cannot be assessed.
D)none of the above

A)an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
B)a scope limitation requires the auditor to disclaim an opinion on internal controls.
C)if the auditor gives a qualified opinion on the financial statements,they must give a qualified opinion on internal controls.
D)a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.

A)Either oral or written communication is acceptable.
B)Oral communication is required.
C)Written communication is required.
D)Written communication is required for material weaknesses,but oral communication is allowed for significant deficiencies.

A)adequate documents and records.
B)physical controls over assets.
C)competent,trustworthy personnel.
D)internal auditors.

A)auditing through the computer.
B)auditing around the computer.
C)embedded audit module approach.
D)parallel simulation testing.

A)test data approach.
B)generalized audit software approach.
C)microcomputer-aided auditing approach.
D)generally accepted auditing standards.

A)auditors process test data supplied by the client.
B)auditors often obtain assistance from a computer audit specialist.
C)the tests must be performed at the end of the year.
D)the test data must remain in the client's records.

A)parallel simulation testing
B)test data approach
C)embedded audit module
D)generalized audit software testing

A)Auditors process their own test data using the client's computer system and application program.
B)Auditors process their own test data using their own computers that simulate the client's computer system.
C)Auditors use auditor-controlled software to do the same operations that the client's software does,using the same data files.
D)Auditors use client-controlled software to do the same operations that the client's software does,using auditor created data files.

A)Auditors can learn the software in a short period of time.
B)It can be applied to a variety of clients after detailed customization.
C)It can be applied to a variety of clients with minimal adjustments to the software.
D)It greatly accelerates audit testing over manual procedures.

A)test data should include data that the client's system should accept or reject.
B)application programs tested by the auditor's test data must be different from those used by the client throughout the year.
C)select data may remain in the client system after testing.
D)None of the above statements is correct.