Section G Question Sets

the auditor should assess the control risk for each relevant assertion by evaluating the evidence obtained from all sources, including

all of these are correct

what is not a possible reason why a properly designed system of internal control may fail to prevent or detect fraud

inadequate segregation of duties may allow one person to both perpetrate and conceal fraudulent activity

the monitoring component of internal control excludes

eliminating controls that are not operating effectively

tests of controls in a GAAS audit are required for

obtaining evidence about the operating effectiveness of client control activities

what situations represents a limitation, rather than a failure, of internal control

a purchasing employee and an outside vendor participate in a kickback scheme

what is a factor in the control environment

management’s philosophy and operating style

what is considered a control environment factors

human resource policies and practices

what item is an example of an inherent limitation in an internal control system

human error in decision making

what would most likely be considered for testing in a financial statement audit

maintenance of control over unused checks

what control is least likely to be relevant to a financial statement audit

procedures that prevent the excess use of materials in production

what factor most likely would be considered an inherent limitation to an entity’s internal control

collusion of employees in circumventing internal control

what represents an inherent limitation of internal controls

the CEO can request a check with no purchase order

what would an auditor most likely consider in evaluating the control environment of an audit client

management’s operating style

what is correct regarding internal control

an inherent limitation to internal control is the fact that control can be circumvented by management override

COSO recommends that corps implement control activities through formal policies that establish what is expected and procedures that put policies into action

true

what is a preventive control

separation of duties between the payroll and personnel departments

what about internal control is correct

the cost-benefit relationship is a primary criterion that should be considered in designing internal control

what component of internal control would be considered the foundation for the other components

control environment

an auditor would most likely be concerned with internal control policies and procedures that provide reasonable assurance about

the entity’s ability to process and summarize financial data

the primary responsibility for establishing and maintaining internal controls rests with

management

an auditor should obtain knowledge of a client’s info and communication system in order to understand each of the following EXCEPT

the means used by an entity to ensure that management directives are carried out

what is an inherent limitation of any client’s internal control

procedures whose effectiveness depends on separation of duties can be circumvented by colllusion

the purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the

authorization of transactions from the custody of related assets

employees being able to change their time worked after time cards approved are example of what deficiency

design

what type of evidence would an auditor most likely examine to determine whether internal controls are operating as designed

client records documenting the use of EDP programs

when companies use IT extensively, evidence may be available only in electronic form. what is an auditor’s best course of action in such situations

use generalized audit software to extract evidence from client databases

what levels would most likely address the RoMM by the auditor’s consideration of an entity’s control environment

financial statement

in the integrated audit of an issuer, what would not be considered an entity-level control

the outside auditor’s assessment process of internal auditor competence and objectivity

what audit techniques ordinarily would provide an auditor with the least assurance about the operating effectiveness of an internal control activity

preparation of system flowcharts

the two requirements crucial to achieving audit efficiency and effectiveness with a computer are selecting

the appropriate audit tasks for computer apps

the appropriate software to perform the selected tasks

what characteristics distinguishes computer processing from manual processing

computer processing virtually eliminates the occurrence of computational error normally associated with manual processing

what statement describes the “top-down approach”

begin by understanding the overall risks to internal control over financial reporting at the financial statement level

what factors are included in an entity’s control environment

audit committee

internal audit function

management

objectives of an entity include

reliable financial reporting

effective and efficient ops

when an auditor tests the internal controls of a computerized accounting system, what is true of the test data approach

test data are processed with the client’s computer and the results are compared with the auditor’s predetermined results

what is most relevant when an auditor considers the client’s organizational structure in the context of control risk

the suitability of the client’s lines of reporting

what strategy would a CPA most likely consider in auditing an entity that processes most of its financial data only in electronic form, such as a paperless system

continuous monitoring and analysis of transactions processing with an embedded audit module

what factors affecting the risk associated with a control is not a consideration when designing the current-year audit procedures in an audit of internal control over financial reporting for an issuer

whether the control has been documented in flowchart or narrative form

internal controls are designed to provide reasonable assurance that

material errors or fraud would be prevented or detected and corrected within a timely period by employees in the course of performing their assigned duties

what is true about performing tests of controls to support a lower level of control risk is not true

inquiry alone generally will support a conclusion for a lower assessed level of control risk

in a computerized payroll system environment, an auditor would be least likely to use test data to test controls related to

proper approval of overtime by supervisors

what are considered environment factors

assignment of authority and responsibility

integrity and ethical values

management is committed to hiring employees with appropriate levels of education, experience, and evidence of integrity and ethical behavior

attracting, developing, and retaining competent employees

what activities by small business clients best demonstrates management integrity in the absence of a written code of conduct

emphasizing ethical behavior through oral communications and management example

audit evidence concerning proper segregation of duties ordinarily is best obtained by

direct personal observation of the employees who apply control activities

what components of internal control contributes most to a strong control environment

management adheres to internal control policies

what computer-assisted audit techniques allows fictitious and real transactions to be processed together without client operating personnel being aware of the testing process

integrated test facility

when conducting field work for a physical inventory, an auditor cannot perform what steps using a generalized audit software package

observing inventory

management’s attitude toward aggressive financial reporting and its emphasis on meeting projected profit goals most likely would significantly influence an entity’s control environment when

management is dominated by one individual who is also a shareholder

after obtaining an understanding of the entity and its environment, including its internal control, an auditor decided to perform tests of controls. this is likely because

the auditor’s risk assessment is based on the effectiveness operation of controls

what processes would be considered an estimate

fair value of goodwill and other intangibles

bad debt expense

what would least likely to be included in an auditor’s tests of controls

confirmation

an auditor would most likely be concerned with internal controls that provide reasonable assurance about the

entity’s ability to process and summarize financial data

internal control over safeguarding of assets may include controls relating to

financial reporting objectives

operations objectives

when there are numerous property and equipment transactions during the year, an auditor who plans to assess control risk at a low level usually performs

tests of controls and limited tests of current year property and equipment transactions

if an auditor plans to assess control risk at less than the minimum and rely on controls, and the NET of further audit procedures are based on that lower assessment, the auditor must

obtain evidence that the controls selected for testing are designed effectively and operated effectively during the entire period of reliance

what processes would be considered non-routine transactions

depreciation

financial statement close

what is a management control method that most likely could improve management’s ability to supervise company activities effectively

establishing budgets and forecasts to identify variances from expectations

what control objective is achieved by reviewing and testing control procedures over physical inventory count

verification of existence of inventory

a senior auditor conducted a dual-purpose test on a client’s invoice to determine whether the invoice was approved and to ascertain the amount and other terms of the invoice. what two tests that the auditor performed

tests of controls

tests of details

what is a complete and accurate list of the walkthrough procedures usually perform in an issuer’s integrated audit

inquiry, observation, inspection of relevant docs, and reperformance of controls

what processes would be considered non-routine transactions

physical inventory

LIFO calculation

what processes would be considered routine transactions

cash receipts

payroll

evidence concerning the proper segregation of duties for receiving and depositing cash receipts ordinarily is obtained by

observing the employee who are performing the control activities

what processes would be considered an estimate

warranty obligations

costs from litigation settlements and judgements

in assessing control risk, an auditor ordinarily selects from a variety of techniques including

reperformance and observation

a transaction-level internal control activity is best described as

an action taken by client personnel for the purpose of preventing, detecting, and correcting errors and frauds in transactions to eliminate or mitigate risks identified by the company

what procedure would an auditor most likely perform the test controls relating to management’s assertion about the completeness of cash receipts for cash sales at a retail outlet

observe the consistency of the employees’ use of cash registers and tapes

as part of a fraud audit, a CPA wishes to identify employees with invalid Social Security numbers in the client’s payroll-transaction data. what audit tests of controls using computer assisted audit techniques would best meet the objective

comparing Social Security numbers paid in the payroll transaction file to a file of government authorized Social Security numbers

an auditor’s primary consideration regarding an entity’s internal control is whether the controls

affect the financial statement assertions

what is an example of an operation deficiency in internal control

clerks who conduct monthly reconciliation of intercompany accounts do not understand the nature of the misstatements that could occur in those accounts

what action should the auditor take in response to discovering a deviation from the prescribed control procedure

make inquiries to understand the potential consequence of the deviation

what procedure is considered a test of controls

an auditor interviews and observes appropriate personnel to determine segregation of duties

if an auditor is obtaining an understanding of an issuer’s information and communication component of internal control, what factor should the auditor assess

the classes of transactions in the issuer’s operations that are significant to the issuer’s financial statements

what processes would be considered routine transactions

inventory costing

cash disbursements

what outcome is a likely benefit of information technology used for internal control

enhanced timeliness of information

what control would mitigate the risk of introduction of unauthorized data or programs

access and user entity controls

an audit team would use test data to test the effectiveness of

input controls

an auditor who is testing IT controls in a payroll system would most likely use test data that contain conditions such as

time tickets with invalid job numbers

what is a correct statement with regard to the job responsibilities of individuals in an automated information processing environment

computer operators oversee the operation of the computer for each accounting application system

what type of control best describes procedures to ensure appropriate systems software acquisition

general

what most likely represents a disadvantage for an entity that keeps microcomputer-prepared data files rather than manually prepared files

it is usually easier for unauthorized persons to access and alter the files

what control would mitigate the risk of unauthorized changes

program testing and user entity controls

a client that recently installed a new accounts payable system assigned employees a user identification code (UIC) and a separate password.. what does not reflect a limitation of the client’s computer-access control

employees are not required to take regular vacations

what is an engagement attribute for an audit of an entity that processes most of its financial data in electronic form without any paper documentation

performance of audit tests on a continuous basis

examples of general controls would include all of the following except

the use of check digits when inputting customer information

one of the primary problems associated with end user computing is

unauthorized access to programs and data

the purpose of test data is to determine whether

controls operate as described in responses to internal control questionnaire items and program flowchart

what control would best mitigate the risk of destruction of data

access and backup controls

what input control is primarily related to ensuring that all transactions are input and transactions are not input more than once

batch totals

what procedure would not be effective in testing controls restricting access to specific computer programs and files

inquiring as to whether programs and files are restricted to authorized personnel

computer controls that are pervasive and apply to all applications of a computerized processing system are referred to as

general controls

what constitutes a potential risk associated with the use of information technology in an entity’s internal control structure

unauthorized changes to systems

what controls involve manually calculating a mathematical total of a field prior to input and comparing that to a total of that field from transactions processed by the client’s system

hash totals

batch totals

what is not a difference that is introduced when an entity uses the computer in processing its transactions

audit teams are not required to obtain an overall understanding of the entity’s internal control in a computerized processing environment

an auditor is considering internal control in an automated environment. under these circumstances, the auditor would need to focus on automated controls for all of the following reasons except

it is more efficient and cost-effective to focus on automated controls rather than manual controls

computer operations controls are typically implemented for files and data used in processing. the major objectives of these controls include each of the following except for

ensure restricted access to the computing environment

what control would mitigate the risk of destruction of infrastructure or data

physical and user entity controls

what control would mitigate the risk of unauthorized access to data or programs

access controls and firewalls and password systems

an example of a program in which the audit team would be most interested in testing automated application controls is a

payroll processing program