Deck 7: Auditing Internal Control Over Financial Reporting

A) A management deficiency.
B) A design deficiency.
C) A deficiency in operation.
D) This is not an internal control deficiency.

A) Test some of the work performed by others to evaluate the quality and effectiveness of their work.
B) Evaluate the nature of the controls subjected to the work of others.
C) Evaluate the competence and objectivity of the individuals who performed the work.
D) All of these are required.

A) Documentation regarding the auditor's evaluation of internal controls.
B) Documentation regarding management's testing and evaluation of the controls.
C) Documentation regarding the safeguarding of assets.
D) Documentation on the controls designed in all five components of internal control.

A) The auditor must consider the integrated thoughts and ideas of everyone on the audit staff.
B) The auditor must conduct two audits, one on the effectiveness of internal control and one on the financial statements, in an integrated way.
C) The auditor must integrate the same objectives whether auditing internal control or auditing the financial statements.
D) Two independent CPA firms must work together on the audit.

A) Rely on the work of internal auditors.
B) Test all of the entity's internal controls.
C) Form an opinion on the effectiveness of internal control.
D) Randomly identify accounts for an audit of internal control.

A) Reasonable assurance on the financial statements, absolute assurance on internal control.
B) Reasonable assurance on internal control, absolute assurance on the financial statements.
C) Absolute assurance on both the financial statements and internal control.
D) Reasonable assurance on both the financial statements and internal control.

A) Accept responsibility for the effectiveness of the entity's internal control over financial reporting.
B) Evaluate the effectiveness of the entity's internal control over financial reporting using suitable control criteria.
C) Support its evaluation with sufficient evidence, including documentation.
D) Present an oral assessment of the effectiveness of the entity's internal control over financial reporting as of the end of the entity's most recent fiscal year.

A) The entity's CEO and/or CFO.
B) The entity's board of directors.
C) An internal control specialist.
D) The external auditor.

A) Efficiency and effectiveness of operations.
B) Effective purchasing systems.
C) Compliance with laws and regulations.
D) Reliable financial reporting.

A) A material weakness.
B) A significant deficiency.
C) An insignificant deficiency.
D) A probable deficiency.

A) Multiple locations and business units.
B) Service organizations.
C) The role of the auditor in internal control.
D) Safeguarding assets.

A) To allow the auditor to fix any internal control deficiencies.
B) To form an opinion on the ability of internal controls to prevent fraud.
C) To assure management that internal control is preventing all material misstatements on the financial statements.
D) To evaluate the effectiveness of controls over all relevant financial statement disclosures in the financial statements.

A) S&H must still assume that management has assessed the effectiveness of internal control.
B) Depending on other factors in the audit, S&H can still issue an unqualified opinion.
C) S&H should consider this situation a limitation on the scope of the audit.
D) Management does not need to give S&H a letter if it has disclosed all known internal control deficiencies.

A) The PCAOB focuses on the financial reporting objective of internal controls.
B) Management is required to base internal controls on a recognized control framework.
C) Most U.S. companies use the internal control framework developed by COSO.
D) All controls relevant to financial reporting are accounting controls.

A) Some documentation should focus on controls designed to detect fraud.
B) Documentation should focus on controls over the interim financial reporting process.
C) Documentation must be done on paper.
D) Inadequate documentation is usually considered an insignificant deficiency in internal control.

A) Searching records of accounts receivable balances for credit balances.
B) Investigating inventory balances for possible damaged goods.
C) Selecting accounts receivable for positive and negative confirmations.
D) Listing of unusually large inventory balances.

A) An EDI software package.
B) An IT software package.
C) Software that allows auditors to retrieve and evaluate data from entity systems.
D) A type of networking.

A) The auditor's report contains an opinion on the effectiveness of internal control over financial reporting based on the auditor's independent work.
B) In the report on internal control over financial reporting, the auditor can issue only a qualified or an unqualified opinion.
C) The auditor needs to state management's assessment of internal control over financial reporting, but does not necessarily need to comment on whether he or she agrees.
D) An unqualified opinion is required if a material weakness is identified.

A) Evaluating the likelihood that failure of a control could result in a misstatement.
B) Determining the locations and business units to include in the evaluation.
C) Determining significant deficiencies and material weaknesses in controls.
D) Obtaining the auditor's assessment of the internal control effectiveness.

A) Perform analytical procedures on the entity's data.
B) Access information stored on the entity's IT files.
C) Identify material weaknesses in the entity's IT controls.
D) Test the accuracy of the entity's computations.

A) Use the entity's employees to perform routine audit checks of the electronic data processing records that otherwise would be done by the auditor's staff accountants.
B) Test the logic of computer programs used in the entity's electronic data processing systems.
C) Select larger samples from the entity's electronic data processing records than would otherwise be selected without the generalized program.
D) Independently process electronic data processing records.

A) A statement that the public accounting firm that audited the financial statements has provided input on the design of internal controls.
B) A statement of management's responsibility for establishing and maintaining adequate internal control over financial reporting.
C) An explicit statement as to whether management agrees with the public accounting firm's assessment of internal controls.
D) A detailed statement describing changes or additions to the internal control environment that occurred in the current year.

A) Perform procedures sufficient to identify all control deficiencies.
B) Communicate to management, in writing, all control deficiencies previously included in written communication from the internal auditors.
C) Communicate to management, in writing, all control deficiencies identified during the audit and inform the audit committee when such a communication has been made.
D) Represent that no significant deficiencies were noted during the audit of internal control.

A) Flynt Corporation's computer systems were not working properly for two days; consequently, employees needed to do all reconciliations manually.
B) Flynt Corporation's CFO was arrested last year for embezzling money from the entity.
C) For the current year, the auditor found a material misstatement in Flynt's sales recognition that was undetected by the internal controls.
D) Flynt's audit committee is deemed to be ineffective.

A) The auditor should not communicate with management until the audit of internal control over financial reporting is finished.
B) Written communication between the auditor and management about internal control over financial reporting should include the definitions of control deficiencies, significant deficiencies, and material weaknesses.
C) The auditor should not include in the audit report that no significant deficiencies were noted during an audit of internal control over financial reporting.
D) If fraud is discovered, the auditor must report it to the appropriate level of management.

A) They are all written in one identical computer language.
B) They can be used for audits of entities that use differing IT equipment and file formats.
C) They have reduced the need for the auditor to study input controls for IT-related procedures.
D) Their use can be substituted for a relatively large part of the required compliance testing.

A) Addressed to the users of the financial statements.
B) Normally drafted by management.
C) Included in the auditor's final report.
D) Signed by the CEO and CFO.

A) Form an opinion on the safeguarding of the entity's assets.
B) Identify controls to test using a top-down, risk-based approach.
C) Form an opinion on the fairness of the presentation of the financial statements.
D) Form an opinion on the effectiveness of internal controls in meeting operational goals.

A) The extent to which he or she relied upon work performed by others.
B) The auditor's understanding and evaluation of the design of each of the components of the entity's internal control over financial reporting.
C) Transcripts of the auditor's discussion with management concerning the points at which misstatements could occur.
D) The evaluation of any deficiencies discovered that could result in a modification of the auditor's report.

A) The maintenance of asset records.
B) The segregation of duties.
C) The authorization by management of receipts and expenditures.
D) The safeguarding of assets.

A) Will, in most cases, lead to a substantive audit strategy.
B) Denies the auditor access to information about the entity's controls.
C) May be performed by two separate audit firms.
D) Is comprised of audits of internal control over financial reporting and of financial statements.

A) Reviewing management documentation.
B) Inquiry.
C) Scanning.
D) Transaction walkthroughs.

A) A requirement that management of a publicly traded company issues an assessment of internal control that covers the entire year.
B) Specific guidance on what constitutes adequate internal control.
C) A requirement that management of a publicly traded company accepts responsibility for establishing and maintaining adequate internal controls.
D) A requirement that management of a publicly traded company issues an assessment regarding the efficiency of internal control for the year.

A) Regardless of the achieved level of control risk in connection with the audit of the financial statements, auditing standards require the auditor to perform some substantive procedures for all significant accounts and disclosures.
B) The absence of misstatements in financial statements is considered convincing evidence that existing controls are effective.
C) The audit of internal control is intended to draw conclusions about the effectiveness of internal control over financial reporting as of a specific date.
D) The auditor is required by AS5 to evaluate the implications of the financial statement audit for the effectiveness of internal control over financial reporting.

A) Controls over financial reporting are effective if they provide reasonable assurance that asset losses will not occur.
B) Controls over financial reporting are effective if they provide reasonable assurance that losses are properly reflected in the financial statements.
C) Controls over financial reporting are effective if they provide reasonable assurance that asset losses will not occur and that losses are properly reflected in the financial statements.
D) There is no way to create controls that will provide reasonable assurance that asset losses will not occur.

A) Test data are processed by the entity's computer programs under the auditor's control.
B) Test data must consist of all possible valid and invalid conditions.
C) Testing a program at year end provides assurance that the entity's processing was accurate for the entire year.
D) Several transactions of each type must be tested.

A) The test data need to consist of only those valid and invalid conditions in which the auditor is interested.
B) Only one transaction of each type needs be tested.
C) Test data are processed by the entity's computer programs under the auditor's control.
D) The test data must consist of all possible valid and invalid conditions.

A) There is a restriction on the scope of the engagement.
B) There is other information contained in management's report on internal control.
C) Management has concluded that internal controls are not effective.
D) A significant subsequent event has occurred since the date being reported on.

A) Input data.
B) Machine capacity.
C) Procedures contained within the program.
D) Degree of keypunching accuracy.

A) Nothing has come to management's attention to suggest that the entity's internal control is less than effective.
B) Statements suggesting only negative assurance.
C) A conclusion that the entity's internal control over financial reporting is effective when a material weakness exists at the end of the reporting period.
D) Disclosure of material weaknesses corrected during the period.

A) Unqualified report.
B) Adverse report.
C) Qualified report.
D) Disclaimer on opinion.

A) Withdrawals from Federal Bank of more than $5 million must include a manager's signature.
B) At the end of each day at Federal Bank, the total cash in the vault is reconciled with daily registers of deposits and withdrawals.
C) Federal Bank has just started establishing trusts for its customers and it has only set up ten such trusts. Before making an investment for a trust, bank employees must verify that the investment is in accordance with stated investment policies.
D) On an annual basis, Federal Bank management performs credit checks on its loan customers before determining the value of loans it will not be able to collect on.

A) It involves auditing while the data are being processed (real-time).
B) It is easy to use.
C) The time to develop the application is usually short.
D) An entire population can be examined in some instances.

A) Management's risk assessment process.
B) Controls to monitor results of operations.
C) The period-end financial reporting process.
D) All of these are examples of entity-level controls.

A) They can be used only in auditing online computer systems.
B) They can be used on any computer without modification.
C) They each have their own characteristics that the auditor must carefully consider before using in a given audit situation.
D) They enable the auditor to perform all manual test procedures less expensively.