Deck 3: Internal Controls

A)segregation of duties between members involved in implementing and recording transactions.
B)procedures to recognize transactions.
C)requirements for documented transaction trails before transactions can be posted.
D)physical controls that provide access to assets.

A)The internal control function in a company is a process designed by management and others charged with governance to provide reasonable assurance that the financial statements are prepared in accordance with the COSO financial reporting framework.
B)Management develops internal controls to prevent misstatements in the financial statements.
C)The auditor reviews the internal controls developed by management to assess whether the internal controls are effective in preventing misstatements.
D)The auditing standards define internal controls over financial statements as processes designed by management and others charged with governance to provide reasonable assurance that company responsibilities are met.

A)The internal control function in a company is a process designed by management and others charged with governance to provide reasonable assurance that the financial statements are prepared in accordance with the COSO financial reporting framework.
B)Management develops internal controls to prevent misstatements in the financial statements.
C)The auditor reviews the internal controls developed by management to assess whether the internal controls are effective in preventing or detecting misstatements.
D)The auditing standards define internal controls over financial statements as processes designed by management and others charged with governance to provide assurance that company responsibilities are met.

A)The reliability of financial reporting.
B)The earning of net income.
C)The effectiveness and efficiency of operations.
D)The compliance with laws and regulations.

A)The internal control function in a company is a process designed by management and others charged with governance to provide reasonable assurance that the financial statements are prepared in accordance with the COSO financial reporting framework.
B)Management develops internal controls to prevent or detect misstatements in the financial statements.
C)The auditor reviews the internal controls developed by management to assess whether the internal controls are effective in detecting misstatements.
D)The auditing standards define internal controls over financial statements as processes designed by management and others charged with governance to provide assurance that company responsibilities are met.

A)The internal control function in a company is a process designed by management and others charged with governance to provide reasonable assurance that the financial statements are prepared in accordance with the applicable financial reporting framework.
B)Management develops internal controls to prevent misstatements in the financial statements.
C)The auditor reviews the internal controls developed by management to assess whether the internal controls are effective in detecting misstatements.
D)The auditing standards define internal controls over financial statements as processes designed by management and others charged with governance to provide assurance that company responsibilities are met.

A)segregation of duties between members involved in initiating,approving,implementing and recording transactions.
B)procedures to recognize transactions.
C)requirements for documented transaction trails after transactions are posted.
D)physical controls that provide access to assets.

A)segregation of duties between members involved in implementing and recording transactions.
B)procedures to recognize transactions.
C)requirements for documented transaction trails after transactions can be posted.
D)physical controls that limit access to assets.

A)segregation of duties between members involved in implementing and recording transactions.
B)procedures to authorize transactions.
C)requirements for documented transaction trails after transactions can be posted.
D)physical controls that provide access to assets.

A)Integrity and ethical values
B)Management organization
C)Human resources policies and procedures
D)Commitment to competence

A)to identify risks to the entity's ability to achieve its objectives
B)the procedures used by the company to help it achieve its objectives
C)systems to exchange the information needed to make decisions
D)to determine whether internal controls effectively prevent misstatements or detect misstatements in the financial statements

A)occur before the transaction is complete.
B)are controls used by auditors to offset the risk in another procedure.
C)are used because it is cost effective to implement particular control procedures.
D)to be effective,will likely detect misstatements in a timely fashion.

A)to identify risks to the entity's ability to achieve its objectives
B)the procedures used by the company to help it achieve its objectives
C)systems to exchange the information needed to make decisions
D)to determine whether internal controls effectively prevent misstatements or detect misstatements in the financial statements

A)occur before the transaction is complete.
B)are controls used by auditors to offset the risk in another procedure.
C)are used because it is not cost effective to implement particular control procedures.
D)if effective will prevent misstatements in a timely fashion.

A)new or revamped information systems
B)new business models
C)new internal auditing methods
D)corporate restructuring

A)test the validity of transactions
B)increase the rate of return on an investment
C)determine which customer provides the highest quality product
D)initiate,record,process,and report transactions

A)separation of transactions from the authorization of documents
B)proper authorization of transactions and activities
C)separation of IT duties from user departments
D)physical control over checks on performance and independent control over records
E)both A and B
F)both B and C
G)both A and D

A)capturing events and conditions significant to the financial statements
B)the procedures and records established to initiate,record,process,and report entity transactions
C)specific accounts in the financial statements used for initiating,recording,processing and reporting transactions
D)all of the above

A)occur before the transaction is complete.
B)are controls used by management to offset the risk in another procedure.
C)are used because it is cost effective to implement particular control procedures.
D)if effective will prevent misstatements in a timely fashion.

A)testing them only if he chooses to rely on them to prevent or detect misstatements in the account balances.
B)testing them only if he chooses to rely on them to prevent or detect misstatements in the transactions.
C)testing them only if he chooses to rely on them to prevent or detect misstatements in the financial statements.
D)testing them only if he chooses to rely on them to prevent or detect misstatements in the management representations.

A)confirmation of the application of the control
B)gathering of documents,reports,or computer files
C)observation of the application of the control
D)inspecting the control again

A)inquiries of company management
B)gathering of documents,reports,or computer files
C)confirmation of the application of the control
D)performing the control again

A)risk assessment,control activities,misstatement identification,information and communications,and monitoring
B)control activities,risk assessment,misstatement identification,information and communications,and monitoring
C)control environment,risk assessment,control activities,information and communications,and monitoring
D)control environment,risk assessment,control activities,misstatement identification,and monitoring

A)to identify risks to the entity's ability to achieve its objectives
B)the procedures used by the company to help it achieve its objectives
C)systems to exchange the information needed to make decisions
D)to determine whether internal controls effectively prevent misstatements or detect misstatements in the financial statements

A)the business process level
B)the balance level
C)the account level
D)the overall company level

A)inquiries of company management
B)inspection of documents,reports,or computer files
C)confirmation of the application of the control
D)inspecting the control again

A)occur after the transaction is complete.
B)are controls used by auditors to offset the risk in another procedure.
C)are used because it is cost effective to implement particular control procedures.
D)if effective will prevent misstatements in a timely fashion.

A)to identify risks to the entity's ability to achieve its objectives
B)the procedures used by the company to help it achieve its objectives
C)systems to exchange the information needed to make decisions
D)to determine whether internal controls effectively prevent misstatements or detect misstatements in the financial statements

A)inquiries of company employees
B)gathering of documents,reports,or computer files
C)confirmation of the application of the control
D)inspecting the control again

A)obtain a report prepared by the auditor of the service organization that describes the service organization's system
B)request the management of the service organization to perform test of controls at the direction of the auditor
C)perform substantive tests of transactions at the service organization
D)perform tests of the client's controls over the activities performed by the service organization

A)internal control evidence
B)substantive tests of controls
C)a combination of internal control evidence and substantive evidence
D)a combination of substantive tests and analytical procedures

A)the management environment
B)the risk assessment process
C)the information system including the business processes relevant for financial reporting
D)how the company communicates internal control roles and responsibilities
E)how the company has controlled risks arising from IT
F)both A and B
G)both B and C
H)both C and D

A)Type I report describes the service organization's controls and evaluates whether they are appropriate to achieve specific control objectives
B)Type II contains the results of internal control tests conducted by the service organization to determine whether the controls provide reasonable assurance that the control objectives were achieved
C)Type II contains the information in a Type I report and the results of internal control tests conducted by the service organization to determine whether the controls provide reasonable assurance that the control objectives were achieved
D)Type III contains an overall evaluation of the complete internal control structure as required by Sarbanes-Oxley
E)All of the above
F)A,B,and C

A)internal auditors are responsible for monitoring internal controls to make sure they are operating as intended
B)external auditors are responsible for monitoring internal controls to make sure they are operating as intended
C)user departments are responsible for monitoring internal controls to make sure they are operating as intended
D)management is responsible for monitoring internal controls to make sure they are operating as intended

A)the control environment
B)the auditor's risk assessment process
C)the information system including the business processes relevant for internal control
D)how the company communicates internal control roles and responsibilities
E)how the company has responded to risks arising from IT
F)both A and B
G)both A and C
Both A and E

A)the control environment
B)the auditor's risk assessment process
C)the information system including the business processes relevant for internal controls
D)how the company communicates financial reporting roles and responsibilities
E)how the company has controlled risks arising from IT
F)both A and B
G)both A and C
Both A and D
I)both A and E

A)obtain a report prepared by the auditor of the service organization that describes the service organization's system
B)request the management of the service organization to perform test of controls at the direction of the auditor
C)perform tests of controls at the service organization
D)perform tests of the service organization's controls over the activities performed by the client

A)obtain a report prepared by the auditor of the service organization that describes the service organization's system,evaluates the appropriateness of the design of internal controls and tests the operating effectiveness of the controls
B)request the management of the service organization to perform test of controls at the direction of the auditor
C)perform substantive tests of transactions at the service organization
D)perform tests of the service organization's controls over the activities performed by the client organization

A)they give the auditor evidence that the financial statements are free from material misstatements
B)they give the auditor evidence about whether a control is operating effectively
C)they give the auditor evidence of reasonable assurance that the financial statements are free from material misstatements
D)they give the auditor evidence that the financial statements are fairly presented
E)they give the auditor evidence to detect misstatements in the financial statements
F)both A and C
G)both A and D
Both B and E
I)both C and D

A)have appropriate competence and capabilities to review the service organization
B)obtain an understanding of the nature and significance of the services provided by the service organization and the design and operation of the relevant controls performed by the service organization
C)comply with relevant independence and fraud detection requirements
D)maintain professional appearance and exercise professional judgment

A)obtain a report prepared by the auditor of the service organization that describes the service organization's system
B)request the auditor of the service organization to perform test of controls at the direction of the auditor
C)perform substantive tests of transactions at the service organization
D)perform tests of the service organization's controls over the activities performed by the client

A)the management environment
B)the auditor's risk assessment process
C)the information system including the business processes relevant for internal controls
D)how the company communicates internal control roles and responsibilities
E)how the company has responded to risks arising from IT

A)the management environment
B)the risk assessment process
C)the information system including the business processes relevant for internal control
D)how the company communicates internal control reporting roles and responsibilities
E)how the company has controlled risks arising from IT

A)external confirmation
B)inquiries of employees
C)recalculation
D)analytical procedures
E)reperformance of the control
F)both A and C
G)both A and D
Both B and E
I)both C and D

A)The Sarbanes-Oxley Act made management responsible for internal controls.
B)The Foreign Corrupt Practices Act made management responsible for internal controls.
C)The American Institute of Certified Public Accountants made management responsible for internal controls.
D)The International Auditing and Assurance Standards Board made management responsible for internal controls.

A)obtain a report prepared by the auditor of the service organization that describes the service organization's system
B)obtain a report prepared by the auditor of the service organization that evaluates the appropriateness of the design of internal controls
C)request the management of the service organization to perform test of controls at the direction of the auditor
D)perform tests of controls at the service organization
E)perform tests of the client's controls over the activities performed by the service organization
F)both A and B
G)both C and D
Both D and E

A)external confirmation
B)observation of the application of the control
C)inspection of documents,reports,and computer files
D)analytical procedures
E)reperformance
F)both A and C
G)both A and D
Both B and E
I)both C and D

A)integrated audits are performed on all companies issuing financial statements
B)under Sarbanes-Oxley,the auditor performs test of controls that the auditor plans to rely on
C)the documentation requirements are the same for stock issuers and non-issuers
D)the auditor provides an opinion on the effectiveness of internal controls over financial reporting
E)the auditor must test internal controls
F)both A and B
G)both C and D
Both D and E

A)the auditor's report should indicate that the responsibility is shared with the service organization auditor.
B)the auditor should state that the service auditor is responsible for the audit opinion.
C)the service auditor's audit report contained a subject to opinion.
D)the auditor's report must state that the auditor of the company using the service organization is responsible for the audit opinion.

A)a definition of a control deficiency and a material weakness
B)a statement that the objective of the audit is to report on the financial statements and not to provide assurance on internal controls
C)a statement that the communication is intended solely for the use of stockholders,the board of directors,the audit committee,and management
D)a statement that there is no such thing as absolute assurance

A)a control deficiency or a combination of control deficiencies that adversely affects the company's ability to initiate,authorize,record,process,or report internal financial data reliably in accordance with an applicable financial reporting framework
B)a control deficiency or a combination of control deficiencies that adversely affects the company's ability to initiate,authorize,record,process,or report external financial data reliably in accordance with an applicable financial reporting framework
C)a control deficiency or combination of control deficiencies that result in more than a remote likelihood that a material misstatement in the financial statements would not be prevented or detected
D)a control deficiency or combination of control deficiencies that results in a remote likelihood that a material misstatement in the financial statements would not be prevented or detected

A)Management is responsible for the development of internal controls and the financial reporting process.
B)Internal controls over the financial reporting process are only effective as of year-end.
C)These controls are designed to assure that the internal control process of a company is effective.
D)Effective financial reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes.

A)The auditor is responsible for the development of internal controls and the financial reporting process.
B)Internal controls over the financial reporting process are only effective as of year-end.
C)Internal controls over the financial reporting process are designed to assure that the financial reporting process of a company is effective.
D)Effective internal controls over financial statements provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements.

A)Significant deficiencies are reported in writing to management.
B)Material weaknesses are reported in writing to the audit committee.
C)Deficiencies that fail to reach the level of significant deficiencies or material weaknesses may be reported to management.
D)Significant deficiencies and material weaknesses are reported in writing to both management and the audit committee.

A)It is possible to have perfect (materially correct)financial statements and no internal controls.
B)It is possible to have perfect internal controls and materially incorrect financial statements.
C)Testing internal controls answers the question,"Are the financial statements correct?"
D)Control tests answer the question,"Are the account balances correct?"
E)Both A and B
F)Both C and D

A)the auditor learns if the control is operating effectively
B)the auditor learns if the system of controls is operating effectively
C)the auditor learns if the control is present
D)the auditor learns if a system of internal controls is present

A)Significant deficiencies are reported in a management letter.
B)Material weaknesses are verbally reported to the audit committee.
C)Deficiencies that fail to reach the level of significant deficiencies or material weaknesses are reported in a management letter.
D)Significant deficiencies and material weaknesses may be verbally reported to both management and the audit committee.

A)It is possible to have perfect (materially correct)financial statements and no internal controls.
B)It is not possible to have perfect internal controls and materially incorrect financial statements.
C)Testing internal controls answers the question,"Are the financial statements correct?" It only answers the question,"Are the controls working to prevent or detect misstatements in the financial statements?"
D)Substantive tests answer the question,"Are the account balances correct?"
E)Both A and B
F)Both A and D
G)Both B and D

A)a definition of a significant deficiency and a material weakness
B)a statement that the objective of the audit is to report on the financial statements and to provide assurance on internal controls
C)a statement that the communication is intended solely for the use of stockholders,the board of directors,the audit committee,and management
D)a statement that there is no such thing as absolute assurance

A)Auditors and management are jointly involved in designing tests of internal controls over financial reporting.
B)Management is not required to identify controls related to the financial reporting process.
C)The auditor reviews management's assessment of internal controls and expresses an opinion on the effectiveness of the company's internal controls over financial reporting.
D)The accounting firm performing the financial statement audit is not permitted to perform the audit of internal controls over financial reporting.

A)a control deficiency or a combination of control deficiencies that adversely affects the company's ability to initiate,authorize,record,process,or report internal financial data reliably in accordance with an applicable financial reporting framework
B)a control deficiency or a combination of control deficiencies that adversely affects the company's ability to initiate,authorize,record,process,or report external financial data reliably in accordance with an applicable financial reporting framework
C)a significant deficiency or combination of significant deficiencies that results in a remote likelihood that a material misstatement in the financial statements would not be prevented or detected
D)a significant deficiency or combination of significant deficiencies that result in more than a remote likelihood that a material misstatement in the financial statements would not be prevented or detected

A)It is not possible to have perfect (materially correct)financial statements and no internal controls.
B)It is possible to have perfect internal controls and materially incorrect financial statements.
C)Testing internal controls answers the question,"Are the financial statements correct?" It only answers the question,"Are the controls working to prevent or detect misstatements in the financial statements?"
D)Control tests answer the question,"Are the account balances correct?"
E)What companies say they do is often quite different from what they actually do.F.Both A and B
G)Both B and E
H)Both C and D

A)a definition of a control deficiency,a significant deficiency,and a material weakness
B)a statement that the objective of the audit is to report on the financial statements and not to provide assurance on internal controls
C)a statement that the communication is intended solely for the use of the board of directors,the audit committee,and management
D)the fact that there is no such thing as absolute assurance

A)It is not possible to have perfect (materially correct)financial statements and no internal controls.
B)It is not possible to have perfect internal controls and materially incorrect financial statements.
C)Testing internal controls answers the question,"Are the financial statements correct?"
D)Substantive tests answer the question,"Are the account balances and classes of transactions correct?"
E)What companies say they do is often quite different from what they actually do.F.Both A and B
G)Both C and D
Both D and E

A)Auditors and management are jointly involved in designing tests of internal controls over financial reporting.
B)Management is required to identify controls related to the financial reporting process and to test the controls to determine whether they are effective at year-end.
C)The auditor expresses an opinion on the effectiveness of the company's internal controls over the financial statements.
D)The accounting firm performing the financial statement audit must not perform the audit of internal controls over financial reporting.

A)Auditors and management are involved in testing of internal controls over financial reporting.
B)Management hires the auditor to design internal controls related to the financial reporting process.
C)The audit opinion on the financial statements must be the same as the audit opinion on the financial reporting process.
D)The accounting firm performing the financial statement audit does not perform the audit of internal controls over financial reporting.

A)It is not possible to have perfect (materially correct)financial statements and no internal controls.
B)It is possible to have perfect internal controls and materially incorrect financial statements.
C)Testing internal controls does not answer the question,"Are the financial statements correct?" It only answers the question,"Are the controls working to prevent or detect misstatements in the financial statements?"
D)Control tests answer the question,"Are the account balances correct?"
E)Both A and B
F)Both B and C
G)Both C and D

A)Management is responsible for the development of internal controls over the financial reporting process.
B)Internal controls over the financial reporting process are only effective as of year-end.
C)Internal controls over the financial reporting process are designed to assure that the internal control process of a company is effective.
D)Effective internal control reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes.

A)The auditor is responsible for the development of internal controls and the financial reporting process.
B)Internal controls over the financial reporting process must be effective as of year-end.
C)Internal controls over the financial reporting process are designed to assure that the internal control process of a company is effective.
D)Effective internal control reporting provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes.