Chapter 6 Auditing Theory

The primary responsibility for establishing and maintaining an internal control rests with

Management and those charged with governance

The fundamental purpose of an internal control is to

Provide reasonable assurance that the objectives of the organization are achieved

Which of the following is not one of the three primary objectives of effective internal control?

Reliability of financial reporting

Efficiency and effectiveness of operations

Compliance with laws and regulations

Each of the above is a primary objective of effective internal control

Which of the following is not typically one of management's concers in designing effective internal controls?

To design the most effective internal control possible no matter how much it will cost

Which of the following is not one of the three primary objectives of effective internal control?

Assurance of elimination of business risk

Which of the following internal control objectives would be most relevant to the audit?

Financial reporting objective

Which statement is correct concerning the relevance of various types of controls to a financial audit?

Controls over safeguarding of assets and liabilities are of primary importance, while controls over the reliability of financial reporting may also be relevant.

An act of two or more employees to steal assets or misstate records is

frequently referred to as

collusion

Which statement is correct concerning the relevance of various types

of controls to a financial audit?

Controls over the reliability of financial reporting are ordinarily. most directly relevant to an audit but other controls may also be relevant.

An auditor would most likely be concerned with internal control

Entity's ability to process and summarize financial data

In an audit of financial statements, an auditor's primary consideration

Affects management's financial statement assertions

Two key concepts that underlie management's design and implementation of internal control are:

Inherent limitations and reasonable assurance.

Internal control can provide only reasonable assurance of achieving entity's control objectives. One factor limiting the likelihood of achieving those objectives is that

The cost of internal control should not exceed its benefits

Inherent limitations in an internal control must be considered in evaluating its effectiveness in preventing and detecting errors and fraud. Inherent limitations do not include

Incompatible functions performed by the same person.

The following statements relate to internal controls, which is false?

a. No one person should be responsible for the custodial responsibility and the recording responsibility for an asset.

b. Transactions must be properly authorized before such transactions are processed.

c. Because of the cost benefit relationship, a client may apply control procedures on a test basis.

d.Control procedures reasonably ensure that collusion among employees cannot occur.

D

Which of the following best describes an inherent limitation that should be recognized by an auditor when considering the potential effectiveness of an internal control structure?

Procedures whose effectiveness depends on segregation of duties can be circumvented by collusion.

When considering the effectiveness of a system of internal accounting control, the auditor should recognize that inherent limitations do exist.

Which of the following is an example of an inherent limitation in a system of internal accounting control?

In the performance of most control procedures, there are possibilities of errors arising from mistakes in judgment

An effective system of internal control

Can reduce the cost of an external audit

The internal control cannot be designed to provide reasonable assurance that

Fraud will be eliminated

Which of the following statements about internal control is correct?

a.Properly maintained internal control reasonably ensures that

collusion among employees cannot occur.

b. The establishment and maintenance of internal control are important responsibilities of the internal auditor.

c. Exceptionally strong internal control is enough for the auditor to eliminate substantive tests on a significant account balance.

d. The cost-benefit relationship is a primary criterion that should be considered in designing internal control

D

Which of the following is correct about internal control?

One of the inherent limitations of accounting and internal control systems is the possibility that the procedures may become inadequate due to changes in conditions, and compliance with procedures may deteriorate.

Internal control, no matter how well designed and operated, can only provide an entity with reasonable assurance about achieving the entity's objéctives. The likelihood of achievement is affected by limitations inherent to internal control. These limitations do not include:

Incompatible functions.

Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:

Competency and dependability of the people using it.

Internal controls can never be considered as absolutely effective because

Their effectiveness is highly dependent on the competence and integrity of Company's employees

Which of the following best describes the interrelated components of intertal control?

Control environment, risk assessment, control activities, information and communication systems, and monitoring

Which of the following is not one of the components of an entity's internal control?

Control risk

The overall attitude and awareness of an entity's board of directors concerning the importance of the internal cntrol usually is reflected in its

Control environment

When obtaining an understanding of an entity's control environmeat, an auditor should concentrate on the substance of management's policies and procedures rather than their form because

Management may establish appropriate policies and procedures but not act on them

Basic to a proper control environment are the quality and integrity of personnel who must perform the prescribed procedures. Which is not a factor in providing for competent personnel?

Segregation of duties

In evaluating the design of the entity's internal control environment, the auditor considers the certain subcomponents of control environment and how they have been incorporated into the entity's processes. Subcomponents of control environment would not include

Information and communications systems

It is important for the auditor to consider the competence of the audit client's employees, because their competence bears directly and importantly upon the

Achievement of the objectives of internal control

Which of the following components of an entity's internal control structure includes the development of employee promotion and training policies?

Control environment

Which of the following subcomponents of the control environment define the existing lines of responsibility and authority?

Organizational Structure

Which of the following is not one of the subcomponents of the control environment?

Adequate separation of duties

Management philosophy and operating style most likely would have a significant influence on an entity's control environment when

Management is dominated by one individual.

A proper segregation of duties requires

An individual recording a transaction not compare the accounting record of the asset with the asset itself

The single most effective control procedure established to avoid allowing any person to be in a position to perpetrate and then conceal errors or fraud is

The separation of the functional responsibilities custodianship, record keeping, operations, and authorization

Which of the following statements is most correct with respect to separation of duties?

Employees who authorize transactions should not have custody of related assets.

Which of the following would contribute most to the safeguarding of assets?

Access to computer facilities and records is limited to authorized personnel.

Which of the following statements is correct with respect to separation of duties?

It is desirable to prevent employees who authorize transactions from having custody of related assets

The most important type of protective measure for safeguarding assets and records is

The use of physical precautions

Which of the following statements best describes the entity's risk assessment process?

Entity's process of identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks.

Which of the following deal with ongoing or periodic assessment of the quality of internal control by management?

Monitoring activities

An entity's ongoing monitoring activities often include

Reviewing the purchasing function.

The policies and procedures that help ensure that management directives are carried out are referred to as the:

Control activities

Which of the following is not one of the specific control activities that are relevant to financial statement audit?

Monitoring

Proper segregation of functional responsibilities in an effective structure of internal control calls for separation of the functions of

Authorization, recording, and custody

Which of the following activities would be least likely to strengthen a company's internal control?

maintaining insurance for fire and theft

Which of the following best describes the purpose of control activities?

The policies and procedures that help ensure that necessary actions are taken in order to achieve the entity's objectives

A small entity may use less formal means to ensure that internal control objectives are achieved. For example, extensive accounting procedures, sophisticated accounting records, or formal controls are least likely to be needed if

Management is closely involved in operations

Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?

Limited resources

A major control availablé in a small company, which might not be feasible in a large company, is

The owner-manager's personal interest and close relationship with personnel.

Control risk should be assessed in terms of

Financial statement assertions

The auditors consideration of a company's internal control is:

Required by PSA

The auditors primary purpose in auditing the client's system of internal control over financial reporting is:

To efficiently conduct the audit of financial statements.

Auditing standards require the auditor to obtain an understanding of the client's internal control structure

For every audit.

When auditing a private company, the auditor should obtain an understanding of internal control sufficient to

Assess control risk

Which of the following techniques is not useful for obtaining an understanding of internal controls?

Make inquiries of the client's personnel.

Evaluating the design of the entity's internal control would involve

Considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements.

Obtaining knowledge about whether the control is implemented can best be obtained by

Tracing transactions through the information system relevant to financial reporting.

An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:

The design and implementation of the controls.

The auditor uses his understanding of accounting and internal control systems together with the inherent and control risks assessments to perform all of the following except

Evaluate the effectiveness of the accounting and control systems.

When obtaining an understanding of the accounting and internal

about the

(Design of the accounting and internal control systems) YES

(Operation of accounting and internal control systems) YES

When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is

Performing a walk-through.

Which of the following statements is incorrect about walk-through tests?

a. It involves tracing a few transactions through the accounting systems.

b. This procedure may form part of tests of control.

c. The nature and extent of walk-through tests performed by the auditor are such that they alone would provide sufficient appropriate audit evidence to support a low assessment of control risk.

d. This procedure is performed to determine whether the controls are being implemented.

C

The auditor's understanding of the accounting and internal control systems significant to the audit is ordinarily obtained through previous experience with the entity. In addition, the auditor may perform the following procedures, except

Reperformance of internal control procedures.

When obtaining understanding of the entity's internal control, the auditor should obtain knowledge about the system's

(Design) YES

(Implementation) YES

(Operating Effectiveness) NO

Which of the following would an auditor least likely perform when obtaining understanding of the entity's accounting and internal control systems?

Performing analytical review procedures

After obtaining sufficient understanding of the entity's accounting and internal control systems, the auditor should make a preliminary assessment of

Control risk

Which of the following is not a medium that can normally be used by an auditor to record information concerning a client's internal control policies and procedures?

Procedures manual

The auditor observes client employees while gaining an understanding of the internal control structure to

Gain knowledge of the design and application of relevant policies, procedures, and records relating to the control structure

Which of the following statements regarding auditor's documentation of the client's internal control structure is correct?

a.Documentation must include flow charts.

b. Documentation must include procedural write-ups.

c. No documentation is necessary although it is desirable.

d. No one particular form of documentation is necessary, and the extent of documentation may vary.

C

In gaining an understanding of the internal control structure, the auditor may trace several transactions through the control process. The primary purpose of this task is to

Determine whether the coptrols have been placed in operation

The conclusion reached a as result of assessing control risk is referred to as the:

Assessed level of control risk

An auditor assesses control risk because it

Affects the level of detection risk that the auditor may accept

When an auditor increases the assessed level of control risk because certain control activities were determined to be ineffective, the auditor would most likely increases the

Extent of tests of details.

An auditor uses. the knowledge provided by the understanding of internal control and the assessed level of the risk of material misstatement primarily to

Determine the nature, timing and extent of substantive tests for financial statement assertions.

Which of the following statements concerning control risk is correct?

a.

Assessing control risk and obtaining an understanding of an entity's internal control structure may be performed concurrently

b. When control risk is at a high level, an auditor is required to document the basis for that assessment

c. Control risk may be assessed sufficiently low to eliminate substantive testing for significant transaction classes

d. When assessing control risk an auditor should not consider evidence obtained in prior audits about the operation of control procedures

A

Which of the following is a step in an auditor's decision to assess control risk at less than high level?

Identify specific internal control policies and procedures that are likely to detect or prevent material misstatements

If, after obtaining an initial understanding of a client's internal control, the auditor wishes to further reduce the assessed level of control risk relating to plant asset transactions, the auditor should next

Further test those internal control procedures relating to processing and recording plant asset transactions.

An auditor uses the knowledge provided by the understanding of internal control and the final assessed level of control risk primarily, to determine the nature, timing, and extent of the

Substantive tests

Control testing is performed in order to determine whether or not

The assessed level of control risk can be reduced

Which of the following procedures most likely would provide an auditor with evidence about whether an entity's internal control activities are suitably designed to prevent or detect material misstatements?

Observing the entity's personnel applying the activities.

Tests of controls do not include

Analytical, procedures involving comparison of operating expenses with budgeted amounts.

To obtain evidential matter about control risk, an auditor selects tests from a variety of techniques including

Inquiry

When the auditor finds that there are missing controls in an area of the accounting system, the audit program in that area would be modified in such a way as to

Eliminate the need for tests of controls

For certain controls, such as segregation of duties, documentary evidence may not exist. An auditor would most likely test the procedures by

observation and inquiry

Audit evidence concerning proper segregation of duties normally is best obtained by:

Direct personal observation of the employee who applies control procedures.

Before assessing control risk at a level lower than the maximum, the auditor obtains reasonable assurance that controls are in use and operating effectively. This assurance is most likely obtained in part by

Performing substantive test

An auditor generally tests the segregation of duties related to inventory by

Personal inquiry and observation

Based on a study and evaluation completed at an interim date, the auditor concludes that no significant internal accounting control weaknesses exist. The records and procedures would most likely be tested again at year-end if

Inquiries and observations lead the auditor to believe that conditions have changed

Before relying on the system of internal control, the auditor obtains a reasonable degree of assurance that the internal control procedures are in use and operating as planned. The auditor obtains this assurance by performing

Tests of controls

After obtaining an understanding of the internal control structure and assessing control risk, an auditor decided to perform tests of controls.

The auditor most likely decided that

It would be efficient to perform tests of controls that would result in a reduction in planned substantive tests

After studying and evaluating a client's existing internal control, an auditor has concluded that the policies and procedures are well designed and functioning as intended. Under these circumstances, the auditor would most ikely

Set detection risk at a higher level than would be set under conditions of weak internal control.

After considering a client's internal control, an auditor has concluded that the system is well designed and is functioning as anticipated. Under these circumstances, the auditor would most likely

Cease to perform further substantive tests

After considering internal control, an auditor might decide to

Increase the extent of tests of controls and substantive tests in areas where internal control is strong

The auditor would most likely assess control risk at a high level when

The entity's accounting and internal control systems are not reliable

The primary emphasis by auditors is on controls over:

Classes of transactions.

When obtaining audit evidence about the effective operation of internal controls, the auditor considers all of the following except

How they were applied

When control risk is assessed at a high level, the auditor should document his

(Understanding of internal control components) YES

(Conclusion that control risk is at a high level) YES

(Basis for concluding that control risk is at a high level) NO