Exam 10: Understanding Internal Controls

In an audit of a small company, a narrative memorandum may serve as the only documentation of the auditor's understanding of internal controls.

Distinguish between systems programs and application programs, and identify four types of systems programs.

Which one of the following is a key component of a decision table?

The risk of misstatement is associated with changes in the content or form of information.

A before-and-after report shows a summary of the contents of a master file before and after each update.

Utility programs contain instructions that enable the computer to perform specific data processing tasks for the user.

An entity's internal controls consist of five interrelated components (plus an overriding concern with fraud prevention and detection):A:control environment B:risk assessment C:information and communication D:control activities E:monitoring REQUIRED: Using the appropriate letter, identify the component to which each of the following control activities or considerations pertains. 1.Performance reviews 2.Commitment to competence 3.System should provide a complete audit or transaction trail 4.Integrity and ethical values 5.Access controls 6.Changes in operating environment 7.Board of directors and audit committee 8.Segregation of duties 9.Organizational structure 10.Reporting exceptions for follow-up 11.Management's philosophy and operating style 12.Internal audit function 13.Physical controls 14.New accounting pronouncements 15.Assignment of authority and responsibility 16.Human resource policies and procedures 17.Organization and operation control 18.Input controls 19.Data and procedural controls 20.Processing controls

The auditor's consideration of internal controls relates primarily to nonfinancial objectives.

A company's accounting system should provide a complete "chain of evidence" for every major transaction.

The grandfather-father-son concept is an example of a(n):

Internal auditors have primary responsibility for establishing and maintaining internal controls.

The database method of data organization is the main alternative to the traditional file method.

Which of the following is not a hardware and systems software control?

To enhance controls, it is normally desirable to have a single employee handle a transaction from beginning to end.

Which of the following is a widely used data processing method?

List the fundamental concepts that are embodied in the definition of internal control as per the COSO report.

It is management's responsibility to establish and maintain effective internal controls.

Management's risk assessment for financial reporting purposes is similar to the internal auditor's concern with inherent risks.

Monitoring is a process that assesses the quality of the internal controls performance over time.