Question 1

When determining what type of report to issue on internal control under Section 404,

Accepted Answer

A)  an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered. 
B)  a scope limitation requires the auditor to disclaim an opinion on internal controls. 
C)  if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls. 
D)  a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls. 
A)  an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered. 
B)  a scope limitation requires the auditor to disclaim an opinion on internal controls. 
C)  if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls. 
D)  a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls. D

Question 2

Tests of controls

Accepted Answer

A)  are the procedures used to test the effectiveness of controls in support of a reduced assessed control risk. 
B)  are used to support the ending balances in the balance sheet and income statement accounts. 
C)  are performed at the end of the audit. 
D)  are designed to detect fraud. 
A)  are the procedures used to test the effectiveness of controls in support of a reduced assessed control risk. 
B)  are used to support the ending balances in the balance sheet and income statement accounts. 
C)  are performed at the end of the audit. 
D)  are designed to detect fraud. A

Question 3

When using the test data approach,

Accepted Answer

A)  test data should include data that the client's system should accept or reject. 
B)  application programs tested by the auditor's test data must be different from those used by the client throughout the year. 
C)  select data may remain in the client system after testing. 
D)  None of the above statements is correct. 
A)  test data should include data that the client's system should accept or reject. 
B)  application programs tested by the auditor's test data must be different from those used by the client throughout the year. 
C)  select data may remain in the client system after testing. 
D)  None of the above statements is correct. A

Question 4

Evaluating the design of a control involves considering whether the control is effective in preventing, detecting, or correcting material misstatements in the financial statements.

Accepted Answer

A) True 
 B)False

Question 5

Auditors should obtain an understanding of IT general controls. Name four procedures which the auditor should employ to document their understanding of IT general controls.

Accepted Answer

Interview key IT personnel and key users

Question 6

Which of the following is true regarding the auditor's opinion on the effectiveness of internal control?

Accepted Answer

A)  The auditor is attesting to the effectiveness of internal controls as of the end of the fiscal year. 
B)  If the client remedies a material weakness before the end of the fiscal year, the auditor must still issue a qualified opinion or a disclaimer of opinion. 
C)  A scope limitation requires the auditor to issues an adverse opinion. 
D)  Section 404 requires that the auditor design the audit to detect all deficiencies in internal control. 
A)  The auditor is attesting to the effectiveness of internal controls as of the end of the fiscal year. 
B)  If the client remedies a material weakness before the end of the fiscal year, the auditor must still issue a qualified opinion or a disclaimer of opinion. 
C)  A scope limitation requires the auditor to issues an adverse opinion. 
D)  Section 404 requires that the auditor design the audit to detect all deficiencies in internal control.

Question 7

Auditing by testing automated internal controls and account balances electronically, generally because effective general controls exist, is known as

Accepted Answer

A)  auditing through the computer. 
B)  auditing around the computer. 
C)  embedded audit module approach. 
D)  parallel simulation testing. 
A)  auditing through the computer. 
B)  auditing around the computer. 
C)  embedded audit module approach. 
D)  parallel simulation testing.

Question 8

The auditor obtains a sufficient understanding of internal control to assess the risk of material misstatement at the overall financial statement level and at the relevant assertion level.

Accepted Answer

A) True 
 B)False

Question 9

The embedded audit module approach requires the auditor to insert an audit module in the client's application system to identify specific types of transactions.

Accepted Answer

A) True 
 B)False

Question 10

It is typical to use both a narrative and a flowchart to describe the same system.

Accepted Answer

A) True 
 B)False

Question 11

Which of the following is most correct for audits of non-public companies?

Accepted Answer

A)  An audit of internal control is required. 
B)  An audit of internal control is not required. 
C)  An audit of the design of internal controls is required. 
D)  An audit of the operational effectiveness of internal controls is required. 
A)  An audit of internal control is required. 
B)  An audit of internal control is not required. 
C)  An audit of the design of internal controls is required. 
D)  An audit of the operational effectiveness of internal controls is required.

Question 12

The procedures used to gain an understanding of internal control do not vary from client to client.

Accepted Answer

A) True 
 B)False

Question 13

When using the test data approach,

Accepted Answer

A)  auditors process test data supplied by the client. 
B)  auditors often obtain assistance from a computer audit specialist. 
C)  the tests must be performed at the end of the year. 
D)  the test data must remain in the client's records. 
A)  auditors process test data supplied by the client. 
B)  auditors often obtain assistance from a computer audit specialist. 
C)  the tests must be performed at the end of the year. 
D)  the test data must remain in the client's records.

Question 14

Which of the following is not seen as an advantage to using generalized audit software (GAS)?

Accepted Answer

A)  Auditors can learn the software in a short period of time. 
B)  It can be applied to a variety of clients after detailed customization. 
C)  It can be applied to a variety of clients with minimal adjustments to the software. 
D)  It greatly accelerates audit testing over manual procedures. 
A)  Auditors can learn the software in a short period of time. 
B)  It can be applied to a variety of clients after detailed customization. 
C)  It can be applied to a variety of clients with minimal adjustments to the software. 
D)  It greatly accelerates audit testing over manual procedures.

Question 15

If, when obtaining an understanding of control activities of a relatively small client, the auditor identified no control activities, the auditor would probably set a high assessment of control risk.

Accepted Answer

A) True 
 B)False

Question 16

The auditor designs and performs a combination of tests of controls and substantive procedures to obtain reasonable assurance that the financial statements are fairly stated when control risk

Accepted Answer

A)  is assessed above the maximum. 
B)  is assessed below the maximum. 
C)  cannot be assessed. 
D)  none of the above 
A)  is assessed above the maximum. 
B)  is assessed below the maximum. 
C)  cannot be assessed. 
D)  none of the above

Question 17

When a client uses a service center for processing transactions,

Accepted Answer

A)  the auditor can assume that the controls are adequate because it is an independent enterprise. 
B)  auditing standards require the auditor to test the service center's controls if the service center application involves processing significant financial data. 
C)  and the user auditor decides to rely on the service auditor's report, the user auditor must make reference to the report of the service auditor in the opinion on the user organization's financial statements. 
D)  none of the above. 
A)  the auditor can assume that the controls are adequate because it is an independent enterprise. 
B)  auditing standards require the auditor to test the service center's controls if the service center application involves processing significant financial data. 
C)  and the user auditor decides to rely on the service auditor's report, the user auditor must make reference to the report of the service auditor in the opinion on the user organization's financial statements. 
D)  none of the above.

Question 18

Control risk is generally set at minimum for most private companies.

Accepted Answer

A) True 
 B)False

Question 19

Which of the following may represent the biggest challenge smaller public companies and nonpublic companies face in implementing effective internal control?

Accepted Answer

A)  a lack of competent, trustworthy personnel 
B)  no clear lines of authority 
C)  no adequate separation of duties 
D)  a lack of adequate documents and records 
A)  a lack of competent, trustworthy personnel 
B)  no clear lines of authority 
C)  no adequate separation of duties 
D)  a lack of adequate documents and records

Question 20

If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.

Accepted Answer

A)  a lower 
B)  the same 
C)  a higher 
D)  either a lower or higher 
A)  a lower 
B)  the same 
C)  a higher 
D)  either a lower or higher

Exam 12: Assessing Control Risk and Reporting on Internal Controls

When determining what type of report to issue on internal control under Section 404,

Tests of controls

When using the test data approach,

Evaluating the design of a control involves considering whether the control is effective in preventing, detecting, or correcting material misstatements in the financial statements.

Auditors should obtain an understanding of IT general controls. Name four procedures which the auditor should employ to document their understanding of IT general controls.

Which of the following is true regarding the auditor's opinion on the effectiveness of internal control?

Auditing by testing automated internal controls and account balances electronically, generally because effective general controls exist, is known as

The auditor obtains a sufficient understanding of internal control to assess the risk of material misstatement at the overall financial statement level and at the relevant assertion level.

The embedded audit module approach requires the auditor to insert an audit module in the client's application system to identify specific types of transactions.

It is typical to use both a narrative and a flowchart to describe the same system.

Which of the following is most correct for audits of non-public companies?

The procedures used to gain an understanding of internal control do not vary from client to client.

When using the test data approach,

Which of the following is not seen as an advantage to using generalized audit software (GAS)?

If, when obtaining an understanding of control activities of a relatively small client, the auditor identified no control activities, the auditor would probably set a high assessment of control risk.

The auditor designs and performs a combination of tests of controls and substantive procedures to obtain reasonable assurance that the financial statements are fairly stated when control risk

When a client uses a service center for processing transactions,

Control risk is generally set at minimum for most private companies.

Which of the following may represent the biggest challenge smaller public companies and nonpublic companies face in implementing effective internal control?

If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.

The Demand for Audit and Other Assurance Services

The CPA Profession

Audit Reports

Professional Ethics

Legal Liability

Audit Responsibilities and Objectives

Audit Evidence

Audit Planning and Materiality

Assessing the Risk of Material Misstatement

Fraud Auditing

Internal Control and Coso Framework

Overall Audit Strategy and Audit Program

Audit of the Sales and Collection Cycle: Tests of Controls

Audit Sampling for Tests of Controls and Substantive Tests of Transactions

Completing the Tests in the Sales and Collection Cycle: Accounts Receivable

Audit Sampling for Tests of Details of Balances

Audit of the Acquisition and Payment Cycle: Tests of Controls, Substantive Tests of Transactions, and Accounts Payable

Completing the Tests in the Acquisition and Payment Cycle: Verification of Selected Accounts

Audit of the Payroll and Personnel Cycle

Audit of the Inventory and Warehousing Cycle

Audit of the Capital Acquisition and Repayment Cycle

Audit of Cash and Financial Instruments

Completing the Audit

Other Assurance Services

Internal and Governmental Financial Auditing and Operational Auditing

Filters