Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 12: Assessing Control Risk and Reporting on Internal Controls

Full screen (f)
exit full mode
Question
When using questionnaires, "no" responses typically indicate a potential internal control deficiency requiring follow up by the auditor.
Use Space or
up arrow
down arrow
to flip the card.
Question
Name four types of evidence which the auditor uses to obtain an understanding of the design and implementation of controls.
Question
Evaluating the design of a control involves considering whether the control is effective in preventing, detecting, or correcting material misstatements in the financial statements.
Question
For financial statement audits, auditors need to understand controls that are relevant to the audit in order to

A) identify and assess the risks of material misstatements.
B) perform preliminary analytical procedures.
C) detect fraud.
D) assess inherent risk.
Question
An adequate system flowchart should include the same characteristics required for system narratives.
Question
As Section 404 of the Sarbanes-Oxley Act requires management to assess and to document the design effectiveness of internal controls over financial reporting, management may have already prepared narratives and flowcharts which the auditor can the use in documenting their understanding of the design of such internal controls.
Question
Management's documentation is not a major source of information for auditors in gaining an understanding of the design of internal controls.
Question
For integrated audits of large, publicly traded companies, the level of understanding of internal controls and the extent of testing of those controls need to be sufficient for the auditor to issue an opinion on the effectiveness of internal controls over financial reporting.
Question
It is typical to use both a narrative and a flowchart to describe the same system.
Question
When documenting their understanding of a client's internal controls, auditors are required to use narratives.
Question
Narratives, flowcharts, and internal control questionnaires are three common methods of

A) testing the internal controls.
B) documenting the auditor's understanding of internal controls.
C) designing the audit manual and procedures.
D) documenting the auditor's understanding of a client's organizational structure.
Question
Walkthroughs combine observation, inspection, and inquiry to assure that the controls designed by management have been implemented.
Question
A narrative should describe the disposition of every document and record in the system.
Question
The two disadvantages of using questionnaires are their inability to provide an overview of the system and their inapplicability for some audits, especially smaller ones.
Question
When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be

A) tracing.
B) vouching.
C) performing a walkthrough.
D) testing controls.
Question
Flowcharts are harder to read and update than narratives.
Question
When dealing with the documentation of internal control,

A) in a narrative, most questions simply require a "yes" or "no" response.
B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
C) questionnaires and flowcharts should not be used together.
D) flowcharts fail to show the segregation of duties in the company.
Question
Which type of evidence is not used by the auditor to obtain an understanding of the design and implementation of internal control?

A) inquiry
B) observation
C) confirmation
D) inspection
Question
Flowcharts have two advantages over narratives: typically, they are easier to read and easier to update.
Question
The level of understanding of a client's internal controls required is less than what is required for an audit of only the financial statements.
Question
When assessing whether the financial statements are auditable, the auditor must consider

A) that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability.
B) that the integrity of management and the adequacy of risk management are the two primary factors determining auditability.
C) that if all of the transaction information is available only in electronic form without a visible audit trail, the company cannot be audited.
D) the control risk before determining if the entity is auditable.
Question
Before making the final assessment of internal control at the end of an audit, the auditor must

A) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D) <div style=padding-top: 35px>
Question
When identifying audit objectives and existing controls,

A) audit objectives are identified for classes of transactions, account balances, and presentation and disclosure.
B) the auditor identifies controls to satisfy each objective.
C) it is helpful for the auditor to use the five control activities as reminders of controls.
D) all of the above.
Question
When a compensating control exists, the absence of a key control

A) is no longer a concern because there is no longer a significant deficiency or material weakness.
B) is still a major concern to the auditor.
C) could cause a material loss, so it must be tested using substantive procedures.
D) is magnified and must be removed from the sampling process and examined in its entirety.
Question
Which deficiency exists if a necessary control is missing or not properly implemented?

A) control
B) significant
C) design
D) operating
Question
Auditors should obtain an understanding of IT general controls. Name four procedures which the auditor should employ to document their understanding of IT general controls.
Question
Which of the following is the correct definition of "control deficiency"?

A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably.
C) A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements.
D) A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.
Question
Once auditors determine that entity level controls are designed and placed in the operation, they

A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
B) make a preliminary assessment of control risk.
C) obtain an understanding of the design and implementation of internal control.
D) prepare audit documentation in order to express their opinion on the company's internal control system.
Question
The employee in charge of authorizing credit to the company's customers does not fully understand the concept of credit risk. This lack of knowledge would

A) constitute a deficiency in operation of internal controls.
B) constitute a deficiency in design of internal controls.
C) constitute a deficiency of management.
D) not constitute a deficiency.
Question
A five-step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses. The first step in this approach is

A) identify the absence of key controls.
B) consider the possibility of compensating controls.
C) determine potential misstatements that could result.
D) identify existing controls.
Question
When making a preliminary assessment of control risk, the starting point for most auditors is

A) IT assessment controls.
B) assessment of entity level controls.
C) transaction-related controls.
D) fraud controls.
Question
You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?

A) The company's audit committee has experienced an unusual turnover of members.
B) The company's CFO was indicted for embezzling from the company.
C) Bank reconciliations are done monthly.
D) The CEO retired after twenty years of service to the company.
Question
The auditor should identify and include only ________ controls since they will be sufficient to achieve the transaction-related audit objectives and will also provide audit efficiency.

A) key
B) significant
C) material
D) compensating
Question
The assessment of control risk is the measure of the auditor's expectation that internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred.
Question
Name three types of documents which auditors commonly use to obtain and to document their understanding in the audit working paper of the design of internal controls.
Question
A proper narrative of an accounting system and the related controls should include which four characteristics?
Question
To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their

A) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D) <div style=padding-top: 35px>
B) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D) <div style=padding-top: 35px>
C) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D) <div style=padding-top: 35px>
D) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D) <div style=padding-top: 35px>
Question
A ________ exists if one or more control deficiencies exist that are less severe than a material weakness, but are important enough to merit attention by those responsible for oversight of the company's financial reporting.

A) potential misstatement
B) significant weakness
C) significant deficiency
D) fraud symptom
Question
A(n) ________ control is a control elsewhere in the system that offsets the absence of a key control.

A) significant
B) alternate
C) design
D) compensating
Question
When assessing control risk,

A) many auditors use actuarial tables to assist in the control risk assessment process.
B) each control can be used to satisfy only one audit objective.
C) many auditors use a control risk matrix to assist in the control risk assessment process.
D) all controls, including key controls, should be considered.
Question
A significant internal control deficiency is always considered a material weakness.
Question
When a client uses a service center for processing transactions,

A) the auditor can assume that the controls are adequate because it is an independent enterprise.
B) auditing standards require the auditor to test the service center's controls if the service center application involves processing significant financial data.
C) and the user auditor decides to rely on the service auditor's report, the user auditor must make reference to the report of the service auditor in the opinion on the user organization's financial statements.
D) none of the above.
Question
Which of the following is true regarding the relationship between tests of controls and procedures to obtain an understanding?

A) In obtaining an understanding of internal control, the procedures to obtain an understanding are applied to all controls identified during that phase.
B) Tests of controls are applied only when the assessed control risk has not been satisfied by the procedures to obtain an understanding.
C) Procedures to obtain an understanding are performed only on one or a few transactions.
D) All of the above are correct.
Question
If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.

A) a lower
B) the same
C) a higher
D) either a lower or higher
Question
An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be used?

A) make inquiries of appropriate client personnel
B) examine documents, records, and reports
C) reperform client procedures
D) inspect design documents
Question
In some cases, management can correct deficiencies and material weaknesses before the auditor does significant testing, which may permit a reduction in control risk.
Question
In a small business, the daily involvement of the owner in the business is not sufficient to overcome significant deficiencies or material weaknesses in internal controls.
Question
The text suggested a five-step approach to identify deficiencies, significant deficiencies, and material weaknesses. Describe this approach.
Question
You are the audit manager for a new audit client. Your staff auditors are unsure of what constitutes a control deficiency. Discuss the terms control deficiency, design deficiency, and operating deficiency.
Question
If the likelihood that a material misstatement would be prevented, detected, or corrected by the controls in place, then the control risk is low in the revenue transaction cycle.
Question
In order for the auditor to determine whether a significant internal control deficiency is a material weakness, the deficiency should be evaluation along one of the following two dimensions: likelihood or significance.
Question
If there is more than a reasonable possibility that a material misstatement could result from a significant deficiency found during the audit, then that deficiency is considered a material weakness in internal control.
Question
An auditor traces the sales prices to the authorized price list in effect at the date of the transaction. Which of the following procedures has the auditor performed?

A) inquiry
B) observation
C) reperformance
D) examination
Question
Tests of controls

A) are the procedures used to test the effectiveness of controls in support of a reduced assessed control risk.
B) are used to support the ending balances in the balance sheet and income statement accounts.
C) are performed at the end of the audit.
D) are designed to detect fraud.
Question
Which of the following is an accurate statement relating to the extent of procedures?

A) If an auditor wants a lower assessed control risk than the preliminary assessed control risk, the number of controls tested increases while the extent of the tests for each control decrease.
B) The extent of testing depends on the frequency of the operation of the controls.
C) All controls must be tested only at year-end.
D) The frequency of testing is the same for both manual and computer controls.
Question
When testing manual or automated controls,

A) automated controls are always subject to random error or manipulation.
B) automated controls cannot be altered by making a change to the software application.
C) when there are effective general controls and automated application controls, the auditor will need to select a larger sample size of transactions to verify.
D) the extent of testing depends on whether it is a manual or automated control.
Question
A design deficiency exists if the person performing the control is not qualified.
Question
An auditor traces the cost of sales entry for a sample of product sales to the inventory unit costs in effect at the date of each transaction. Which of the following procedures has the auditor performed?

A) inquiry
B) observation
C) reperformance
D) examination
Question
Which of the following represents a correct statement regarding internal control testing?

A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year.
Question
Key controls are not sufficient to achieve the transaction-related audit objectives.
Question
The procedures to obtain an understanding of internal control are only applied when the assessed control risk is high.
Question
Which of the following is true regarding the auditor's opinion on the effectiveness of internal control?

A) The auditor is attesting to the effectiveness of internal controls as of the end of the fiscal year.
B) If the client remedies a material weakness before the end of the fiscal year, the auditor must still issue a qualified opinion or a disclaimer of opinion.
C) A scope limitation requires the auditor to issues an adverse opinion.
D) Section 404 requires that the auditor design the audit to detect all deficiencies in internal control.
Question
To issue an unqualified opinion on internal control over financial reporting, there must be no identified material weaknesses and no restrictions on the scope of the audit.
Question
How must significant deficiencies and material weaknesses be communicated to those charged with governance?

A) Either oral or written communication is acceptable.
B) Oral communication is required.
C) Written communication is required.
D) Written communication is required for material weaknesses, but oral communication is allowed for significant deficiencies.
Question
Controls that are applied throughout the accounting period must be tested both at an interim date and then again on the balance sheet date.
Question
When determining what type of report to issue on internal control under Section 404,

A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
B) a scope limitation requires the auditor to disclaim an opinion on internal controls.
C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls.
D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
Question
Auditors often identify less significant internal control-related issues, as well as opportunities for the client to make operational improvements in the

A) adverse opinion.
B) Section 404 report.
C) management letter.
D) Type 1 report.
Question
An example of substantive testing and also a test of controls is using audit software to identify purchases where the vendor's invoice, the receiving report, and the purchase order did not match prior to payment of the vendor's invoice.
Question
The AICPA guide to data analytics indicates audit data analysis can be used throughout the audit process, but not including tests of controls.
Question
The auditor designs and performs a combination of tests of controls and substantive procedures to obtain reasonable assurance that the financial statements are fairly stated when control risk

A) is assessed above the maximum.
B) is assessed below the maximum.
C) cannot be assessed.
D) none of the above
Question
In October 2013, the PCAOB Staff Audit Practice Alert No.11, titled "Considerations for Audits of Internal Control over Financial Reporting". In this Staff Audit Practice Alert, the PCAOB highlighted three common deficiencies related to audits of internal control. Name these three common deficiencies.
Question
It is generally possible for small companies to have all of the following except for

A) adequate documents and records.
B) physical controls over assets.
C) competent, trustworthy personnel.
D) internal auditors.
Question
Which of the following is a correct statement?

A) The auditor uses the control risk assessment and results of tests of controls to determine planned detection risk.
B) The auditor links the inherent risk assessments to the balance-related audit objectives.
C) The audit risk model is used determine the level of audit risk.
D) All of the above are correct statements.
Question
The auditor will issue an unqualified opinion on internal control over financial reporting when

A) there are no identified material weaknesses as of the end of the fiscal year.
B) there have been no restrictions on the scope of the auditor's work.
C) both a and b
D) either a or b
Question
What type of report is issued when one or more material internal control weaknesses exist?

A) unqualified opinion
B) disclaimer of opinion
C) adverse opinion
D) qualified opinion
Question
The scope of the auditor's report on internal control is limited to obtaining reasonable assurance that significant weaknesses in internal control are identified.
Question
The auditor assesses control risk for each related audit objective and supports control risk assessments with tests of controls.
Question
When there are a number of controls tested in prior audits that have not been changed, auditing standard require auditors to test some of those controls each year to ensure there is a rotation of controls testing throughout the three-year period.
Question
A company requires the controller's e-approval for all fixed asset purchases in excess of $50,000. Audit software can be used to identify if there are any instances where a fixed asset purchase in excess of $50,000 lacked the controller's e-approval, instead of manual checking.
Question
In evaluating the operational effectiveness of internal controls, the auditor is likely to use four types of audit procedures. List the procedures below.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/104
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 12: Assessing Control Risk and Reporting on Internal Controls
1
When using questionnaires, "no" responses typically indicate a potential internal control deficiency requiring follow up by the auditor.
True
2
Name four types of evidence which the auditor uses to obtain an understanding of the design and implementation of controls.
Inspection; inquiries of client personnel; observation of employees performing control processes; and reperformance by tracing one or a few transactions through the accounting system from the start to the finish.
3
Evaluating the design of a control involves considering whether the control is effective in preventing, detecting, or correcting material misstatements in the financial statements.
True
4
For financial statement audits, auditors need to understand controls that are relevant to the audit in order to

A) identify and assess the risks of material misstatements.
B) perform preliminary analytical procedures.
C) detect fraud.
D) assess inherent risk.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
5
An adequate system flowchart should include the same characteristics required for system narratives.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
6
As Section 404 of the Sarbanes-Oxley Act requires management to assess and to document the design effectiveness of internal controls over financial reporting, management may have already prepared narratives and flowcharts which the auditor can the use in documenting their understanding of the design of such internal controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
7
Management's documentation is not a major source of information for auditors in gaining an understanding of the design of internal controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
8
For integrated audits of large, publicly traded companies, the level of understanding of internal controls and the extent of testing of those controls need to be sufficient for the auditor to issue an opinion on the effectiveness of internal controls over financial reporting.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
9
It is typical to use both a narrative and a flowchart to describe the same system.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
10
When documenting their understanding of a client's internal controls, auditors are required to use narratives.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
11
Narratives, flowcharts, and internal control questionnaires are three common methods of

A) testing the internal controls.
B) documenting the auditor's understanding of internal controls.
C) designing the audit manual and procedures.
D) documenting the auditor's understanding of a client's organizational structure.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
12
Walkthroughs combine observation, inspection, and inquiry to assure that the controls designed by management have been implemented.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
13
A narrative should describe the disposition of every document and record in the system.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
14
The two disadvantages of using questionnaires are their inability to provide an overview of the system and their inapplicability for some audits, especially smaller ones.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
15
When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be

A) tracing.
B) vouching.
C) performing a walkthrough.
D) testing controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
16
Flowcharts are harder to read and update than narratives.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
17
When dealing with the documentation of internal control,

A) in a narrative, most questions simply require a "yes" or "no" response.
B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
C) questionnaires and flowcharts should not be used together.
D) flowcharts fail to show the segregation of duties in the company.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
18
Which type of evidence is not used by the auditor to obtain an understanding of the design and implementation of internal control?

A) inquiry
B) observation
C) confirmation
D) inspection
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
19
Flowcharts have two advantages over narratives: typically, they are easier to read and easier to update.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
20
The level of understanding of a client's internal controls required is less than what is required for an audit of only the financial statements.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
21
When assessing whether the financial statements are auditable, the auditor must consider

A) that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability.
B) that the integrity of management and the adequacy of risk management are the two primary factors determining auditability.
C) that if all of the transaction information is available only in electronic form without a visible audit trail, the company cannot be audited.
D) the control risk before determining if the entity is auditable.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
22
Before making the final assessment of internal control at the end of an audit, the auditor must

A) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D)
B) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D)
C) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D)
D) <strong>Before making the final assessment of internal control at the end of an audit, the auditor must</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
23
When identifying audit objectives and existing controls,

A) audit objectives are identified for classes of transactions, account balances, and presentation and disclosure.
B) the auditor identifies controls to satisfy each objective.
C) it is helpful for the auditor to use the five control activities as reminders of controls.
D) all of the above.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
24
When a compensating control exists, the absence of a key control

A) is no longer a concern because there is no longer a significant deficiency or material weakness.
B) is still a major concern to the auditor.
C) could cause a material loss, so it must be tested using substantive procedures.
D) is magnified and must be removed from the sampling process and examined in its entirety.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
25
Which deficiency exists if a necessary control is missing or not properly implemented?

A) control
B) significant
C) design
D) operating
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
26
Auditors should obtain an understanding of IT general controls. Name four procedures which the auditor should employ to document their understanding of IT general controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following is the correct definition of "control deficiency"?

A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably.
C) A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements.
D) A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
28
Once auditors determine that entity level controls are designed and placed in the operation, they

A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
B) make a preliminary assessment of control risk.
C) obtain an understanding of the design and implementation of internal control.
D) prepare audit documentation in order to express their opinion on the company's internal control system.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
29
The employee in charge of authorizing credit to the company's customers does not fully understand the concept of credit risk. This lack of knowledge would

A) constitute a deficiency in operation of internal controls.
B) constitute a deficiency in design of internal controls.
C) constitute a deficiency of management.
D) not constitute a deficiency.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
30
A five-step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses. The first step in this approach is

A) identify the absence of key controls.
B) consider the possibility of compensating controls.
C) determine potential misstatements that could result.
D) identify existing controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
31
When making a preliminary assessment of control risk, the starting point for most auditors is

A) IT assessment controls.
B) assessment of entity level controls.
C) transaction-related controls.
D) fraud controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
32
You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?

A) The company's audit committee has experienced an unusual turnover of members.
B) The company's CFO was indicted for embezzling from the company.
C) Bank reconciliations are done monthly.
D) The CEO retired after twenty years of service to the company.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
33
The auditor should identify and include only ________ controls since they will be sufficient to achieve the transaction-related audit objectives and will also provide audit efficiency.

A) key
B) significant
C) material
D) compensating
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
34
The assessment of control risk is the measure of the auditor's expectation that internal controls will prevent material misstatements from occurring or detect and correct them if they have occurred.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
35
Name three types of documents which auditors commonly use to obtain and to document their understanding in the audit working paper of the design of internal controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
36
A proper narrative of an accounting system and the related controls should include which four characteristics?
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
37
To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their

A) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D)
B) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D)
C) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D)
D) <strong>To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their</strong> A) B) C) D)
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
38
A ________ exists if one or more control deficiencies exist that are less severe than a material weakness, but are important enough to merit attention by those responsible for oversight of the company's financial reporting.

A) potential misstatement
B) significant weakness
C) significant deficiency
D) fraud symptom
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
39
A(n) ________ control is a control elsewhere in the system that offsets the absence of a key control.

A) significant
B) alternate
C) design
D) compensating
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
40
When assessing control risk,

A) many auditors use actuarial tables to assist in the control risk assessment process.
B) each control can be used to satisfy only one audit objective.
C) many auditors use a control risk matrix to assist in the control risk assessment process.
D) all controls, including key controls, should be considered.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
41
A significant internal control deficiency is always considered a material weakness.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
42
When a client uses a service center for processing transactions,

A) the auditor can assume that the controls are adequate because it is an independent enterprise.
B) auditing standards require the auditor to test the service center's controls if the service center application involves processing significant financial data.
C) and the user auditor decides to rely on the service auditor's report, the user auditor must make reference to the report of the service auditor in the opinion on the user organization's financial statements.
D) none of the above.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
43
Which of the following is true regarding the relationship between tests of controls and procedures to obtain an understanding?

A) In obtaining an understanding of internal control, the procedures to obtain an understanding are applied to all controls identified during that phase.
B) Tests of controls are applied only when the assessed control risk has not been satisfied by the procedures to obtain an understanding.
C) Procedures to obtain an understanding are performed only on one or a few transactions.
D) All of the above are correct.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
44
If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.

A) a lower
B) the same
C) a higher
D) either a lower or higher
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
45
An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be used?

A) make inquiries of appropriate client personnel
B) examine documents, records, and reports
C) reperform client procedures
D) inspect design documents
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
46
In some cases, management can correct deficiencies and material weaknesses before the auditor does significant testing, which may permit a reduction in control risk.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
47
In a small business, the daily involvement of the owner in the business is not sufficient to overcome significant deficiencies or material weaknesses in internal controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
48
The text suggested a five-step approach to identify deficiencies, significant deficiencies, and material weaknesses. Describe this approach.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
49
You are the audit manager for a new audit client. Your staff auditors are unsure of what constitutes a control deficiency. Discuss the terms control deficiency, design deficiency, and operating deficiency.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
50
If the likelihood that a material misstatement would be prevented, detected, or corrected by the controls in place, then the control risk is low in the revenue transaction cycle.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
51
In order for the auditor to determine whether a significant internal control deficiency is a material weakness, the deficiency should be evaluation along one of the following two dimensions: likelihood or significance.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
52
If there is more than a reasonable possibility that a material misstatement could result from a significant deficiency found during the audit, then that deficiency is considered a material weakness in internal control.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
53
An auditor traces the sales prices to the authorized price list in effect at the date of the transaction. Which of the following procedures has the auditor performed?

A) inquiry
B) observation
C) reperformance
D) examination
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
54
Tests of controls

A) are the procedures used to test the effectiveness of controls in support of a reduced assessed control risk.
B) are used to support the ending balances in the balance sheet and income statement accounts.
C) are performed at the end of the audit.
D) are designed to detect fraud.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
55
Which of the following is an accurate statement relating to the extent of procedures?

A) If an auditor wants a lower assessed control risk than the preliminary assessed control risk, the number of controls tested increases while the extent of the tests for each control decrease.
B) The extent of testing depends on the frequency of the operation of the controls.
C) All controls must be tested only at year-end.
D) The frequency of testing is the same for both manual and computer controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
56
When testing manual or automated controls,

A) automated controls are always subject to random error or manipulation.
B) automated controls cannot be altered by making a change to the software application.
C) when there are effective general controls and automated application controls, the auditor will need to select a larger sample size of transactions to verify.
D) the extent of testing depends on whether it is a manual or automated control.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
57
A design deficiency exists if the person performing the control is not qualified.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
58
An auditor traces the cost of sales entry for a sample of product sales to the inventory unit costs in effect at the date of each transaction. Which of the following procedures has the auditor performed?

A) inquiry
B) observation
C) reperformance
D) examination
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
59
Which of the following represents a correct statement regarding internal control testing?

A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
60
Key controls are not sufficient to achieve the transaction-related audit objectives.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
61
The procedures to obtain an understanding of internal control are only applied when the assessed control risk is high.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
62
Which of the following is true regarding the auditor's opinion on the effectiveness of internal control?

A) The auditor is attesting to the effectiveness of internal controls as of the end of the fiscal year.
B) If the client remedies a material weakness before the end of the fiscal year, the auditor must still issue a qualified opinion or a disclaimer of opinion.
C) A scope limitation requires the auditor to issues an adverse opinion.
D) Section 404 requires that the auditor design the audit to detect all deficiencies in internal control.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
63
To issue an unqualified opinion on internal control over financial reporting, there must be no identified material weaknesses and no restrictions on the scope of the audit.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
64
How must significant deficiencies and material weaknesses be communicated to those charged with governance?

A) Either oral or written communication is acceptable.
B) Oral communication is required.
C) Written communication is required.
D) Written communication is required for material weaknesses, but oral communication is allowed for significant deficiencies.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
65
Controls that are applied throughout the accounting period must be tested both at an interim date and then again on the balance sheet date.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
66
When determining what type of report to issue on internal control under Section 404,

A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
B) a scope limitation requires the auditor to disclaim an opinion on internal controls.
C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls.
D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
67
Auditors often identify less significant internal control-related issues, as well as opportunities for the client to make operational improvements in the

A) adverse opinion.
B) Section 404 report.
C) management letter.
D) Type 1 report.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
68
An example of substantive testing and also a test of controls is using audit software to identify purchases where the vendor's invoice, the receiving report, and the purchase order did not match prior to payment of the vendor's invoice.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
69
The AICPA guide to data analytics indicates audit data analysis can be used throughout the audit process, but not including tests of controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
70
The auditor designs and performs a combination of tests of controls and substantive procedures to obtain reasonable assurance that the financial statements are fairly stated when control risk

A) is assessed above the maximum.
B) is assessed below the maximum.
C) cannot be assessed.
D) none of the above
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
71
In October 2013, the PCAOB Staff Audit Practice Alert No.11, titled "Considerations for Audits of Internal Control over Financial Reporting". In this Staff Audit Practice Alert, the PCAOB highlighted three common deficiencies related to audits of internal control. Name these three common deficiencies.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
72
It is generally possible for small companies to have all of the following except for

A) adequate documents and records.
B) physical controls over assets.
C) competent, trustworthy personnel.
D) internal auditors.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
73
Which of the following is a correct statement?

A) The auditor uses the control risk assessment and results of tests of controls to determine planned detection risk.
B) The auditor links the inherent risk assessments to the balance-related audit objectives.
C) The audit risk model is used determine the level of audit risk.
D) All of the above are correct statements.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
74
The auditor will issue an unqualified opinion on internal control over financial reporting when

A) there are no identified material weaknesses as of the end of the fiscal year.
B) there have been no restrictions on the scope of the auditor's work.
C) both a and b
D) either a or b
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
75
What type of report is issued when one or more material internal control weaknesses exist?

A) unqualified opinion
B) disclaimer of opinion
C) adverse opinion
D) qualified opinion
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
76
The scope of the auditor's report on internal control is limited to obtaining reasonable assurance that significant weaknesses in internal control are identified.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
77
The auditor assesses control risk for each related audit objective and supports control risk assessments with tests of controls.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
78
When there are a number of controls tested in prior audits that have not been changed, auditing standard require auditors to test some of those controls each year to ensure there is a rotation of controls testing throughout the three-year period.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
79
A company requires the controller's e-approval for all fixed asset purchases in excess of $50,000. Audit software can be used to identify if there are any instances where a fixed asset purchase in excess of $50,000 lacked the controller's e-approval, instead of manual checking.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
80
In evaluating the operational effectiveness of internal controls, the auditor is likely to use four types of audit procedures. List the procedures below.
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 104 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree