Directors, management, external auditors, and internal auditors all play important roles in creating proper control processes. Senior management is primarily responsible for
Establishing risk management and control processes
Reviewing the reliability and integrity of financial and operational information
Ensuring that external and internal auditors oversee the administration of risk management and control processes
Implementing and monitoring controls designed by the board of directors
In an audit of financial statements, and auditor's primary consideration regarding a control is whether it
Reflects management's philosophy and operating style
Affects management's financial statement assertions
Provides adequate safeguards over access to assets
Enhances management's decision-making processes
Internal control cannot be designed to provide reasonable assurance regarding the achievement of objectives converning
Reducing the cost of an external audit
Elimination of all fraud
Availability of reliable data for decision-making purposes and protection of important documents and records
Compliance with the Foreign Corrupt Practices Act of 1977
The primary reason to establish internal control is to
Safeguard the resources of the organization
Provide reasonable assurance that the objectives of the organization are achieved
Encourage compliance with organizational objectives
Ensure the accuracy, reliability, and timeliness of information
Effective internal control
Reduces the need for management to review exception reports on a day-to-day basis
Eliminates risk and potential loss to the organization
Cannot be circumvented by management
Is unaffected by changing circumstances and conditions encountered by the organization
Internal control is a function of management, and effective control is based upon the concept of charge and discharge of responsibility and duty. Which of the following is one of the overriding principles of internal control?
Responsibility for accounting and financial duties should be assigned to one responsible officer
Responsibility for the performance of each duty must be fixed
Responsibility for the accounting duties must be borne by the audit committee
Responsibility for accounting must be assigned only to bonded employees
The PCAOB's AS No. 5 states that internal controls may be preventive or detective. Which of the following controls is preventive?
Requiring two persons to open mail
Reconciling the accounts receivable subsidiary file with the control account
Using batch totals
Preparing bank reconciliations
Which of the following statements about internal control is true?
Properly maintained internal control reasonably ensures that collusion among employees cannot occur
The establishment and maintenance of internal controls are important responsibilities of the internal auditor
Exceptionally effective internal control is enough for the auditor to eliminate substantive procedures on a significant account balance
A limitation of internal control is that management makes judgments about the extent of controls it implements
Internal controls are designed to provide reasonable assurance that
Material errors or fraud will be prevented, or detected and corrected, within a timely period by employees in the course of performing their assigned duties
Management's plans have not been circumvented by worker collusion
The internal auditing department's guidance and oversight of management's performance is accomplished economically and efficiently
Management's planning, organizing, and directing processes are properly evaluated
The design or operation of a control may not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. According to AU-C 265, this circumstance is a
Material weakness
Significant deficiency
Control deficiency
Critical deficiency
Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity's internal control?
Incompatible duties
Management override
Mistakes in judgement
Collusion among employees
Internal control can provide only reasonable assurance of achieving entity objectives. One factor limiting the likelihood of achieving those objectives in a small entity is that
The auditor's primary responsibility is the detection of fraud
The board of directors is active and independent
Effective segregation of duties may not be feasible
Management monitors internal control
An entity should consider the cost of a control in relationship to the risk. Which of the following controls best reflects this philosophy for a large dollar investment in heavy machine tools?
Conducting a weekly physical inventory
Placing security guards at every entrance 24 hours a day
Imprinting a controlled identification number on each tool
Having all dispositions approved by the vice president of sales
The organization chart is a graphic representation of the
Power structure
Communications channels
Locus of decision making
Formal authority structure
Which of the following best describe the interrelated components of internal control?
Organizational structure, management philosophy, and planning
Control environment; risk assessment process; control activities; the information system, including related business processes; and monitoring of controls
Risk assessment process, backup facilities, responsibility accounting, and natural laws
Assignment of authority and responsibility, management philosophy, and organizational structure
Control activities constitute one of the five components of internal control. Control activities do not encompass
Performance reviews
Reconciliations
Physical controls
An internal auditing function
Monitoring of controls is an important component of internal control. Which of the following items is not an example of monitoring?
Management regularly compares divisional performance with budgets for the division
Data processing management regularly generates exception reports for unusual transactions or volumes of transactions and follows up with investigation as to causes
Data processing management regularly reconciles batch control totals for items processed with batch controls for items submitted
Management has asked internal auditing to perform regular audits of the controls over cash processing
Control activities include physical controls over access to and use of assets and records. A departure from the purpose of such procedures is that
Access to the safe-deposit box requires two officers
Only storeroom personnel and line supervisors have access to the raw materials storeroom
The mail clerk compiles a list of the checks received in the incoming mail
Only salespersons and sales supervisors use sales department vehicles
Basic to a proper control environment are the quality and integrity of personnel who must perform the prescribed procedures. Which is not a factor in providing for competent personnel?
Segregation of duties
Hiring practices
Training programs
Performance evaluations
Proper segregation of duties reduces the opportunities for persons to be in positions to both
Journalize entries and prepare financial statements
Record cash receipts and cash disbursements
Establish internal control and authorize transactions
Perpetrate and conceal errors or fraud
Management's aggressive attitude toward financial reporting and its emphasis on meeting projected profit goals most liely would significantly influence an entity's control environment when
The audit committee is active in overseeing the entity's financial reporting policies
External policies established by parties outside the entity affect its accounting practices
Management is dominated by one individual who is also a shareholder
Internal auditors have direct access to the board of directors and entity management
It is important for the auditor to consider the competence of the audit client's employees because their competence bears directly and importantly upon the
Cost-benefit relationship of internal control
Achievement of the objectives of internal control
Comparison of recorded accountability with assets
Timing of the tests to be performed
Transaction authorization within an organization may be specific transaction authorization is the
Setting of automatic reorder points for material or merchandise
Approval of a detailed construction budget for a warehouse
Establishment of requirements to be met in determining a customer's credit limits
Establishment of sales prices for products to be sold to any customer
A proper segregation of duties requires that an individual
Authorizing a transaction records it
Authorizing a transaction maintain custody of the asset that resulted from the transaction
Maintaining custody of an asset be entitled to access the accounting records for the asset
Recording a transaction not compare the accounting record of the asset with the asset itself
A small private entity may use less formal means to ensure that internal control objectives are achieved. For example, extensive accounting procedures, sophisticated accounting records, or formal controls are least likely to be needed if
Management is closely involved in operations
The entity is involved in complex transactions
The entity is subject to legal or regulatory requirements also found in larger entities
Financial reporting objectives have been established
If internal control is properly designed, the same employee may be permitted to
Receive and deposit checks and also approve write-offs of customer accounts
Approve vouchers for payment and also sign checks
Reconcile the bank statements and also receive and deposit cash
Sign checks and also cancel supporting documents
The frequency of the comparison of recorded accountability with assets (for the purpose of safeguarding assets) should be determined by
The amount of assets independent of the cost of the comparison
The nature and amount of the asset and the cost of making the comparison
The cost of the comparison and whether the susceptibility to loss results from errors of fraud
The auditor in consultation with client management
Organizational charts are useful to an independent external auditor because they
Depict all lines of organizational communication
Provide a starting point for assessing the risk of material misstatement
Ensure the proper division of responsibilities
Are essential to effective internal control
Audit evidence concerning segregation of duties ordinarily is best obtained by
Performing tests of transactions that corroborate management's financial statement assertions
Observing the employees as they apply specific controls
Obtaining a flowchart of activities performed by available personnel
Developing audit objectives that reduce control risk
For which of the following transactions would the auditor ordinarily have the greatest difficulty in obtaining assurance that inernal control objectives are met?
Collection of interest and dividends by a retailer
Acquisition of production equipment by a manufacturer
Collection of contributions from the public by a not-for-profit organization
Collection of credit sales by a retailer
An independent auditor of financial statements might consider the procedures performed by the internal auditors because
They are employees whose work must be reviewed during substantive testing
They are employees whose work may affect the nature, timing, and extent of audit procedures
Their work affects the cost-benefit trade-off
Their degree of independence may be inferred from the nature of their work
Although substantive procedures may support the accuracy of underlying records, these tests frequently provide no affirmative evidence of segregation of duties because
Substantive procedures rarely guarantee the accuracy of the records if only a sample of the transactions has been tested
The records may be accurate even though they are maintained by a person who performs incompatible functions
Substantive procedures relate to the entire period under audit, but tests of controls ordinarily are confined to the period during which the auditor is on the client's premises
Many computerized procedures leave no audit trail of who performed them, so substantive procedures may necessarily by limited to inquires and observation of office personnel
As part of understanding internal control relevant to the audit of a nonissuer, an auditor does not need to
Consider factors that affect the risks of material misstatement
Determine whether controls have been implemented
Identify the risks of material misstatement
Obtain knowledge about the operating effectiveness of internal control
After obtaining an understanding of the entity and its environment, including its internal controls, the auditor assesses
The need to apply auditing standards
Detection risk to determine the acceptable level of inherent risk
Detection risk and inherent risk to determine the acceptable level of control risk
Control risk and inherent risk to determine the acceptable level of detection risk
The primary purpose of obtaining an understanding of the entity and its environment, including its internal control, is to provide an auditor with
Evidence to use in reducing detection risk
A frame of reference within which to plan the audit
A basis for modifying tests of controls
Information necessary to prepare flowcharts
The ultimate purpose of understanding internal control is to contribute to the auditor's evaluation of the risk that
Tests of controls may fail to identify controls relevant to assertions
Material misstatements may exist in the financial statements
Specified controls requiring segregation of duties may be circumvented by collusion
Entity policies may be overridden by senior management
A CPA's understanding of internal control in a financial statement audit of a nonissuer
Is usually more limited than that made in an examination of internal control integrated with an audit of financial statements
Is usually more extensive than that made in an examination of internal control integrated with an audit of financial statements
Will usually be identical to that made in an examination of internal control integrated with an audit of financial statements
Will usually result in a report on the effectiveness of internal control
A secondary result of the auditor's understanding of internal control in an audit of a nonissuer's financial statements is that the understanding may
Provide a basis for designing the nature, timing, and extent of further audit procedures
Assure that management's procedures to detect all fraud are properly functioning
Bring to the auditor's attention possible control deficiencies
Develop evidence to support the assessed risks of material misstatement
A financial statement auditor is considering internal control for a client with an information system that makes extensive use of information technology. Which of the following statements related to the understanding of internal control for this client is false?
A lack of control at a single user entry point might compromise the security of a single database
The auditor may find it necessary to have an expectation of the operating effectiveness of controls for certain relevant assertions
The auditor must possess all the information technology skills necessary to complete the engagement
Because of the inherent consistency of computer processing, the auditor may be able to reduce the extent of testing an automated control
In obtaining an understanding of internal control, the auditor may trace several transactions through the control process, including how the transactions interface with an service organizations whose services are part of the information system. The primary purpose of this task is to.
Replace substantive procedures
Determine whether the controls have been implemented
Determine the effectiveness of the control procedures
Detect fraud
When obtaining an understanding of an entity's internal control, an auditor should concentrate on the substance of controls rather than their form because
The controls may be operating effectively but may not be flow charted
Management may establish appropriate controls but not act on them
The controls may be so inappropriate that no reliance is contemplated by the auditor
Management may implement controls with costs in excess of benefits
In obtaining an understanding of a non-issuer's internal control in a financial statement audit, an auditor is not obligated to
Perform procedures to understand the design of controls
Document the understanding of the entity's internal control components
Search for significant deficiencies in the operation of internal control
Which of the following statements regarding auditor documentation of the client's internal control is true?
Documentation must include flowcharts
Documentation must include procedural write-ups
No documentation is necessary, although it is desirable
No one particular form of documentation is necessary, and the extent of documentation may vary
An auditor should obtain an understanding of an entity's information system, including
Safeguards used to limit access to computer facilities
Process used to prepare significant accounting estimates
Procedures used to assure the proper supervision of staff
Programs and controls intended to address the risks of fraud
The auditor's understanding of internal control is documented to substantiate
Conformity of the accounting records with the applicable reporting framework
Compliance with auditing standards
Adherence to procedures for economic, effective, and efficient management decision making
The fairness of the financial statement presentation
Which of the following is not a medium that can normally be used by an auditor to record information concerning a client's internal control?
Narrative memorandum
Procedures manual
Flowchart
Checklists
Which of the following statements indicates the wrong way to use an internal control questionnaire?
Clarifying all answers with written remarks and explanations
Filling out the questionnaire during an interview with the person who has responsibility for the area that is being audited
Constructing the questionnaire so that no response requires attention
Supplementing the completed questionnaire with a narrative description or flowchart
A well-designed internal control questionnaire should
Elicit "yes" or "no" responses rather than narrative responses and be organized by department
Be a sufficient source of data for assessment of control risk
Help evaluate the effectiveness of internal control
Be independent of the objectives of the audit
In gaining an understanding of an issuer's internal control, an auditor would do all the following except
Inspect company documents
Observe employees
Perform a walk through of the transaction process
Send external confirmations
Regardless of the nature of the client's information processing system, the auditor must consider internal control. In a computer environment, the auditor must, at a minimum, have
A basic familiarity with the computer's operating system
A sufficient understanding of the entire computer system
An expertise in computer systems analysis
A background in programming procedures
