When obtaining an understanding of an entitys internal control an auditor should concentrate on the substance of controls rather than their form because quizlet?

NAME

Print test

103 Multiple choice questions

d. Internal control
1. Internal controls are not designed to provide reasonable assurance that:
  A) all frauds will be detected.
  B) transactions are executed in accordance with management's authorization.
  C) the company's resources are used efficiently and effectively.
  D) company personnel comply with applicable rules and regulations.
2. ________ 6. Policies and procedures that help ensure that necessary actions are taken to address risks in the achievement of the entity's objectives.
3. ________ 7. A process designed to provide reasonable assurance regarding the achievement of management's objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and regulations.
4. An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:
  A) the effectiveness and efficiency of the controls.
  B) the frequency and effectiveness of the controls.
  C) the design and operating effectiveness of the controls.
  D) the implementation and operating effectiveness of the controls.
B) Employees who authorize transactions should not have custody of related assets.
1. Which of the following is correct with respect to the design and use of business documents?
  A) The documents should be in paper format.
  B) Documents should be designed for a single purposes to avoid confusion in their use.
  C) Documents should be designed to be understandable only by those who use them.
  D) Documents should be prenumbered consecutively to facilitate control over missing documents.
2. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
3. Which of the following statements is most correct with respect to separation of duties?
  A) A person who has temporary or permanent custody of an asset should account for that asset.
  B) Employees who authorize transactions should not have custody of related assets.
  C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
  D) Employees who authorize transactions should have recording responsibility for these transactions.
4. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
A) Organizational structure
1. Which of the following is not one of the three primary objectives of effective internal control?
  A) Reliability of financial reporting
  B) Efficiency and effectiveness of operations
  C) Compliance with laws and regulations
  D) Assurance of elimination of business risk
2. Which of the following deal with ongoing or periodic assessment of the quality of internal control by management?
  A) Quality monitoring activities
  B) Monitoring activities
  C) Oversight activities
  D) Management activities
3. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
4. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
C) Written communication is required.
1. To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their:
  Likelihood
  Significance
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
2. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
3. How must significant deficiencies and material weaknesses be communicated to those charged with governance?
  A) Either oral or written communication is acceptable.
  B) Oral communication is required.
  C) Written communication is required.
  D) Written communication is required for material weaknesses, but oral communication is allowed for significant deficiencies.
4. The auditor must communicate:
  A) only material weaknesses in internal control to those charged with governance.
  B) both significant deficiencies and material weaknesses in internal control to those charged with governance.
  C) any significant deficiencies in internal control to those charged with governance using a management letter.
  D) issues regarding internal control to those charged with governance in writing within 90 days following the audit report release.
A) YES, YES
1. In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because:
  A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
  B) the class of transaction is where most fraud schemes occur.
  C) account balances are less important to the auditor then the changes in the account balances.
  D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
2. What are the 3 steps in management assessment of risk?
3. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
4. You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?
  A) The company's audit committee has experienced unusual turnover of members.
  B) The company's CFO was indicted for embezzling from the company.
  C) Bank reconciliations are done monthly.
  D) The CEO retired after twenty years of service to the company.
C) the design and operating effectiveness of the controls.
1. Management's identification and analysis of risk is an ongoing process and is a critical component of effective internal control. An important first step is for management to identify factors that may increase risk. Identify at least five factors, observable by management, which may lead to increased risk in a typical business organization.
2. An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:
  A) the effectiveness and efficiency of the controls.
  B) the frequency and effectiveness of the controls.
  C) the design and operating effectiveness of the controls.
  D) the implementation and operating effectiveness of the controls.
3. A narrative should describe the disposition of every document and record in the system.
  A) True
  B) False
4. An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be used?
  A) Make inquiries of appropriate client personnel
  B) Examine documents, records, and reports
  C) Reperform client procedures
  D) Inspect design documents
A) classes of transactions.
1. If a company has an effective internal audit department:
  A) the internal auditors can express an opinion on the fairness of the financial statements.
  B) their work cannot be used by the external auditors per PCAOB Standard 5.
  C) it can reduce external audit costs by providing direct assistance to the external auditors.
  D) the internal auditors must be CPAs in order for the external auditors to rely on their work.
2. The auditors primary purpose in auditing the client's system of internal control over financial reporting is:
  A) to prevent fraudulent financial statements from being issued to the public.
  B) to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.
  C) to report to management that the internal controls are effective in preventing misstatements from appearing on the financial statements.
  D) to efficiently conduct the Audit of Financial Statements.
3. You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?
  A) The company's audit committee has experienced unusual turnover of members.
  B) The company's CFO was indicted for embezzling from the company.
  C) Bank reconciliations are done monthly.
  D) The CEO retired after twenty years of service to the company.
4. The primary emphasis by auditors is on controls over:
  A) classes of transactions.
  B) account balances.
  C) both A and B, because they are equally important.
  D) both A and B, because they vary from client to client.
C) evaluate management's assessment process and independently assess the design and operating effectiveness of internal control.
1. To issue a report on internal control over financial reporting for a public company, an auditor must:
  A) evaluate management's assessment process.
  B) independently assess the design and operating effectiveness of internal control.
  C) evaluate management's assessment process and independently assess the design and operating effectiveness of internal control.
  D) test controls over significant account balances.
2. Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?
  A) A lack of expertise
  B) Reduced importance
  C) Limited resources
  D) Limited available guidance
3. You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?
  A) The company's audit committee has experienced unusual turnover of members.
  B) The company's CFO was indicted for embezzling from the company.
  C) Bank reconciliations are done monthly.
  D) The CEO retired after twenty years of service to the company.
4. To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their:
  Likelihood
  Significance
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
1. When dealing with the documentation of internal control:
  A) in a narrative, most questions simply require a "yes" or "no" response.
  B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
  C) questionnaires and flowcharts should not be used together.
  D) flowcharts fail to show the segregation of duties in the company.
2. When determining what type of report to issue on internal control under Section 404:
  A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
  B) a scope limitation requires the auditor to disclaim an opinion on internal controls.
  C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls.
  D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
3. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
4. In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures
D) Control procedures reasonably ensure that collusion among employees cannot occur.
1. Of the following statements about internal controls, which one is least likely to be correct?
  A) No one person should be responsible for the custodial responsibility and the recording responsibility for an asset.
  B) Transactions must be properly authorized before such transactions are processed.
  C) Because of the cost-benefit relationship, a client may apply controls on a test basis.
  D) Control procedures reasonably ensure that collusion among employees cannot occur.
2. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
3. Which of the following deficiency exists if a necessary control is missing or not properly formulated?
  A) Control
  B) Significant
  C) Design
  D) Operating
4. In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures
B) Monitoring activities
1. ________ 1. Management's ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed.
2. Which of the following statements is most correct with respect to separation of duties?
  A) A person who has temporary or permanent custody of an asset should account for that asset.
  B) Employees who authorize transactions should not have custody of related assets.
  C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
  D) Employees who authorize transactions should have recording responsibility for these transactions.
3. Which of the following deal with ongoing or periodic assessment of the quality of internal control by management?
  A) Quality monitoring activities
  B) Monitoring activities
  C) Oversight activities
  D) Management activities
4. Which of the following is responsible for establishing a private company's internal control?
  A) Senior Management
  B) Internal Auditors
  C) FASB
  D) Audit committee
A) True
1. What are the 3 steps in management assessment of risk?
2. Control activities are a subcomponent of the information and communication component of internal control.
  A) True
  B) False
3. How must significant deficiencies and material weaknesses be communicated to those charged with governance?
  A) Either oral or written communication is acceptable.
  B) Oral communication is required.
  C) Written communication is required.
  D) Written communication is required for material weaknesses, but oral communication is allowed for significant deficiencies.
4. For most uses, flowcharts are superior to narratives as a method of communicating the characteristics of internal control.
  A) True
  B) False
C) Limited resources
1. Which of the following is correct with respect to the design and use of business documents?
  A) The documents should be in paper format.
  B) Documents should be designed for a single purposes to avoid confusion in their use.
  C) Documents should be designed to be understandable only by those who use them.
  D) Documents should be prenumbered consecutively to facilitate control over missing documents.
2. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
3. Which of the following activities would be least likely to strengthen a company's internal control?
  A) Separating accounting from other financial operations
  B) Maintaining insurance for fire and theft
  C) Fixing responsibility for the performance of employee duties
  D) Carefully selecting and training employees
4. Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?
  A) A lack of expertise
  B) Reduced importance
  C) Limited resources
  D) Limited available guidance
A) collusion.
1. Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements?
  A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  B) A statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  C) A statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  D) A statement that the external auditors are solely responsible
2. An act of two or more employees to steal assets and cover their theft by misstating the accounting records would be referred to as:
  A) collusion.
  B) a material weakness.
  C) a control deficiency.
  D) a significant deficiency
3. For most uses, flowcharts are superior to narratives as a method of communicating the characteristics of internal control.
  A) True
  B) False
4. What are the 5 Components of the COSO Framework?
A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
1. Narratives, flowcharts, and internal control questionnaires are three common methods of:
  A) testing the internal controls.
  B) documenting the auditor's understanding of internal controls.
  C) designing the audit manual and procedures.
  D) documenting the auditor's understanding of a client's organizational structure.
2. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
3. In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures
4. In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because:
  A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
  B) the class of transaction is where most fraud schemes occur.
  C) account balances are less important to the auditor then the changes in the account balances.
  D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
1. Separation of custody of the assets from accounting
2. Separation of the authorization of transactions from custody of related assets
3. Separation of operational responsibility from record keeping responsibility
4. Separation of IT duties from user departments
1. What are the 3 steps in management assessment of risk?
2. Which of management's assertions with respect to implementing internal controls is the auditor primarily concerned?
  A) Efficiency of operations
  B) Reliability of financial reporting
  C) Effectiveness of operations
  D) Compliance with applicable laws and regulations
3. If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.
  A) a lower
  B) the same
  C) a higher
  D) either a lower or higher
4. Separation of duties is essential in preventing errors and intentional misstatements on the financial statements. List below the four general guidelines.
B) achievement of the objectives of internal control.
1. Which of the following groups establishes and maintains the company's internal controls?
  A) Internal auditors
  B) Board of Directors
  C) Management
  D) Audit committee
2. Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:
  A) adequacy of the computer system.
  B) proper implementation by management.
  C) ability of the internal audit staff to maintain it.
  D) competency and dependability of the people using it.
3. It is important for the CPA to consider the competence of the clients' personnel because their competence has a direct impact upon the:
  A) cost/benefit relationship of the system of internal control.
  B) achievement of the objectives of internal control.
  C) comparison of recorded accountability with assets.
  D) timing of the tests to be performed.
4. When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be:
  A) tracing.
  B) vouching.
  C) performing a walk-through.
  D) testing controls.
A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
1. Which of the following is most correct for audits of non-public companies?
  A) An audit of internal control is required.
  B) An audit of internal control is not required.
  C) An audit of the design of internal controls is required.
  D) An audit of the operational effectiveness of internal controls is required.
2. Which of the following is not one of the subcomponents of the control environment?
  A) Management's philosophy and operating style
  B) Organizational structure
  C) Adequate separation of duties
  D) Commitment to competence
3. Which of the following is most correct regarding the requirements under Section 404 of the Sarbanes Oxley Act?
  A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements.
  B) The audit of internal control provides absolute assurance of misstatement.
  C) The audit of financial statements provides absolute assurance of misstatement.
  D) The audits of internal control and the financial statements provide absolute assurance as to misstatements.
4. Which of the following is the correct definition of "control deficiency"?
  A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
  B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably.
  C) A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements.
  D) A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.
C) Adequate separation of duties
1. Which of the following is not one of the subcomponents of the control environment?
  A) Management's philosophy and operating style
  B) Organizational structure
  C) Adequate separation of duties
  D) Commitment to competence
2. Which of the following is most correct for audits of non-public companies?
  A) An audit of internal control is required.
  B) An audit of internal control is not required.
  C) An audit of the design of internal controls is required.
  D) An audit of the operational effectiveness of internal controls is required.
3. Which of the following best describes the purpose of control activities?
  A) The actions, policies and procedures that reflect the overall attitudes of management
  B) The identification and analysis of risks relevant to the preparation of financial statements
  C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
  D) Activities that deal with the ongoing assessment of the quality of internal control by management
4. Adequate documents and records is a subcomponent of the control environment.
  A) True
  B) False
C) management.
1. The auditor's consideration of a private company's internal control is:
  A) required by GAAP.
  B) required by GAAS.
  C) required by the IRS.
  D) recommended by the SEC
2. The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on:
  A) the company's board of directors.
  B) the audit committee of the board of directors.
  C) management.
  D) the CFO and the independent auditors.
3. Significant deficiencies and material weaknesses in internal control of a public company must be reported in writing to which of the following?
  A) Public Company Accounting Oversight Board
  B) Members of management who are responsible for the related area of the company
  C) Audit committee of the company's board of directors and to management
  D) AICPA
4. The purpose of phase 3 in the "process for understanding internal control and assessing control risk" is to:
  A) design, perform and evaluate tests of controls.
  B) obtain and document an understanding of internal control design an operation.
  C) assess control risk.
  D) decide planned detection risk and substantive tests.
C) Design
1. Which of the following deficiency exists if a necessary control is missing or not properly formulated?
  A) Control
  B) Significant
  C) Design
  D) Operating
2. Which of the following statements is most correct with respect to separation of duties?
  A) A person who has temporary or permanent custody of an asset should account for that asset.
  B) Employees who authorize transactions should not have custody of related assets.
  C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
  D) Employees who authorize transactions should have recording responsibility for these transactions.
3. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
4. Which of the following deal with ongoing or periodic assessment of the quality of internal control by management?
  A) Quality monitoring activities
  B) Monitoring activities
  C) Oversight activities
  D) Management activities
A) YES, YES
1. To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their:
  Likelihood
  Significance
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
2. Narratives, flowcharts, and internal control questionnaires are three common methods of:
  A) testing the internal controls.
  B) documenting the auditor's understanding of internal controls.
  C) designing the audit manual and procedures.
  D) documenting the auditor's understanding of a client's organizational structure.
3. In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because:
  A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
  B) the class of transaction is where most fraud schemes occur.
  C) account balances are less important to the auditor then the changes in the account balances.
  D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
4. A five-step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses. The first step in this approach is:
  A) identify the absence of key controls.
  B) consider the possibility of compensating controls.
  C) determine potential misstatements that could result.
  D) identify existing controls.
B) False
1. A control available in a small company, which may be necessitated because of lack of competent personnel, is:
  A) a wider segregation of duties.
  B) a voucher system.
  C) fewer transactions to process.
  D) the owner-manager's direct involvement in the control process.
2. Control activities are a subcomponent of the information and communication component of internal control.
  A) True
  B) False
3. For most uses, flowcharts are superior to narratives as a method of communicating the characteristics of internal control.
  A) True
  B) False
4. What are the 5 Components of the COSO Framework?
B) internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably.
1. It is important for the CPA to consider the competence of the clients' personnel because their competence has a direct impact upon the:
  A) cost/benefit relationship of the system of internal control.
  B) achievement of the objectives of internal control.
  C) comparison of recorded accountability with assets.
  D) timing of the tests to be performed.
2. To obtain an understanding of an entity's control environment, an auditor should concentrate on the substance of management's policies and procedures rather than their form because:
  A) management may establish appropriate policies and procedures but not act on them.
  B) the board of directors may not be aware of management's attitude toward the control environment.
  C) the auditor may believe that the policies and procedures are inappropriate for that particular entity.
  D) the policies and procedures may be so weak that no reliance is contemplated by the auditor.
3. Significant deficiencies are matters that come to an auditor's attention and should be communicated to an entity's audit committee because they represent:
  A) material frauds perpetrated by high-level management.
  B) internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably.
  C) flagrant violations of the entity's documented conflict-of-interest policies.
  D) intentional attempts by client personnel to limit the scope of the auditor's field work.
4. How must significant deficiencies and material weaknesses be communicated to those charged with governance?
  A) Either oral or written communication is acceptable.
  B) Oral communication is required.
  C) Written communication is required.
  D) Written communication is required for material weaknesses, but oral communication is allowed for significant deficiencies.
B) auditors are concerned with the client's internal controls over the safeguarding of assets if they affect the financial statements.
1. When considering internal controls, an important point to consider is that:
  A) auditors can ignore controls affecting internal management information.
  B) auditors are concerned with the client's internal controls over the safeguarding of assets if they affect the financial statements.
  C) management is responsible for understanding and testing internal control over financial reporting.
  D) companies must use the COSO framework to establish internal controls
2. Internal controls are not designed to provide reasonable assurance that:
  A) all frauds will be detected.
  B) transactions are executed in accordance with management's authorization.
  C) the company's resources are used efficiently and effectively.
  D) company personnel comply with applicable rules and regulations.
3. Proper segregation of functional responsibilities calls for separation of:
  A) authorization, execution, and payment.
  B) authorization, recording, and custody.
  C) custody, execution, and reporting.
  D) authorization, payment, and recording.
4. Which of the following is not one of the subcomponents of the control environment?
  A) Management's philosophy and operating style
  B) Organizational structure
  C) Adequate separation of duties
  D) Commitment to competence
D) Documents should be prenumbered consecutively to facilitate control over missing documents.
1. Which of the following statements is most correct with respect to separation of duties?
  A) A person who has temporary or permanent custody of an asset should account for that asset.
  B) Employees who authorize transactions should not have custody of related assets.
  C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
  D) Employees who authorize transactions should have recording responsibility for these transactions.
2. Which of the following is most correct regarding the requirements under Section 404 of the Sarbanes Oxley Act?
  A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements.
  B) The audit of internal control provides absolute assurance of misstatement.
  C) The audit of financial statements provides absolute assurance of misstatement.
  D) The audits of internal control and the financial statements provide absolute assurance as to misstatements.
3. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
4. Which of the following is correct with respect to the design and use of business documents?
  A) The documents should be in paper format.
  B) Documents should be designed for a single purposes to avoid confusion in their use.
  C) Documents should be designed to be understandable only by those who use them.
  D) Documents should be prenumbered consecutively to facilitate control over missing documents.
• failure to meet prior objectives,
• quality of personnel,
• geographic dispersion of company operations,
• significance and complexity of core business processes,
• introduction of new information technologies
• entrance of new competitors and,
• economic downturns
1. The auditor's consideration of a private company's internal control is:
  A) required by GAAP.
  B) required by GAAS.
  C) required by the IRS.
  D) recommended by the SEC
2. Once auditors determine that entity level controls are designed and placed in the operation they:
  A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
  B) make a preliminary assessment of control risk.
  C) obtain an understanding of the design and implementation of internal control.
  D) prepare audit documentation in order to opine on the company's internal control system.
3. Management has a legal and professional responsibility to be sure that the financial statements are prepared in accordance with reporting requirements of applicable accounting frameworks.
  A) True
  B) False
4. Management's identification and analysis of risk is an ongoing process and is a critical component of effective internal control. An important first step is for management to identify factors that may increase risk. Identify at least five factors, observable by management, which may lead to increased risk in a typical business organization.
A) that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability.
1. When assessing whether the financial statements are auditable, the auditor must consider:
  A) that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability.
  B) that the integrity of management and the adequacy of risk management are the two primary factors determining auditability.
  C) that if all of the transaction information is available only in electronic form without a visible audit trail, the company cannot be audited.
  D) the control risk before determining if the entity is auditable.
2. If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain satisfactory evidence related to the IA's competence, integrity, and objectivity.
  A) True
  B) False
3. In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures
4. When assessing control risk:
  A) many auditors use actuarial tables to assist in the control risk assessment process.
  B) each control can be used to satisfy only one audit objective.
  C) many auditors use a control risk matrix to assist in the control risk assessment process.
  D) all controls, including key controls, should be considered.
1. Adequate separation of duties
2. Proper authorization of transactions and activities
3. Adequate documents and records
4. Physical control over assets and records
5. Independent checks on performance
1. What are the 5 Components of the COSO Framework?
2. A control available in a small company, which may be necessitated because of lack of competent personnel, is:
  A) a wider segregation of duties.
  B) a voucher system.
  C) fewer transactions to process.
  D) the owner-manager's direct involvement in the control process.
3. Control activities help assure that the necessary actions are taken to address risks to the achievement of the company's objectives. List the five types of control activities.
4. When one material weakness is present at the end of the year, management of a public company must conclude that internal control over financial reporting is:
  A) insufficient.
  B) inadequate.
  C) ineffective.
  D) inefficient.
C) Management
1. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
2. Which of the following is responsible for establishing a private company's internal control?
  A) Senior Management
  B) Internal Auditors
  C) FASB
  D) Audit committee
3. Which of the following groups establishes and maintains the company's internal controls?
  A) Internal auditors
  B) Board of Directors
  C) Management
  D) Audit committee
4. Which of the following activities would be least likely to strengthen a company's internal control?
  A) Separating accounting from other financial operations
  B) Maintaining insurance for fire and theft
  C) Fixing responsibility for the performance of employee duties
  D) Carefully selecting and training employees
B) False
1. Which of the following best describes the purpose of control activities?
  A) The actions, policies and procedures that reflect the overall attitudes of management
  B) The identification and analysis of risks relevant to the preparation of financial statements
  C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
  D) Activities that deal with the ongoing assessment of the quality of internal control by management
2. Which of the following is not one of the subcomponents of the control environment?
  A) Management's philosophy and operating style
  B) Organizational structure
  C) Adequate separation of duties
  D) Commitment to competence
3. Adequate documents and records is a subcomponent of the control environment.
  A) True
  B) False
4. To obtain an understanding of an entity's control environment, an auditor should concentrate on the substance of management's policies and procedures rather than their form because:
  A) management may establish appropriate policies and procedures but not act on them.
  B) the board of directors may not be aware of management's attitude toward the control environment.
  C) the auditor may believe that the policies and procedures are inappropriate for that particular entity.
  D) the policies and procedures may be so weak that no reliance is contemplated by the auditor.
f. Separation of duties
1. Proper segregation of functional responsibilities calls for separation of:
  A) authorization, execution, and payment.
  B) authorization, recording, and custody.
  C) custody, execution, and reporting.
  D) authorization, payment, and recording.
2. Audit evidence regarding the separation of duties is normally best obtained by:
  A) preparing flowcharts of operational processes.
  B) preparing narratives of operational processes.
  C) observation of employees applying control activities.
  D) inquiries of employees applying control activities
3. ________ 4. Segregation of the following activities in an organization: custody of assets, accounting, authorization, and operational responsibility.
4. If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.
  A) a lower
  B) the same
  C) a higher
  D) either a lower or higher
b. Control activities
1. ________ 6. Policies and procedures that help ensure that necessary actions are taken to address risks in the achievement of the entity's objectives.
2. ________ 2. Company-wide policies for the approval of all transactions within stated limits.
3. Without an effective ________, the other components of the COSO framework are unlikely to result in effective internal control, regardless of their quality.
  A) risk assessment policy
  B) monitoring policy
  C) control environment
  D) system of control activities
4. Control activities help assure that the necessary actions are taken to address risks to the achievement of the company's objectives. List the five types of control activities.
B) design deficiency.
1. The person responsible for reconciling sales invoices to customer orders does not access to the company's master price list in order to correctly compute sales. This is an example of a(n):
  A) operating deficiency.
  B) design deficiency.
  C) training deficiency.
  D) management deficiency.
2. The chart of accounts is helpful in preventing classification errors if it accurately describes which type of transaction should be in each account.
  A) True
  B) False
3. The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on:
  A) the company's board of directors.
  B) the audit committee of the board of directors.
  C) management.
  D) the CFO and the independent auditors.
4. The auditors primary purpose in auditing the client's system of internal control over financial reporting is:
  A) to prevent fraudulent financial statements from being issued to the public.
  B) to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.
  C) to report to management that the internal controls are effective in preventing misstatements from appearing on the financial statements.
  D) to efficiently conduct the Audit of Financial Statements.
B) to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.
1. When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:
  A) provide reasonable protection against client fraud and defalcations by client employees.
  B) assess control risk.
  C) provide a basis for suggestions to the client for improving the accounting system.
  D) provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed managerial policies.
2. The auditor's consideration of a private company's internal control is:
  A) required by GAAP.
  B) required by GAAS.
  C) required by the IRS.
  D) recommended by the SEC
3. The auditors primary purpose in auditing the client's system of internal control over financial reporting is:
  A) to prevent fraudulent financial statements from being issued to the public.
  B) to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.
  C) to report to management that the internal controls are effective in preventing misstatements from appearing on the financial statements.
  D) to efficiently conduct the Audit of Financial Statements.
4. The employee in charge of authorizing credit to the company's customers does not fully understand the concept of credit risk. This lack of knowledge would constitute:
  A) a deficiency in operation of internal controls.
  B) a deficiency in design of internal controls.
  C) a deficiency of management.
  D) not constitute a deficiency.
B) False
1. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
2. When a company designs and implements internal controls, cost of the controls is not a valid consideration.
  A) True
  B) False
3. Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements?
  A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  B) A statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  C) A statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  D) A statement that the external auditors are solely responsible
4. When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be:
  A) tracing.
  B) vouching.
  C) performing a walk-through.
  D) testing controls.
A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements.
1. Which of the following is the correct definition of "control deficiency"?
  A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
  B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably.
  C) A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements.
  D) A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.
2. Which of the following is most correct regarding the requirements under Section 404 of the Sarbanes Oxley Act?
  A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements.
  B) The audit of internal control provides absolute assurance of misstatement.
  C) The audit of financial statements provides absolute assurance of misstatement.
  D) The audits of internal control and the financial statements provide absolute assurance as to misstatements.
3. Which of the following is most correct for audits of non-public companies?
  A) An audit of internal control is required.
  B) An audit of internal control is not required.
  C) An audit of the design of internal controls is required.
  D) An audit of the operational effectiveness of internal controls is required.
4. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
B) An audit of internal control is not required.
1. Which of the following is most correct for audits of non-public companies?
  A) An audit of internal control is required.
  B) An audit of internal control is not required.
  C) An audit of the design of internal controls is required.
  D) An audit of the operational effectiveness of internal controls is required.
2. Which of the following is most correct regarding the requirements under Section 404 of the Sarbanes Oxley Act?
  A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements.
  B) The audit of internal control provides absolute assurance of misstatement.
  C) The audit of financial statements provides absolute assurance of misstatement.
  D) The audits of internal control and the financial statements provide absolute assurance as to misstatements.
3. Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?
  A) A lack of expertise
  B) Reduced importance
  C) Limited resources
  D) Limited available guidance
4. Which of the following is responsible for establishing a private company's internal control?
  A) Senior Management
  B) Internal Auditors
  C) FASB
  D) Audit committee
A) Senior Management
1. Which of the following activities would be least likely to strengthen a company's internal control?
  A) Separating accounting from other financial operations
  B) Maintaining insurance for fire and theft
  C) Fixing responsibility for the performance of employee duties
  D) Carefully selecting and training employees
2. Which of the following is responsible for establishing a private company's internal control?
  A) Senior Management
  B) Internal Auditors
  C) FASB
  D) Audit committee
3. Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?
  A) A lack of expertise
  B) Reduced importance
  C) Limited resources
  D) Limited available guidance
4. Which of the following groups establishes and maintains the company's internal controls?
  A) Internal auditors
  B) Board of Directors
  C) Management
  D) Audit committee
B) required by GAAS.
1. The auditor's consideration of a private company's internal control is:
  A) required by GAAP.
  B) required by GAAS.
  C) required by the IRS.
  D) recommended by the SEC
2. The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on:
  A) the company's board of directors.
  B) the audit committee of the board of directors.
  C) management.
  D) the CFO and the independent auditors.
3. The purpose of phase 3 in the "process for understanding internal control and assessing control risk" is to:
  A) design, perform and evaluate tests of controls.
  B) obtain and document an understanding of internal control design an operation.
  C) assess control risk.
  D) decide planned detection risk and substantive tests.
4. An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:
  A) the effectiveness and efficiency of the controls.
  B) the frequency and effectiveness of the controls.
  C) the design and operating effectiveness of the controls.
  D) the implementation and operating effectiveness of the controls.
• assertions about classes of transactions and other events
• assertions about account balances
• assertions about presentation and disclosure.
1. ________ 1. Management's ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed.
2. What are the 5 Components of the COSO Framework?
3. What are the management assertion categories that must be satisfied through the risk assessment process?
4. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
D) Inspect design documents
1. An audit procedure that would most likely be used by an auditor in performing tests of control procedures in which the segregation of functions and that leaves no "audit" trail is:
  A) inspection.
  B) observation.
  C) reperformance.
  D) reconciliation.
2. If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.
  A) a lower
  B) the same
  C) a higher
  D) either a lower or higher
3. An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be used?
  A) Make inquiries of appropriate client personnel
  B) Examine documents, records, and reports
  C) Reperform client procedures
  D) Inspect design documents
4. If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain satisfactory evidence related to the IA's competence, integrity, and objectivity.
  A) True
  B) False
C) Audit committee of the company's board of directors and to management
1. What are the 3 steps in management assessment of risk?
2. The auditor must communicate:
  A) only material weaknesses in internal control to those charged with governance.
  B) both significant deficiencies and material weaknesses in internal control to those charged with governance.
  C) any significant deficiencies in internal control to those charged with governance using a management letter.
  D) issues regarding internal control to those charged with governance in writing within 90 days following the audit report release.
3. Significant deficiencies and material weaknesses in internal control of a public company must be reported in writing to which of the following?
  A) Public Company Accounting Oversight Board
  B) Members of management who are responsible for the related area of the company
  C) Audit committee of the company's board of directors and to management
  D) AICPA
4. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
A) all frauds will be detected.
1. Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:
  A) adequacy of the computer system.
  B) proper implementation by management.
  C) ability of the internal audit staff to maintain it.
  D) competency and dependability of the people using it.
2. Internal controls are not designed to provide reasonable assurance that:
  A) all frauds will be detected.
  B) transactions are executed in accordance with management's authorization.
  C) the company's resources are used efficiently and effectively.
  D) company personnel comply with applicable rules and regulations.
3. Management has a legal and professional responsibility to be sure that the financial statements are prepared in accordance with reporting requirements of applicable accounting frameworks.
  A) True
  B) False
4. Which of the following best describes the purpose of control activities?
  A) The actions, policies and procedures that reflect the overall attitudes of management
  B) The identification and analysis of risks relevant to the preparation of financial statements
  C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
  D) Activities that deal with the ongoing assessment of the quality of internal control by management
B) assess control risk.
1. In the audit of a private company, the auditor will test internal controls when control risk is initially assessed at:
  Low
  Moderate
  High
  A) YES, NO, YES
  B) NO, NO, YES
  C) YES, YES, NO
  D) NO, YES, NO
2. When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:
  A) provide reasonable protection against client fraud and defalcations by client employees.
  B) assess control risk.
  C) provide a basis for suggestions to the client for improving the accounting system.
  D) provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed managerial policies.
3. External financial statement auditors must obtain evidence regarding what attributes of an internal audit (IA) department if the external auditors intend to rely on IA's work?
  A) Integrity
  B) Objectivity
  C) Competence
  D) All of the above
4. An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:
  A) the effectiveness and efficiency of the controls.
  B) the frequency and effectiveness of the controls.
  C) the design and operating effectiveness of the controls.
  D) the implementation and operating effectiveness of the controls.
C) it can reduce external audit costs by providing direct assistance to the external auditors.
1. When a company designs and implements internal controls, cost of the controls is not a valid consideration.
  A) True
  B) False
2. Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting department. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably:
  A) eliminate tests of controls.
  B) increase the depth of the study and evaluation of administrative controls.
  C) avoid duplicating the work performed by the internal audit staff.
  D) place limited reliance on the work performed by the internal audit staff.
3. If a company has an effective internal audit department:
  A) the internal auditors can express an opinion on the fairness of the financial statements.
  B) their work cannot be used by the external auditors per PCAOB Standard 5.
  C) it can reduce external audit costs by providing direct assistance to the external auditors.
  D) the internal auditors must be CPAs in order for the external auditors to rely on their work.
4. When a compensating control exists, the absence of a key control:
  A) is no longer a concern because there is no longer a significant deficiency or material weakness.
  B) is still a major concern to the auditor.
  C) could cause a material loss, so it must be tested using substantive procedures.
  D) is magnified and must be removed from the sampling process and examined in its entirety.
A) management may establish appropriate policies and procedures but not act on them.
1. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
2. Which of the following best describes an entity's accounting information and communication system?
  Monitor
  transactions
  Record and
  process
  transactions
  Initiate transactions
  A) YES, YES, YES
  B) NO, NO, NO
  C) YES, NO, NO
  D) NO, YES, YES
3. To obtain an understanding of an entity's control environment, an auditor should concentrate on the substance of management's policies and procedures rather than their form because:
  A) management may establish appropriate policies and procedures but not act on them.
  B) the board of directors may not be aware of management's attitude toward the control environment.
  C) the auditor may believe that the policies and procedures are inappropriate for that particular entity.
  D) the policies and procedures may be so weak that no reliance is contemplated by the auditor.
4. Two key concepts that underlie management's design and implementation of internal control are:
  A) costs and materiality.
  B) absolute assurance and costs.
  C) inherent limitations and reasonable assurance.
  D) collusion and materiality.
B) A sales manager's authorization for a sales return
1. Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:
  A) adequacy of the computer system.
  B) proper implementation by management.
  C) ability of the internal audit staff to maintain it.
  D) competency and dependability of the people using it.
2. Authorizations can be either general or specific. Which of the following is not an example of a general authorization?
  A) Automatic reorder points for raw materials inventory
  B) A sales manager's authorization for a sales return
  C) Credit limits for various classes of customers
  D) A sales price list for merchandise
3. What are the 5 Components of the COSO Framework?
4. To issue a report on internal control over financial reporting for a public company, an auditor must:
  A) evaluate management's assessment process.
  B) independently assess the design and operating effectiveness of internal control.
  C) evaluate management's assessment process and independently assess the design and operating effectiveness of internal control.
  D) test controls over significant account balances.
A) True
1. Separation of duties is essential in preventing errors and intentional misstatements on the financial statements. List below the four general guidelines.
2. What are the 3 steps in management assessment of risk?
3. The chart of accounts is helpful in preventing classification errors if it accurately describes which type of transaction should be in each account.
  A) True
  B) False
4. Control activities help assure that the necessary actions are taken to address risks to the achievement of the company's objectives. List the five types of control activities.
C) performing a walk-through.
1. It is important for the CPA to consider the competence of the clients' personnel because their competence has a direct impact upon the:
  A) cost/benefit relationship of the system of internal control.
  B) achievement of the objectives of internal control.
  C) comparison of recorded accountability with assets.
  D) timing of the tests to be performed.
2. When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be:
  A) tracing.
  B) vouching.
  C) performing a walk-through.
  D) testing controls.
3. What are the 5 Components of the COSO Framework?
4. In the audit of a private company, the auditor will test internal controls when control risk is initially assessed at:
  Low
  Moderate
  High
  A) YES, NO, YES
  B) NO, NO, YES
  C) YES, YES, NO
  D) NO, YES, NO
A) True
1. When management is evaluating the design of internal control, management evaluates whether the control can do which of the following?
  Detect material misstatements
  Correct material misstatements
  A) Yes, Yes
  B) No, No
  C) Yes, No
  D) No, Yes
2. Proper segregation of functional responsibilities calls for separation of:
  A) authorization, execution, and payment.
  B) authorization, recording, and custody.
  C) custody, execution, and reporting.
  D) authorization, payment, and recording.
3. Management has a legal and professional responsibility to be sure that the financial statements are prepared in accordance with reporting requirements of applicable accounting frameworks.
  A) True
  B) False
4. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
D) the owner-manager's direct involvement in the control process.
1. In the audit of a private company, the auditor will test internal controls when control risk is initially assessed at:
  Low
  Moderate
  High
  A) YES, NO, YES
  B) NO, NO, YES
  C) YES, YES, NO
  D) NO, YES, NO
2. What are the 3 steps in management assessment of risk?
3. Control activities help assure that the necessary actions are taken to address risks to the achievement of the company's objectives. List the five types of control activities.
4. A control available in a small company, which may be necessitated because of lack of competent personnel, is:
  A) a wider segregation of duties.
  B) a voucher system.
  C) fewer transactions to process.
  D) the owner-manager's direct involvement in the control process.
A) is no longer a concern because there is no longer a significant deficiency or material weakness.
1. Which of the following deficiency exists if a necessary control is missing or not properly formulated?
  A) Control
  B) Significant
  C) Design
  D) Operating
2. What are the 5 Components of the COSO Framework?
3. When a compensating control exists, the absence of a key control:
  A) is no longer a concern because there is no longer a significant deficiency or material weakness.
  B) is still a major concern to the auditor.
  C) could cause a material loss, so it must be tested using substantive procedures.
  D) is magnified and must be removed from the sampling process and examined in its entirety.
4. When assessing control risk:
  A) many auditors use actuarial tables to assist in the control risk assessment process.
  B) each control can be used to satisfy only one audit objective.
  C) many auditors use a control risk matrix to assist in the control risk assessment process.
  D) all controls, including key controls, should be considered.
B) authorization, recording, and custody.
1. Audit evidence regarding the separation of duties is normally best obtained by:
  A) preparing flowcharts of operational processes.
  B) preparing narratives of operational processes.
  C) observation of employees applying control activities.
  D) inquiries of employees applying control activities
2. Management has a legal and professional responsibility to be sure that the financial statements are prepared in accordance with reporting requirements of applicable accounting frameworks.
  A) True
  B) False
3. Proper segregation of functional responsibilities calls for separation of:
  A) authorization, execution, and payment.
  B) authorization, recording, and custody.
  C) custody, execution, and reporting.
  D) authorization, payment, and recording.
4. ________ 4. Segregation of the following activities in an organization: custody of assets, accounting, authorization, and operational responsibility.
B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.
1. Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting department. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably:
  A) eliminate tests of controls.
  B) increase the depth of the study and evaluation of administrative controls.
  C) avoid duplicating the work performed by the internal audit staff.
  D) place limited reliance on the work performed by the internal audit staff.
2. Internal controls:
  A) are implemented by and are the responsibility of the auditors.
  B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.
  C) guarantee that the company complies with all laws and regulations.
  D) only apply to SEC companies.
3. Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:
  A) adequacy of the computer system.
  B) proper implementation by management.
  C) ability of the internal audit staff to maintain it.
  D) competency and dependability of the people using it.
4. When one material weakness is present at the end of the year, management of a public company must conclude that internal control over financial reporting is:
  A) insufficient.
  B) inadequate.
  C) ineffective.
  D) inefficient.
A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
1. To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their:
  Likelihood
  Significance
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
2. Which of the following is correct with respect to the design and use of business documents?
  A) The documents should be in paper format.
  B) Documents should be designed for a single purposes to avoid confusion in their use.
  C) Documents should be designed to be understandable only by those who use them.
  D) Documents should be prenumbered consecutively to facilitate control over missing documents.
3. Once auditors determine that entity level controls are designed and placed in the operation they:
  A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
  B) make a preliminary assessment of control risk.
  C) obtain an understanding of the design and implementation of internal control.
  D) prepare audit documentation in order to opine on the company's internal control system.
4. Control activities help assure that the necessary actions are taken to address risks to the achievement of the company's objectives. List the five types of control activities.
C) inherent limitations and reasonable assurance.
1. Which of management's assertions with respect to implementing internal controls is the auditor primarily concerned?
  A) Efficiency of operations
  B) Reliability of financial reporting
  C) Effectiveness of operations
  D) Compliance with applicable laws and regulations
2. If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.
  A) a lower
  B) the same
  C) a higher
  D) either a lower or higher
3. Two key concepts that underlie management's design and implementation of internal control are:
  A) costs and materiality.
  B) absolute assurance and costs.
  C) inherent limitations and reasonable assurance.
  D) collusion and materiality.
4. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
A) True
1. In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because:
  A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
  B) the class of transaction is where most fraud schemes occur.
  C) account balances are less important to the auditor then the changes in the account balances.
  D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
2. What are the 3 steps in management assessment of risk?
3. Once auditors determine that entity level controls are designed and placed in the operation they:
  A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
  B) make a preliminary assessment of control risk.
  C) obtain an understanding of the design and implementation of internal control.
  D) prepare audit documentation in order to opine on the company's internal control system.
4. A narrative should describe the disposition of every document and record in the system.
  A) True
  B) False
• identify the factors affecting risk
• assess the significance of risks and likelihood of occurrence
• determine actions necessary to manage the risks.
1. What are the 3 steps in management assessment of risk?
2. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
3. Which of the following deal with ongoing or periodic assessment of the quality of internal control by management?
  A) Quality monitoring activities
  B) Monitoring activities
  C) Oversight activities
  D) Management activities
4. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
B) both significant deficiencies and material weaknesses in internal control to those charged with governance.
1. Significant deficiencies and material weaknesses in internal control of a public company must be reported in writing to which of the following?
  A) Public Company Accounting Oversight Board
  B) Members of management who are responsible for the related area of the company
  C) Audit committee of the company's board of directors and to management
  D) AICPA
2. The auditor's consideration of a private company's internal control is:
  A) required by GAAP.
  B) required by GAAS.
  C) required by the IRS.
  D) recommended by the SEC
3. The auditors primary purpose in auditing the client's system of internal control over financial reporting is:
  A) to prevent fraudulent financial statements from being issued to the public.
  B) to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.
  C) to report to management that the internal controls are effective in preventing misstatements from appearing on the financial statements.
  D) to efficiently conduct the Audit of Financial Statements.
4. The auditor must communicate:
  A) only material weaknesses in internal control to those charged with governance.
  B) both significant deficiencies and material weaknesses in internal control to those charged with governance.
  C) any significant deficiencies in internal control to those charged with governance using a management letter.
  D) issues regarding internal control to those charged with governance in writing within 90 days following the audit report release.
C) control environment
1. What are the 5 Components of the COSO Framework?
2. Without an effective ________, the other components of the COSO framework are unlikely to result in effective internal control, regardless of their quality.
  A) risk assessment policy
  B) monitoring policy
  C) control environment
  D) system of control activities
3. It is important for the CPA to consider the competence of the clients' personnel because their competence has a direct impact upon the:
  A) cost/benefit relationship of the system of internal control.
  B) achievement of the objectives of internal control.
  C) comparison of recorded accountability with assets.
  D) timing of the tests to be performed.
4. Which of the following is not one of the subcomponents of the control environment?
  A) Management's philosophy and operating style
  B) Organizational structure
  C) Adequate separation of duties
  D) Commitment to competence
C) Yes, No
1. When management is evaluating the design of internal control, management evaluates whether the control can do which of the following?
  Detect material misstatements
  Correct material misstatements
  A) Yes, Yes
  B) No, No
  C) Yes, No
  D) No, Yes
2. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
3. Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements?
  A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  B) A statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  C) A statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  D) A statement that the external auditors are solely responsible
4. You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?
  A) The company's audit committee has experienced unusual turnover of members.
  B) The company's CFO was indicted for embezzling from the company.
  C) Bank reconciliations are done monthly.
  D) The CEO retired after twenty years of service to the company.
C) ineffective.
1. Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?
  A) A lack of expertise
  B) Reduced importance
  C) Limited resources
  D) Limited available guidance
2. Which of the following is correct with respect to the design and use of business documents?
  A) The documents should be in paper format.
  B) Documents should be designed for a single purposes to avoid confusion in their use.
  C) Documents should be designed to be understandable only by those who use them.
  D) Documents should be prenumbered consecutively to facilitate control over missing documents.
3. When management is evaluating the design of internal control, management evaluates whether the control can do which of the following?
  Detect material misstatements
  Correct material misstatements
  A) Yes, Yes
  B) No, No
  C) Yes, No
  D) No, Yes
4. When one material weakness is present at the end of the year, management of a public company must conclude that internal control over financial reporting is:
  A) insufficient.
  B) inadequate.
  C) ineffective.
  D) inefficient.
D) All of the above
1. External financial statement auditors must obtain evidence regarding what attributes of an internal audit (IA) department if the external auditors intend to rely on IA's work?
  A) Integrity
  B) Objectivity
  C) Competence
  D) All of the above
2. When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:
  A) provide reasonable protection against client fraud and defalcations by client employees.
  B) assess control risk.
  C) provide a basis for suggestions to the client for improving the accounting system.
  D) provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed managerial policies.
3. In the audit of a private company, the auditor will test internal controls when control risk is initially assessed at:
  Low
  Moderate
  High
  A) YES, NO, YES
  B) NO, NO, YES
  C) YES, YES, NO
  D) NO, YES, NO
4. Of the following statements about internal controls, which one is least likely to be correct?
  A) No one person should be responsible for the custodial responsibility and the recording responsibility for an asset.
  B) Transactions must be properly authorized before such transactions are processed.
  C) Because of the cost-benefit relationship, a client may apply controls on a test basis.
  D) Control procedures reasonably ensure that collusion among employees cannot occur.
C) if the weakness exists at the end of the year.
1. Of the following statements about internal controls, which one is least likely to be correct?
  A) No one person should be responsible for the custodial responsibility and the recording responsibility for an asset.
  B) Transactions must be properly authorized before such transactions are processed.
  C) Because of the cost-benefit relationship, a client may apply controls on a test basis.
  D) Control procedures reasonably ensure that collusion among employees cannot occur.
2. When management is evaluating the design of internal control, management evaluates whether the control can do which of the following?
  Detect material misstatements
  Correct material misstatements
  A) Yes, Yes
  B) No, No
  C) Yes, No
  D) No, Yes
3. When determining what type of report to issue on internal control under Section 404:
  A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
  B) a scope limitation requires the auditor to disclaim an opinion on internal controls.
  C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls.
  D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
4. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
A) design, perform and evaluate tests of controls.
1. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
2. Which of management's assertions with respect to implementing internal controls is the auditor primarily concerned?
  A) Efficiency of operations
  B) Reliability of financial reporting
  C) Effectiveness of operations
  D) Compliance with applicable laws and regulations
3. The purpose of phase 3 in the "process for understanding internal control and assessing control risk" is to:
  A) design, perform and evaluate tests of controls.
  B) obtain and document an understanding of internal control design an operation.
  C) assess control risk.
  D) decide planned detection risk and substantive tests.
4. When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:
  A) provide reasonable protection against client fraud and defalcations by client employees.
  B) assess control risk.
  C) provide a basis for suggestions to the client for improving the accounting system.
  D) provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed managerial policies.
C) YES, YES, NO
1. The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on:
  A) the company's board of directors.
  B) the audit committee of the board of directors.
  C) management.
  D) the CFO and the independent auditors.
2. The auditor must communicate:
  A) only material weaknesses in internal control to those charged with governance.
  B) both significant deficiencies and material weaknesses in internal control to those charged with governance.
  C) any significant deficiencies in internal control to those charged with governance using a management letter.
  D) issues regarding internal control to those charged with governance in writing within 90 days following the audit report release.
3. When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:
  A) provide reasonable protection against client fraud and defalcations by client employees.
  B) assess control risk.
  C) provide a basis for suggestions to the client for improving the accounting system.
  D) provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed managerial policies.
4. In the audit of a private company, the auditor will test internal controls when control risk is initially assessed at:
  Low
  Moderate
  High
  A) YES, NO, YES
  B) NO, NO, YES
  C) YES, YES, NO
  D) NO, YES, NO
A) True
1. Which of the following is most correct for audits of non-public companies?
  A) An audit of internal control is required.
  B) An audit of internal control is not required.
  C) An audit of the design of internal controls is required.
  D) An audit of the operational effectiveness of internal controls is required.
2. The Sarbanes-Oxley Act requires:
  A) all public companies to issue reports on internal controls.
  B) all public companies to define adequate internal controls.
  C) the auditor of public companies to design effective internal controls.
  D) the auditor of public companies to withdraw from an engagement if internal controls are weak.
3. Section 404 of the Sarbanes-Oxley Act requires that public companies issue an internal control report.
  A) True
  B) False
4. Which of the following is not one of the three primary objectives of effective internal control?
  A) Reliability of financial reporting
  B) Efficiency and effectiveness of operations
  C) Compliance with laws and regulations
  D) Assurance of elimination of business risk
B) transactions are executed in accordance with management's authorization.
1. Internal controls normally include procedures designed to provide reasonable assurance that:
  A) employees act with integrity when performing their assigned tasks.
  B) transactions are executed in accordance with management's authorization.
  C) decision processes leading to management's authorization of transactions are sound.
  D) collusive activities would be detected by segregation of employee duties.
2. Internal controls:
  A) are implemented by and are the responsibility of the auditors.
  B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.
  C) guarantee that the company complies with all laws and regulations.
  D) only apply to SEC companies.
3. Internal controls are not designed to provide reasonable assurance that:
  A) all frauds will be detected.
  B) transactions are executed in accordance with management's authorization.
  C) the company's resources are used efficiently and effectively.
  D) company personnel comply with applicable rules and regulations.
4. Once auditors determine that entity level controls are designed and placed in the operation they:
  A) make a preliminary assessment for each transaction-related audit objective for each major type of transaction.
  B) make a preliminary assessment of control risk.
  C) obtain an understanding of the design and implementation of internal control.
  D) prepare audit documentation in order to opine on the company's internal control system.
B) False
1. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
2. Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting department. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably:
  A) eliminate tests of controls.
  B) increase the depth of the study and evaluation of administrative controls.
  C) avoid duplicating the work performed by the internal audit staff.
  D) place limited reliance on the work performed by the internal audit staff.
3. When determining what type of report to issue on internal control under Section 404:
  A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
  B) a scope limitation requires the auditor to disclaim an opinion on internal controls.
  C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls.
  D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
4. Auditing standards prohibit reliance on the work of internal auditors due to the lack of independence of the internal auditors.
  A) True
  B) False
A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
1. Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements?
  A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  B) A statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  C) A statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  D) A statement that the external auditors are solely responsible
2. When determining what type of report to issue on internal control under Section 404:
  A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
  B) a scope limitation requires the auditor to disclaim an opinion on internal controls.
  C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls.
  D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
3. The Sarbanes-Oxley Act requires:
  A) all public companies to issue reports on internal controls.
  B) all public companies to define adequate internal controls.
  C) the auditor of public companies to design effective internal controls.
  D) the auditor of public companies to withdraw from an engagement if internal controls are weak.
4. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
A) True
1. If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain satisfactory evidence related to the IA's competence, integrity, and objectivity.
  A) True
  B) False
2. In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures
3. In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because:
  A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
  B) the class of transaction is where most fraud schemes occur.
  C) account balances are less important to the auditor then the changes in the account balances.
  D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
4. When dealing with the documentation of internal control:
  A) in a narrative, most questions simply require a "yes" or "no" response.
  B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
  C) questionnaires and flowcharts should not be used together.
  D) flowcharts fail to show the segregation of duties in the company.
D) place limited reliance on the work performed by the internal audit staff.
1. Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting department. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably:
  A) eliminate tests of controls.
  B) increase the depth of the study and evaluation of administrative controls.
  C) avoid duplicating the work performed by the internal audit staff.
  D) place limited reliance on the work performed by the internal audit staff.
2. Internal controls:
  A) are implemented by and are the responsibility of the auditors.
  B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.
  C) guarantee that the company complies with all laws and regulations.
  D) only apply to SEC companies.
3. Of the following statements about internal controls, which one is least likely to be correct?
  A) No one person should be responsible for the custodial responsibility and the recording responsibility for an asset.
  B) Transactions must be properly authorized before such transactions are processed.
  C) Because of the cost-benefit relationship, a client may apply controls on a test basis.
  D) Control procedures reasonably ensure that collusion among employees cannot occur.
4. If a company has an effective internal audit department:
  A) the internal auditors can express an opinion on the fairness of the financial statements.
  B) their work cannot be used by the external auditors per PCAOB Standard 5.
  C) it can reduce external audit costs by providing direct assistance to the external auditors.
  D) the internal auditors must be CPAs in order for the external auditors to rely on their work.
e. Monitoring
1. ________ 5. Management's identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework.
2. Which of the following is not one of the three primary objectives of effective internal control?
  A) Reliability of financial reporting
  B) Efficiency and effectiveness of operations
  C) Compliance with laws and regulations
  D) Assurance of elimination of business risk
3. ________ 3. The actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity.
4. ________ 1. Management's ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed.
B) Reliability of financial reporting
1. Which of management's assertions with respect to implementing internal controls is the auditor primarily concerned?
  A) Efficiency of operations
  B) Reliability of financial reporting
  C) Effectiveness of operations
  D) Compliance with applicable laws and regulations
2. The auditor's consideration of a private company's internal control is:
  A) required by GAAP.
  B) required by GAAS.
  C) required by the IRS.
  D) recommended by the SEC
3. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
4. What are the management assertion categories that must be satisfied through the risk assessment process?
D) Assurance of elimination of business risk
1. Which of the following is the correct definition of "control deficiency"?
  A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
  B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably.
  C) A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements.
  D) A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.
2. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
3. Which of the following is not one of the three primary objectives of effective internal control?
  A) Reliability of financial reporting
  B) Efficiency and effectiveness of operations
  C) Compliance with laws and regulations
  D) Assurance of elimination of business risk
4. Which of the following is responsible for establishing a private company's internal control?
  A) Senior Management
  B) Internal Auditors
  C) FASB
  D) Audit committee
B) The company's CFO was indicted for embezzling from the company.
1. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
2. You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?
  A) The company's audit committee has experienced unusual turnover of members.
  B) The company's CFO was indicted for embezzling from the company.
  C) Bank reconciliations are done monthly.
  D) The CEO retired after twenty years of service to the company.
3. When a company designs and implements internal controls, cost of the controls is not a valid consideration.
  A) True
  B) False
4. When dealing with the documentation of internal control:
  A) in a narrative, most questions simply require a "yes" or "no" response.
  B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
  C) questionnaires and flowcharts should not be used together.
  D) flowcharts fail to show the segregation of duties in the company.
B) the same
1. The purpose of phase 3 in the "process for understanding internal control and assessing control risk" is to:
  A) design, perform and evaluate tests of controls.
  B) obtain and document an understanding of internal control design an operation.
  C) assess control risk.
  D) decide planned detection risk and substantive tests.
2. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
3. Two key concepts that underlie management's design and implementation of internal control are:
  A) costs and materiality.
  B) absolute assurance and costs.
  C) inherent limitations and reasonable assurance.
  D) collusion and materiality.
4. If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.
  A) a lower
  B) the same
  C) a higher
  D) either a lower or higher
D) audit committee.
1. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
2. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
3. To promote operational efficiency, the internal audit department would ideally report to:
  A) line management.
  B) PCAOB.
  C) Chief Accounting Officer.
  D) audit committee.
4. Which of the following deficiency exists if a necessary control is missing or not properly formulated?
  A) Control
  B) Significant
  C) Design
  D) Operating
A) all public companies to issue reports on internal controls.
1. The auditor must communicate:
  A) only material weaknesses in internal control to those charged with governance.
  B) both significant deficiencies and material weaknesses in internal control to those charged with governance.
  C) any significant deficiencies in internal control to those charged with governance using a management letter.
  D) issues regarding internal control to those charged with governance in writing within 90 days following the audit report release.
2. What are the 5 Components of the COSO Framework?
3. The Sarbanes-Oxley Act requires:
  A) all public companies to issue reports on internal controls.
  B) all public companies to define adequate internal controls.
  C) the auditor of public companies to design effective internal controls.
  D) the auditor of public companies to withdraw from an engagement if internal controls are weak.
4. The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on:
  A) the company's board of directors.
  B) the audit committee of the board of directors.
  C) management.
  D) the CFO and the independent auditors.
D) NO, YES, YES
1. Which of the following best describes the purpose of control activities?
  A) The actions, policies and procedures that reflect the overall attitudes of management
  B) The identification and analysis of risks relevant to the preparation of financial statements
  C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
  D) Activities that deal with the ongoing assessment of the quality of internal control by management
2. Which of the following best describes an entity's accounting information and communication system?
  Monitor
  transactions
  Record and
  process
  transactions
  Initiate transactions
  A) YES, YES, YES
  B) NO, NO, NO
  C) YES, NO, NO
  D) NO, YES, YES
3. Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?
  A) A lack of expertise
  B) Reduced importance
  C) Limited resources
  D) Limited available guidance
4. Which of the following statements is most correct with respect to separation of duties?
  A) A person who has temporary or permanent custody of an asset should account for that asset.
  B) Employees who authorize transactions should not have custody of related assets.
  C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
  D) Employees who authorize transactions should have recording responsibility for these transactions.
B) Maintaining insurance for fire and theft
1. Which of the following statements is most correct with respect to separation of duties?
  A) A person who has temporary or permanent custody of an asset should account for that asset.
  B) Employees who authorize transactions should not have custody of related assets.
  C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
  D) Employees who authorize transactions should have recording responsibility for these transactions.
2. Which of the following activities would be least likely to strengthen a company's internal control?
  A) Separating accounting from other financial operations
  B) Maintaining insurance for fire and theft
  C) Fixing responsibility for the performance of employee duties
  D) Carefully selecting and training employees
3. Which of the following factors may increase risks to an organization?
  Geographic dispersion of
  company operations
  Presence of new information technologies
  
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
4. Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?
  A) A lack of expertise
  B) Reduced importance
  C) Limited resources
  D) Limited available guidance
B) documenting the auditor's understanding of internal controls.
1. For most uses, flowcharts are superior to narratives as a method of communicating the characteristics of internal control.
  A) True
  B) False
2. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
3. Narratives, flowcharts, and internal control questionnaires are three common methods of:
  A) testing the internal controls.
  B) documenting the auditor's understanding of internal controls.
  C) designing the audit manual and procedures.
  D) documenting the auditor's understanding of a client's organizational structure.
4. What are the 5 Components of the COSO Framework?
A)
yes, yes
1. Which of the following is correct with respect to the design and use of business documents?
  A) The documents should be in paper format.
  B) Documents should be designed for a single purposes to avoid confusion in their use.
  C) Documents should be designed to be understandable only by those who use them.
  D) Documents should be prenumbered consecutively to facilitate control over missing documents.
2. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
3. Which of the following groups establishes and maintains the company's internal controls?
  A) Internal auditors
  B) Board of Directors
  C) Management
  D) Audit committee
4. Which of the following deal with ongoing or periodic assessment of the quality of internal control by management?
  A) Quality monitoring activities
  B) Monitoring activities
  C) Oversight activities
  D) Management activities
: The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about control and its importance to the entity. Subcomponents include:
• integrity and ethical values
• commitment to competence
• board of director or audit committee participation
• management's philosophy and operating style
• organizational structure
• human resource policies and practices.
1. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
2. If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain satisfactory evidence related to the IA's competence, integrity, and objectivity.
  A) True
  B) False
3. What are the 5 Components of the COSO Framework?
4. Discuss what is meant by the term "control environment" and identify four control environment subcomponents that the auditor should consider.
C) determine potential misstatements that could result.
1. To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their:
  Likelihood
  Significance
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
2. What are the 3 steps in management assessment of risk?
3. What are the 5 Components of the COSO Framework?
4. A five-step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses. The first step in this approach is:
  A) identify the absence of key controls.
  B) consider the possibility of compensating controls.
  C) determine potential misstatements that could result.
  D) identify existing controls.
a. Control environment
1. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
2. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  C)
  yes, no
  D)
  no, yes
3. ________ 3. The actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity.
4. ________ 5. Management's identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework.
A) YES, YES
1. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
2. Which of the following statements is most correct with respect to separation of duties?
  A) A person who has temporary or permanent custody of an asset should account for that asset.
  B) Employees who authorize transactions should not have custody of related assets.
  C) Employees who open cash receipts should record the amounts in the subsidiary ledgers.
  D) Employees who authorize transactions should have recording responsibility for these transactions.
3. Which of the following factors may increase risks to an organization?
  Geographic dispersion of
  company operations
  Presence of new information technologies
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
4. Which of the following best describes the purpose of control activities?
  A) The actions, policies and procedures that reflect the overall attitudes of management
  B) The identification and analysis of risks relevant to the preparation of financial statements
  C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
  D) Activities that deal with the ongoing assessment of the quality of internal control by management
C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
1. Which of the following best describes the purpose of control activities?
  A) The actions, policies and procedures that reflect the overall attitudes of management
  B) The identification and analysis of risks relevant to the preparation of financial statements
  C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
  D) Activities that deal with the ongoing assessment of the quality of internal control by management
2. Which of the following deficiency exists if a necessary control is missing or not properly formulated?
  A) Control
  B) Significant
  C) Design
  D) Operating
3. Which of the following is responsible for establishing a private company's internal control?
  A) Senior Management
  B) Internal Auditors
  C) FASB
  D) Audit committee
4. Which of the following is not one of the three primary objectives of effective internal control?
  A) Reliability of financial reporting
  B) Efficiency and effectiveness of operations
  C) Compliance with laws and regulations
  D) Assurance of elimination of business risk
g. General authorization
1. ________ 5. Management's identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework.
2. ________ 1. Management's ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed.
3. ________ 2. Company-wide policies for the approval of all transactions within stated limits.
4. Which of the following best describes the purpose of control activities?
  A) The actions, policies and procedures that reflect the overall attitudes of management
  B) The identification and analysis of risks relevant to the preparation of financial statements
  C) The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives
  D) Activities that deal with the ongoing assessment of the quality of internal control by management
1. The control environment: actions, policies, overall attitudes of management
2. Risk Assessment: mgmt's ID and analysis of risks relevant to financial stmt prep.
3. Information and Communication: The methods used to initiate, record, process, and report the entity's transactions
4. Control Activities: the policies and procedures mgmt has set to meet internal control objectives
5. Monitoring: mgmt's ongoing periodic assessment of the quality if IC performance.
1. Which of the following components of the control environment define the existing lines of responsibility and authority?
  A) Organizational structure
  B) Management philosophy and operating style
  C) Human resource policies and practices
  D) Management integrity and ethical values
2. What are the 5 Components of the COSO Framework?
3. What are the management assertion categories that must be satisfied through the risk assessment process?
4. What are the 3 steps in management assessment of risk?
C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
1. Which of the following is the correct definition of "control deficiency"?
  A) A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.
  B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's ability to prepare external financial statements reliably.
  C) A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements.
  D) A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements.
2. Which of the following is most correct regarding the requirements under Section 404 of the Sarbanes Oxley Act?
  A) The audits of internal control and the financial statements provide reasonable assurance as to misstatements.
  B) The audit of internal control provides absolute assurance of misstatement.
  C) The audit of financial statements provides absolute assurance of misstatement.
  D) The audits of internal control and the financial statements provide absolute assurance as to misstatements.
3. Which of the following represents a correct statement regarding internal control testing?
  A) When auditors plan to use evidence about the operating effectiveness of internal control contained in prior audits, auditing standards require tests of the controls' effectiveness at least every other year.
  B) The greater the risk, the less audit evidence the auditor should obtain that controls are operating effectively.
  C) The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.
  D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year
4. Which of the following best describes an entity's accounting information and communication system?
  Monitor
  transactions
  Record and
  process
  transactions
  Initiate transactions
  A) YES, YES, YES
  B) NO, NO, NO
  C) YES, NO, NO
  D) NO, YES, YES
• Make inquiries of appropriate client personnel
• Examine documents, records, and reports
• Observe control-related activities
• Reperform client procedures
1. Before making the final assessment of internal control at the end of an integrated audit, the auditor must:
  Test Controls
  Perform Substantive Tests of Details
  A) YES, YES
  B) NO, NO
  C) YES, NO
  D) NO, YES
2. In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because:
  A) the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.
  B) the class of transaction is where most fraud schemes occur.
  C) account balances are less important to the auditor then the changes in the account balances.
  D) classes of transactions tests are the most efficient manner to compensate for inherent risk.
3. Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements?
  A) A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  B) A statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  C) A statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting
  D) A statement that the external auditors are solely responsible
4. In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures
A) low likelihood that material misstatements will not be prevented or detected by internal controls.
1. The Sarbanes-Oxley Act requires:
  A) all public companies to issue reports on internal controls.
  B) all public companies to define adequate internal controls.
  C) the auditor of public companies to design effective internal controls.
  D) the auditor of public companies to withdraw from an engagement if internal controls are weak.
2. An act of two or more employees to steal assets and cover their theft by misstating the accounting records would be referred to as:
  A) collusion.
  B) a material weakness.
  C) a control deficiency.
  D) a significant deficiency
3. Reasonable assurance allows for:
  A) low likelihood that material misstatements will not be prevented or detected by internal controls.
  B) no likelihood that material misstatements will not be prevented or detected by internal control.
  C) moderate likelihood that material misstatements will not be prevented or detected by internal control.
  D) high likelihood that material misstatements will not be prevented or detected by internal control.
4. Separation of duties is essential in preventing errors and intentional misstatements on the financial statements. List below the four general guidelines.
i. Risk assessment
1. ________ 5. Management's identification and analysis of risks relevant to the preparation of financial statements in accordance with an applicable accounting framework.
2. What are the 3 steps in management assessment of risk?
3. Management's identification and analysis of risk is an ongoing process and is a critical component of effective internal control. An important first step is for management to identify factors that may increase risk. Identify at least five factors, observable by management, which may lead to increased risk in a typical business organization.
4. ________ 1. Management's ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and are modified when needed.
D) competency and dependability of the people using it.
1. Internal controls normally include procedures designed to provide reasonable assurance that:
  A) employees act with integrity when performing their assigned tasks.
  B) transactions are executed in accordance with management's authorization.
  C) decision processes leading to management's authorization of transactions are sound.
  D) collusive activities would be detected by segregation of employee duties.
2. Internal controls:
  A) are implemented by and are the responsibility of the auditors.
  B) consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.
  C) guarantee that the company complies with all laws and regulations.
  D) only apply to SEC companies.
3. Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:
  A) adequacy of the computer system.
  B) proper implementation by management.
  C) ability of the internal audit staff to maintain it.
  D) competency and dependability of the people using it.
4. Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies?
  Management Financial Statement Auditors
  A)
  yes, yes
  B)
  no, no
  
  C)
  yes, no
  D)
  no, yes
B) observation.
1. External financial statement auditors must obtain evidence regarding what attributes of an internal audit (IA) department if the external auditors intend to rely on IA's work?
  A) Integrity
  B) Objectivity
  C) Competence
  D) All of the above
2. An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:
  A) the effectiveness and efficiency of the controls.
  B) the frequency and effectiveness of the controls.
  C) the design and operating effectiveness of the controls.
  D) the implementation and operating effectiveness of the controls.
3. An audit procedure that would most likely be used by an auditor in performing tests of control procedures in which the segregation of functions and that leaves no "audit" trail is:
  A) inspection.
  B) observation.
  C) reperformance.
  D) reconciliation.
4. An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be used?
  A) Make inquiries of appropriate client personnel
  B) Examine documents, records, and reports
  C) Reperform client procedures
  D) Inspect design documents
C) observation of employees applying control activities.
1. Adequate documents and records is a subcomponent of the control environment.
  A) True
  B) False
2. Audit evidence regarding the separation of duties is normally best obtained by:
  A) preparing flowcharts of operational processes.
  B) preparing narratives of operational processes.
  C) observation of employees applying control activities.
  D) inquiries of employees applying control activities
3. The auditor's consideration of a private company's internal control is:
  A) required by GAAP.
  B) required by GAAS.
  C) required by the IRS.
  D) recommended by the SEC
4. A narrative should describe the disposition of every document and record in the system.
  A) True
  B) False
D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
1. In evaluating the operational effectiveness of internal controls the auditor is likely to use four types of audit procedures. List the procedures
2. Management must disclose material weaknesses in internal control in its audit report:
  A) whenever the weakness is deemed significant to a single class of transactions.
  B) whenever the weakness is significant to overall financial reporting objectives.
  C) if the weakness exists at the end of the year.
  D) only if the auditor identifies the weakness as significant.
3. When determining what type of report to issue on internal control under Section 404:
  A) an adverse opinion on internal control must be given if any weaknesses in a key internal control is discovered.
  B) a scope limitation requires the auditor to disclaim an opinion on internal controls.
  C) if the auditor gives a qualified opinion on the financial statements, they must give a qualified opinion on internal controls.
  D) a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.
4. When dealing with the documentation of internal control:
  A) in a narrative, most questions simply require a "yes" or "no" response.
  B) questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.
  C) questionnaires and flowcharts should not be used together.
  D) flowcharts fail to show the segregation of duties in the company.
A) a deficiency in operation of internal controls.
1. Which of the following groups establishes and maintains the company's internal controls?
  A) Internal auditors
  B) Board of Directors
  C) Management
  D) Audit committee
2. Which of the following is responsible for establishing a private company's internal control?
  A) Senior Management
  B) Internal Auditors
  C) FASB
  D) Audit committee
3. The employee in charge of authorizing credit to the company's customers does not fully understand the concept of credit risk. This lack of knowledge would constitute:
  A) a deficiency in operation of internal controls.
  B) a deficiency in design of internal controls.
  C) a deficiency of management.
  D) not constitute a deficiency.
4. The person responsible for reconciling sales invoices to customer orders does not access to the company's master price list in order to correctly compute sales. This is an example of a(n):
  A) operating deficiency.
  B) design deficiency.
  C) training deficiency.
  D) management deficiency.
A) controls affecting the reliability of financial reporting are inadequate.
1. External financial statement auditors must obtain evidence regarding what attributes of an internal audit (IA) department if the external auditors intend to rely on IA's work?
  A) Integrity
  B) Objectivity
  C) Competence
  D) All of the above
2. What are the 5 Components of the COSO Framework?
3. The financial statements may not correctly reflect accounting frameworks such as GAAP or IFRS if the:
  A) controls affecting the reliability of financial reporting are inadequate.
  B) company's controls do not promote efficiency.
  C) company's controls do not promote effectiveness.
  D) company's controls do not promote compliance with applicable rules and regulations.
4. Of the following statements about internal controls, which one is least likely to be correct?
  A) No one person should be responsible for the custodial responsibility and the recording responsibility for an asset.
  B) Transactions must be properly authorized before such transactions are processed.
  C) Because of the cost-benefit relationship, a client may apply controls on a test basis.
  D) Control procedures reasonably ensure that collusion among employees cannot occur.
A) True
1. If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.
  A) a lower
  B) the same
  C) a higher
  D) either a lower or higher
2. Walkthroughs combine observation, inspection, and inquiry to assure that the controls designed by management have been implemented.
  A) True
  B) False
3. When a company designs and implements internal controls, cost of the controls is not a valid consideration.
  A) True
  B) False
4. Which of the following activities would be least likely to strengthen a company's internal control?
  A) Separating accounting from other financial operations
  B) Maintaining insurance for fire and theft
  C) Fixing responsibility for the performance of employee duties
  D) Carefully selecting and training employees
C) many auditors use a control risk matrix to assist in the control risk assessment process.
1. When a compensating control exists, the absence of a key control:
  A) is no longer a concern because there is no longer a significant deficiency or material weakness.
  B) is still a major concern to the auditor.
  C) could cause a material loss, so it must be tested using substantive procedures.
  D) is magnified and must be removed from the sampling process and examined in its entirety.
2. The Sarbanes-Oxley Act requires:
  A) all public companies to issue reports on internal controls.
  B) all public companies to define adequate internal controls.
  C) the auditor of public companies to design effective internal controls.
  D) the auditor of public companies to withdraw from an engagement if internal controls are weak.
3. When assessing control risk:
  A) many auditors use actuarial tables to assist in the control risk assessment process.
  B) each control can be used to satisfy only one audit objective.
  C) many auditors use a control risk matrix to assist in the control risk assessment process.
  D) all controls, including key controls, should be considered.
4. When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:
  A) provide reasonable protection against client fraud and defalcations by client employees.
  B) assess control risk.
  C) provide a basis for suggestions to the client for improving the accounting system.
  D) provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed managerial policies.

When obtaining an understanding of an entity's internal control an auditor should concentrate on the substance?

When obtaining an understanding of an entity's internal controls, an auditor should concentrate on the substance of the controls rather than their form because: Management may establish appropriate procedures but not enforce compliance with them.

When obtaining an understanding of an entity's control environment An auditor should concentrate on the substance of controls rather than their form because?

The auditor should concentrate on the substance of managcmcnt'3 policies, procedures, and related actions controls rather than their form because management controls may be established appropriate policies and procedures but not acted upon.

When obtaining an understanding of controls that relevant to the audit the auditor is required to?

In obtaining an understanding of controls that are relevant to audit planning, the auditor should perform procedures to obtain sufficient knowledge about the design of the relevant controls pertaining to each of the five internal control components and determine whether they have been placed in operation.

When obtaining an understanding of the entity and its environment the auditor should obtain an understanding of internal controls primarily to?

2. The auditor should obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures.

When obtaining an understanding of an entitys internal control an auditor should concentrate on the substance of controls rather than their form because quizlet?

103 Multiple choice questions

When obtaining an understanding of an entity's internal control an auditor should concentrate on the substance?

When obtaining an understanding of an entity's control environment An auditor should concentrate on the substance of controls rather than their form because?

When obtaining an understanding of controls that relevant to the audit the auditor is required to?

When obtaining an understanding of the entity and its environment the auditor should obtain an understanding of internal controls primarily to?

zusammenhängende Posts

Which of the following procedures would an auditor most likely perform in obtaining evidence about propriety of PPE additions?

Toplist

Neuester Beitrag

Stichworte