IC - Concepts & Standards

Question 1

The primary objective of procedures performed to obtain an understanding of the internal control structure is to provide an auditor with
A. Knowledge necessary for audit planning.
B. Evidential matter to use in assessing inherent risk.
C. A basis for modifying tests of controls.
D. An evaluation of the consistency of application of management’s policies.

Answer 1

A - The auditor is required to gain a sufficient understanding of the entity and its environment, including the internal control structure in order to determine the nature, timing, and extent of the tests to be performed. In reviewing internal control, the auditor first considers the design of controls relevant to a financial statement audit and whether such controls are in operation. Control risk is then assessed for the various financial statement assertions. Based upon the understanding of the internal control and the assessed control risk, the auditor can determine the auditing procedures to be performed.

Question 2

In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain an understanding of an entity's internal control structure need not be included because of the auditor's judgments about materiality and assessments of
	A.  	Control risk.
	B.  	Detection risk.
	C.  	Sampling risk.
	D.  	Inherent risk

Answer 2

D - If the auditor has concluded that an account is immaterial and that inherent risk is low, the auditor might decide to skip the procedures used to obtain an understanding of the related internal controls because the risk of a material misstatement occurring is low.
This is really a rather tricky question because GAAS require the auditor to obtain an understanding of the internal control structure sufficient to plan the audit. In the case of immateriality combined with low inherent risk, the auditor does not need to understand the internal controls specifically related to the account in order to plan the audit

Question 3

Which of the following is a management control method that most likely could improve management’s ability to supervise company activities effectively?
A. Monitoring compliance with internal control requirements imposed by regulatory bodies.
B. Limiting direct access to assets by physical segregation and protective devices.
C. Establishing budgets and forecasts to identify variances from expectations.
D. Supporting employees with the resources necessary to discharge their responsibilities

Answer 3

C - The use of budgets and forecasts to compare planned and actual results will enable management to supervise more effectively than the other controls listed. It provides a means for management to establish expectations, to compare them to actual results, and then to follow up in areas where significant differences appeared. Monitoring compliance with regulatory requirements, limiting access to assets, and providing adequate support are important to the successful operation of the business but they do not necessarily help management to supervise more effectively

Question 4

An auditor’s primary consideration regarding an entity’s internal control structure policies and procedures is whether they
A. Prevent management override.
B. Relate to the control environment.
C. Reflect management’s philosophy and operating style.
D. Affect the financial statement assertions.

Answer 4

D - The auditor is primarily interested in whether an entity’s internal controls affect the financial statement assertions. Specifically, the auditor is interested in the policies and procedures that pertain to an entity’s ability to record, process, summarize, and report financial data consistent with the assertions embodied in the financial statements.

Question 5

**Decision tables differ from program flowcharts in that decision tables emphasize
A. Ease of manageability for complex programs.
B. Logical relationships among conditions and actions.
C. Cost benefit factors justifying the program.
D. The sequence in which operations are performed

Answer 5

B - A decision table presents in tabular form the conditions and alternative actions related to making a particular decision. It emphasizes logical relationships (decision rules) among the conditions and actions.

Question 6

An auditor uses the assessed level of control risk to
A. Evaluate the effectiveness of the entity’s internal control policies and procedures.
B. Identify transactions and account balances where inherent risk is at the maximum.
C. Indicate whether materiality thresholds for planning and evaluation purposes are sufficiently high.
D. Determine the acceptable level of detection risk for financial statement assertions

Answer 6

D - The auditor assesses control risk (the risk that the internal control structure will not prevent or detect a material misstatement) and inherent risk (the risk of a material misstatement occurring) in order to determine the acceptable level of detection risk.

Question 7

After obtaining an understanding of the internal control structure and assessing control risk of an entity, an auditor decided not to perform tests of controls.

The auditor most likely decided that
A. The available evidential matter obtained through tests of controls would not support an increased level of control risk.
B. A reduction in the assessed level of control risk is justified for certain financial statement assertions.
C. It would be inefficient to perform tests of controls that would result in a reduction in planned substantive tests.
D. The assessed level of inherent risk exceeded the assessed level of control risk.

Answer 7

C - There is always a cost-benefit tradeoff in testing controls. The auditor tests controls in order to rely on them and to reduce substantive testing. If testing controls won’t reduce substantive testing sufficiently ( i.e., enough to offset the cost of testing controls), the auditor will opt NOT to test controls. In other words, it would be inefficient to perform the tests of controls

Question 8

As part of understanding the internal control structure, an auditor is not required to
A. Consider factors that affect the risk of material misstatement.
B. Ascertain whether internal control structure policies and procedures have been placed in operation.
C. Identify the types of potential misstatements that can occur.
D. Obtain knowledge about the operating effectiveness of the internal control structure.

Answer 8

D - In gaining an understanding of internal control, an auditor is required to consider factors that affect the risk of material misstatement, identify the types of potential misstatements that can occur, and ascertain whether internal controls have been placed in operation. The auditor is NOT required to obtain knowledge about the operating effectiveness of internal control (i.e. perform tests of controls)

Question 9

The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the
A. Factors that raise doubts about the auditability of the financial statements.
B. Operating effectiveness of internal control policies and procedures.
C. Risk that material misstatements exist in the financial statements.
D. Possibility that the nature and extent of substantive tests may be reduced

Answer 9

C - The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the risk that material misstatements exist in the financial statements. Assessing control risk and inherent risk help the auditor identify where misstatements might exist; the auditor then performs auditing procedures to detect those misstatements.

Question 10

Assessing control risk at below the maximum level most likely would involve
A. Performing more extensive substantive tests with larger sample sizes than originally planned.
B. Reducing inherent risk for most of the assertions relevant to significant account balances.
C. Changing the timing of substantive tests by omitting interim-date testing and performing the tests at year end.
D. Identifying specific internal control structure policies and procedures relevant to specific assertions

Answer 10

D - In order to assess control risk below maximum the auditor must collect evidence to support the reduction. Collecting such evidence involves identifying specific internal controls relevant to specific assertions and then performing tests of controls to evaluate the effectiveness of the controls

Question 11

Control risk should be assessed in terms of
	A.  	Specific control procedures.
	B.  	Types of potential irregularities.
	C.  	Financial statement assertions.
	D.  	Control environment factors

Answer 11

C - The auditor assesses control risk for the assertions present in the financial statements. Such assertions may be found in the account balance, transaction class, or disclosure components. Based upon the understanding of internal control and the control risk assessments, the auditor determines the nature, timing, and extent of the auditing procedures to be performed

Question 12

Which of the following elements of an entity's internal control structure includes the development of personnel manuals documenting employee promotion and training policies?
	A.  	Control activities.
	B.  	Control environment.
	C.  	Accounting system.
	D.  	Quality control system

Answer 12

B - The control environment sets the tone of an organization, influencing the control consciousness of its people. It includes the following factors: integrity and ethical values, commitment to competence, board of directors or audit committee participation, management’s philosophy and operating style, organizational structure, assignment of authority and responsibility, and human resource policies and practices. The development of personnel manuals documenting employee promotion and training policies is a component of human resource policies and practices.

Question 13

Which of the following audit techniques most likely would provide an auditor with the most assurance about the effectiveness of the operation of an internal control procedure?
A. Confirmation with outside parties.
B. Inquiry of client personnel.
C. Recomputation of account balance amounts.
D. Observation of client personnel

Answer 13

D - Confirmation with outside parties and recomputation of account balances are substantive procedures designed to gather evidence about the fair presentation of account balances. Inquiry of client personnel would provide some evidence about the operation of an internal control, but the best evidence about the effectiveness of operation of an internal control would be provided through the auditor’s observation of client personnel

Question 14

Which of the following auditor concerns most likely could be so serious that the auditor concludes that a financial statement audit cannot be performed?
A. Management fails to modify prescribed internal controls for changes in information technology.
B. Internal control activities requiring segregation of duties are rarely monitored by management.
C. Management is dominated by one person who is also the majority stockholder.
D. There is a substantial risk of intentional misapplication of accounting principles.

Answer 14

D - The auditor would conclude that a financial audit could not be performed if he/she determined that a substantial risk of intentional misapplication of accounting principles existed.
The key word is “intentional” as the risk of management override is an inherent limitation of any internal control system. Management can override the system to make material misstatements in the financial statements and the auditors may not be able to detect such entries.
If management is believed to be intentionally misapplying accounting principles, the financial statements are likely to contain material misstatements that may be extremely difficult, if not impossible, to detect. Thus, the auditors would withdraw from the engagement

Question 15

The objective of tests of details of transactions performed as tests of controls is to
A. Monitor the design and use of entity documents such as prenumbered shipping forms.
B. Determine whether internal control structure policies and procedures have been placed in operation.
C. Detect material misstatements in the account balances of the financial statements.
D. Evaluate whether internal control structure procedures operated effectively

Answer 15

D - The objective of tests of details of transactions performed as tests of controls is to evaluate whether internal controls operated effectively. A test of details of transactions performed as a test of control will enable the auditor to detect a control failure

Question 16

An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes
A. Control policies and procedures are unlikely to pertain to the assertions.
B. The entity’s control environment, accounting system, and control procedures are interrelated.
C. Sufficient evidential matter to support the assertions is likely to be available.
D. More emphasis on tests of controls than substantive tests is warranted

Answer 16

A - Control risk is assessed in terms of the financial statement assertions. The auditor may assess control risk at maximum because the controls do not pertain to the assertions, or are ineffective, or because testing such controls would not result in a reduction in substantive testing (would be inefficient)

Question 17

Regardless of the assessed level of control risk, an auditor would perform some
A. Tests of controls to determine the effectiveness of internal control policies.
B. Analytical procedures to verify the design of internal control procedures.
C. Substantive tests to restrict detection risk for significant transaction classes.
D. Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.

Answer 17

C - An auditor must always perform substantive tests for significant account balances and transaction classes. Although a lowered control risk assessment allows the auditor to reduce substantive testing, it cannot be used to eliminate substantive testing.

Question 18

Which of the following statements concerning an auditor’s communication of significant deficiencies is correct?
A. The auditor should request a meeting with management one level above the source of the significant deficiencies to discuss suggestions for remedial action.
B. Any report issued on significant deficiencies should indicate that providing assurance on the internal control structure was not the purpose of the audit.
C. Significant deficiencies discovered and communicated at an interim date should be reexamined with tests of controls before completing the engagement.
D. Suggestions concerning administration efficiencies and business strategies should not be communicated in the same report with significant deficiencies

Answer 18

B - The auditor’s report on significant deficiencies should indicate that the purpose of the audit was to report on the financial statements and not to provide assurance on the internal control structure

Question 19

Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee (or otherwise those charged with governance)?
A. Management’s failure to renegotiate unfavorable long-term purchase commitments.
B. Recurring operating losses that may indicate going concern problems.
C. Evidence of a lack of objectivity by those responsible for accounting decisions.
D. Management’s current plans to reduce its ownership equity in the entity

Answer 19

C - A significant deficiency is a control deficiency in the design or operation of internal control that can adversely affect the financial statements.
If those responsible for accounting decisions appear to lack objectivity, the resultant accounting decisions may result in material misstatements of the financial statements.
For example, revenue recognition decisions might be made to increase current period net income (and managerial bonuses)

Question 20

Which of the following circumstances would be inappropriate for the auditor to communicate to those charged with governance?
A. A material misstatement was noted by the auditor and corrected by management.
B. No significant deficiencies in internal control exist that would affect the financial statements.
C. The auditor is requesting representations regarding the financial statements from management.
D. Management has consulted with other accountants about accounting and auditing matters during the period under audit

Answer 20

B - The clarified auditing standard, “Communicating Internal Control Related Matters Identified in an Audit,” specifically states, “The auditor should not issue a written communication stating that no significant deficiencies were identified during the audit.” (AU §265, paragraph 16).

Question 21

An internal auditor’s work would most likely affect the nature, timing, and extent of an independent CPA’s auditing procedures when the internal auditor’s work relates to assertions about the
A. Existence of contingencies.
B. Valuation of intangible assets.
C. Existence of fixed asset additions.
D. Valuation of related party transactions.

Answer 21

C - Some of the work performed by internal auditors may provide direct evidence about material misstatements in assertions. As a result, the auditor may be able to rely upon such work and reduce the nature, timing, or extent of the auditing procedures to be performed related to those assertions. Internal audit work pertaining to the existence of fixed asset additions would provide direct evidence which could be used to restrict other audit work to be performed