Question 1

When assessing whether the financial statements are auditable, the auditor must consider

Accepted Answer

The integrity of management and the adequacy of accounting records are the two primary factors determining auditability. This means the auditor must assess whether the management is trustworthy and whether there are proper accounting records in place before deciding if an audit can be conducted. Control risk is considered during the audit planning stage, but it does not determine auditability. Option B is incorrect because risk management is not a primary factor. Option C is incorrect because even if the information is only available in electronic form without a visible audit trail, it may still be audited with the use of electronic audit tools.

Question 2

Before making the final assessment of internal control at the end of an audit, the auditor must

Accepted Answer

The question is incomplete and the options provided are meaningless without proper context. Therefore, there is no specific choice that can be identified as the best choice.

Question 3

When identifying audit objectives and existing controls,

Accepted Answer

Audit objectives are identified for classes of transactions, account balances, and presentation and disclosure. The auditor then identifies controls to satisfy each objective. It is helpful for the auditor to use the five control activities (establishing responsibility, maintaining adequate documentation, segregating duties, physically controlling assets, and independent verification) as reminders of controls. Therefore, all of the above choices are correct.

Question 4

When a compensating control exists, the absence of a key control

Accepted Answer

A compensating control mitigates the risk associated with a key control and reduces the likelihood of a material misstatement. As a result, the absence of a key control is no longer a concern because the compensating control effectively takes its place. Therefore, there is no longer a significant deficiency or material weakness.

Question 5

Which deficiency exists if a necessary control is missing or not properly implemented?

Accepted Answer

Design deficiency occurs when a necessary control is missing or not properly designed, indicating a flaw in the control framework itself.

Question 6

Auditors should obtain an understanding of IT general controls. Name four procedures which the auditor should employ to document their understanding of IT general controls.

Accepted Answer

The answer of Auditors should obtain an understanding of IT...

Question 7

Which of the following is the correct definition of "control deficiency"?

Accepted Answer

A control deficiency is defined as a situation where the design or operation of controls does not allow company personnel to prevent or detect misstatements in a timely manner. This encompasses both the failure in the design of the control (it is not adequate to catch errors or fraud) and the failure in operation (the control might be well designed but is not being applied effectively).

Question 8

Once auditors determine that entity level controls are designed and placed in the operation, they

Accepted Answer

The answer of Once auditors determine that entity level controls...

Question 9

The employee in charge of authorizing credit to the company's customers does not fully understand the concept of credit risk. This lack of knowledge would

Accepted Answer

A lack of understanding of credit risk by the employee responsible for authorizing credit indicates a deficiency in the operation of internal controls, as it affects the effectiveness of the control process.

Question 10

A five-step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses. The first step in this approach is

Accepted Answer

The first step in the five-step approach to identifying deficiencies, significant deficiencies, and material weaknesses is to identify existing controls. This serves as a baseline to determine any deficiencies or weaknesses in the control environment.

Question 11

When making a preliminary assessment of control risk, the starting point for most auditors is

Accepted Answer

The starting point for most auditors when making a preliminary assessment of control risk is the assessment of entity level controls. This includes the overall control environment, risk assessment process, control activities, information and communication processes, and monitoring activities. Understanding these controls provides auditors with a foundation for evaluating the effectiveness of transaction-related controls and determining the extent of substantive testing needed to achieve the desired level of assurance. IT assessment controls, fraud controls, and other specific control areas may be considered during this process, but the assessment of entity level controls is typically the primary focus.

Question 12

You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?

Accepted Answer

A material weakness in internal control is a deficiency or combination of deficiencies in internal control that results in a reasonable possibility of a material misstatement in the financial statements not being prevented or detected in a timely manner. The embezzlement by the CFO indicates a significant control deficiency and a material weakness. The turnover of audit committee members, monthly bank reconciliations, and CEO retirement do not necessarily indicate a material weakness in internal control.

Question 13

The auditor should identify and include only ________ controls since they will be sufficient to achieve the transaction-related audit objectives and will also provide audit efficiency.

Accepted Answer

Key controls are those that are sufficient to achieve the transaction-related audit objectives and provide audit efficiency, focusing the auditor's efforts on the most important areas.

Question 14

The assessment of control risk is the measure of the auditor's expectation that internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred.

Accepted Answer

The assessment of control risk is exactly as described in the statement - it is the auditor's evaluation of how effective internal controls are in preventing, detecting, and correcting material misstatements.

Question 15

Name three types of documents which auditors commonly use to obtain and to document their understanding in the audit working paper of the design of internal controls.

Accepted Answer

The answer of Name three types of documents which auditors...

Question 16

A proper narrative of an accounting system and the related controls should include which four characteristics?

Accepted Answer

The answer of A proper narrative of an accounting system...

Question 17

To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their

Accepted Answer

The answer of To determine if significant internal control deficiencies...

Question 18

A ________ exists if one or more control deficiencies exist that are less severe than a material weakness, but are important enough to merit attention by those responsible for oversight of the company's financial reporting.

Accepted Answer

A significant deficiency is a control deficiency that is less severe than a material weakness but is still important enough to merit attention and correction by those responsible for oversight of the company's financial reporting. A potential misstatement refers to the risk of financial statements containing errors, but does not necessarily indicate a control deficiency. A significant weakness is not a commonly used term in the context of internal controls over financial reporting. A fraud symptom is not a commonly used term in the context of internal controls over financial reporting.

Question 19

A(n) ________ control is a control elsewhere in the system that offsets the absence of a key control.

Accepted Answer

A compensating control is a control that is put in place to offset the absence of a key control. It is designed to provide an alternative mechanism for achieving a specific control objective. The compensating control should be designed to address the same risk that the key control would have mitigated. Therefore, the best choice for the given statement is a "compensating control" (Option D).

Question 20

When assessing control risk,

Accepted Answer

Many auditors use a control risk matrix to assist in the control risk assessment process. This matrix helps auditors to identify and evaluate the effectiveness of various controls in mitigating specific risks. It also helps auditors to determine the level of control risk associated with each control.

Quiz 12: Assessing Control Risk and Reporting on Internal Controls