Chapter 3. Internal Control - Concepts and Standards Flashcards
In assessing control risk, an auditor ordinarily selects from a variety of techniques, including
Tests of controls directed toward effectiveness or operation of a control would ordinarily include
inquiries,
inspections of documents,
observation, and
reperformance of the application of a control.
After obtaining an understanding of the internal control structure and assessing control risk, an auditor decided to perform tests of controls. The auditor most likely decided that
A. It would be efficient to perform tests of controls that would result in a reduction in planned substantive tests.
B. Additional evidence to support a further reduction in control risk is not available.
C. An increase in the assessed level of control risk is justified for certain financial statement assertions.
D. There were many internal control structure weaknesses that could allow errors to enter the accounting system.
A.
Correct!
After obtaining an understanding of internal control and assessing control risk, an auditor will perform tests of controls, if it is believed that such performance will result in a reduction in planned substantive tests. If the performance of tests of controls would not result in a reduction in substantive testing, completing tests of controls would be inefficient and therefore should not be performed.
As part of understanding the internal control structure, an auditor is not required to
A. Consider factors that affect the risk of material misstatement.
B. Ascertain whether internal control structure policies and procedures have been placed in operation.
C. Identify the types of potential misstatements that can occur.
D. Obtain knowledge about the operating effectiveness of the internal control structure.
D
In gaining an understanding of internal control, an auditor is required to consider factors that affect the risk of material misstatement, identify the types of potential misstatements that can occur, and ascertain whether internal controls have been placed in operation. The auditor is NOT required to obtain knowledge about the operating effectiveness of internal control (i.e. perform tests of controls).
Tag Question
Which of the following procedures would an auditor most likely perform to test controls relating to management’s assertion about the completeness of cash receipts for cash sales at a retail outlet?
A. Observe the consistency of the employees’ use of cash registers and tapes.
B. Inquire about employees’ access to recorded but undeposited cash.
C. Trace the deposits in the cash receipts journal to the cash balance in the general ledger.
D. Compare the cash balance in the general ledger with the bank confirmation request.
A
A
The cardinal rule regarding cash receipts is to ensure that they are recorded. By requiring employees to record all sales in the cash register and to give customers the cash register tape evidencing the sale, companies can ensure that all cash sales are recorded (the completeness of cash receipts for cash sales). The auditor can test controls by observing employees’ use of cash registers and tapes.
Tag Question
Control risk should be assessed in terms of A. Specific control procedures. B. Types of potential irregularities. C. Financial statement assertions. D. Control environment factors.
C
The auditor assesses control risk for the assertions present in the financial statements. Such assertions may be found in the account balance, transaction class, or disclosure components. Based upon the understanding of internal control and the control risk assessments, the auditor determines the nature, timing, and extent of the auditing procedures to be performed.
When assessing control risk below the maximum level, an auditor is required to document the auditor’s
Yes / No for each of the following:
Understanding of the entity’s control environment
Basis for concluding that control risk is below the maximum level
The auditor is required to document his/her understanding of the entity’s control environment as well as the conclusion reached regarding the assessed level of control risk IN ALL CASES. These are not optional steps. If an auditor concludes that control risk may be assessed at below the maximum level, the auditor is required to document his/her basis for that conclusion
An auditor’s assessment of control risk at below the maximum requires…
… identification of specific internal controls that are likely to detect or prevent material misstatements and the testing of those controls.
As a result of tests of controls, an auditor assesses control risk too high. This incorrect assessment most likely occurred because
A. Control risk based on the auditor’s sample is less than the true operating effectiveness of the client’s control activity.
B. The auditor believes that the control activity relates to the client’s assertions when, in fact, it does not.
C. The auditor believes that the control activity will reduce the extent of substantive testing when, in fact, it will not.
D. Control risk based on the auditor’s sample is greater than the true operating effectiveness of the client’s control activity.
A. Control risk based on the auditor’s sample is less than the true operating effectiveness of the client’s control activity.
B. The auditor believes that the control activity relates to the client’s assertions when, in fact, it does not.
C. The auditor believes that the control activity will reduce the extent of substantive testing when, in fact, it will not.
D. Control risk based on the auditor’s sample is greater than the true operating effectiveness of the client’s control activity.
Correct!
When the auditor assesses control risk too high, it means that the auditor’s sample indicates that the control is NOT working properly when it really is. Thus, control risk based on the auditor’s sample is higher than the true operating effectiveness of the control would warrant.
