CHAPTER MULTIPLE CHOICE b In general, a material weakness in internal control may be defined as a condition in which material errors or irregularities may occur and not be detected within a timely period by a An independent auditor during tests of controls b Employees in the normal course of performing their assigned functions c Management when reviewing interim financial statements and reconciling account balances d Outside consultants who issue a special-purpose report on internal control structure (AICPA ADAPTED) b a b c d Internal control procedures are not designed to provide reasonable assurance that Transactions are executed in accordance with management's authorization Irregularities will be eliminated Access to assets is permitted only in accordance with management's authorization The recorded accountability for assets is compared with the existing assets at reasonable intervals (AICPA ADAPTED) c Which of the following is the correct order for performing the auditing procedures A through C below? A = Tests of controls B = Preparation of a flowchart depicting the client's internal control structure C = Substantive tests ABC ACB BAC BCA (AICPA ADAPTED) a a b c A secondary purpose of the auditor's consideration of internal control is to provide A basis for constructive suggestions about improvements in internal control structure A basis for assessing control risk An assurance that the records and documents have been maintained in accordance with existing company policies and procedures d A basis for the determination of the resultant extent of the tests to which auditing procedures are to be restricted (AICPA ADAPTED) c When considering internal control, an auditor must be aware of the concept of reasonable assurance, which recognizes that Employment of competent personnel provides assurance that the objectives of internal control will be achieved Establishment and maintenance of internal control is an important responsibility of the management and not of the auditor Cost of internal control procedures should not exceed the benefits expected to be derived from the control Segregation of incompatible functions is necessary to ascertain that the control procedures are effective (AICPA ADAPTED) 37 b After considering a client's internal control, an auditor has concluded that the system is well designed and is functioning as anticipated Under these circumstances, the auditor would most likely a Cease to perform further substantive tests b Not increase the extent of planned substantive tests c Increase the extent of anticipated analytical procedures d Perform all tests of controls to the extent outlined in the preplanned audit program (AICPA ADAPTED) c The primary purpose of the auditor's consideration of internal control is to provide a basis for Determining whether procedures and records that are concerned with the safeguarding of assets are reliable Constructive suggestions to clients concerning deficiencies in internal control Determining the nature, timing, and extent of audit tests to be applied The expression of an opinion (AICPA ADAPTED) b The purpose of tests of controls is to provide reasonable assurance that the Accounting treatment of transactions and balances is valid and proper Control procedures are functioning as intended Entity has complied with disclosure requirements of GAAP Entity has complied with requirements of quality control (AICPA ADAPTED) b a b c d The auditor's review of the client's internal control is documented in order to substantiate Conformity of the accounting records with GAAP Compliance with generally accepted auditing standards Adherence to requirements of management The fairness of the financial statement presentation (AICPA ADAPTED) d 10 a b c a 11 a b c d a 12 The auditor is examining copies of sales invoices only for the initials of the person responsible for checking the extensions This is an example of a a Test of controls b Substantive test c Dual-purpose test d Test of balances (AICPA ADAPTED) After consideration of a client's internal control, an auditor might decide to Increase the extent of substantive testing in areas where the control structure is strong Reduce the extent of tests of controls in areas where the controls are strong Reduce the extent of both substantive tests and tests of controls in areas where the controls are strong d Increase the extent of substantive testing in areas where the controls are weak (AICPA ADAPTED) After documenting internal control in an audit engagement, the auditor may perform tests on Those controls that the auditor plans to rely on Those controls in which deficiencies were identified Those controls that have a material effect on the financial statement balances A random sample of the controls that were reviewed (AICPA ADAPTED) 38 39 b 13 In an auditor's consideration of internal control, the completion of a questionnaire is most closely associated with which of the following? a Separation of duties b Understanding the system c Flowchart accuracy d Tests of controls (AICPA ADAPTED) b 14 The reliance placed on substantive tests in relation to control risk varies in a relationship that is ordinarily Parallel Inverse Direct Equal (AICPA ADAPTED) c 15 a b c d The auditor observes client employees in order to Prepare a flowchart Update information contained in the organization and procedure manuals Corroborate the information obtained during the initial review of the system Determine the extent of compliance with quality control standards (AICPA ADAPTED) c 16 A consideration of internal control made during an audit is usually not sufficient to express an opinion on an entity's controls because Weaknesses in the system may go unnoticed during the audit engagement A consideration of internal control is not necessarily made during an audit engagement Only those controls on which an auditor intends to rely are reviewed, tested, and evaluated Controls can change each year (AICPA ADAPTED) a 17 An auditor's report on internal control of a publicly held company would ordinarily be of least use to a Shareholders b Officers c Directors d Regulatory agencies (AICPA ADAPTED) a 18 a b c d 19 a b c d a The accountant's report expressing an opinion on an entity's internal controls should state that the Establishment and maintenance of internal control is the responsibility of management Objectives of the client's internal controls are being met Consideration of the internal controls was conducted in accordance with generally accepted auditing standards d Inherent limitations of the client's internal controls were examined (AICPA ADAPTED) The accountant's report expressing an opinion on an entity's internal controls would not include a Description of the scope of the engagement Specific date that the report covers rather than a period of time Brief explanation of the broad objectives and inherent limitations of internal control Statement that the entity's internal controls are consistent with that of the prior year after giving effect to subsequent changes (AICPA ADAPTED) 20 A CPA's consideration of internal control in an audit a Is generally more limited than that made in connection with an engagement to express an opinion on internal control b Is generally more extensive than that made in connection with an engagement to express an opinion on internal control c Will generally be identical to that made in connection with an engagement to express an opinion on internal control d Will generally result in the CPA expressing an opinion on the internal control (AICPA ADAPTED) c 21 a b c d The auditor who becomes aware of reportable conditions is required to communicate this to the Audit committee and client's legal counsel Board of directors and internal auditors Senior management and board of directors Internal auditors and senior management (AICPA ADAPTED) d 22 Which of the following is not a purpose of an auditor's attempt to understand internal control when a client processes accounting information by computer? Determine the extent to which the computer is used in significant accounting applications Understand the flow of transactions in the system Comprehend the basic structure of accounting control Identify the controls that can be relied on when designing substantive tests of details (AICPA ADAPTED) d 23 Which of the following is likely to be of least importance to an auditor when assessing control risk in a company that processes data by computer? The segregation of duties within the computer department The control over source documents The documentation maintained for accounting applications The cost-benefit ratio of data processing operations (AICPA ADAPTED) b 24 In considering a client's internal control structure in a computer environment, the auditor will encounter general controls and application controls Which of the following is an application control? Organization charts Hash total Systems flowcharts Control over program changes (AICPA ADAPTED) a 25 Auditing by testing the input and output of a computer system i.e., auditing "around" the computer instead of the computer software itself will a Not detect program errors that not appear in the output sampled b Detect all program errors, regardless of the nature of the output c Provide the auditor with the same type of evidence d Not provide the auditor with confidence in the results of the auditing procedures (AICPA ADAPTED) b 26 Smith Corporation has numerous customers A customer file is kept on disk Each customer file contains the name, address, credit limit, and account balance The auditor wishes to test this file to determine whether credit limits are being exceeded The best procedure for the auditor to follow would be to Develop test data that would cause some account balances to exceed the credit limit and determine if the system properly detects such situations Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit Request a printout of all account balances so they can be manually checked against the credit limits Request a printout of a sample of account balances so they can be individually checked against the credit limits (AICPA ADAPTED) a 27 Which of the following methods of testing application controls utilizes software prepared by the auditors and applied to the client's data? a Parallel simulation b Integrated test facility c Test data d Exception report tests (AICPA ADAPTED) c 28 The test–data method is used by auditors to test the Accuracy of input data Validity of the output Procedures contained within the program Normalcy of distribution of test data (AICPA ADAPTED) c 29 Which of the following is true of generalized audit software? They can be used only in auditing on-line computer systems They can be used on any computer without modification They each have their own characteristics, which the auditor must carefully consider before using in a given audit situation They enable the auditor to perform all manual compliance test procedures less expensively (AICPA ADAPTED) d 30 Assume that an auditor estimated that 10,000 checks were issued during the accounting period If an application control that performs a limit check for each check request is to be subjected to the auditor's test–data approach, the sample should include: a Approximately 1,000 test items b A number of test items determined by the auditor to be sufficient under the circumstances c A number of test items determined by the auditor's reference to the appropriate sampling tables d One transaction (AICPA ADAPTED) d 31 a b c d PC DOS, MS DOS, and AppleDOS are examples of Application software Generalized audit software Database management systems Operating software c 32 a b c d Which of the following is not an example of a computer-assisted audit technique? Integrated test data Audit modules Disk operating systems Audit hooks c 33 Which of the following statements most likely represents a disadvantage for an entity that maintains computer data files rather than manual files? a It's usually more difficult to detect transposition errors b Transactions are usually authorized before they are executed and recorded c It's usually easier for unauthorized persons to access and alter the files d Random error is more common when similar transactions are processed in different ways b 34 Transaction authorization within an organization may be either specific or general An example of specific transaction authorization is the a Setting of automatic reorder points b Approval of a construction budget for a new warehouse c Establishment of a customer's credit limits d Establishment of sales prices (AICPA ADAPTED) a 35 a b c d b 36 An auditor should consider the competence of a client's employees because their competence bears directly and importantly on the a Cost-benefit relationship of internal control b Achievement of the objectives of internal control c Comparison of recorded accountability with assets on hand d Timing of the tests to be performed (AICPA ADAPTED) a 37 a b c d d 38 Which of the following statements about internal control is correct? a Properly maintained internal controls reasonably assure that collusion among employees cannot occur b Establishing and maintaining internal control is the internal auditor's responsibility c Exceptionally strong control allows the auditor to eliminate substantive tests of details d The cost-benefit relationship should be considered in designing internal controls (AICPA ADAPTED) Proper segregation of functional responsibilities calls for separation of the functions of Authorization, execution, and recording Authorization, execution, and payment Custody, execution, and reporting Authorization, payment, and recording (AICPA ADAPTED) Which of the following elements is not a part of an entity's internal controls? Control risk Control activities The accounting system The control environment (AICPA ADAPTED) b 39 Which of the following is not done by an auditor when obtaining an understanding of an entity's internal controls? a Identify the types of potential misstatements that can occur b Consider the operating effectiveness of the internal controls c Design substantive tests d Consider factors that affect the risk of material misstatements (AICPA ADAPTED) c 40 a b c d Which of the following audit tests would be a test of controls? Tests of the specific items making up the balance in a financial statement account Comparing inventory prices to vendors' invoices Comparing signatures on canceled checks to board of directors' authorizations Tests of the additions to property, plant, and equipment by physical inspections (AICPA ADAPTED) c 41 a b c d The sequence of steps in gathering evidence as the basis of the auditor's opinion is: Substantive tests, documentation of control structure, and tests of controls Documentation of control structure, substantive tests, and tests of controls Documentation of control structure, tests of controls, and substantive tests Tests of controls, documentation of control structure, and substantive tests (AICPA ADAPTED) c 42 Which of the following procedures is essential to determining whether necessary control activities were prescribed and are being followed? a Developing questionnaires and checklists b Evaluating the entity's procedures for risk assessment c Documenting and testing controls d Observing employees and making inquiries (AICPA ADAPTED) b 43 a b c d Evidence about segregation of duties is best obtained by Inspecting documents that contain the initials of who performed control activities Direct personal observation of employees who perform control activities Preparing a flowchart of who performs the duties Making inquiries of coworkers about the employee who performs the duties (AICPA ADAPTED) a 44 a b c d An auditor's flowchart of a client's internal controls is a diagram depicting the auditor's Understanding of the internal controls Program for tests of controls Documentation of having considered the internal controls Understanding of the types of irregularities that are probable (AICPA ADAPTED) a 45 a b c d An auditor is required to communicate significant deficiencies in internal control to Audit committee of the board of directors Creditors and board of directors Board of directors and internal auditors Internal auditors and senior management (AICPA ADAPTED) b 46 An auditor has concluded that a client's internal controls are well designed and functioning as expected Under these circumstances the auditor would most likely a Cease to perform further substantive tests b Not increase the extent of planned substantive tests c Increase the extent of planned analytical procedures d Perform all tests of controls to the extent outlined in the audit program (AICPA ADAPTED) b 47 Reportable conditions are matters that come to an auditor's attention and that should be communicated to an entity's audit committee because they represent a Material irregularities or illegal acts perpetrated by management b Significant deficiencies in the design or operation of internal control c Flagrant violations of the entity's documented conflict-of-interest policies d Intentional attempts by client personnel to limit the scope of the auditor's work (AICPA ADAPTED) d 48 Which of the following statements best describes a weakness often associated with computers? a Computer equipment is more subject to systems error than manual processing is subject to human error b Computer equipment processes and records similar transactions in a similar manner c Control activities for detecting invalid and unusual transactions are less effective than manual control activities d Functions that would normally be separated in a manual system are combined in a computer system (AICPA ADAPTED) b 49 Accounting functions that are normally considered incompatible in a manual system are often combined by computer software This necessitates an application control that prevents unapproved a Access to the computer library b Revisions to existing software c Usage of software d Testing of modified software (AICPA ADAPTED) b 50 a b c d b 51 An auditor's consideration of a company's computer control activities has disclosed the following four circumstances Indicate which circumstance constitutes a significant deficiency in internal control a Computer operators not have access to the complete software support documentation b Computer operators are closely supervised by programmers c Programmers are not authorized to operate computers d Only one generation of backup files is stored in an off-premises location (AICPA ADAPTED) When software or files can be accessed from on-line servers, users should be required to enter A parity check A personal identification code A self-diagnosis test An echo check a 52 A control feature requires the computer to send signals to the printer to activate the print mechanism for each character The print mechanism, just prior to printing, sends a signal back to the computer verifying that the proper print position has been activated This type of hardware control is referred to as a/an a Echo check b Validity check c Signal check d Check digit (AICPA ADAPTED) d 53 a b c d b In a computer system, hardware controls are designed to Arrange data in a logical sequence for processing Correct errors in software Monitor and detect errors in source documents Detect and control errors arising from use of equipment (AICPA ADAPTED) 54 The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with a Evidential matter to use in reducing detection risk b Knowledge necessary to plan the audit c A basis from which to modify tests of controls d Information necessary to prepare flowcharts (AICPA ADAPTED) SHORT ANSWER Describe what is meant by reportable conditions Answer: Reportable conditions are significant deficiencies in internal control discovered during an audit that could adversely affect the entity’s ability to record, process, summarize, and report financial data Explain the purpose of the COSO report and what objectives it achieves Answer: The COSO Report defines internal control as “a process effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:  Effectiveness and efficiency of operations  Reliability of financial reporting  Compliance with applicable laws and regulations.” What are the three phases of an entity’s internal controls that must be considered by an auditor? Answer: i ii iii Obtain an understanding of how management has designed policies and procedures for the control environment, risk assessment, the control activities, information and communication, and monitoring Assess control risk for the policies and procedures that have been placed in operation Determine the nature, timing, and extent of substantive tests 4 Explain how restricted use reports differ from general use reports Answer: Restricted use reports are intended for specified parties in contrast to general use reports that are not intended for use by specified parties Explain the importance of segregation of duties in the control environment Also describe how to achieve this important control function Answer: Segregation of duties or responsibilities aid in preventing any one employee, acting alone, from committing and concealing frauds Optimum segregation of duties exists when collusion is necessary to circumvent controls To achieve optimum segregation of responsibilities or duties, an entity’s management, custodial accounting, and monitoring functions should be performed by different employees Transaction authorization, transaction execution, transaction recording, and independent checks on performance must be performed by different employees PROBLEMS In a well-designed and executed audit, the auditor’s objective in considering an entity’s control environment is to obtain an understanding of management’s and the board of directors’ attitude, awareness, and actions concerning the following items: a Integrity and ethical values b Human resource policies and practices c Commitment and competence d Assignment of authority and responsibility e Board of directors or audit committee f Organizational structure g Management’s philosophy and operating style For each of the items above please provide one example of what knowledge the auditor is attempting to obtain Answer: a Do codes of conduct describe acceptable business practice, conflicts of interest, and standards of ethical behavior? b Are there policies for hiring, training, promoting, and compensating employees? c Are employees committed to quality? d Are the responsibilities of key managers defined? e Is the board independent of management? f Does information flow to the appropriate levels of management? g What is management’s attitude toward manipulated or falsified records? Name and describe the four steps in obtaining an understanding of internal control Answer: Performing a preliminary review – Before expending time and effort to document an entity’s internal controls, an auditor first reviews prior-year audit working papers and client procedures manuals, makes inquiries of management, and observes client personnel to obtain a general understanding of the control environment, management’s assessments of the risk they face, the control activities, the flow of information and communication throughout the accounting system, and how management monitors internal controls Documenting the system’s internal controls and identifying transaction cycles – An auditor uses one or more of three means to document an entity’s internal control: narrative memoranda, flowcharts, and questionnaires Performing a transaction walk-through – A single transaction for each major segment of the internal controls is selected and followed through the accounting system Identifying controls that reduce to a relatively low level the risk of material misstatements – An auditor evaluates whether the entity’s control activities can be relied on in assessing control risk below the maximum ... Substantive tests, documentation of control structure, and tests of controls Documentation of control structure, substantive tests, and tests of controls Documentation of control structure, tests of... of testing application controls utilizes software prepared by the auditors and applied to the client's data? a Parallel simulation b Integrated test facility c Test data d Exception report tests... auditor's test data approach, the sample should include: a Approximately 1,000 test items b A number of test items determined by the auditor to be sufficient under the circumstances c A number of test