Deck 5: Risk Assessment: Internal Control Evaluation

A) An auditor reviews the entity's check register for unrecorded liabilities.
B) An auditor evaluates whether a general journal entry was recorded at the proper amount.
C) An auditor interviews and observes appropriate personnel to determine segregation of duties.
D) An auditor reviews the audit workpapers to ensure proper sign-off.

A) management assertions.
B) the control environment.
C) control risk assessment.
D) functional responsibilities.

A) The accounting staff neglects the control, due to increased transactions to be processed.
B) The technology department writes a program that does not properly implement the control, due to a lack of understanding.
C) Two employees, who work in different departments, are circumventing an internal control.
D) Someone erroneously disables edit checks in a software program designed to identify control exceptions.

A) authorization to execute transactions.
B) recording of transactions.
C) custody of assets involved in the transactions.
D) data preparation.

A) Disclosing lack of segregation of duties to the external auditors during the annual review
B) Replacing personnel every three or four years
C) Requiring accountants to pass a yearly background check
D) Allowing for greater management oversight of incompatible activities

A) Matching purchase orders to accounts payable
B) Verifying that approved spending limits are not exceeded
C) Tracing sales orders to the revenue account
D) Reviewing minutes of board meeting

A) A well-designed internal control environment ensures the achievement of an entity's control objectives.
B) An inherent limitation to internal control is the fact that controls can be circumvented by management override.
C) A well-designed and operated internal control environment should detect collusion perpetrated by two people.
D) Internal control is a necessary business function and should be designed and operated to detect all errors and fraud.

A) authorized.
B) implemented.
C) tested.
D) monitored.

A) Require all employees to record arrival and departure by using the time clock.
B) Have a payroll clerk recalculate all time cards.
C) Require all employees to sign their time cards.
D) Require employees to have their direct supervisors approve their time cards.

A) The relevant internal control components are not well documented.
B) The internal auditor already has tested the relevant controls and found them effective.
C) Testing the operating effectiveness of the relevant controls would not be efficient.
D) The cost of substantive procedures will exceed the cost of testing the relevant controls.

A) The risk that a material misstatement will not be prevented or detected on a timely basis by the client's internal controls.
B) The risk that the auditor will not detect a material misstatement.
C) The risk that the auditor's assessment of internal controls will be at less than the maximum level.
D) The susceptibility of material misstatement assuming there are no related internal controls, policies, or procedures.

A) Processing of unusual or nonrecurring transactions
B) Enhanced timeliness of information
C) Potential loss of data
D) Recording of unauthorized transactions

A) Distributing paychecks directly to department store employees
B) Setting the pay rate for departmental employees
C) Hiring employees and authorizing them to be added to payroll
D) Approving a summary of hours each employee worked during the pay period

A) relating to the control environment.
B) pertaining to the company's risk assessment process.
C) regarding the company's annual stockholder meeting.
D) addressing policies over significant risk management practices.

A) Segregation of duties
B) Information processing
C) Performance reviews
D) Management's philosophy and operating style

A) Perform fewer substantive tests of details
B) Perform more tests of controls
C) Document the assessment
D) Document the control structure more extensively

A) The industry and the business and regulatory environments in which the client operates
B) The degree to which information technology is used in the accounting function
C) The relationship between management, the board of directors, and external stakeholders
D) The degree to which the auditor intends to use internal audit personnel to perform substantive tests

A) Test the operating effectiveness of such controls in the current audit.
B) Document that reliance and proceed with the original audit strategy.
C) Inquire of management as to the effectiveness of the controls.
D) Report the reliance in the report on internal controls.

A) designing client's internal controls.
B) documentation of understanding of a client's internal controls.
C) communicating internal control deficiencies.
D) assessing the effectiveness a client's internal controls.

A) factors that raise doubts about the auditability of the financial statements.
B) operating effectiveness of internal control policies and procedures.
C) risk that material misstatements exist in the financial statements.
D) possibility that the nature and extent of substantive tests may be reduced.

A) tests of controls to determine the effectiveness of internal control policies.
B) analytical procedures to verify the design of internal control activities.
C) substantive tests to restrict detection risk for significant transaction classes.
D) dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.

A) perform a great deal of additional tests of controls.
B) perform a great deal of substantive testing during the audit.
C) perform substantive tests at an interim date.
D) perform more audit procedures using internal evidence.

A) Confirmation with outside parties
B) Inquiry of client personnel
C) Successful re-performance of the control activity
D) Observation of client personnel

A) test the client's control activities.
B) assess the final control risk.
C) document the understanding obtained.
D) plan the remainder of the audit work.

A) Verifying the accuracy of checks and vouchers
B) Controlling the mailing of checks to vendors
C) Approving vendors' invoices for payment
D) Canceling payment vouchers when paid

A) control environment.
B) information and communication system.
C) control activity effectiveness.
D) monitoring activities.

A) a valid character test.
B) missing data test.
C) reasonableness test.
D) check digit.

A) separation of functional responsibilities.
B) complexity of the client's internal controls.
C) owner-manager's competence, as well as his/her ethics and integrity.
D) bonding of employees.

A) extent of substantive tests of details.
B) level of inherent risk.
C) extent of tests of controls.
D) level of detection risk.

A) shipments to customers were invoiced.
B) shipments to customers were recorded as sales.
C) recorded sales were shipped.
D) invoiced sales were recorded as sales.

A) processing control activities.
B) separation of various computer system functions.
C) appropriate documentation of the data processing system.
D) control over physical access to computer hardware.

A) additional evidence to support a further reduction in control risk was not cost beneficial.
B) assessed level of inherent risk exceeded the assessed level of control risk.
C) internal control structure was properly designed and justifiably may be relied on.
D) evidence obtainable through tests of controls would not support an increased level of control risk.

A) questionnaires, narratives, and flowcharts.
B) bridge working papers.
C) communications of significant deficiencies.
D) internal control letters.

A) Reasonableness tests
B) Record counts
C) Financial totals
D) Hash totals

A) occurrence.
B) accuracy.
C) valuation or allocation.
D) cutoff.

A) determine whether the control activities have been placed in operation.
B) perform procedures to understand the design of the internal control system.
C) document the understanding of the company's internal control system.
D) search for significant deficiencies in the operation of the internal control system.

A) Check digit
B) Run-to-run totals
C) Distribution of computerized output
D) Separation of duties in the IT department

A) To serve as a basis for constructive suggestions
B) To plan subsequent substantive tests
C) To identify types of possible misstatements that may occur
D) To consider factors that may affect the risk of material misstatement

A) transaction authorization.
B) recordkeeping.
C) custody of, or direct access to, assets.
D) hiring of employees.

A) document the auditor's understanding of the entity's internal control.
B) search for significant deficiencies in the operation of the internal controls.
C) perform tests of controls to evaluate the effectiveness of the entity's accounting system.
D) determine whether control activities are operating effectively to prevent or detect material misstatements.

A) Do not obtain an understanding of client environment, accounting, or control activities. Do not document the decision to assess control risk at maximum. Perform 100% substantive audit on all financial statement transactions and balances.
B) Obtain an understanding of client environment, accounting, and control activities. Document the decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial statement transactions and balances.
C) Obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk below the maximum. Perform restricted substantive audit on financial statement transactions and balances, considering the control risk assessment.
D) Obtain an understanding of client environment, accounting, and control activities, and perform detail tests of controls. Document the decision to assess control risk at zero. Perform no substantive audit on financial statement transactions and balances, since zero control risk means that no errors or fraud can reach the accounts.

A) it would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.
B) additional evidence to support a further reduction in control risk is not available.
C) an increase in the assessed level of control risk is justified for certain financial statement assertions.
D) there were many internal control weaknesses that could allow errors to enter the accounting system.

A) Apply analytical procedures to both financial data and nonfinancial information to detect conditions that may indicate weak controls.
B) Perform tests of details of transactions and account balances to identify potential errors and fraud.
C) Identify specific internal control policies and activities that are likely to detect or prevent material misstatements.
D) Document that the additional audit effort to perform tests of controls exceeds the potential reduction in substantive testing.

A) Evaluation of the auditing environment
B) Testing of low risk internal control activities
C) All testing of the operating effectiveness of internal control activities
D) As providing the principle evidence for the external auditors' opinion

A) computer-based control activities.
B) system of separation of duties.
C) control environment.
D) safeguards over access to assets.

A) a statement that management is responsible for establishing and maintaining adequate internal control over financial reporting.
B) a statement identifying the framework management uses to evaluate the effectiveness of the company's internal control.
C) a statement providing management's assessment of the effectiveness of the company's internal control.
D) a statement providing management's evaluation of the company's control environment.

A) inquiry and analytical procedures.
B) reperformance and observation.
C) comparison and confirmation.
D) inspection and verification.

A) performing more extensive substantive tests with larger sample sizes than originally planned.
B) reducing inherent risk for most of the assertions relevant to significant account balances.
C) changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end.
D) identifying specific internal control activities that are relevant to specific financial statement assertions.

A) Hours worked
B) Total debits and total credits
C) Net pay
D) Department numbers

A) Perform exhaustive tests of accounting controls and evaluate the company's control system effectiveness.
B) Determine whether the company's control policies are designed well enough to prevent material misstatements.
C) Prepare auditing working papers that document the auditor's understanding of the company's internal control.
D) Design procedures to search for significant deficiencies in the actual operation of the company's internal control.

A) Incompatible duties
B) Management override
C) Mistakes in judgment
D) Collusion among employees

A) reflects management's philosophy and operating style.
B) affects management's financial statement assertions.
C) provides adequate safeguards over access to assets.
D) enhances management's decision making processes.

A) the Sarbanes-Oxley Act of 2002.
B) the PCAOB.
C) the AICPA.
D) the auditors.

A) Policies and procedures that pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the registrant.
B) Policies and procedures that provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and receipts and expenditures of the registrant are being made only in accordance with authorizations of management and directors of the registrant.
C) Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws and regulations.
D) Policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the registrant's assets that could have a material effect on the financial statements.

A) journalize entries and prepare financial statements.
B) record cash receipts and cash disbursements.
C) establish internal controls and authorize transactions.
D) perpetrate a fraud and then conceal it in the books.

A) Absence of appropriate separation of duties
B) Absence of appropriate reviews and approvals of transactions
C) Evidence of failure of control activities
D) Ineffective oversight of the financial reporting process by the company's audit committee

A) consider factors that affect the risk of material misstatement.
B) ascertain whether internal control policies and activities have been placed in operation.
C) identify the types of potential misstatements that can occur.
D) obtain knowledge about the operating effectiveness of the client's internal control activities.

A) knowledge necessary for audit planning.
B) evidential matter to use in assessing inherent risk.
C) a basis for modifying tests of controls.
D) an evaluation of the consistency of application of management's policies.