Auditing & Attestation > Internal Control > General Understanding General Understanding Question (ID: 336) In reporting on an entity's internal control structure over financial reporting, a practitioner should include a paragraph that describes the A Inherent limitations of any internal control structure B Documentary evidence regarding the control environment factors C Changes in the internal control structure since the prior report D Potential benefits from the practitioner's suggested improvements Question (ID: 338) An auditor uses the knowledge provided by the understanding of internal control and the assessed level of control risk primarily to A Determine whether procedures and records concerning the safeguarding of assets are reliable B Determine the nature, timing, and extent of substantive tests for financial statement assertions C Modify the initial assessments of inherent risk and preliminary judgments about materiality levels D Ascertain whether the opportunities to allow any person to both perpetrate and conceal irregularities are minimized Question (ID: 339) The auditor should use the risk assessment to determine A Whether to accept the engagement B The type of opinion to issue in the Audit Report C The size of the audit team D The nature, timing, and extent of further audit procedures to be performed Answer Correct answer is A A practitioner's report on an examination of management's assertion about the effectiveness of the entity's internal control structure should include a paragraph stating that, because of inherent limitations of any internal control structure, errors or irregularities may occur and not be detected Answer Correct answer is B The second standard of field work states that the auditor should obtain a sufficient understanding of the internal control structure to plan the audit and to determine the nature, timing and extent of tests to be performed These tests are the substantive tests for financial statement assertions Answer Correct answer is D The auditor should use the risk assessment to determine the nature, timing, and extent of further audit procedures to be performed Auditing & Attestation > Internal Control > General Understanding Question (ID: 340) After obtaining an understanding of an entity's internal control and assessing control risk, an auditor may next A Perform tests of controls to verify management's assertions that are embodied in the financial statements B Apply analytical procedures as substantive tests to validate the assessed level of control risk C Evaluate whether the internal control structure policies and procedures detected material misstatements in the financial statements D Consider whether evidential matter is available to support a further reduction in the assessed level of control risk Question (ID: 341) Which of the following is not a component of an entity's internal control? A The control environment B Risk assessment C Information and communication D Control risk Question (ID: 342) Which of the following is responsible for establishing internal controls for a public company? A Management B Management and auditors C Committee on Sponsoring Organizations D Financial statement auditors Answer Correct answer is D After the auditor assesses control risk, the auditor may desire a further reduction in the assessed level of control risk for some assertions The auditor would then decide if it is likely that additional evidential matter could be obtained to support a lower assessed level of control risk for these assertions If yes, and it is likely to be efficient to obtain such evidential matter, the auditor would then perform additional tests of controls Next, whether the auditor performed additional tests of controls or not, the auditor would document the basis for conclusions about the assessed level of control risk and design substantive tests Answer Correct answer is D According to the framework established by the Committee of Sponsoring Organizations (COSO), an entity's internal control consists of five interrelated components: Control environment, risk assessment, control actitivities, monitoring, and information and communication The five components of internal control are (1) control environment the organization’s commitment to having a strong internal control, (2) risk assessment the organization’s ability to anticipate problems and work to prevent them in advance, (3) control activities the policies and procedures in place to help ensure that the organization’s systems are working as intended by management, (4) information and communication the organization’s ability to gather significant data and get it to the people who need it in a timely fashion, and (5) monitoring he assessment of internal control by the organization over time to ensure that internal control properly adapts as changes are needed Answer Correct answer is A Management is responsible for establishing and maintaining adequate internal control over financial reporting as defined under Section 13a of the 1934 Securities Exchange Act Auditing & Attestation > Internal Control > General Understanding Question (ID: 343) The auditor's study of a public company's internal control is A Recommended by the AICPA B Required by GAAS C Required by the AICPA D Required by the Sarbanes-Oxley Act Question (ID: 344) The auditor's study of a private company's internal control is A Recommended by the AICPA B Required by GAAS C Required by the AICPA D Required by GAAP Question (ID: 345) Which of management's concerns with respect to implementing internal controls is the auditor primarily concerned? A Reliability of financial reporting B Efficiency of operations, C Compliance with applicable laws and regulations D Effectiveness of operations Question 10 (ID: 346) When an auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be A Testing controls B Vouching C Tracing D Performing a walkthrough Question 11 (ID: 347) The primary emphasis by auditors by auditor when assessing internal control is on controls over A Account balances B Classes of transactions C Both A and B, because they are equally important D Both A and B, because they vary from client to client Answer Correct answer is D Section 404 of the Sarbanes-Oxley Act requires auditors of public companies to assess and report on the effectiveness of internal control over financial reporting Answer Correct answer is B The auditor's study of a private company's internal control is required by the second standard of fieldwork of GAAS The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control Answer Correct answer is A The auditor is primarily concerned with management's concerns with respect to implementing internal controls related to producing financial statements that are reliable and free from material misstatements Answer 10 Correct answer is D In a walk-through, the auditor selects one or a few documents of a transaction type and traces them from initiation through the entire accounting process Walkthrough conveniently combines observation, documentation, and inquiry PCAOB Standard requires auditors to perform at least one walkthrough for each major class of transactions Answer 11 Correct answer is B Auditors emphasize internal control over classes of transactions rather than account balances because the accuracy of accounting system outputs (account balances) depends heavily on the accuracy of inputs and processing (transactions) Auditing & Attestation > Internal Control > General Understanding Question 12 (ID: 348) Which section of the Sarbanes-Oxley Act requires management to issue an internal control report? A 202 B 203 C 408 D 404 Question 13 (ID: 349) Narrative, flowcharts, and internal control questionnaires are three common methods of A Documenting the auditor's understanding of internal controls B Designing the audit manual and procedures C Testing the internal controls D Documenting the auditor's understanding of the client's organizational structure Question 14 (ID: 3846) The purpose of segregating the duties of hiring personnel and distributing payroll checks is to separate the: A Human resources function from the controllership function B Administrative controls from the internal accounting controls C Authorization of transactions from the custody of related assets D Operational responsibility from the record keeping responsibility Question 15 (ID: 3958) The primary purpose of an auditor's consideration of internal control is to provide a basis for A Determining whether procedures and records that are concerned with the safeguarding of assets are reliable B Constructive suggestions to clients concerning improvements in internal control C Determining the nature, extent, and timing of audit tests to be applied D To express an opinion Answer 12 Correct answer is D Section 404 of the Sarbanes-Oxley Act requires auditors of public companies to assess and report on the effectiveness of internal control over financial reporting Answer 13 Correct answer is A Narrative, flowcharts, and internal control questionnaires are three common methods that auditors may use to document their understanding of internal control Answer 14 Correct answer is C Incompatible functions are those that place any person in a position to both perpetrate and conceal errors or irregularities in the normal course of his/her duties Therefore, a well-designed plan of organization separates the duties of authorization, record keeping and custody of assets Answer 15 Correct answer is C The second standard of fieldwork requires a sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed Auditing & Attestation > Internal Control > General Understanding Question 16 (ID: 3959) In obtaining an understanding of a manufacturing entity's internal control concerning inventory balances, an auditor most likely would A Perform test counts of inventory during the entity's physical count B Analyze inventory turnover statistics to identify slow-moving and obsolete items C Review the entity's descriptions of inventory policies and procedures D Analyze monthly production reports to identify variances and unusual transactions Question 17 (ID: 3960) The auditor who becomes aware of a reportable condition in internal control is required to communicate this to the A Senior management and board of directors B Board of directors and internal auditors C Internal auditors and senior management D Audit committee or its equivalent Question 18 (ID: 3961) After obtaining an understanding of internal control and assessing control risk, an auditor decides to perform tests of controls The auditor most likely decided that A It would be efficient to perform tests of controls that would result in a reduction in planned substantive tests B There were many internal control structure weaknesses that could allow errors in the accounting systems C Additional evidence to support a further reduction in control risk is not available D An increase in the assessed level of control risk is justified for certain financial statement assertions Answer 16 Correct answer is C An auditor is required to obtain an understanding of a client's internal control structure Reviewing policies and procedures manuals that describe a client system such as inventory and the related controls is a standard audit step in obtaining that understanding Answer 17 Correct answer is D The audit committee is the appropriate recipient of communication regarding internal control related matters Answer 18 Correct answer is A Auditing authoritative sources state that after obtaining an understanding of internal control, the auditor considers if it is sufficient to perform tests of controls that would result in a reduction in planned substantive tests Auditing & Attestation > Internal Control > General Understanding Question 19 (ID: 3964) Equipment acquisitions that are misclassified as maintenance expense would most likely be detected by an internal control procedure that provides for A Investigation of current-year equipment acquisitions with prior-year equipment acquisitions B Investigation of variances within a formal budgeting system C Study of formal procedures for handling cash receipts D Study of error response procedures by general accounting Question 20 (ID: 3967) In planning an audit, the auditor's knowledge about the design of relevant internal control policies and procedures should be used to A Determine whether controls have been circumvented by collusion B Document the assessed level of control risk C Assess the operational efficiency of the internal control structure D Identify the types of potential misstatements that could occur Question 21 (ID: 3985) When considering internal control, an auditor must be aware of the concept of reasonable assurance, which recognizes that A The employment of competent personnel provides assurance that the objectives of internal control will be achieved B The establishment and maintenance of internal control is an important responsibility of the management and not of the auditor C The cost of internal control should not exceed the benefits expected to be derived from internal control D The segregation of incompatible functions is necessary to obtain assurance that the internal control is effective Answer 19 Correct answer is B Investigation of variances within a formal budgeting system would identify any unusual and unanticipated fluctuations in the repairs and maintenance accounts when asset acquisitions are correctly recorded Answer 20 Correct answer is D The auditor should obtain an understanding of a client's internal control structure, including knowledge about the design of relevant policies, procedures and records and whether they have been placed in operation by the entity In planning the audit, such knowledge should be used to identify types of material misstatements, consider factors that affect the risk of material misstatements, and design substantive tests Answer 21 Correct answer is C The concept of reasonable assurance recognizes that the cost of an entity's internal control should not exceed the benefits derived Auditing & Attestation > Internal Control > General Understanding Question 22 (ID: 4006) A flowchart is most frequently used by an auditor in connection with the A Use of statistical sampling in performing an audit B Performance of analytical review procedures of account balances C Documentation of the client's internal control procedures D Preparation of generalized computer audit programs Question 23 (ID: 5072) Which of the following is not a component of an entity's internal control? A Control environment B Control activity C Control risk D Information and communication Question 24 (ID: 5232) In the early stages of an audit engagement, the independent CPA must obtain a general understanding of internal control Which of the following is not studied as part of that step in the audit process? A Control environment B Risk assessment C Control activities D Internal independence Answer 22 Correct answer is C The auditor may document his understanding of the client's internal control through the use of a narrative, internal control questionnaire or flowchart or any other appropriate means Hence, documentation of the client's internal control procedures is the correct answer Answer 23 Correct answer is C An entity's internal control consists of five interrelated components: control environment, risk assessment, control activities, monitoring, and information and communication The five components of internal control are (1) control environment the organization’s commitment to having a strong internal control, (2) risk assessment the organization’s ability to anticipate problems and work to prevent them in advance, (3) control activities the policies and procedures in place to help ensure that the organization’s systems are working as intended by management, (4) information and communication the organization’s ability to gather significant data and get it to the people who need it in a timely fashion, and (5) monitoring he assessment of internal control by the organization over time to ensure that internal control properly adapts as changes are needed Answer 24 Correct answer is D The five areas to be studied in gaining a general understanding of internal control are the control environment, risk assessment, control activities, information and communications, and monitoring These are the five components of the internal control framework established by the Committee of Sponsoring Organizations (COSO) Auditing & Attestation > Internal Control > General Understanding Question 25 (ID: 5500) The seven factors of the control environment are A I - Integrity and ethical values C - Commitment to competence H - Human resource policies and practices A - Assignment of authority and responsibility M Management's philosophy and operating style B - Board of directors or audit committee participation O Organization B I - Integrity and ethical values C - Compensation level and schedule H - Human resource policies and practices A - Acceptance of accountability M Management's education and experience B - Board of directors or audit committee participation O Organization C I - Issue resolution and problem solving techniques C - Commitment to competence H - Human resource policies and practices A - Access to systems and data M - Management style and structure B - Board of directors or audit committee participation O Organization D I - Integrity, trust and respect C - Commitment to management goals H - Hiring practices and procedures A - Allotment of resources M - Management's philosophy and operating style B - Board of directors decision making style O - Organization Question 26 (ID: 5509) Regarding internal control system failures Even the best designed control systems are subject to failure due to A Human error, lack of experience, poor training and unethical behavior B Board of Director authorizations, management override, white collar crime and faulty judgment C Human error, faulty judgment, collusion and management override D Greed, envy, gluttony and pride Answer 25 Correct answer is A According to the Comittee of Sponsored Organizations (COSO) framework, the seven factors of the control environment are: I - Integrity and ethical values C - Commitment to competence H - Human resource policies and practices A - Assignment of authority and responsibility M - Management's philosophy and operating style B - Board of directors or audit committee participation O - Organization OR: I see ham bone I (I) see (C) ham (HAM) bone (BO) Answer 26 Correct answer is C Even the best-designed internal control systems are subject to failure due to: human error, faulty judgment, collusion and management override Auditing & Attestation > Internal Control > General Understanding Question 27 (ID: 5518) An auditor must make an assessment of control risk as part of the process to determine how much substantive testing must be done to reduce overall audit risk to an acceptably low level Which of the following is not one of the five components that make up internal control? A Checks and balances B Monitoring C Control environment D Risk assessment Answer 27 Correct answer is A The five components of internal control are (1) control environment the organization’s commitment to having a strong internal control, (2) risk assessment the organization’s ability to anticipate problems and work to prevent them in advance, (3) control activities the policies and procedures in place to help ensure that the organization’s systems are working as intended by management, (4) information and communication the organization’s ability to gather significant data and get it to the people who need it in a timely fashion, and (5) monitoring he assessment of internal control by the organization over time to ensure that internal control properly adapts as changes are needed  ...Auditing & Attestation > Internal Control > General Understanding Question (ID: 340) After obtaining an understanding of an entity''s internal control and assessing control risk, an auditor may... Attestation > Internal Control > General Understanding Question 12 (ID: 348) Which section of the Sarbanes-Oxley Act requires management to issue an internal control report? A 202 B 203 C 408 D 404 Question... Attestation > Internal Control > General Understanding Question 19 (ID: 3964) Equipment acquisitions that are misclassified as maintenance expense would most likely be detected by an internal control