Chapter 5: Risk Assessment: Internal Control Evaluation

Question 1

COSO internal control categories include _____ and _____ of operations.

Answer 1

effectiveness; efficiency

Question 2

What are the 3 main objectives of the COSO Framework?

Answer 2

1. reliability of financial reporting
2. effectiveness and efficiency of operations
3. compliance with applicable laws and regulations

Question 3

What does Section 302 of SOX do?

Answer 3

stipulates criminal penalties for CEOs and CFOs if they issue materially misleading financial statements

Question 4

Section 302 of SOX requires….

Answer 4

• managers to be responsible for establishing a control environment
• management to assess the risks it wishes to control
• management to be responsible for monitoring and maintaining control activities

Question 5

The assessment of risk of material misstatement at the assertion level is completed to give the audit team a basis for planning the audit and determining the ____, ____, and ____ of further audit procedures to be conducted for the financial statement audit.

Answer 5

nature, timing, extent

Question 6

When would the audit team likely use substantive tests of detail designed to obtain evidence (nature), at or near entity’s fiscal year-end (timing), with large sample sizes (extent)? When the control risk is high or low?

Answer 6

When control risk is assessed as high

Question 7

When would the audit team likely use substantive analytical procedures to obtain evidence (nature), at an interim date before the entity’s fiscal year-end (timing), with much smaller sample sizes (extent)?

Answer 7

When control risk is assessed as low

Question 8

The audit team must adjust the substantive procedures accordingly in order to obtain enough evidence to mitigate the risk of material misstatements to a low level for the relevant assertions being tested if the assessment of control risk is ______.

Answer 8

moderate

Question 9

What are the 5 components of the COSO framework?

Answer 9

1. control environment
2. risk assessment
3. control activities
4. monitoring
5. information and communication

They work in an integrated manner

Question 10

The COSO definition states that internal control is designed to provide _____ _____ regarding the achievement of objectives in three categories.

Answer 10

reasonable assurance

Question 11

Integrity, ethical values and competence of the entity’s people are all ______ ______ factors.

Answer 11

control environment

Question 12

Each member of the audit committee must be financially ____ and one member must be a financial _____.

Answer 12

literate, expert

Question 13

All entities recognize the need for a formalized process to identify, assess and manage factors, events and conditions, known as _____ _____, that can prevent the organization from achieving its objectives.

Answer 13

business risk

Question 14

The foundation for all other components of internal control is the _____ _____.

Answer 14

control environment

Question 15

The risk assessment element of the COSO framework is ____ responsibility.

Answer 15

management’s

Question 16

In a well-functioning internal control system, once the risks to management’s objectives have been identified, ____ are established to eliminate, mitigate, or compensate for the risks.

Answer 16

internal control activities

Question 17

In some sense, all controls can be thought of as ____ controls.

Answer 17

preventative

The possibility of being caught by a detective control might prevent someone from committing an error or fraud.

Question 18

Duties that should be separated are the _____ to execute transactions, _____ transactions, ____ of assets involved in the transactions and periodic ____ of existing assets to recorded amounts.

Answer 18

1. authorization
2. recording
3. custody
4. reconciliation

Question 19

COSO developed a(n) ____ framework to facilitate the assessment and mitigation of business risks a company faces.

Answer 19

enterprise risk management

Question 20

The professional standards require the auditor to gain an understanding of the client’s risk assessment process related to ______.

Answer 20

• financial reporting risks
• fraud risk

But all busines risks are still important

Question 21

Specific actions a client’s management and employees take to help ensure management’s directives are carried out are called?

Answer 21

control activities

Question 22

Professional standards recognize that to make effective decisions, managers must have access to _______, ______, and _____ information.

Answer 22

1. timely
2. reliable
3. relevant

Question 23

T/F: When gaining an understanding of internal controls, assertions should always be considered whether or not they are relevant

Answer 23

False

Question 24

T/F: When gaining an understanding of internal controls, assertions should only be considered whether or not they are relevant

Answer 24

True

Question 25

Obtaining an understanding of the information system relevant to financial reporting includes understanding... (2).

Answer 25

1. how the information system captures events and conditions other than transactions significant to the financial statements 2. the nature of the underlying accounting records, information and accounting used to execute a transaction

Question 26

For all relevant assertions for each significant account and disclosure, the audit team begins by examining ____ ____ controls that are pervasive to the internal control system and reliability of the financial statements as a whole.

Answer 26

entity level

Question 27

An employee knowingly doing something to bypass the internal control system is performing....

Answer 27

deliberate circumvention

Question 28

The audit team identifies ___ ___ controls that pertain to specific classes of entries, account balances and disclosures.

Answer 28

transaction-level

Question 29

Professional auditing standards recognize the cost of controls should not exceed the benefits expected from the controls, which is the concept of ____ ____.

Answer 29

reasonable assurance

Question 30

Whether the controls over financial reporting, if operating as they should, would be expected to prevent or detect errors or fraud that could result in a material misstatement in the financial statements is determined by ____ _____.

Answer 30

design effectiveness

Question 31

Gaining an understanding of internal controls should start by identifying ____ accounts and disclosures and their __ _____.

Answer 31

significant; relevant assertions

Question 32

Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ____-level transactions.

Answer 32

entity

Question 33

Common monitoring controls include which of the following: - external auditor inquiries of internal auditors and the audit committee - supervisory review of controls - periodic evaluation of controls by internal audit - self-assessments by boards regarding the effectiveness of their oversight

Answer 33

- supervisory review of controls - periodic evaluation of controls by internal audit - self-assessments by boards regarding the effectiveness of their oversight ## Footnote audit committee inquiries of internal and external auditors

Question 34

Whether a control is working as designed and whether the person performing the control has the authority and qualifications to perform the control is referred to as _____ _____.

Answer 34

operating effectiveness

Question 35

Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of ____ testing.

Answer 35

exception

Question 36

What is the purpose of exception testing?

Answer 36

to identify a violation of a particular control activity through use of an automated test procedure designed to test all items in a population.

Question 37

An account's significance is based on its ____ risk.

Answer 37

inherent

Question 38

Once items have been selected for testing, what are the four methods of testing controls?

Answer 38

1. inquiry 2. observation 3. document examination 4. reperformance

Question 39

When testing controls, the audit team often uses ____ about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed.

Answer 39

inquiry