An auditor's primary consideration regarding an entity's internal control structure policies and procedures is whether they?
Affect the financial statement assertions
The auditor is primarily interested in whether an entity's internal controls affect the financial statement assertions. Specifically, the auditor is interested in the policies and procedures that pertain to an entity's ability to record, process, summarize, and report financial data consistent with the assertions embodied in the financial statements.
In planning an audit of certain accounts, an auditor may conclude that specific procedures used to obtain an understanding of an entity's internal control structure need not be included because of the auditor's judgments about materiality and assessments of?
- Control Risk
- Detection Risk
- Sampling Risk
- Inherent Risk
If the auditor has concluded that an account is immaterial and that inherent risk is low, the auditor might decide to skip the procedures used to obtain an understanding of the related internal controls because the risk of a material misstatement occurring is low.
This is really a rather tricky question because GAAS require the auditor to obtain an understanding of the internal control structure sufficient to plan the audit. In the case of immateriality combined with low inherent risk, the auditor does not need to understand the internal controls specifically related to the account in order to plan the audit.
Control Risk is incorrect because the control risk assessment occurs after an understanding of internal controls is obtained. It could not be used, therefore, to justify skipping the procedures used to obtain an understanding of internal control.
Auditor's Consideration of Internal Control (6 Steps)
True or False:
- Assessing control risk and obtaining an understanding of an entity's internal control structure may be performed concurrently.
- Gaining an understanding of internal control and assessing control risk may be performed concurrently. Procedures performed to obtain an understanding of internal control may also be used to gather the evidence needed to assess control risk.
Control Risk should be assessed in terms of?
Financial Statement Assertions
- The auditor assesses control risk for the assertions present in the financial statements. Such assertions may be found in the account balance, transaction class, or disclosure components. Based upon the understanding of internal control and the control risk assessments, the auditor determines the nature, timing, and extent of the auditing procedures to be performed.
In assessing control risk, an auditor ordinarily selects from a variety of techniques, including?
- Inquiry and analytical procedures
- Reperformance and observations
- Comparison and confirmation
- Inspection and verification
Reperformance and observation
- Tests of controls directed toward effectiveness or operation of a control would ordinarily include inquiries, inspections of documents, observation, and reperformance of the application of a control. Thus, both reperformance and observation are used by an auditor to assess control risk.
In obtaining an understanding of an entity's internal control structure, an auditor is required to obtain knowledge about the?
Design of policies and procedures.
- An auditor must obtain knowledge about the design of relevant controls pertaining to each of the five internal control components and whether they have been placed in operation. The auditor is NOT required to determine the operating effectiveness of controls (by testing the controls) unless control risk is to be assessed at below the maximum level.
Procedures performed to evaluate control risk include?
inquiries of personnel;
inspection of documents and records;
observation of activities and operations; and
reperformance of the control procedure.
WRT Internal Control, what does the concept of "reasonable assurance" refer to?
The concept of reasonable assurance recognizes that cost/benefit is a limiting factor in any internal control system. The cost of an entity's internal control should not exceed the benefits derived therefrom.
Regardless of the assessed level of control risk, an auditor would perform some?
- Tests of controls to determine the effectiveness of internal control policies.
- Analytical procedures to verify the design of internal control procedures.
- Substantive tests to restrict detection risk for significant transaction classes.
- Dual-purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
Substantive tests to restrict detection risk for significant transaction classes.
An auditor must always perform substantive tests for significant account balances and transaction classes. Although a lowered control risk assessment allows the auditor to reduce substantive testing, it cannot be used to eliminate substantive testing.
Internal Control Definitions
- Control deficiency
- Deficiency in design
- Deficiency in operation
- Significant deficiency
- Material weakness
Control deficiency: When the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.
Deficiency in design: When a control necessary to meet the control objective is missing, or when the control objective is not always met, even if the control operates as designed.
Deficiency in operation: When a properly designed control does not operate as designed, or when the person performing the control does not have the authority or competence to effectively perform the control.
Significant deficiency: A deficiency (or combination of deficiencies) in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.
Material weakness: A deficiency (or combination of deficiencies) in internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented or detected and corrected on a timely basis.
Evaluating Control Deficiencies
The auditor must determine whether identified deficiencies are "significant deficiencies" or "material weaknesses."
- The auditor should consider both the likelihood and potential magnitude of misstatement in making that evaluation - multiple control deficiencies affecting the same financial statement item increases the likelihood of misstatement.
- The auditor may wish to consider the possible mitigating effects of compensating controls that can reduce the severity of the effects of a deficiency.
Deficiency Risk Factors
- The nature of the accounts, classes of transactions, disclosures, and assertions involved;
- The susceptibility of the related asset or liability to loss or fraud;
- The subjectivity, complexity, or extent of judgment involved;
- The interaction or relationship of the control with other controls;
- The interaction among the deficiencies; and
- The possible future consequences of the deficiency.
Indicators of Material Weakness
- Identification of any fraud involving senior management (whether or not material);
Restatement of previously issued financial statements to correct a material misstatement due to error or fraud;
Identification of a material misstatement in the financial statements by the auditor that would not have been identified by the entity's internal control; and
Ineffective oversight of the entity's financial reporting and internal control by those charged with governance.
The written communication about significant deficiencies and material weaknesses should:
- Note: the auditor may include additional statements regarding the general inherent limitations of internal control, including the possibility of management override, but such comments are not required.
- A can state no material weaknesses identified but NOT SD's.
- must report SD's and MW's separately
- State that the purpose of the audit was to express an opinion on the financial statements, not to express an opinion on the effectiveness of internal control;
- State that the auditor is not expressing an opinion on the effectiveness of internal control;
- State that the auditor's consideration of internal control was not designed to identify all significant deficiencies or material weaknesses;
Include the definition of the terms material weakness and significant deficiency, as applicable.
Identify the matters that are considered to be material weaknesses and significant deficiencies, as applicable.
- State that the communication is intended solely for the use of management, those charged with governance, and others within the organization (it should not be used by anyone other than those specified parties) - if such a communication is required to be given to a governmental authority, that specific reference may be added.
Note the auditor should NOT issue a written communication stating that no significant deficiencies were identified - however, the auditor is permitted to add a comment that no material weaknesses were identified, perhaps as requested to submit to a governmental authority.
For financial reporting purposes an entity’s risk assessment is its identification, analysis, and management of risks relevant to the preparation of financial statements following GAAP (or some other comprehensive basis). The following are considered risks that may affect an entity’s ability to properly record, process, summarize and report financial data:
- Changes in the operating environment (e.g., increased competition)
- New personnel
- New information systems
- Rapid growth
- New technology
- New lines, products, or activities
- Corporate restructuring
- Foreign operations
- Accounting pronouncements
Revenue / Receipts - Sales Overview
Sales Order (customer's purchase order "PO") received
Shipping documents created
Sales invoice (billing to customer)
Record sales transaction in Sales journal
Post month's sales to general ledger
Internal Control - Transaction Cycles
- Sales Activities
Authorization: handled by the Sales Department which oversees negotiation of Sales. Credit department approves customer credit worthiness and is separate from Sales department.
Accounting (recordkeeping): handled by A/R department which also bills customers and deals with receivables and collections.
Access (custody): goods are handled by the Shipping department which is responsible for making delivery using the firm's shipping documents. The entity's Receiving department handles sales returns (using the firm's receiving documents)
Controls: computer passwords, make sure that responsibilities are properly segregated.
Review: monthly statements sent to all customers. Related documents should be compared. Verify proper cutoff (capturing transaction in proper period).
Information Processing: all key documents should be pre-numbered and numerical sequence should be established. Aged trial balance (sub ledger for A/R) should be reconciled to the General Ledger control account periodically.
Revenue / Receipts - Cash Receipts Overview
- Check & remittance advice received
- restrictively endorced for deposit only
- Prepare remittance log (cash receipts listing)
Record receipts transaction in cash receipts journal
Post the month's receipts to the general ledger
- restrictively endorced for deposit only
Internal Control - Transaction Cycles
- Cash Activities
- Each cash receipt is listed and restrictively endorsed
- Different personnel should open the mail, handle the accounting activities, prepare the deposit, and reconcile the bank accounts
What duties are separated in a well-designed system of Internal Control.
In a well-designed system of internal control, the following functions/responsibilities are separated:
- Custodial, and
What is a debit memo?
A debit memo advises accounting that the vendor invoice should not be paid in full due to returned goods. When the shipping department returns nonconforming goods to a vendor, purchasing should send accounting a debit memo.
Typical Functions Performed by the Accounts Payable Department (also called Vouchers Payable)
What is the main difference between AP and VP?
Matching the vendor's invoice with the related receiving report.
Approving vouchers for payment by having an authorized employee sign the vouchers.
- Indicating the asset and expense accounts to be debited.
- Determining the mathematical accuracy of the vendor's invoice.
An accounts payable system keeps track of payables by the name of the vendor. (Hence, payables are identified by the total amount owed to the various individual suppliers.)
A vouchers payable system keeps track of individual transactions without summarizing amounts owed in total to individual vendors. (There can be numerous vouchers payable to an individual vendor, but the payables are identified by voucher number, not by vendor name. An entity that uses a vouchers payable system can confirm individual transactions, but cannot confirm the total amount owed to a given vendor, which has implications to the vendor's auditor and how confirmation requests should be designed.)
What typically occurs in the Treasurer's department?
- Remember the Treasurer's department has CUSTODY responsibilities
- bad debt write-offs
- signing and distribution of paychecks
- Custody of unclaimed paychecks
- Verifying the accuracy of checks and vouchers.
Canceling payment vouchers (or other supporting documentation) when paid.
- Controlling the mailing of checks to vendors.
The use of fidelity bonds protects a company from embezzlement losses and also?
- Minimizes the possibility of employing persons with dubious records in positions of trust.
- Reduces the company’s need to obtain expensive business interruption insurance.
- Allows the company to substitute the fidelity bonds for various parts of internal control.
- Protects employees who made unintentional errors from possible monetary damages resulting from such errors.
Minimizes the possibility of employing persons with dubious records in positions of trust.
Fidelity bonds are forms of insurance that protects an employer against losses sustained due to acts of dishonest employees.
Under PCAOB standards, a deficiency in any one of the following controls would at least be a significant deficiency:
- Controls over the selection and application of accounting principles that are in conformity with generally accepted accounting principles
- Antifraud programs and controls
- Controls over nonroutine and nonsystematic transactions
- Controls over the period-end financial reporting process
Documentation of Understanding of Internal Control
The auditor’s documentation of his/her understanding of internal control for purposes of planning the audit is influenced by
- the size and complexity of the entity, as well as
- the nature of the entity’s internal control.
For a small client a memorandum may be sufficient.
For a larger client, flowcharts, questionnaires, and decision tables may be needed. The more complex the internal control and the more extensive the procedures performed by the auditor, the more extensive should be the documentation.
Documentation Methods of Understanding of Internal Control
- Easy to complete
- Comprehensive list of questions make it unlikely that important portions of internal control will be overlooked
- Weaknesses become obvious (generally those questions answered with a “no”)
- May be answered without adequate thought being given to questions
- Questions may not “fit” client adequately
Documentation Methods of Understanding of Internal Control
- Tailor-made for engagement
- Requires a detailed analysis and thus forces auditor to understand functioning of structure
- May become very long and time-consuming
- Weaknesses in structure not always obvious
- Auditor may overlook important portions of internal control
Documentation Methods of Understanding of Internal Control
- Graphic representation of structure
- Usually makes it unlikely that important portions of internal control will be overlooked
- Good for electronic systems
- No long wording (as in case of memoranda)
- Preparation is time-consuming
- Weaknesses in structure not always obvious (especially to inexperienced auditor)
Payroll Department Responsibilities
Recordkeeping is primary responsibility
- Timekeeping (time cards approved by supervisor)
- Payroll preparation
- Paycheck distribution (signed by Treasurer)
Walk-throughs provide evidence that help Auditors to?
To confirm their understanding of:
- the flow of transactions and
- the design of controls,
- to evaluate the effectiveness of the design of controls and
- to confirm whether controls have been implemented.
Which of the following factors is most likely to affect the extent of the documentation of the auditor’s understanding of a client’s system of internal controls?
- The industry and the business and regulatory environments in which the client operates.
- The degree to which information technology is used in the accounting function.
- The relationship between management, the board of directors, and external stakeholders.
- The degree to which the auditor intends to use internal audit personnel to perform substantive tests.
The degree to which information technology is used in the accounting function.
This answer is correct because differences in information technology use will have a major effect. For example, documentation of the understanding of a complex information system with a large volume of transactions may include flowcharts, questionnaires, and/or decision tables; documentation for an information system with limited or no use of IT and few transactions may be in the form of a memorandum.
Which of the following is not required when considering fraud in a financial statement audit?
- Conduct a continuing assessment of the risks of material misstatement due to fraud throughout the audit.
- Conduct an audit team discussion of the risk of material misstatement due to fraud.
- Conduct the audit with professional skepticism, which includes an attitude that assumes balances are incorrect until documented by the auditor.
- Inquire of the audit committee as to their views about the risks of fraud and their knowledge of any fraud or suspected fraud.
Conduct the audit with professional skepticism, which includes an attitude that assumes balances are incorrect until documented by the auditor.
This answer is correct because professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence—it does not assume that balances are incorrect until documented by the auditor.
Audit Evidence on Operating Effectiveness from a Prior Period.
- Remember, if reliance = must test opp.eff. once every 3 years.
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits, the auditor should obtain audit evidence about whether changes in those specific controls have occurred subsequent to the prior audit.
When controls have changed since they were last tested, the auditor should test the operating effectiveness of such controls in the current audit. In circumstances in which controls have not changed since they were last tested, the auditor should test the operating effectiveness of such controls at least once in every three years. That is, the auditor should test a control at least once in every third year in an annual audit.
In comparison to the external auditor, an internal auditor is more likely to be concerned with?
- Internal control.
- Cost accounting procedures.
- Operational auditing.
- Reviewing interim financial statements.
This answer is correct because operational auditing, a broader concept than included in financial statement audits, is more important to the internal auditor because it includes budgets and other control devices.
A material weakness involves a reasonable possibility that what size misstatement will not be prevented or detected?
- More than inconsequential.
Material weakness—A deficiency, or combination of deficiencies, in IC such that there is a reasonable possibility that a material misstatement of the company’s annual or interim financial statements will not be prevented or detected on a timely basis.
Which documents need to be present before payment is approved by Accounts/Vouchers Payable department?
- Purchase order (we ordered the goods)
- Receiving Report (we received the goods)
- Vendor's invoice (we have been billed for the goods)
An auditor uses the assessed level of the risk of material misstatement to?
Determine the acceptable level of detection risk for financial statement assertions.
AR = (IR x CR) x DR, where IR x CR is the Risk of Material Misstatement
Proper segregation of functional responsibilities calls for separation of the?
- Authorization, approval, and execution functions.
- Authorization, execution, and payment functions.
- Receiving, shipping, and custodial functions.
- Authorization, recording, and custodial functions.
Authorization, recording, and custodial functions.
Proper segregation of the functional responsibilities requires separation of (1) authorization, (2) recording, and (3) custodial functions. Incompatible functions are those that place any person in a position both to perpetrate and to conceal errors and irregularities. Thus, those that authorize transactions must be separated from those who account for the transactions and from those who have custody of any related assets.
When an auditor increases the risk of material misstatement because certain control procedures were determined to be ineffective, the auditor would most likely increase the?
- Extent of tests of details.
- Levels of inherent risk.
- Extent of tests of controls.
- Level of detection risk.
Extent of tests of details.
Increases in the assessed level of risk of material misstatement lead to decreases in the acceptable level of detection risk. Accordingly, the auditor will need to increase the extent of substantive tests such as tests of details.
Internal Auditor - A CPA's use of an IA's Work
CPAs use the work of internal auditors in two distinct ways:
- Obtaining audit evidence (in essence using work performed by internal auditors in their normal role)
- Providing direct assistance under the direction, supervision, and review of the CPAs (CPA assigns work to the internal auditors).
The CPA should assess internal auditor competence, objectivity and whether the internal audit function applies a systematic and disciplined approach.
- Competence is evaluated by considering education, experience, professional certification, audit policies, and various work policies.
- Objectivity is assessed by considering organizational status within the company, and policies for assuring that internal auditors are objective with respect to the areas being audited.
- A systematic and disciplined approach involves following documented internal auditing procedures in various areas and following appropriate quality control policies.
The auditor would be least likely to be concerned about internal control as it relates to:
- Land and buildings.
- Common stock.
- Shareholder meetings.
- Minutes of board of directors’ meetings.
A client’s internal control will not relate directly to shareholder meetings. CPAs will often attend the shareholder meetings and be aware of what has transpired, but important matters at such meetings are generally publicly available.
- land and buildings which may involve a substantial portion of the client’s assets.
- common stock may involve a substantial portion of the client’s equity.
- minutes of the board of directors must be received by the auditor in complete form so that the auditor may be aware of matters of significance.
Auditors communicate significant deficiencies and material weaknesses to management and to those charged with governance (e.g., the board of directors, audit committee). Make certain that you know the following points:
- Control Deficiency
- Significant Deficiency
- Material Weakness
CD - Design or operation of control does not allow management or employees, in the
normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis. Communication not required.
SD - Less severe than a material weakness, yet important enough to merit attention by those charged with governance. Communication required.
MW - A reasonable possibility that a material misstatement will not be prevented, or detected and corrected on a timely basis. Communication required.
normal course of performing their assigned functions, to prevent or detect and correct misstatements on a timely basis. Communication not required.
Communication to management or those charged with governance with regard to significant deficiencies and material weaknesses.
- remember that communications are best if issued by the audit report release date (the date the auditor grants client permission to use report), but should be issued not later than 60 days following the audit report release date.
The report issued should be written and include:
- Purpose of consideration of IC was to express an opinion on the financial statements, not to express an opinion on IC.
- Auditor is not expressing an opinion on IC effectiveness.
- Consideration of IC not designed to identify all significant deficiencies or material weaknesses.
- Definition of material weakness and significant deficiency.
- Separately describe significant deficiencies and material weaknesses identified.
- Indication that the communication is for management, those charged with governance and others within the organization; it should not be used by others
The auditor’s primary objective in reviewing the materials purchasing cycle is to?
Evaluate the reliability of the information generated as a result of the purchasing process.
The third component of internal control is composed of the various policies and procedures that help ensure that necessary actions are taken to address risks to achieving the entity’s objectives. Those policies and procedures include:
- Reviews of Performance (reviews of actual performance against budgets, forecasts, one another, etc.)
- Information processing (controls that check accuracy, completeness, and authorization of transactions)
- Physical controls (activities that assure the physical security of assets and records)
- Segregation of duties (separate authorization, recordkeeping, and custody)
Which of the following is an effective control that encourages receiving department personnel to count and inspect all merchandise received?
- Quantities ordered are excluded from the receiving department copy of the purchase order.
- Vouchers are prepared by accounts payable department personnel only after they match item counts on the receiving report with the purchase order.
- Receiving department personnel are expected to match and reconcile the receiving report with the purchase order.
- Internal auditors periodically examine, on a surprise basis, the receiving department copies of receiving reports.
Quantities ordered are excluded from the receiving department copy of the purchase order.
If the quantities ordered are not known to the receiving department personnel, they will have to count and inspect the incoming merchandise to indicate the quantity received. They will not simply compare the goods received with the quantity on the purchase order for "reasonableness."
Process: Another copy is sent to the receiving department to allow receiving personnel to know that items received have been ordered; however, the copy of the purchase order sent to receiving will not have a quantity of items on it so as to encourage personnel to count the goods when they are received.
Which of the following controls should prevent an invoice for the purchase of merchandise from being paid twice?
- The check signer accounts for the numerical sequence of receiving reports used in support of each payment.
- An individual independent of cash operations prepares a bank reconciliation.
- The check signer reviews and cancels the voucher packets.
- Two check signers are required for all checks over a specified amount.
The check signer reviews and cancels the voucher packets.
The canceling of the voucher packets will make it impossible for a second payment to be processed since no uncanceled voucher packet will be present in support of the disbursement the second time.
While obtaining an understanding of a client’s risk assessment policies, an auditor ordinarily considers how management
- Identifies risks.
- Eliminates significant risks.
- Assesses the likelihood of occurrence of subsequent events.
- Relates risk assessment to compliance with marketing objectives.
An auditor should obtain sufficient knowledge of the entity’s risk assessment process to understand how management considers risks relevant to financial reporting objectives and decide about actions to address those risks; that knowledge might include understanding of how management identifies risks, estimates their significance, and assesses the likelihood of their occurrence, and relates them to financial reporting.
Which of the following represents an inherent limitation of internal controls?
- Bank reconciliations are not performed on a timely basis.
- The CEO can request a check with no purchase order.
- Customer credit checks are not performed.
- Shipping documents are not matched to sales invoices.
The CEO can request a check with no purchase order.
Internal Control is ordinarily subject to management override of controls—here requesting a check without adequate support. Such a situation is very difficult to control due to management’s authority.
Which of the following is a standard control for cash disbursements?
- Checks should be signed by the controller and at least one other employee of the company.
- Checks should be sequentially numbered and the numerical sequence should be accounted for by the person preparing bank reconciliations.
- Checks and supporting documents should be marked "Paid" immediately after the check is returned with the bank statement.
- Checks should be sent directly to the payee by the employee who prepares documents that authorize check preparation.
Checks should be sequentially numbered and the numerical sequence should be accounted for by the person preparing bank reconciliations.
Checks should be sequentially numbered, and the person preparing bank reconciliations should account for all checks. This provides control over unauthorized and unrecorded checks.
Which of the following would not typically be a control relied upon during an audit?
- Use of the double-entry system.
- An internal audit staff.
- Competent personnel.
- A comparison-shopping staff.
A comparison-shopping staff.
a comparison-shopping staff is not generally relevant to recording, processing, summarizing, and reporting financial data.
Internal Audit Relationship to Internal Control
Internal audit staff is an internal control. An internal audit staff strengthens internal control by determining if controls are functioning effectively.
Apex Manufacturing Corporation mass produces eight different products. The controller who is interested in strengthening controls over the accounting for materials used in production would be most likely to implement
- An economic order quantity (EOQ) system.
- A job order cost accounting system.
- A perpetual inventory system.
- A separation of duties among production personnel.
A perpetual inventory system will show when and where materials are being used.
Miller Retailing, Inc. maintains a staff of three full-time internal auditors who report directly to the controller. In planning to use the internal auditors to provide assistance in performing the audit, the independent auditor most likely will
- Place limited reliance on the work performed by the internal auditors.
- Decrease the extent of the tests of controls needed to support the assessed level of detection risk.
- Increase the extent of the procedures needed to reduce control risk to an acceptable level.
- Avoid using the work performed by the internal auditors.
Place limited reliance on the work performed by the internal auditors.
When internal auditors only report to a relatively low level in the organization (here the controller and not, for example, the audit committee), the independent auditor will question the internal auditors’ ability to remain objective and this will result in limited reliance being placed upon their work.
Which auditor actions are possible when that auditor incurs a scope limitation relating to a public company engagement on whether a previously reported material weakness continues to exist?
- Disclaimer of Opinion
- Qualified Opinion
- Withdraw from engagement
Disclaimers are allowed, qualified opinions are not allowed; in addition (not included in this question) the auditor may choose to withdraw from the engagement due to a scope limitation.
What is the most effective control to detect vouchers that were prepared for the payment of goods that were not received?
Match purchase order, receiving report, and vendor’s invoice for each voucher in accounts payable department. Each document is typically stamped as paid.
Inventory Segregation of Duties
- Independent internal verification of inventory occurs when employees who
Compare records of goods on hand with physical quantities do not maintain the records or have custody of the inventory.
The individual who makes the comparison of records of goods on hand with physical quantities and who does not maintain the records or have custody of the inventory is independent.
Which of the following factors is most relevant when an auditor considers the client’s organizational structure in the context of control risk?
- Management’s attitude toward information processing and accounting departments.
- The organization’s recruiting and hiring practices.
- Physical proximity of the accounting function to upper management.
- The suitability of the client’s lines of reporting.
The suitability of the client’s lines of reporting. Proper lines of reporting are necessary to prepare financial statement that follow GAAP.
A primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with
- Audit evidence to use in reducing detection risk.
- Knowledge necessary to assess the risks as misstatement.
- A basis from which to modify tests of controls.
- Information necessary to prepare flowcharts.
Knowledge necessary to assess the risks as misstatement. The auditor must obtain a sufficient understanding of an entity’s control to assess the risk of material misstatement.
A company holds bearer bonds as a short-term investment. Responsibility for custody of these bonds and submission of coupons for periodic interest collections probably should be delegated to the
- Chief Accountant.
- Internal Auditor.
Treasurer. The treasurer has custodial functional responsibility. Thus, the treasurer should have responsibility for the custody of the bonds.
Which of the following is most likely to be considered a control objective over accounts receivable?
- Ensure completeness and accuracy of accounts receivable.
- Improper cutoff of shipment at the end of a period.
- Review correspondence authorizing returns and allowances.
- Use standard shipping or contract terms.
Ensure completeness and accuracy of accounts receivable. This answer relates directly to the financial statement assertions.
Tests of controls are performed in order to determine whether
- Controls are functioning as designed.
- Necessary controls are absent.
- Incompatible functions exist.
- Material dollar errors exist.
Controls are functioning as designed. The purpose of tests of controls is to provide reasonable assurance that the internal control procedures are designed and operating effectively.
The primary responsibility of a bank acting as registrar of capital stock is to
- Ascertain that dividends declared do not exceed the statutory amount allowable in the state of incorporation.
- Account for stock certificates by comparing the total shares outstanding to the total in the shareholders subsidiary ledger.
- Act as an independent third party between the board of directors and outside investors concerning mergers, acquisitions, and the sale of treasury stock.
- Verify that stock is issued in accordance with the authorization of the board of directors and the articles of incorporation.
Verify that stock is issued in accordance with the authorization of the board of directors and the articles of incorporation. The primary responsibility of the stock registrar is to prevent any overissuance of stock, and thereby verify that the stock is issued properly.
If the independent auditors decide that the work performed by the internal auditor may have a bearing on their own procedures, they should consider the internal auditor’s
- Competence and objectivity.
- Efficiency and experience.
- Independence and review skills.
- Training and supervisory skills.
Competence and objectivity. The AICPA’s Professional Standards require independent auditors to consider internal auditor’s
- objectivity, and
- work performance.
To verify that all sales transactions for which shipment has occurred have been recorded, a test of transactions should be completed on a representative sample drawn from
- Entries in the sales journal.
- The billing clerk’s file of sales orders.
- A file of duplicate copies of sales invoices for which all prenumbered forms in the series have been accounted for.
- The shipping clerk’s file of duplicate copies of bills of lading.
The shipping clerk’s file of duplicate copies of bills of lading. Items actually shipped (as evidenced by bills of lading) represent the client’s sales.
A company has additional temporary funds to invest. The board of directors decided to purchase marketable securities and assigned the future purchase and sale decisions to a responsible financial executive. The best person(s) to make periodic reviews of the investment activity should be
- The investment committee of the board of directors.
- The treasurer.
- The corporate controller.
- The chief operating officer.
The investment committee of the board of directors.
The review should be done by an investment committee of the board of directors, as the authority for investment decisions was delegated by the board of directors.
For good internal control, which of the following functions should not be the responsibility of the treasurer’s department?
- Data processing.
- Handling of cash.
- Custody of securities.
- Establishing credit policies.
Data processing. Data processing is a recordkeeping function which is incompatible with the treasurer’s department’s custodial responsibility.
Which of the following statements best describes why an auditor would use only substantive procedures to evaluate specific relevant assertion and risks?
- The relevant internal control components are not well documented.
- The internal auditor already has tested the relevant controls and found them effective.
- Testing the operating effectiveness of the relevant controls would not be efficient.
- The cost of substantive procedures will exceed the cost of testing the relevant controls.
Testing the operating effectiveness of the relevant controls would not be efficient.
Auditors attempt to perform the audit in a cost-effective manner, and when the use of tests of controls to address operating effectiveness is not efficient, such procedures will not be performed.
In the consideration of internal control, the auditor is basically concerned that internal control provides reasonable assurance that
- Controls have not been circumvented by collusion.
- Misstatements have been prevented or detected.
- Operational efficiency has been achieved in accordance with management plans.
- Management cannot override controls.
Misstatements have been prevented or detected. The function of internal control, from the viewpoint of the independent auditor, is to provide reasonable assurance that material misstatements may either be prevented or discovered with reasonable promptness, thus assuring the reliability and integrity of the financial records.
An auditor’s tests of controls for completeness for the revenue cycle usually include determining whether
- Each receivable is collected subsequent to the year-end.
- An invoice is prepared for each shipping document.
- Each invoice is supported by a customer purchase order.
- Each credit memo is properly approved.
An invoice is prepared for each shipping document. When there is a shipping document, this suggests that a sale occurred in the sense that goods have been shipped to a customer; accordingly an invoice should be prepared and recorded. A situation in which there is a shipping document and no invoice will ordinarily be one in which a sale has not been recorded.
The Foreign Corrupt Practices Act requires that
- Auditors engaged to examine the financial statements of publicly held companies report all illegal payments to the SEC.
- Publicly held companies establish independent audit committees to monitor the effectiveness of their internal control structure.
- US firms doing business abroad report sizable payments to non-US citizens to the Justice Department.
- Publicly held companies devise and maintain adequate internal control.
Publicly held companies devise and maintain adequate internal control. The Foreign Corrupt Practices Act’s provisions prohibit illegal foreign payments and require publicly held companies to devise and maintain adequate internal control.
Foreign Corrupt Practices Act. A law passed by Congress in 1977 with provisions
- Requiring every corporation registered under the Securities Exchange Act of 1934 to maintain a system of strong internal accounting control,
- Requiring corporations [defined in (1)] to maintain accurate books and records, and
- Making it illegal for individuals or business entities to make payments to foreign officials to secure business.
Violations of the Act can result in fines (up to $1 million for SEC registrants and $10,000 for individuals) and imprisonment (up to 5 years) of the responsible individuals. Thus, strong internal accounting control is required under federal law.
A material weakness that exists at year-end may result in what type of audit opinion when conducting an audit of a public company’s internal control?
Adverse. NOT Qualified. PCAOB internal control audits require a report with an adverse opinion in such a case, not a qualified opinion.
Material Weakness Definition
- Probable or Reasonable Possibility?
- Material or "More than Inconsequential?"
Material weakness—A deficiency, or combination of deficiencies, in IC such that there is a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis.
In which of the following circumstances is the performance of tests of controls least likely?
- The auditor’s risk assessment includes an expectation of operating effectiveness of controls.
- Substantive procedures alone do not provide sufficient audit evidence.
- The planned level of the risk of material misstatement is at the maximum level.
- Performance of tests of controls appears cost effective.
The planned level of the risk of material misstatement is at the maximum level.
IR x CR = RMM
Well-functioning internal control for the inventory/production functions would provide that finished goods are to be accepted for stock only after presentation of a completed production order and a(n)
- Shipping order.
- Material requisition.
- Bill of lading.
- Inspection report.
Inspection report. Finished goods should be inspected to determine their condition before leaving the production department.
Voided Checks should be?
Voided checks should be so marked (defaced) and retained so as to allow one to know that they have been voided and are not outstanding.
VC's should not be torn up and destroyed.