Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

auditing > Chapter 6 > Flashcards

Chapter 6 Flashcards

1
Q

Proper segregation of duties reduces the opportunities to allow persons to be in positions to both:

A

Perpetrate and conceal errors and fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is not a component of an entity’s internal control?

A

Control risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The overall attitude and awareness of an entity’s board of directors concerning the importance of internal control usually is reflected in its

A

Control environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In an audit of financial statements, an auditor’s primary consideration regarding an internal control policy or procedure is whether the policy or procedure

A

Affects management’s financial statement assertions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following situations most likely could lead to an embezzlement scheme?

A

Access to blank checks and signature plates is restricted to the cash disbursements bookkeeper who personally reconciles the monthly bank statement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following factors is most relevant when an auditor considers the client’s organizational structure in the context of control risk?

A

The suitability of the client’s lines of reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following most likely would not be considered an inherent limitation of the potential effectiveness of an entity’s internal control?

A

Incompatible duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In obtaining an understanding of an entity’s internal control in a financial statement audit, an auditor is not obligated to

A

Search for significant deficiencies in the operation of the entity’s internal control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When obtaining an understanding of an entity’s internal control, an auditor should concentrate on the
implementation of the procedures because

A

Management may establish appropriate procedures but not enforce compliance with them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When considering internal control, an auditor should be aware of the concept of reasonable assurance, which recognizes that

A

The cost of an entity’s internal control should not exceed the benefits expected to be derived.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following procedures most likely would provide an auditor with evidence about whether an entity’s internal control activities are suitably designed to prevent or detect material misstatements?

A

Observing the entity’s personnel applying the activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An auditor is concerned about a policy of management override as a limitation of internal control. Which of the following tests would best assess the validity of the auditor’s concern?

A

Verifying that approved spending limits are not exceeded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following best describes what an auditor should do when control risk is assessed at the maximum level for an assertion?

A

Communicate the control weakness to management, and perform more extensive substantive tests over the asertion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following types of evidence would an auditor most likely examine to determine whether internal control policies and procedures are operating as designed?

A

Client records documenting approvals over transactions in the revenue cycle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Audit evidence concerning limited access to assets is best obtained by

A

Observe the control being implemented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following statements is correct concerning the use of prior audit evidence regarding operating effectiveness of internal controls?

A

If the auditor uses prior audit evidence for several controls, the auditor should test a sufficient portion of them in each audit so that each is tested every third year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

After testing a “non-issuer” client’s internal controls, an auditor discovers what he determines to be a material weakness in the client’s internal controls. Under these circumstances the auditor most likely would

A

Increase the assessment of control risk as well as the extent of related substantive tests

18
Q

Which is true regarding significant deficiencies and material weaknesses in an audit of financial statements?

A

Auditors must communicate them to management and those charged with governance.

19
Q

Which of the following factors should an auditor consider in evaluating the severity of a deficiency in internal control to determine if it should be communicated to the proper persons?

A

I. Magnitude of the potential misstatement
II. Likelihood of the misstatement

20
Q

An auditor’s primary consideration regarding an entity’s internal controls is whether they:

A

affect the financial statement assertions.

21
Q

Which of the following statements about internal control is correct?

A

The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.

22
Q

Internal control is a process designed to provide reasonable assurance regarding the achievement of which objective?

A

effectiveness and efficiency of operations

reliability of financial reporting

compliance with applicable laws and regulations

23
Q

Monitoring is a major component of the COSO Internal Control—Integrated Framework. Which of the following is not correct in how the company can implement the monitoring component?

A

The independent auditor can serve as part of the entity’s control environment and continuous monitoring.

24
Q

After obtaining an understanding of an entity’s internal control system, an auditor may set control risk at high for some assertions because the auditor:

A

believes the internal controls are unlikely to be effective.

25
Regardless of the assessed level of control risk, an auditor would perform some:
substantive procedures to restrict detection risk for significant transaction classes.
26
Assessing control risk below high involves all of the following except:
concluding that controls are ineffective.
27
Which of the following audit techniques would most likely provide an auditor with the least assurance about the effectiveness of the operation of a control?
inquiry of entity personnel
28
The highest-quality and most reliable audit evidence that segregation of duties is properly implemented is obtained by:
observation by the auditor of the employees performing control activities.
29
SOC 1, Type 2 reports issued by the service organization’s auditor typically:
assess whether the service organization’s controls are suitably designed and operating effectively.
30
Significant deficiencies are matters that come to an auditor’s attention that should be communicated to an entity’s audit committee because they represent:
significant deficiencies in the design or operation of the internal control.
31
An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus?
general controls
32
An auditor’s flowchart of an entity’s accounting system is a diagrammatic representation that depicts the auditor’s:
understanding of the system.
33
Types of Controls In all accounting systems, a variety of controls must be designed to accomplish the organization’s control objectives. Internal controls vary significantly between organizations--depending on attributes like organization size, nature of operations, and objectives. In all systems, however, a variety of controls needs to be designed to accomplish the organization’s objectives. Controls are classified as preventive, detective, or corrective.
Preventative control- segregation of duties Detective control-a req. to prepare bank reconciliations Corrective control- maintaining backups of data
34
1. Segregation of duties is a control aimed at __________ misstatement. 2. The requirement to __________ journal entries is an example of a preventive control. 3. The goal to find a misstatement that has already been made is a type of __________ control. 4. Preparing bank __________ can help detect misstatements that have been made. 5. __________ controls come into play when a misstatement is found.
preventing- because Segregation of duties is a preventive control created to avoid misstatement. approve- because Approving journal entries helps prevent misstatement in financial statements. detective- Detective controls detect misstatements that have already been made. reconciliations- Bank reconciliations are a type of detective control. corrective- Corrective controls correct a misstatement that has been found.
35
Control Environment Principles The control environment, often referred to as “tone at the top”, sets the tone of an organization by influencing the control awareness of the people within the organization. The control environment can be viewed as the foundation for all the other facets of internal control.
Commitment to Integrity and Ethical Values- a clearly articulated statement of ethical values Effective Board of Directors- the extent of independence of this group is critical Effective Organizational Structure- a well designed structure provides a basis for planning, directing,and controlling operations Attracting, Developing, and Retaining Competent Employees- mgmt is committed to hiring employees with appropriate levels of education, experience, and evidence of integrity and ethical behavior Individual Accountability- the org must hold individuals accountable for their internal control responsibilities
36
1. __________ should develop a statement of ethical values. 2. If employees lack __________, they may be ineffective in performing their duties. 3. Organizational structure provides a basis for planning, directing, and controlling __________. 4. The audit committee should be composed of directors who are not __________ of the organization. 5. To enhance the control environment, management develops job __________.
senior management- A statement of values by senior management helps establish the control environment. skills-Employees must have appropriate skills to properly perform their duties. operations- A strong organizational structure helps to best control operations. employees- To be independent, the audit committee needs to not be comprised of employees. descriptions- Job descriptions help define objectives.
37
Service Organization Reports Service organizations need to have their controls reviewed by auditors. For example, service organizations that provide data processing services to various clients need to have their controls reviewed by auditors so that the client’s auditors can satisfy themselves that control is being adequately maintained relative to the processing of client data by an external source. Often service organizations have their auditors, called service auditors, study their systems of internal control and issue a service auditor’s report.
Type 1 Report- report that documents a service org's controls and docs their sustainability Type 2 Report- report that documents a service org's controls and docs their sustainability and effectiveness Service Organization- perform at a processing/computer/IT services, like payroll processing, for various clients Service Auditors- auditors selected by a service org to assess systems
38
1. A Type __________ report assesses the controls and their suitability. 2. A Type __________ report assesses the controls, their suitability, and effectiveness. 3. __________ auditors are the auditors of a service organization. 4. There are __________ types of reports that auditors of service organizations (service auditors) can provide. 5. Type 2 reports address operating _____________; Type 1 reports do not.
1 2 service two effectiveness
39
Risks and Controls in an IT Environment The nature of the client’s IT system will affect the risks that management must confront in designing controls for the system. In assessing the risks of material misstatement, the auditors should identify these risks and evaluate the effectiveness of the related controls in mitigating those risks. Auditors assess the risks of material misstatements by using all the audit evidence obtained on the client and its environment, including its internal control. When assessing the risks of material misstatement, the auditors should identify these risks and evaluate the effectiveness of the related controls in mitigating those risks in an IT environment.
Physical and user controls- destruction of infrastructure or data Controls over access and backup copies-unauthorized changes Program and user controls- destruction of data Firewalls and password systems- introduction of unauthorized data or programs Physical controls over terminals and testing of user programs and applications- unauthorized access to data or programs
40
1. __________ may be used to mitigate the risk of unauthorized access in computer operations. 2. __________ may be used to mitigate the risk of unauthorized changes to computer programs. 3. Backup copies may be used to mitigate the risk of __________. 4. __________ may be used to mitigate the risk of viruses in electronic commerce. 5. __________ may be used to mitigate unauthorized access to programs.
physical controls controls over access destruction of data firewalls password systems

auditing (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions