Chapter 5 - Internal Control Evaluation

Question 1

When was Sarbannes-Oxley Passes?

Answer 1

July 30, 2002

Question 2

Three categories of internal controls:

Answer 2

1. reliability of financial reporting
2. effectiveness and efficiency of operations
3. compliance with applicable laws and regulations

Question 3

_____ is a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives

Answer 3

Internal Controls

Question 4

Objectives of internal controls in the financial reporting category: (2)

Answer 4

1. producing reliable financial statements
2. safeguarding assets

Question 5

Objectives of internal controls in the operations category: (5)

Answer 5

1. maintaining a good business reputation
2. ensuring a positive return on investment
3. increasing market share
4. promoting new product innovation
5. using assets effectively and efficiently

Question 6

Objectives of internal controls in the compliance category: (1)

Answer 6

1. compliance with laws and regulations that effect the entity

Question 7

Internal control systems can be compromised by:

Answer 7

1. human error
2. deliberate circumvention
3. collusion - two or more people coming together to commit fraud
4. management override
5. cost-benefit

Question 8

Internal controls are a _____ process

Answer 8

dynamic

Question 9

Management’s responsibilities regarding the internal control system:

Answer 9

1. establish control environment
2. asses risks it they wish to control
3. specify information and communication channels including the AIS
4. design and implement appropriate control activities
5. monitor, supervise, and maintain control activities

Question 10

_____ is in the position to estimate benefits derived from controls and weight them against cost and are also expected to make their own judgements about the necessities of internal controls.

Answer 10

management

Question 11

3 items that must be included in an entity’s annual report under section 304 of Sarbannes-Oxley

Answer 11

1. a statement that management is responsible for establishing and maintaining adequate internal controls over financial reporting
2. a statement identifying the framework that management uses as a benchmark for evaluating the effectiveness of an entity’s internal controls
3. a statement providing management’s assesment of the effectiveness of the entity’s internal controls

Question 12

Management must disclose any _____ _____ in internal controls in. If _____ _____ exist, management may not be able to conclude that the internal controls over financial reporting are effective.

Answer 12

Material Weakness

Material Weakness

Question 13

3 reasons the audit team has for conducting an evaluation of an entity’s internal controls:

Answer 13

1. Sarbannes-Oxley requires an audit of the effectiveness of internal controls over financial reporting for public companies
2. The audit team should evaluate whether the client has implemented control activities that are specifically designed to address the risk of fraud that has been identified
3. Assess the risk of material misstatement for each relevant assertion

Question 14

The probability that an entity’s controls will fail to prevent or detect material misstatement due to error or fraud tht would otherwise have entered into the accounting system is _____ _____

Answer 14

control risk

Question 15

If control risk high, to what extent do auditors test the nature timing and extent of the audit?

Exhibit 5.2 (p 175)

Answer 15

nature: use substantive test of details designed to obtain the highest quality of external evidence
timing: at or near the entity’s fiscal year end
extent: large sample sizes

Question 16

If control risk low, to what extent do auditors test the nature timing and extent of the audit?

Exhibit 5.2 (p175)

Answer 16

nature: substantive analytical reveiw to obtain external evidence
timing: at an interim date before the entity’s year end
extent: smaller sample sizes

Question 17

_____ _____ sets the tone of the organization and is the foundation for all other componets of internal control.

Answer 17

control environment

Question 18

General principles of an effective internal control environment: (7)

Answer 18

1. integrity and ethical values
2. board of directors that understands and exercises oversight responsibility realted to financial reporting and internal control
3. mamangement philosophy and operating styles that support achieving effective internal control over financial reporting
4. organizational structure that supports effective internal control over financial reporting
5. financial reporting competencies by employees of the company
6. authority and responsibility assigned to employees to facilitate effective internal control over financial reporting
7. human resources policies and practices that are designed and implemented to facilitate effective internal control over financial reporting

Question 19

The control environment has a _____ effect on the reliability of financial reporting because it impacts all other components of an organization’s internal control system

Answer 19

pervasive

Question 20

Because the control environment sets the overall foundation for internal control, _____ _____ _____ require an auditor to obtain an understanding of the control environment for all engagements.

Answer 20

professional auditing standards

Question 21

The _____ _____ is a subcommittee of the board of directors that is generally composed of 3 to 6 outside mebers. each member must be _____ _____ and one member must be a _____ _____.

Answer 21

audit committee

financially literate

financial expert

Question 22

4 responsibilites of the audit committee of the board of directors:

Answer 22

1. appointement, compensation, and oversight of the public accounting from conduting the audit
2. resolution of disagreements between management and the audit team
3. oversight of the entity’s internal audit function
4. approval of nonaudit services provided by the public accounting firm performing the audit engagement

Question 23

Specific actions a clent’s management and employees take on to help ensure that management’s directive are carried out are _____ _____

Answer 23

control activities

Question 24

When documenting their understanding of the internal control system, the audit team should keep in mind the following principles related to control activities: (4)

Answer 24

1. information technology: has the audit client taken full advantage of significant advances in information technology by using entirely automated control activities whenever it is efficient and effective
2. level of integration with their risk assesment process: has the audit client’s management team taken the action necessary to adress the identified risks to the achievement of financial reporting objectives
3. **selection and development of control activities: **control activities are selected and developed considering their cost and their potential effectivenes in mitigating the risks identified
4. policies and procedures: have the policies related to the reliable financial reporting been documented and communicated throughout the company?

Question 25

Procedures that prevent misstatements before they occur are _____ \_\_\_\_\_.

Answer 25

preventive controls

Question 26

Examples of preventive controls : (4)

Answer 26

1. hiring competent people 2. limiting access 3. requiring approval 4. seperating duties

Question 27

procedures that detect misstatements after they occur are _____ \_\_\_\_.

Answer 27

detective controls

Question 28

\_\_\_\_\_ _____ require management's active participation in the supervision of operations. An example would be the study of budget variances with follow up action.

Answer 28

performance reviews

Question 29

the 4 main catagories of accounting responsibilites that should be seperated under speration of duties:

Answer 29

1. authorization to execute transactions: may be general (a $ amount) or specific (sale of a major asset) 2. recording transactions 3. custody of assets inolved in a transaction 4. peridoic reconciliation of existing assets to recorded amounts

Question 30

\_\_\_\_\_ _____ are combinations of responsibilites that place a person alone in a position to create and conceal misstatements due to error or fraud

Answer 30

incompatible responsibilites

Question 31

The _____ \_\_\_\_\_ begins with the source documents and proceeds through to the financial reports.

Answer 31

Audit Trail

Question 32

\_\_\_\_\_ is verifying data going from the financial statements to the source documents. Proves the _____ assertion.

Answer 32

Vouching. Occurrence.

Question 33

\_\_\_\_\_ is verifying data going from the source documents to the financial statements. Proves the _____ assertion.

Answer 33

Tracing. Completeness.

Question 34

Two fundamental principples of monitoring:

Answer 34

1. Ongoing and seprate valuation 2. Reporting deficiencies for corrective action

Question 35

Examples of monitoring controls:

Answer 35

1. Periodic evaluation of controls by internal audit 2. Analysis of and appropriate follow-up of operating reports or metrics that might identify anomalies indicative of a control failure 3. Supervisory review of controls, such as reconciliation reviews as a normal part of processing 4. Self-assesments by boards and management regarding the tone they set in the organization and the effectiveness of their oversight functions 5. Audit committee inquiries of internal and external auditors 6. Quality assurance reviews of the internal audit department

Question 36

3 phases audit teams use to assess control

Answer 36

1. Understand and document the client's internal control 2. Assess the control risk (preliminary) 3. Identify controls to test and perform tests of controls

Question 37

Gaining an understanding of an internal control system should be perfomred in a "\_\_\_\_\_ \_\_\_\_\_" risk based manner that identifies _____ \_\_\_\_\_ and discloses their _____ \_\_\_\_\_.

Answer 37

"Top-Down". Significant Accounts. Relevant Assertions.

Question 38

An account's significance is based in its _____ \_\_\_\_\_.

Answer 38

Inherent Risk.

Question 39

Phase 1 should produce general knowledge of whether management's integrity, values, and operating style promote _____ \_\_\_\_\_ _____ throughout the company.

Answer 39

Effective Control Consciouness

Question 40

\_\_\_\_\_ _____ \_\_\_\_\_ are controls that pertain to specific classes of transactions, account balances, and disclosures.

Answer 40

Transaction Level Controls

Question 41

The most effective method used to gain an understanding of the flow of transactions, the points at which a misstatement could occur, and the controls that management has implemented to address potential misstatements is by:

Answer 41

observing actvities and operations made in a walkthrough of one or a few transactions.

Question 42

The purpose of gaining understanding of internal control is to evaluate _____ \_\_\_\_\_.

Answer 42

Design effectiveness

Question 43

\_\_\_\_\_ _____ determines whether the controls over financial reporting, if operating effectively, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements.

Answer 43

Design Effectiveness