Exam 8: Internal Controls and Control Risk

The control environment consists of actions, policies, and procedures that

Once an understanding of internal controls is obtained that is sufficient for audit planning, then the auditor must first assess

Which of the following best describes the inherent limitations that should be recognized by an auditor when considering the potential effectiveness of an accounting system?

A procedure that would most likely be used by an auditor in performing tests of control procedures that involve segregation of functions and that leave no transaction trail is

An example of general computer control systems that provide reasonable assurance of authorization of application systems is

HomeTown Tanning Company is the largest leather tanning operation in Canada. Hides from various animals are stretched and treated, then cut into shapes for shipment to wholesalers. Computer-assisted operations are important in maintaining temperature, humidity, and proper mix proportions in chemical solutions used for the tanning process. Computer assistance has helped improve the quality of the tanning process, as well as provide a safer environment for employees. Computer operations and backup are supported by the warehouse manager, Joe. Individual hides are tagged with a bar code and tracked for quality control purposes. The HomeTown Tanning Company uses a centralized microcomputer-based system for its manufacturing and accounting operations. The two owners of the company are active in the business and approve all new hardware and software acquisitions. The controller is responsible for network upgrades as well as for maintaining passwords and user identification codes on the network. Accounting transactions are entered by accounting staff, although the controller has the ability to review and correct transactions. Required: List the six categories of functions that need to be separated from each other. Does HomeTown Tanning have these functions separated? For any functions that are not separated, indicate the potential impact upon controls and upon the audit.

The accuracy of the results of the accounting system (account balances) is heavily dependent upon the

A) Discuss what is meant by the term "control environment" and identify four control environment subcomponents that the auditor should consider. B) List the steps that management follows in assessing risks relevant to the preparation of financial statements in conformity with an applicable financial reporting framework. C) How does the auditor obtain knowledge about management's risk assessment process? D) Explain how management's risk assessment process differs from the auditor's risk assessment process. E) What is the relationship between management's risk assessment process and audit evidence?

External auditor Mary Smith may not rely on the work of internal auditor Ray Jones unless

FiddleWare Limited uses a purchased software package to handle the processing of its transactions. An important control that management should implement with respect to information systems is the

To help with corporate governance and a positive "tone at the top," the board of directors and its committees, such as the audit committee, should

Management assesses risks as a part of designing and operating internal controls to minimize fraud and errors. Auditors assess risks to

When the auditor attempts to determine the operation of the accounting system by tracing one or a few transactions through the accounting system, this is referred to as

The auditor may identify some risks that cannot be effectively tested by substantive tests alone. For example, when there are paperless transactions (perhaps using EDI - electronic data interchange). To address these risks, the auditor is required to

Carrie is the manager of the Bay Street Pharmacy. Carrie is considering implementing a security tag system to reduce the losses related to stolen goods at their store. The system Carrie is looking at currently costs $60 000 and is expected to be effective for 5 years. In order to justify the implementation of the security tag system, average theft per year should be at least

Ideally, tests of controls should be applied to controls

A) The first step in the auditor's study and evaluation of internal control is obtain understanding of internal control for audit planning purposes. List the remaining steps. B) Once the auditor has an understanding of internal control, what two assessments must be made prior to testing controls? C) Describe five common procedures an auditor can use to obtain an understanding of internal control design.

Each key control that the auditor intends to rely on must be supported by sufficient

To comply with auditing standards, the auditor need not be concerned with all areas of internal control that apply to management. The auditor's primary concerns are with the system's ability to

When planning the audit, the auditor's decision on the appropriate assessed level of control risk to use is