Chapter 7 - Audit exam 2

Which SOX statement is false regarding ICFR reporting

Auditors provide recommendations for improving internal control in the audit report

Auditors ICFR role

Express an opinion on the effectiveness of internal control not advise on improvements

Section 404 SOX

Mandates management assessment and auditor attestation of internal control effectiveness for public companies

The auditors role under sox relative to internal controls is to

Express an opinion on the effectiveness of the entity’s internal control

Integrated audit

an audit of both the financial statements and ICFR

Which is not a management requirement under section 404

Guarantee the effectiveness of the entity’s ICFR

Management Responsibility SOX 404

to design, implement and assess the effectiveness of ICFR

Control Deficiency

When a control doesn’t prevent or detect misstatements on a timely basis

A control deviation caused by an unauthorized employee performing a control procedure is a

Deficiency in operation

Which factor does not affect the likelihood that a control deficiency will lead to a misstatement

The financial Statement amounts exposed to the deficiency

Which is the lease likely step in managements assessment of ICFR effectiveness

Communicating its findings to external auditors

Managements assessment process

identification, testing, evaluation of icfr controls

Which of the following is not an entity level control

Controls to monitor the inventory taking process

Entity level controls

Controls that have a pervasive effect on financial reporting

which statement about SOX audit requirements is false

The auditor should provide recommendations to the audit committee for improving internal control as part of their assessment

For high risk locations or business units the auditor must first

determine whether those risks are adequately addressed by entity level controls

Top down, risk based approach

Start with entity level controls, then move to significant accounts and relevant assertion

Generalized audit software would likely be used for all execpt

identifying weakness in documentation of entity controls

Correct order in the top down, risk based approach to auditing ICFR

1⃣ Identify entity-level controls → 2⃣ Identify significant accounts → 3⃣ Understand likely sources of misstatement → 4⃣ Select controls to test.

Controls most likely tested during the interim period are:

Controls that operate on a continuous basis.

If risk for a location is low and entity-level controls are strong, management may rely on:

Self-assessment processes combined with entity-level controls.

Interim Testing

testing performed before the balance sheet date to spread audit work over time.

Self-Assessment Process

internal evaluations conducted by management to assess control performance.

A walkthrough requires an auditor to

Trace a transaction from origination through the system until it’s reflected in the financial statements

Walkthrough

a procedure that follows a transaction end-to-end through the accounting system.

Which factor is least helpful when evaluating additional evidence after interim testing

That a walkthrough of the control system was conducted at interim

Which control does not mitigate fraud and management override risk?

Controls related to executive compensation

Management Override

when executives bypass controls for personal or reporting reasons.

Which statement about the test data approach is false?

The test data should consist of only valid conditions

Test Data Approach

using simulated transactions to evaluate automated control processes.

Which factor should not determine the extent of control testing?

The amount of time the auditor has before the report is due

Extent of Testing

determined by risk assessment and materiality, not deadlines.

“Remediation” refers to

Corrective actions taken by management to fix control deficiencies

Remediation

the process of correcting identified control problems before reporting.