Deck 4: Internal Control, Control Risk, Section 404 Audits, Fraud Auditing, and the Impact of Information Technology on the Audit Process

A) a control deficiency.
B) collusion.
C) a material weakness.
D) a significant deficiency.

A) 408.
B) 202.
C) 404.
D) 203.

A) Enterprise Internal Control - COSO.
B) Effective Internal Control Framework - AICPA.
C) Enterprise Internal Control - AICPA.
D) Internal Control - Integrated Framework - COSO.

A) moderate.
B) low.
C) high.
D) low or moderate, but not high.

A) recommended by most capital market authorities.
B) required by ISA 315.
C) required by IFAC's Code of Ethics.
D) required by IFRS.

A) Approval should be given by the employee responsible for recording the transaction.
B) Authorization is a policy decision for either a general class of transactions or specific transactions.
C) Approval is a policy decision implemented by employees.
D) Approval occurs as a matter of general policy and includes significant transactions only.

A) Designed for multiple uses to increase efficiency of operations.
B) Prepared at the time a transaction takes place.
C) Designed for a single use to increase efficiency of operations.
D) Constructed in a manner that encourages correct preparation.

A) Material weakness.
B) Control deficiency.
C) Significant deficiency.
D) Major deficiency.

A) A control deficiency is always a material weakness.
B) A material weakness is always a significant deficiency.
C) A material weakness is less significant that a control deficiency.
D) A significant deficiency is always a material weakness.

A) Inquiry of client personnel.
B) Completing an internal control questionnaire.
C) Reperformance of client procedures.
D) Observation of control- related activities.

A) moderately low
B) high
C) low
D) medium

A) operating departments.
B) the accounting department.
C) both A and B.
D) either A or B, but not both.

A) Control environment
B) Control activities
C) Independent checks on performance
D) Internal control
E) Monitoring
F) Separation of duties
G) General authorization
H) Specific authorization
I) Risk assessment

A) Expenditure management
B) Earnings management
C) Top- line management
D) Management- by- objective

A) liabilities.
B) revenues.
C) assets.
D) all of the above

A) improper revenue recognition.
B) understatement of liabilities.
C) understatement of assets.
D) overstatement of expenses.

A) Weak internal controls encourage employees to take chances.
B) Dissatisfied employees may steal from a sense of entitlement.
C) Employees have a vested interest in making the company's financial statements erroneous.
D) If management cheats customers and gets away with it, then employees believe they can do the same to the company.

A) review of memorandum and articles of association.
B) communication among audit team members.
C) analytical procedures.
D) inquiries of management.

A) Reasons supporting a conclusion that there is not a significant risk of material improper expense recognition.
B) Procedures performed to obtain information necessary to identify and assess the risks of material fraud.
C) Results of the internal auditor's procedures performed to address the risk of management override of controls.
D) Discussions with management regarding separation of duties.

A) increase or decrease
B) increase
C) enhance
D) reduce

A) remembering
B) evaluating
C) recording
D) transcribing

A) Assessment
B) Declarative
C) Interrogative
D) Informational

A) Avoiding eye contact.
B) Leaning away from the auditor, usually toward the door or window.
C) Crossing one's arms or legs.
D) Each of the above is a sign of stress.

A) not place enough reliance on
B) not understand
C) reveal
D) place too much reliance on

A) Processing controls.
B) Input controls.
C) Hardware controls.
D) Output controls.

A) Output controls.
B) Input controls.
C) Physical and online security.
D) Processing controls.

A) Parallel testing
B) Pilot testing
C) Online testing
D) Control testing

A) Programmers should have access to computer operations to aid users in resolving problems.
B) Disaster recovery plans should identify alternative hardware to process company data.
C) Successful IT development efforts require the involvement of IT and non- IT personnel.
D) The chief information officer should report to senior management and the board.

A) An equipment failure causes system downtime.
B) There is a preprocessing authorization of the sales transactions.
C) There are reasonableness tests for the unit selling price of a sale.
D) After processing, all sales transactions are reviewed by the sales department.

A) Adequate program run instructions for operating the computer.
B) Reasonableness test for unit selling price of a sale.
C) Separation of duties between programmer and operators.
D) Equipment failure causes error messages on monitor.

A) Embedded audit module.
B) Test data approach.
C) Pilot simulation.
D) Parallel simulation.

A) Vulnerability to viruses and other risks.
B) Excess reliance on automated controls.
C) Unauthorized access to master files.
D) Limited reliance on automated controls.

A) mitigating
B) worsening
C) nominal
D) pervasive

A) Local area networks (LANs)
B) Wide area networks (WANs)
C) Cosmopolitan area networks (CANs)
D) Virtual area networks (VANs)

A) Hardware controls.
B) The plan of organization and operation of IT activity.
C) Processing controls.
D) Procedures for documenting, reviewing, and approving systems and programs.

A) Report on implemented controls.
B) Report on controls that have been implemented and tested for design effectiveness.
C) Report on controls that have been implemented and tested for operating effectiveness.
D) Each of the above is issued.