CPA Auditing & Attestation Internal Control Assessing Control Risk Question When management is evaluating the design of internal control, management evaluates whether the control can all but which of the following? A Correct material misstatements B Prevent material misstatements C Detect material misstatements D None of the above is correct The correct answer was A Controls are designed to prevent and detect errors; corrections of errors involve human intervention Question Which of the following may increase risk to an organization? A Quality of personnel B Presence of new informatin technologies C Geographic dispersion of the company operations D All of the above The correct answer was D Quality of personnel, presence of new information technologies and geographic dispersion of the company operations are all types of environmental risks that an organization faces Question Risk assessment for financial reporting is management's process for identifying, analyzing, and responding to risks relevant to the preparation of financial statements in conformity with A Generally Accepted Accounting Standards B Generally Accepted Auditing Standards C PCAOB Auditing Standards Assessing Control Risk Auditing & Attestation CPA D Generally Accepted Accounting Principles The correct answer was D Financial statements are always prepared in conformity with Generally Accepted Accounting Principles (GAAP) Question An auditor is currently assessing control risk and finds that it is lower than had been anticipated How does this discovery impact the work of the auditor? A The acceptable level of audit risk can be raised B The acceptable level of inherent risk can be lowered C The acceptable level of audit risk can be lowered D The acceptable level of detection risk can be raised The correct answer was D An independent auditor assesses inherent risk and control risk to determine the amount of substantive testing that must be carried out to reduce detection risk to a level so that overall audit risk will be at an acceptably low level If control risk is particularly low, then detecetion risk can be higher and the overall audit risk will still achieve an acceptably low level Acceptable audit risk is not changed However, the amount of work needed to achieve that level is changed Question A(n) _ deficiency exists if a necessary control is missing or not properly formulated A Design B Operation C Significant D Control The correct answer was A A design deficiency exists if the necessary control is missing or not properly designed Auditors must evaluate whether key controls are absent in the design of internal control over financial reporting as a part of evaluating control risk Assessing Control Risk Auditing & Attestation CPA Question Risk assessment involves considering threats to the organization's objectives in the areas of A Marketing, financial reporting and compliance B Operations, financial reporting and compliance with laws and regulations C Financial reporting, performance and marketing D Compliance with laws and regulations, operations and performance The correct answer was B Risk assessment involves considering threats to the organization's objectives in the areas of operations, financial reporting and compliance with laws and regulations Question To obtain an understanding of the entity and its environment, including its internal control, the auditor should perform each of the following risk assessment procedures except: A Inquiries of management and others within the entity B Analytical procedures C Attribute sampling D Observation and inspection The correct answer was C Attribute sampling frequently used in performing test of controls when the auditor is looking for a rate, in most cases an error rate Question An auditor uses the assessed level of control risk to A Determine the acceptable level of detection risk for financial statement assertions B Evaluate the effectiveness of the entity's internal control policies and procedures C Identify transactions and account balances where inherent risk is at the maximum D Indicate whether materiality thresholds for planning and evaluation purposes are sufficiently high Assessing Control Risk Auditing & Attestation CPA The correct answer was A According to the audit risk model, acceptable detection risk is a function of allowable audit risk, inherent risk, and control risk This question is concerned with control risk, which is defined as the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by an entity's internal control structure policies or procedures, and detection risk, which is defined as the risk that the auditor will not detect a material misstatement that exists in an assertion The auditor uses the assessed level of control risk to determine the acceptable level of detection risk for financial statement assertions Question When an auditor increases the assessed level of control risk because certain control procedures were determined to be ineffective, the auditor would most likely increase the A Tests of controls B Extent of tests of details C Tolerable risk D Population size The correct answer was B Control risk is the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by an entity's internal control structure policies or procedures Auditing procedures designed to detect such misstatements are referred to as substantive tests, which include tests of details and analytical procedures If a control is found to be ineffective, the auditor would increase substantive tests, tests of details Question 10 In assessing control risk for purchases, an auditor compares a sample of entries in the voucher register to the supporting documents Which assertion would this test of controls most likely support? A Valuation or allocation B Rights and Obligations C Existence or occurrence D Completeness The correct answer was C Assertions about existence or occurrence deal with whether assets or liabilities of the entity exist at a given date and whether recorded transactions have occurred during a given period For example, Assessing Control Risk Auditing & Attestation CPA management asserts that finished goods inventories in the balance sheet are available for sale, or management asserts that sales in the income statement represent the exchange of goods or services with customers for cash or other consideration Question 11 When there are numerous property and equipment transactions during the year, an auditor who plans to assess control risk at a low level usually performs A Analytical procedures for current year property and equipment transactions B Tests of controls and extensive tests of property and equipment balances at the end of the year C Tests of controls and limited tests of current year property and equipment transactions D Analytical procedures for property and equipment balances at the end of the year The correct answer was C An auditor assesses control risk to determine the acceptable detection risk and extent of substantive tests to perform When an auditor plans to assess control risk at a low level, he must identify specific policies and procedures that are likely to prevent or detect material misstatements, and he must perform tests of controls to evaluate the effectiveness of such policies and procedures If, based on the tests of controls, the control risk is assessed at a low level, the auditor may limit the extent of substantive testing Question 12 The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the risk that A Material misstatements may exist in the financial statements B Entity policies may be overridden by senior management C Specified controls requiring segregation of duties may be circumvented by collusion D Tests of controls may fail to identify procedures relevant to assertions The correct answer was A Control risk is defined as the risk that a material misstatement that could occur in an assertion will not be prevented or detected on a timely basis by an entity's internal control structure policies or procedures The auditor assesses control risk as part of his overall evaluation of the risk that material misstatements may exist in the financial statements Assessing Control Risk Auditing & Attestation CPA Question 13 When control risk is assessed as being low for assertions related to payroll, substantive tests of payroll balances most likely would be limited to applying analytical procedures and A Recalculating payroll accruals B Observing the distribution of paychecks C Footing and cross footing the payroll register D Inspecting payroll tax returns The correct answer was A When the auditor determines that the internal control structure is effective and thus the control risk is assessed as low, the auditor may alter the nature, timing, and extent of substantive tests performed In the case of assertions related to payroll, the auditor may decide to limit substantive tests to performing analytical procedures, which would evaluate the reasonableness of payroll-related amounts for the year, and recalculating payroll accruals, which would provide some assurance that the year-end adjustments are proper Question 14 An auditor most likely would assess control risk at the maximum if the payroll department supervisor is responsible for A Comparing payroll registers with original batch transmittal data B Authorizing payroll rate changes for all employees C Examining authorization forms for new employees D Hiring all subordinate payroll department employees The correct answer was B Authorization and recording are incompatible functions that should be assigned to different individuals In this case, authorization of payroll changes, which is typically the responsibility of the human resources department, should be segregated from recording payroll, which is the responsibility of the payroll department If the payroll department supervisor is responsible for these two functions, the entity's internal control structure may be inadequate to prevent or detect material misstatements in the payroll area Thus, the auditor would assess control risk at the maximum Assessing Control Risk Auditing & Attestation CPA Question 15 Which of the following is a control procedure that most likely could help prevent employee payroll fraud? A The personnel department promptly sends employee termination notices to the payroll supervisor B Total hours used for determination of gross pay are calculated by the payroll supervisor C Salary rates resulting from new hires are approved by the payroll supervisor D Employees who distribute payroll checks forward unclaimed payroll checks to the absent employees' supervisors The correct answer was A Payroll fraud could involve fictitious employees and/or fictitious salary rates In order to prevent these frauds, new hires, terminations of employees, and salary rates should be approved by the personnel department, which in turn should keep the payroll department and employee supervisors informed on a timely basis Question 16 Which of the following internal control activities most likely would justify a reduced assessed level of control risk concerning plant and equipment acquisitions? A Periodic physical inspection of plant and equipment by the internal audit staff B Comparison of current-year plant and equipment account balances with prior-year actual balances C The review of prenumbered purchase orders to detect unrecorded trade-ins D Approval of periodic depreciation entries by a supervisor independent of the accounting department The correct answer was A The internal audit procedure of the periodic inspection of physical equipment and comparison to what is recorded by the internal audit staff would allow for a reduction in the scope of the auditor's tests of asset acquisitions Question 17 In assessing control risk, the auditor starts by learning the design of the control system and then considers whether to perform tests of individual controls If the design of the control system is viewed as weak, which of the following is most likely to be true? Assessing Control Risk Auditing & Attestation CPA A The auditor will be likely to test the controls because of the weakness B The auditor is likely to additional substantive testing C The auditor will likely reduce the assessment of inherent risk D An unqualified opinion cannot be issued The correct answer was B When the design of internal control is weak, there is no reason to any testing of those controls Properly operating within a weak system does not make it any less weak Instead, the auditor will probably assess control risk as high which is likely to force the auditor to additional (or better) substantive testing in order to compensate for this problem Detection risk has to be quite low to make up for the weakness in internal control The assessment of inherent risk is independent from the assessment of control risk and is not affected Finally, as long as the auditor eventually reduces overall audit risk to an appropriately low level, an unqualified opinion can be given even though the control system is weak Question 18 An independent CPA is assessing the level of control risk present at a company that is currently being audited This company has an internal audit department and the independent CPA is evaluating the objectivity of that department Which of the following is a sign that the department has proper objectivity? A The size of the department has grown from people to 19 over the last three years B In order to be promoted within this department, the employee must have become a CPA C The head of the department meets privately with the chair of the board of directors each quarter D The head of the department had seven years of experience with an international accounting firm before taking this position with the company The correct answer was C The independent CPA is interested in both the competence and objectivity of the internal audit department because of the key function that it plays in the company Answers A, B, and D all relate to competence These relate to the question: Is there evidence that the people doing the work are capable of doing it properly? Objectivity concerns the internal auditor’s independence so that the department can the work that is necessary That is usually shown by having a direct line of communication to an authority figure outside of management (usually the board of directors or the audit committee of the board of directors) Assessing Control Risk Auditing & Attestation CPA Question 19 One of the components of internal control that an independent auditor must come to understand about each audit client is “information and communication.” What is meant by this term? A The ability of the management of the company to communicate its priorities to the appropriate staff levels within the organization B The ability of the accounting system to generate reliable information and convey it in a timely manner to those parties within the organization that need it C The ability of employees in a company to warn the independent auditor of fraudulent actions within the organization D The ability of the internal auditor to communicate information about the various systems to people within the organization at an appropriate level of authority The correct answer was B Internal control includes any policies and procedures within the company designed to ensure that the accounting systems are functioning effectively as designed by the management of the company One general goal is to make sure that the information produced by the accounting system is reliable and reaches the correct party in time to be used in making appropriate decisions In looking at a particular system and its internal control, the auditor evaluates the ability to generate information and then communicate it to the parties who can make use of it Question 20 A CPA firm is performing an audit engagement and it currently beginning to assess the amount of control risk Which of the following is not viewed as one of the components of a company’s internal control? A Control environment B Risk assessment C Control activities D Design and formulation The correct answer was D The five components of internal control are (1) control environment the organization’s commitment to having a strong internal control, (2) risk assessment the organization’s ability to anticipate problems and work to prevent them in advance, (3) control activities the policies and procedures in place to help ensure that the organization’s systems are working as intended by management, (4) information and communication the organization’s ability to gather significant data and get it to the people who need it in a timely fashion, and (5) monitoring he assessment of internal control by the organization over time to ensure that internal control properly adapts as changes are needed Assessing Control Risk Auditing & Attestation CPA Question 21 A CPA firm is beginning the audit of Panasian Corporation One of the staff auditors has been assigned to gain and then document her understanding of the internal controls designed to be in place in the company’s payroll system At the end of the day, the staff auditor has created a series of flowcharts, questionnaires, and narrative descriptions based on the understanding she has obtained Which of the following is correct? A The questionnaire approach is preferred B The flowchart approach is preferred C She was correct in using all three of these techniques to fulfill this assignment D She only needed to use one of these techniques The correct answer was D The auditor’s goal was to establish her understanding of the design of the controls that were supposed to be in place in this payroll system All three of these techniques (questionnaire, flowchart, or narrative) can accomplish this purpose successfully Therefore, only one is necessary although sometimes the techniques are grouped together if the system is particularly complex Question 22 The firm of Martin & Lawrence, CPAs is undertaking the financial statement audit of GigantoCorp, which outsources its payroll processing to HR Specialist Company Martin & Lawrence are considering the internal controls of HR Specialist Company in the assessment of control risk in the audit of GigantoCorp Tommy, Lee, & Jones, CPAs is the auditor of HR Specialist Company and has recently issued a report detailing HR Specialist Company's procedures and policies for payroll processing services, which it has provided to Martin & Lawrence Martin & Lawrence should: A Assess control risk at the maximum level, as Martin & Lawrence have no firsthand knowledge of the controls of HR Specialist Company B Perform tests of controls at HR Specialist Company C Refer to Tommy, Lee, & Jones in the audit opinion if its report is relied upon in the assessment of control risk D Make appropriate inquiries to assess the professional reputation of Tommy, Lee, & Jones The correct answer was D Martin & Lawrence is permitted to rely upon the report of Tommy, Lee, & Jones in its assessment of control risk, but only after consideration and satisfaction as to 1) the professional reputation of Tommy, Lee, & Jones and 2) the adequacy of the work performed by Tommy, Lee, & Jones in preparing its report However, Martin & Lawrence may not refer to the other firm in the audit report, as Tommy, Lee, & Jones did not audit any part of the financial statements 10 Assessing Control Risk Auditing & Attestation CPA NOTE 11 Assessing Control Risk ... department The correct answer was A The internal audit procedure of the periodic inspection of physical equipment and comparison to what is recorded by the internal audit staff would allow for a... ability of the internal auditor to communicate information about the various systems to people within the organization at an appropriate level of authority The correct answer was B Internal control... components of a company’s internal control? A Control environment B Risk assessment C Control activities D Design and formulation The correct answer was D The five components of internal control are