Chapter 6 - Audit exam 2

Auditors obtain an understanding of an entity’s internal control primarily to

Determine the nature, timing and extent of subsequent audit procedures

Understanding Internal Control

The process of identifying how a company prevents, detects and corrects errors or fraud

An auditors primary consideration regarding internal controls is whether they

Affect the financial statement assertions

Financial Statement Assertions

Managements implicit or explicit claims about the accuracy of reported information

Which statement about internal control is correct

The cost benefit relationship should be considered when designing internal control

Cost-Benefit Principle

The cost of a control should not exceed the expected benefit

Internal Control is a process designed to provide reasonable assurance regarding which objectives

Effectiveness and efficiency operation | Reliability of financial reporting | Compliance with laws and regulations

What is not one of the five major components of internal control?

Human resource backgrounds checks

COSO Components

Control Environment | Risk Assessment | Control Activities | Information and Communication | Monitoring

Monitoring is a major COSO component. Which statement about implementing monitoring is incorrect?

The independent auditor can serve as part of the entity’s control environment and continuous monitoring

Monitoring Activities

Ongoing or separate evaluations that assess the quality of internal control performance over time.

Which of the following is a proper reason for not conducting tests of controls?

If testing controls doesn’t improve efficiency, auditors can set control risk high and skip control testing

Test of controls

Audit procedures to evaluate the operating effectiveness of controls

After obtaining an understanding of an entity’s control system, an auditor may set control risk at high because

The controls are unlikely to be effective

Control Risk

Risk that a material misstatement wont be prevented or detected by internal controls

Regardless of the assessed level of control risk, an auditor must perform some

Substantive procedures

Substantive procedures

Audit tests that directly verify financial statement figures

When preliminary control risk is set at high, auditors are likely to

Perform little or no test of controls

Which sequence correctly follows understanding internal control?

Assess control risk > Test controls > Reassess control risk > Determine extent of substantive testing

Audit process flow

the order in which auditors evaluate and test internal control effectiveness

A reliance strategy is chosen when the auditor

Plans to test controls and has set control risk at a lower level

Reliance Strategy

Audit approach where the auditor relies on effective internal controls to reduce substantive testing

Understanding each component of internal control helps auditor

Design appropriate test of controls and identify factors that affect risk of material missatement

The effectiveness of internal control is reduced by

Human errors or mistakes

Limitations of internal control

Errors, collusion, management override and cost benefit constraints

Which statement about documentation of internal control is correct?

Control risk can be documented using questionnaires, flowcharts, or memoranda

Internal Control Questionnaire

a checklist used to evaluate the presence and quality controls

To set control risk below high the auditor should NOT

identify all general IT controls

General IT controls

Policies ensuring proper operation and security of IT systems

Assessing control risk below high does not involve

Concluding that controls are ineffective

Which audit technique provides the most assurance about control effectiveness

Reperformance of the control by the auditor

The most reliable evidence of proper segregation of duties is obtained by

Observation of employees performing control activities

Segregation of Duties

Separating authorization, recording and custody functions to prevent fraud 

When an entity outsources services like payroll, the auditor may need a service auditors report. Which statement is true?

The report should include an opinion

Service Auditors report

Independent evaluation of controls at a third party service provider

Type 1 reports 

Address design

Type 2 Reports

includes effectiveness testing

Significant deficiencies in internal control should be communicated to

Those charged with governance

Significant Deficiency

A control issue important enough to merit attention by those responsible for oversight

What’s a primary advantage of using generalized audit software (GAS)?

The auditor can access electronic records without deep knowledge of the clients IT system

Generalized Audit Software (GAS) 

programs that assist in testing large volumes of electronic data

General Controls

Affect the overall IT environment

application controls

apply to specific systems

An auditor expectation to assess control risk low in an it environment would intially focus on

general controls

An Auditors flowchart of an accounting system depicts

the auditor understanding of how transactions flow are processed

System Flowcharts

Diagram showing document flow and control points in a process