Internal Control

Question 1

What does the auditor use the knowledge provided by his understanding of internal control and the assessed level of the risks of material misstatement to do?

Answer 1

Determine the nature, timing, and extent of further audit procedures to determine whether FS info is accurate.

Question 2

What types of service auditor reports may be issued?

Answer 2

Reports can be on either whether controls have been placed in operation OR on operating effectiveness. NOT to be confused with compliance effectiveness.
Report is ordinarily restricted in use and no summary assessment of control risk is included.

Question 3

If a client records a large purchase twice in error, what control would detect this in a timely and efficient manner?

Answer 3

Reconciling the vendor’s monthly statements with the subsidiary ledger for payables should disclose a difference in the month following the error.
Note this will not be found by footing the purchases journal or tracing totals from purchases journal to ledger accounts.
Sending written quarterly confirmations to vendors will only detect the error quarterly and is not timely or efficient.

Question 4

What is the sequence of steps for processing a voucher?

Answer 4

In a properly designed AP system, a voucher is prepared after the invoice, purchase order, requisition, and receiving report are verified. As the appropriate documents have been assembled and verified, this allows a decision on whether the voucher should be approved for payment.
If approved, the check is issued.
Supporting documents are cancelled at the time of payment (not before the voucher has been approved) . This indicates that an invoice has been paid in order to avoid duplicate pmt of that invoice.

Question 5

Why would the auditor consider the org structure in the context on control risk?

Answer 5

To ensure proper lines of reporting are in place to prepare FS that follow GAAP.

Question 6

What is determined prior to tests of controls

Answer 6

Existence of necessary controls

Existence of incompatible functions and other conditions

Question 7

What is a tests of controls for

Answer 7

Provides reasonable assurance that the internal control procedures are designed and operating effectively.

Question 8

What do substantive tests address

Answer 8

They more directly address the existence of material dollar errors.

Question 9

What do the standards allow for use of audit evidence about the operating effectiveness of controls obtained in prior year audits?

Answer 9

Allows use of such evidence if the related controls are tested at least every third year. It can be used for material or immaterial accounts.

Question 10

Why are prenumbered termination forms by the payroll dept used?

Answer 10

Payroll dept is entrusted with preparing the payroll and must determine that terminated employees do not continue to receive payroll checks.
The proper use of prenumbered termination notices would provide assurance that the terminated employees are removed from payroll.

Question 11

What functions should be segregated?

Answer 11

Transaction, authorization, recordkeeping, custody of assets, and the extent possible, operations should be segregated.
If the AP manager issues POs, this is a weakness as the AP manager should manager the overall AP function and the purchasing dept should issue POs.
No lack of appropriate segregation of duties occurs when the AP clerk files invoices and support or manually verifies arithmetic on the vendor invoices.

Question 12

How can the risk of duplicate payment be reduced?

Answer 12

The official signing the check should compare the check with the voucher and should deface/cancel the voucher package/documents.
Note duties of voucher preparation and check signing should be segregated.

Question 13

Who should mail signed checks?

Answer 13

The treasurer who has custody of the checks after he signs them may mail them most efficiently.
The receptionist should not as this additional involvement may increase the number of processing errors.
The AP and payroll clerk cannot as it would merge the responsibilities of recordkeeping and custody of assets.

Question 14

What is a material requisition for

Answer 14

Used during the production process to requisition materials with which to produce the goods

Question 15

When are shipping order and bill of lading received / prepared

Answer 15

The shipping order is not received until the good has been sold and is to be shipped.
The bill of lading will not be prepared until the item is sold.

Question 16

For internal controls, what provides that finished goods are to be accepted for stock?

Answer 16

Only after presentation of a completed production order AND an inspection report. Finished goods should be inspected to determine their condition before leaving the production dept.

Question 17

What do the independent auditors need to consider of the internal auditors

Answer 17

AICPA professional standards require them to consider the internal auditor’s competence, objectivity, and work performance.

Question 18

What does an unqualified opinion on an entity’s system of internal control imply?

Answer 18

The broad objectives of internal control are to render reasonable assurance that assets are safeguarded from unauthorized use or disposition and that financial records are sufficiently reliable to permit the preparation of financial statements.
Note that the likelihood of mgmt fraud may be at a higher than minimal level.

Question 19

The auditor is most concerned with controls that provide reasonable assurance about the…

Answer 19

Entity’s ability to record, process, summarize, and report financial data consistent with the assertions embodied in the FS.

Question 20

What is a key control for ensuring sales are properly authorized when assessing control risks for sales?

Answer 20

Needs to directly relate to authorization of sales - Sales orders should be sent to the credit dept for approval/authorization.

Question 21

What is a control that can be used for an entity with a large volume of customer remittances by mail to reduce the risk of employee misappropriation of cash?

Answer 21

Use a bank lockbox system which will result in collection of receivables by a bank, eliminating employee contact with the cash.
Daily, check summaries, employee fidelity bonds, and independently prepared mailroom prelists are less effective.

Question 22

What are effective internal control procedures over the purchasing of raw materials?

Answer 22

Systematic reporting of product changes which will affect raw materials - required to achieve efficient purchasing of raw materials
Determining the need for raw materials is essential prior to purchasing
Obtaining financial approval prior to making a commitment
Note that obtaining third party written quality and quantity reports prior to payment for the raw materials is NOT required.

Question 23

What is a flowchart described as

Answer 23

Flowchart prepared during the consideration of internal control is a symbolic representation of a system of sequential processes. It can be used in lieu of the internal control questionnaire which has the same purpose (to prepare a record of prescribed internal control).

Question 24

What is ordinarily considered a factor indicative of increased financial reporting risk when considering a client’s risk assessment policies?

Answer 24

Rapid growth of the organization.
Note that materiality standards for determining whether to capitalize acquistions of fixed assets relates to auditor’s judgment and is not ordinarily considered a risk factor.
Note commissioned sales personnel are also not considered a risk factor.

Question 25

What happens when an auditor discovers that certain control activities were ineffective?

Answer 25

An increase in the extent of tests of details (a type of substantive test) will decrease detection risk, as control risk has increased.
The detection risk must be decreased. It will probably not be appropriate to change the assessed level of inherent risk, but if it is, it would be decreased, not increased.
Since the controls are not operating effectively, further tests of controls is inappropriate.

Question 26

What system should be used in strengthening controls over the accounting for materials used in production for a company that mass produces 8 products

Answer 26

Perpetual inventory system would be the best as it will show when and where materials are being used.
A job order cost accounting system would not as the company mass produces.

Question 27

What is an economic order quantity system (EOQ)

Answer 27

EOQ system is a control system that controls ordering and storage cost, but NOT usage.

Question 28

What is ‘lapping’ and how can it be protected against?

Answer 28

Lapping of trade AR involves an abstraction of funds and subsequent delay in crediting receipts to AR. It occurs by misappropriating mail receipts/checks. Lapping involves incorrect entries in the AR subsidiary ledger, not the GL.

If customers send pmts directly to a depository bank, there is no opportunity for abstraction of funds or subsequent misapplication.

Question 29

How do you prevent direct manufacturing labor from being charged to manufacturing overhead?

Answer 29

Comparison of daily JE with the factory labor summary will detect any direct manufacturing labor which has been properly recorded on the labor summary but incorrectly posted to manufacturing OH account
Note time cards will only provide total hours worked and will not show the details of time charged to direct labor vs overhead.

Question 30

What are walkthroughs for?

Answer 30

Provide evidence to confirm the auditor;s understanding of the flow of transactions and the design of controls, to evaluate the effectiveness of the design of controls and to confirm whether controls have been placed in operation.

Question 31

How should org be structured for effective internal control?

Answer 31

Internal auditors report to audit committee of board of directors
controller should be independent of production function
payroll dept reports to the chief accountant
cashier reports to treasurer (has responsibility for cash custodianship) -also responsible for bad debt writeoffs as independent of sales authorization and recordkeeping functions.
Treasurer not to be confused with controller (recordkeeping)

Question 32

What are the control environment factors (set the tone of an org including control consciousness of people)?

Answer 32

Integrity and ethical values
Commitment to competence
HR policies and practices
Assignment of authority and responsibility
Mgmt philosophy and operating style
Board of directors or audit committee participation
Org structure
IC HAMBO

Question 33

What are the control activity types?

Answer 33

PIPS
Performance reviews (actual vs budget, forecast)
Info processing (check accuracy, completeness, and authorization)
Physical controls (physical security of assets)
Segregation of duties (separate authorization, recordkeeping, custody)

Question 34

What are limitations of internal control

Answer 34

1 - human judgement can be faulty
2 - breakdowns can occur because of human error
3 - controls, can be circumvented by collusion
4 - mgmt has ability to override
5 - cost constraints (cost of internal control should not exceed the expected benefits expected)
6 - custom, culture, and corporate governance system may inhibit fraud, but they are not absolute deterrents

Question 35

How does auditor perform test of controls

Answer 35

Inquiries of appropriate personnel
Inspection of reports and documents
Observation of the application of controls
Reperformance of the control by the auditor (when evaluating operation)

Question 36

How can auditor examine a sample of paid vouchers that each voucher is submitted and paid only once?

Answer 36

If the voucher (and all attached support) is stamped paid by the check signed, that support may not be submitted a second time.
Note prenumbering will not prevent a second payment because the support if not stamped paid can be reused.

Question 37

If there is a material weakness at year end, what is opinion for audit of a public company’s internal control

Answer 37

Internal control audits require a report with an adverse opinion in this case, NOT a qualified report.

Question 38

While obtaining an understanding of a client’s risk assessment policies, the auditor considers how mgmt…

Answer 38

An auditor obtains sufficient knowledge of the risk assessment process to understand how mgmt considers risks relevant to financial reporting objectives and decide about actions to address those risks. That knowledge might include understanding of how mgmt identifies risks, estimates their significance, and assesses the likelihood of their occurrence, and relates them to financial reporting.

Question 39

In order to safeguard assets through proper internal control, AR that are written off should be transferred to?

Answer 39

Once AR are written off, they should be controlled for possible future collection. Accordingly, they should be recorded to maintain accountability in a separate ledger. If they were simply written off and forgotten, there would be no means of maintaining accountability over these contingent assets.
Note that credit managers should not have control over accounts that have been written off because it does not separate functional responsibilities

Question 40

What are acceptable controls in payroll?

Answer 40

The payroll dept prepares checks and CFO signs them.
The payroll dept prepares checks using a signature plate - treasurer supervises process before distribution.
Accounting dept wires transfer funds to payroll bank account - transfer based on totals from payroll dept summary.
NOT acceptable for payroll clerk to distribute checks and return undistributed checks to payroll dept.
It should be distributed by a paymaster, and undistributed checks should be deposited in a bank account.

Question 41

Mutual fund company uses a transfer agent to handle accounting for shareholders. How does auditor test transfer agent’s internal controls? What type of report would auditor want to see?

Answer 41

The transfer agent is operating as a service organization, and when a service org is involved and is to be relied upon, the most efficient approach is for an auditor to obtain that organization’s service auditor report on its internal control. In this situation, a type 2 report will provide info on both whether controls are placed in operation and on their operating effectiveness. A type 1 report will only address whether controls are placed in operation.
Note the auditor would not audit them (perform test of controls) as the service org has their own internal control reports that are audited.

Question 42

What should the auditor communicate to an independent audit committee of a public entity?

Answer 42

Significant audit adjustments recorded by the entity

Mgmt’s consultation with other accountants about significant accounting matters

Question 43

What opinion when circumstances result in a scope limit in relation to audit of a public company internal control

Answer 43

Qualified or disclaimer NOT adverse

Question 44

What is the primary responsibility of a bank acting as registrar of capital stock?

Answer 44

Prevent any overissuance of stock , and thereby verify that stock is issued properly. Verify that stock is issued in accordance with the authorization of the board of directors and the articles of incorporation.
Note that it is the transfer agent that maintained records of total shares outstanding, as well as detailed stockholder records, and carry out transfers of stock ownership.
Registrars will not determine that dividend amounts are proper. Registrars do not act as an independent third party between board and outside investors concerning M&A, and sale of treasury stock.

Question 45

In a wholesaling business, what is auditor concerned with regarding authorization?

Answer 45

Concerned with granting of credit, shipment of goods, and determination of discounts as all require authorization.
Would not be concerned with selling of goods for cash as at that point, discount decision will have been made and receiving cash removes credit considerations.

Question 46

What is the most important internal control activity over acquisitions of property plant and equipment?

Answer 46

Using budgets to control acquisitions implies a follow up analysis of budget variances. The use of budgets also permits the level of authorized expenditures to be controlled.
Note that analyzing monthly variances between authorized expenditures and actual costs does not include any provision for controlling the level of authorized expenditures (budget).

Question 47

What is a good control to prevent concealment of cash shortage resulting from the improper writeoff of an AR?

Answer 47

Writeoffs must be approved by a responsible officer after review of credit department recommendations and supporting evidence.
Note need segregation of duties in operations/collections and authorization.

Question 48

What is the most likely type of ongoing monitoring activity?

Answer 48

Involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions - such as reviewing the purchasing function.

Question 49

What are the five components of internal control

Answer 49

Control environment
Risk assessment
Control activities
Info and communication 
Monitoring

Question 50

What is the Foreign Corrupt Practices Act?

Answer 50

Makes pmt of bribes to foreign officials illegal and requires publicly held companies to maintain systems of internal control sufficient to provide reasonable assurances that internal control objectives are met.

Question 51

What is auditor obligated to do during the consideration of internal control in a FS audit?

Answer 51

obtain an understanding of the internal control environment and info system
obtain info on the design of internal control and on whether control activities have been implemented
Does NOT need to obtain evidence relating to operating effectiveness when control risk is to be assessed at a max level

Question 52

What is required for documentation of client’s internal control?

Answer 52

At a minimum a list of reasons for nonreliance must be provided. There is not one particular form of documentation necessary, and the extent of documentation may vary.

Question 53

What is required in every audit?

Answer 53

Risk assessment procedures, substantive procedures, and analytical procedures on every audit.
Note test of controls is only required when auditor relies on controls or substantive tests are not enough to audit particular assertions.

Question 54

What does assessing control risk at a LOW level involve?

Answer 54

1 - identifying specific controls relevant to specific assertions that are likely to prevent or detect material misstatements in those assertions
2- performing tests of controls to evaluate the effectiveness of such controls
It may lead to less extensive substantive tests, not more.
Actual level of inherent risk is not affected.
It may lead to interim date substantive testing rather than year end testing.

Question 55

Why are control risk and inherent risk assessed

Answer 55

Used to determine the acceptable level of detection risk for FS assertions

Question 56

What happens when auditor increases assessed level of CR as controls were determined to be ineffective?

Answer 56

The auditor would increase the assessed level of risk of material misstatement which decreases the acceptable level of detection risk. The auditor will need to increase the extent of substantive tests such as tests of details.
Inherent risk is independent of controls.

Question 57

What is a good internal control immediately upon receiving checks from customers by mail for a responsible employee?

Answer 57

Prepare a duplicate listing of checks received provides the company with a source document of all the checks received that day. One list is then forwards to the employee responsible for depositing checks at the end of the day and the other is sent to accounting dept to post to cash receipts journal.
Note that the employee opening mail should not also perform recordkeeping.

Question 58

What are controls designed to reduce the risk of misstatements in the billing process?

Answer 58

• comparing control totals for shipping docs with corresponding totals for sales invoices
• using computer programmed controls on pricing and accuracy of sales invoices
• matching shipping documents with approved sales orders before invoice prep
  Note that reconciling control totals for sales invoices with AR sub ledger is not effective as billing errors will have already occurred.

Question 59

Why do employers bond employees who handle cash receipts?

Answer 59

Fidelity bonds reduce the possibility of employing dishonest individuals
Employee knowledge that bonding companies often prosecute those accused of dishonest acts may deter employees’ dishonest acts.

Question 60

What assertion is tested when an auditor vouches a sample of entries in the voucher register to the supporting documents?

Answer 60

This tests existence or occurrence addressing whether recorded entries are valid and the direction of this test is from the recorded entry to the supporting documents.
If it was completeness, it would be tested the other way around, from supporting to entry.

Question 61

What are controls that exist in the vouchers payable dept?

Answer 61

Will match the vendor’s invoice with the related receiving report to determine that the item for which the company has been billed has been received
Will approve vouchers for pmt when all documentation is proper and present, authorized employee will sign
Will code the vouchers with accounts to be debited, indicating the asset and expense accounts
Note that they should not have access to purchase orders and receiving reports.

Question 62

An entity has internal control to require every check request have an approved voucher, supported by prenumbered PO and prenumbered receiving report. How does auditor test whether checks are being issued for unauthorized expenditures?

Answer 62

Take a sample of canceled checks, which does not have support and may have been unauthorized.
Will not be able to see from other docs, when a check had been issued without supporting docs.

Question 63

What is stated in a letter to the audit committee on significant deficiencies?

Answer 63

1 - indicate the audit’s purpose was to report on the FS and not to express an opinion on internal control
2 - include definition of significant deficiency
3 - restrict distribution of the report

Question 64

What can the work of internal auditors impact?

Answer 64

1 - procedures the auditor performs when obtaining an understanding of the entity’s internal control
2- procedures the auditor performs when assessing risk
3- substantive procedures the auditor performs

Question 65

What does the auditor consider when considering the effect of the internal auditor’s work?

Answer 65

1 - materiality of FS amounts
2- risk of material misstatement of the assertions
3- degree of subjectivity involved in the evaluation of the audit evidence
Existence of fixed asset additions involves little subjectivity compared to contingencies and intangibles and related party transactions.

Question 66

What can the internal auditor assist the CPA in?

Answer 66

Obtaining an understanding of internal control
Performing tests of controls
Performing substantive tests