Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 48 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
48
Dung lượng
156,5 KB
Nội dung
Chapter07 - InternalControlChapter07InternalControl True / False Questions Internalcontrol is concerned with the reliability of financial information True False The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtain business True False Incompatible duties exist when an employee is in a position to perpetrate and conceal errors or fraud True False Internal auditors should preferably report to the chief accounting officer of the company True False Well-designed internalcontrol will prevent all fraud by top management True False CPA firms may use written narratives to describe internalcontrol in their audit working papers True False The auditors' communication ofinternalcontrol significant deficiencies should be addressed only to senior management of the company True False 7-1 Chapter07 - InternalControl If the auditors' assessment of the design ofinternalcontrol reveals that it cannot be relied upon, the auditors are not required to prepare any documentation ofinternalcontrol for their working papers True False The relatively low number of types of transactions incurred by small firms makes the segregation of duties impossible True False 10 In a financial statement audit, CPAs are required to assess the operating effectiveness of most significant accounting oriented controls True False Multiple Choice Questions 11 Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee? A Management's failure to renegotiate unfavorable long-term purchase commitments B Recurring operating losses that may indicate going concern problems C Evidence of a lack of objectivity by those responsible for accounting decisions D Management's current plans to reduce its ownership equity in the entity 12 In assessing the objectivity of a client's internal auditors, the CPA would be most likely to consider internal auditor: A Education levels B Experience C Organizational status within the company D Training and supervisory skills 7-2 Chapter07 - InternalControl 13 In a financial statement audit performed following AICPA Professional Standards, how frequently must an auditor test operating effectiveness of controls that appear to function as they have in past years and on which the auditor wishes to rely upon in the current year? A Monthly B Each audit C At least every second audit D At least every third audit 14 After obtaining an understanding ofinternalcontroland arriving at a preliminary assessed level ofcontrol risk, an auditor decided to perform tests of controls The auditor most likely decided that: A Additional evidence to support a reduction in the assessed level ofcontrol risk is not available B An increase in the assessed level ofcontrol risk is justified for certain financial statement assertions C It would be efficient to perform tests of controls that would result in a reduction in planned substantive procedures D There were many internalcontrol deficiencies that would allow misstatements to enter the accounting system 15 Which of the following is least likely to be evidence of operating effectiveness of controls? A Cancelled supporting documents B Confirmations of accounts receivable C Records documenting usage of computer programs D Signatures on authorization forms 16 Which of the following is not ordinarily a procedure for documenting an auditor's understanding ofinternalcontrol for planning purposes? A Checklist B Flowchart C Questionnaire D Confirmation 7-3 Chapter07 - InternalControl 17 Tests of controls not ordinarily address: A By whom a control was applied B How a control was applied C The consistency with which a control was applied D The cost effectiveness of the way a control was applied 18 Which is most likely when the assessed level ofcontrol risk increases? A Change from performing substantive procedures at year-end to an interim date B Perform substantive procedures directed inside the entity rather than tests directed toward parties outside the entity C Use the maximum number of dual purpose tests D Use larger sample sizes for substantive procedures 19 Which of the following must the auditor communicate to the audit committee? A Significant deficiencies and material weaknesses B Only significant deficiencies C Only material weaknesses D Neither significant deficiencies nor material weaknesses 20 A client's internalcontrol appears strong, but the CPA has elected not to perform any tests of controls The planned assessed level ofcontrol risk is at what level? A Zero B Low C Moderate D Maximum 21 Which of the following would be least likely to be regarded as a testof a control? A Tests of the additions to property by physical inspection B Comparisons of the signatures on cancelled checks to the authorized check signer list C Tests of signatures on purchase orders D Recalculation of payroll deductions 7-4 Chapter07 - InternalControl 22 Which of the following is not considered one of the five major components ofinternal control? A Risk assessment B Segregation of duties C Control activities D Monitoring 23 Which of the following statements is correct concerning the understanding ofinternalcontrol needed by auditors? A The auditors must understand the information system, not the accounting system B The auditors must understand monitoring and all preliminary accounting controls C The auditors must have a sufficient understanding to assess the risks of material misstatement D The auditors must understand the control environment, risk assessment, and all control activities 24 The effectiveness of controls is not generally tested by: A Inspection of documents and reports B Performance of analytical procedures C Observation of the application of accounting policies and procedures D Inquiries of appropriate client personnel 25 On financial statement audits, it is required that the auditors obtain an understanding ofinternal control, including: A Its operating effectiveness B Whether it has been implemented (placed in operation) C Performing tests of controls for all material controls D Its ability to provide reasonable assurance 7-5 Chapter07 - InternalControl 26 A significant deficiency: A Differs from a material weakness in that it involves internalcontrol over operations rather than internalcontrol over financial reporting B Involves an amount of discovered misstatements greater than the amount used as the planning measure of materiality C Is identical to a material weakness except that it need not be communicated to those responsible for oversight of the company's financial reporting D Is less severe than a material weakness 27 This organization developed a set of criteria that provide management with a basis to evaluate controls not only over financial reporting, but also over the effectiveness and efficiency of operations and compliance with laws and regulations: A Foreign Corrupt Practices Corporation B Committee of Sponsoring Organizations C Cohen Commission D Financial Accounting Standards Board 28 Which of the following is most likely to be considered a risk assessment procedure relating to internal control? A Confirm accounts receivable B Perform a testof a control relating to payroll C Take test counts of the year-end inventory D Trace a transaction through the information system relevant to financial reporting 29 Which statement is correct concerning the definition ofinternalcontrol developed by the Committee of Sponsoring Organizations (COSO)? A Its applicability is largely limited to internalauditing applications B It is recognized in the Statements on Auditing Standards C It emphasizes the effectiveness and efficiency of operations over the reliability of financial reporting D It suggests that it is important to view internalcontrol as an end product as contrasted to a process or means to obtain an end 7-6 Chapter07 - InternalControl 30 The definition ofinternalcontrol developed by the Committee of Sponsoring Organizations (COSO) includes controls related to the reliability of financial reporting, the effectiveness and efficiency of operations, and: A Compliance with applicable laws and regulations B Effectiveness of prevention of fraudulent occurrences C Safeguarding of entity equity D Incorporation of ethical business practice standards 31 Which statement is correct concerning the relevance of various types of controls to a financial statement audit? A An auditor may ordinarily ignore the consideration of controls when a substantive audit approach is used B Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls may also be relevant C Controls over safeguarding assets and liabilities are of primary importance, while controls over the reliability of financial reporting may also be relevant D All controls are ordinarily relevant to an audit 32 Which of the following is not a component of the control environment? A Integrity and ethical values B Risk assessment C Commitment to competence D Organizational structure 33 Which of the following is not ordinarily considered a factor indicative of increased financial reporting risk when an auditor is considering a client's risk assessment policies? A Salaried sales personnel B Implementation of a new information system C Rapid growth of the organization D Corporate restructuring 7-7 Chapter07 - InternalControl 34 The Sarbanes-Oxley Act of 2002 requires that the audit committee: A Annually reassess control risk using information from the CPA firm B Be directly responsible for the appointment, compensation and oversight of the work of the CPA firm C Require that the company's CPA firm rotate the partner in charge of the audit D Review the level of management compensation 35 When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level ofcontrol risk will: A Be less than the preliminary assessed level ofcontrol risk B Equal the preliminary assessed level ofcontrol risk C Equal the actual control risk D Be less than the actual control risk 36 Under which circumstance is it likely that the extent of substantive procedures will be expanded beyond that anticipated in the audit plan? A The auditors have determined that controls have been implemented (placed in operation) but, in accordance with the audit plan, have performed no tests of controls B Certain controls not leave a trail of documentary evidence C Deviation rates were greater than zero and approached anticipated levels D The operating effectiveness of certain controls was found to be less than expected, although no material misstatements were identified 37 The provisions of the Foreign Corrupt Practices Act apply to: A All U.S corporations B All U.S corporations that engage in foreign operations C All corporations that must file under the Securities Exchange Act of 1934 D All U.S partnerships and corporations 38 If the auditors notperform tests of controls for certain assertions: A They have performed a substandard audit B They are not required to communicate significant deficiencies relating to those accounts to management and the board of directors C They must issue a qualified opinion D They must assess control risk at the maximum level for those assertions 7-8 Chapter07 - InternalControl 39 During financial statement audits, the auditors' consideration of their clients' internalcontrol is integral to both assess the risk of material misstatement and to: A Assess inherent risk B Design further audit procedures C Assess compliance with the Foreign Corrupt Practices Act D Provide a reasonable basis for an opinion on compliance with applicable laws 40 Which of the following comes closest to outlining the auditors' responsibility for considering internalcontrol in all financial statement audits? A An understanding of the control environment, information and communication, risk assessment and monitoring is necessary; an understanding ofcontrol activities is only necessary for areas in which the auditor is performing tests of controls B The auditor must obtain an understanding of each of the five internalcontrol components sufficient to assess the risks of material misstatement for the audit C When tests of controls have been performed, control risk must be assessed at a level less than the maximum D An understanding of the control environment is necessary, but no understanding of the other components is necessary unless control risk is to be assessed at a level less than the maximum 41 Which of the following is not a primary procedure auditors use to obtain sufficient knowledge about the design of the relevant controls and to determine whether they have been implemented (placed in operation)? A Previous experience with the entity B Inquiries of appropriate management personnel C Performance of substantive procedures D Inspection of document and records 42 A control deficiency that is less severe than a material weakness, but important enough to merit attention by those responsible for oversight of the company's financial reporting is referred to as a(n): A Control deficiency B Inherent limitation C Reportable deficiency D Significant deficiency 7-9 Chapter07 - InternalControl 43 For effective internal control, which of the following functions should not be assigned to the company's accounting department? A Reconciling accounting records with existing assets B Recording financial transactions C Signing payroll checks D Preparing financial reports 44 Which of the following is not a responsibility that should be assigned to a company's internal audit department? A Evaluating internalcontrol B Approving disbursements C Reporting on the effectiveness of operating segments D Investigating potential merger candidates 45 Which of the following is true about the auditors' consideration ofinternalcontrol in a financial statement audit? A The auditors must assess control risk at a level lower than the maximum B The auditors must prepare a flowchart description ofinternalcontrol for their working papers C The auditors must obtain an understanding of the steps in processing major types of transactions D The auditors must perform tests of controls 46 Which of the following is an advantage of describing internalcontrol through the use of a standardized questionnaire? A Questionnaires highlight weaknesses in the system B Questionnaires are more flexible than other methods of describing internalcontrol C Questionnaires usually identify situations in which internalcontrol weaknesses are compensated for by other strengths in the system D Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing internalcontrol 7-10 Chapter07 - InternalControl 45 Which of the following is true about the auditors' consideration ofinternalcontrol in a financial statement audit? A The auditors must assess control risk at a level lower than the maximum B The auditors must prepare a flowchart description ofinternalcontrol for their working papers C The auditors must obtain an understanding of the steps in processing major types of transactions D The auditors must perform tests of controls Difficulty: Medium 46 Which of the following is an advantage of describing internalcontrol through the use of a standardized questionnaire? A Questionnaires highlight weaknesses in the system B Questionnaires are more flexible than other methods of describing internalcontrol C Questionnaires usually identify situations in which internalcontrol weaknesses are compensated for by other strengths in the system D Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing internalcontrol Difficulty: Medium 47 Which of the following is least likely to be considered a risk assessment procedure relating to internal control? A Counting marketable securities at year-end B Inquiries of client personnel C Inspecting documents and reports D Observing the application of specific controls Difficulty: Hard 7-34 Chapter07 - InternalControl 48 Which of the following is least likely to be considered a risk assessment procedure? A Analytical procedures B Inspection of documents C Observation of the counting of inventory D Observation of the performance of certain accounting procedures Difficulty: Hard 49 Which of the following is not a factor that is considered a part of the client's overall control environment? A The organizational structure B The information system C Management philosophy and operating style D Board of directors Difficulty: Medium 50 Which of the following would be least likely to be considered a benefit of effective internal control? A Eliminating all employee fraud B Restricting access to assets C Detecting ineffectiveness D Ensuring authorization of transactions Difficulty: Medium 51 After documenting the client's prescribed internal control, the auditors will often perform a walk-through of each transaction cycle An objective of a walk-through is to: A Verify that the controls have been implemented (placed in operation) B Replace tests of controls C Evaluate the major strengths and weaknesses in the client's internalcontrol D Identify weaknesses to be communicated to management in the management letter Difficulty: Medium 7-35 Chapter07 - InternalControl 52 The major components ofinternalcontrol include all of the following, except: A Risk assessment B The control environment C Internalauditing D Control activities Difficulty: Medium 53 Which of the following is correct with respect to control deficiencies discovered during an audit? A Auditors must communicate and recommend corrections relating to all material weaknesses in internalcontrol to management B All material weaknesses in internalcontrol should be reported to the audit committee C All such matters must be communicated to the audit committee and regulatory agencies D All control deficiencies are also significant deficiencies Difficulty: Hard 54 After considering the client's internalcontrol the auditors have concluded that it is well designed and is functioning as anticipated Under these circumstances the auditors would most likely: A Cease to perform further substantive procedures B Reduce substantive procedures in areas where the internalcontrol was found to be effective C Increase the extent of anticipated analytical procedures D Perform all tests of controls to the extent outlined in the preplanned audit program Difficulty: Easy Source: AICPA 7-36 Chapter07 - InternalControl 55 The use of fidelity bonds protects a company from embezzlement loses and also: A Minimizes the possibility of employing persons with dubious records in positions of trust B Reduces the company's need to obtain expensive business interruption insurance C Allows the company to substitute the fidelity bonds for various parts ofinternalcontrol D Protects employees who made unintentional errors from possible monetary damages resulting from such errors Difficulty: Medium Source: AICPA 56 The independent auditors might consider the procedures performed by the internal auditors because: A They are employees whose work must be reviewed during substantive testing B They are employees whose work might affect the independent auditors' work C Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations D Their degree of independence may be inferred by the nature of their work Difficulty: Medium Source: AICPA 57 In the consideration ofinternal control, the operating effectiveness of controls is tested by: A Flowcharts verification B Tests of controls C Substantive procedures D Decision tables Difficulty: Easy Source: AICPA 7-37 Chapter07 - InternalControl 58 The auditors who become aware of an internalcontrol significant deficiency are required to communicate this to the: A Client's legal counsel B Compensation committee C Audit committee D Internal auditors Difficulty: Medium Source: AICPA 59 A material weakness involves an amount that could result in a misstatement that is A Smaller than inconsequential B Larger than inconsequential C Tolerable D Material Difficulty: Medium 60 At least what level of probability of a material misstatement is required for a control deficiency to be considered a material weakness? A More than remote B Probable C Reasonable possibility D Sufficient Difficulty: Medium 61 A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect material misstatements on a timely basis is referred to as a: A Control deficiency B Material weakness C Reportable condition D Significant deficiency Difficulty: Medium 7-38 Chapter07 - InternalControl 62 To provide for the greatest degree of independence in performing internalauditing functions, an internal auditor most likely should report to the: A Financial vice-president B Corporate controller C Audit committee D Corporate stockholders Difficulty: Medium Source: AICPA 63 Well-designed internalcontrol that is functioning effectively is most likely to detect an fraud arising from: A The fraudulent action of several employees B The fraudulent action of an individual employee C Informal deviations from the official organization chart D Management fraud Difficulty: Medium Source: AICPA 64 The program flowcharting symbol representing a decision is a: A Triangle B Circle C Rectangle D Diamond Difficulty: Medium Source: AICPA 65 Controls are not designed to provide assurance that: A Transactions are executed in accordance with management's authorization B Fraud will be eliminated C Access to assets is permitted only in accordance with management's authorization D The recorded accountability for assets is compared with the existing assets at reasonable intervals Difficulty: Medium Source: AICPA 7-39 Chapter07 - InternalControl 66 The scope of substantive procedures as compared to the scope of tests of controls generally vary: A In a parallel manner B Inversely C Directly D Equally Difficulty: Medium Source: AICPA 67 Which of the following is least likely to be a factor that might indicate to an auditor that an identified risk of misstatement requires special audit consideration? A Complex calculations are involved B The rate of technological change is moderate in the industry C The potential for fraud seems high D Various subjective methods of application of a key accounting policy exist Difficulty: Easy 68 Which of the following audit tests would be regarded as a testof a control? A Tests of the specific items making up the balance in a given general ledger account B Tests confirming receivables C Tests of the signatures on canceled checks to board of director's authorizations D Tests of the additions to property, plant, and equipment by physical inspection Difficulty: Medium Source: AICPA 69 If the independent auditors decide that the work performed by the internal auditors may have a bearing on their own procedures, they should consider the internal auditors': A Competence and objectivity B Efficiency and experience C Independence and review skills D Training and supervisory skills Difficulty: Medium Source: AICPA 7-40 Chapter07 - InternalControl 70 In the consideration ofinternal control, the auditor is basically concerned that it provides reasonable assurance that: A Management can not override the system B Operational efficiency has been achieved in accordance with management plans C Misstatements have been prevented or detected D Controls have not been circumvented by collusion Difficulty: Medium Source: AICPA 71 Which of the following is least likely to be considered an appropriate response relating to risks the auditors identify at the financial statement level? A Assign more experienced staff B Incorporate additional elements of unpredictability in the selection of audit procedures C Increase the scope of auditor procedures D Emphasize the need to remain neutral, rather than to exercise professional skepticism Difficulty: Easy 72 In assessing the competence of a client's internal auditor, an independent auditor most likely would consider the A Internal auditor's compliance with professional internalauditing standards B Client's policies that limit the internal auditor's access to management salary data C Evidence supporting a further reduction in the assessed level ofcontrol risk D Results of ratio analysis that may identify unusual transactions and events Difficulty: Medium Source: AICPA 73 Which of the following factors would most likely be considered an inherent limitation to an entity's internal control? A The complexity of the information processing system B Human judgment in the decision making process C The ineffectiveness of the board of directors D The lack of management incentives to improve the control environment Difficulty: Medium Source: AICPA 7-41 Chapter07 - InternalControl 74 Proper segregation of duties reduces the opportunities to allow any employee to be in a position to both A Journalize cash receipts and disbursements and prepare the financial statements B Monitor internal controls and evaluate whether the controls are operating as intended C Adopt new accounting pronouncements and authorize the recording of transactions D Record and conceal fraudulent transactions in the normal course of assigned tasks Difficulty: Easy Source: AICPA 75 Which of the following is intended to detect deviations from prescribed controls? A Substantive procedures specified by a standardized audit program B Tests of controls designed specifically for the client C Analytical procedures as set forth in an industry audit guide D Computerized analytical procedures tailored for the configuration of the computer equipment in use Difficulty: Medium Source: AICPA 76 An auditor's purpose for performing tests of controls is to provide reasonable assurance that: A Controls are operating effectively B The risk that the auditor may unknowingly fail to modify the opinion on the financial statements is minimized C Transactions are executed in accordance with management's authorization and access to assets is limited by a segregation of functions D Transactions are recorded as necessary to permit the preparation of the financial statements in conformity with generally accepted accounting principles Difficulty: Medium Source: AICPA 7-42 Chapter07 - InternalControl 77 Of the following statements about internal control, which one is not valid? A No one person should be responsible for the custodial responsibility and the recording responsibility for an asset B Transactions must be properly authorized before such transactions are processed C Because of the cost/benefit relationship, a client may apply control procedures on a test basis D Control activities reasonably insure that collusion among employees can not occur Difficulty: Easy Source: AICPA 78 Tests of controls are most likely to be performed when: A Controls seem weak and must be properly documented B Inadequate substantive procedures exist to restrict audit risk to an acceptable level C The auditor wishes to assess control risk at the maximum D The client's control environment appears weak Difficulty: Hard 79 Which of the following would be least likely to be included in an auditor's tests of controls? A Inspection B Observation C Inquiry D Analytical procedures Difficulty: Medium Source: AICPA 80 The internalcontrol provisions of the Sarbanes-Oxley Act of 2002 apply to which companies in the United States: A All companies B SEC registrants C Only those companies included in the Fortune 500 D All nonpublic companies Difficulty: Medium 7-43 Chapter07 - InternalControl 81 An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses financial statements and: A Compliance with laws B Internalcontrol over asset safeguarding C Internalcontrol over financial reporting D Suitable criteria Difficulty: Medium 82 A report on internalcontrol performed in accordance with PCAOB Standard No includes an opinion on internalcontrol for: A The entire year B The prior quarter C The "as of date." D The end of each quarter Difficulty: Hard 83 When performing an audit ofinternalcontrol under PCAOB requirements, auditors evaluate control: A Option A B Option B C Option C D Option D Difficulty: Medium 7-44 Chapter07 - InternalControl 84 When performing an internalcontrol audit under PCAOB requirements, one or more material weaknesses in internalcontrol that exist at year-end may result in what type of report(s): A Option A B Option B C Option C D Option D Difficulty: Hard 85 When performing an internalcontrol audit under PCAOB standards, one or more material weaknesses in internalcontrol that exist at year-end may result in what type of report(s): A Option A B Option B C Option C D Option D Difficulty: Medium 7-45 Chapter07 - InternalControl Essay Questions 86 Independent auditors should consider the work ofinternal auditors in their assessment ofcontrol risk a Are internal auditors independent of management? Explain b What is the difference between the primary objective of the independent auditors and that ofinternal auditors? Explain c Discuss the factors that should be considered by the independent auditors in deciding how much, if any, reliance should be placed on the work of the internal auditors a No However, internal auditors may achieve independence from departments they evaluate by reporting to a senior officer or the board of directors b The independent auditors' objective is to express an opinion on the client's financial statements The internal auditors' primary objective is to aid management in achieving the most efficient and effective administration of the business c In deciding the degree of reliance to be placed on the work of the internal auditors, the independent auditors should consider the competence and objectivity of the internal auditors, and evaluate their work Difficulty: Hard 87 Auditors are required to consider a client's internalcontrol a Describe the two purposes of the auditors' consideration of a client's internalcontrol b Even the best internalcontrol has certain limitations List three of those limitations a The auditors' consideration of their clients' internalcontrol is integral to both (1) to assess the risks of material misstatement in the financial statements and (2) to design the nature, timing and extent of further audit procedures b The limitations ofinternalcontrol include (only three required): Carelessness Misunderstanding of instructions Top management may override the system Collusion among employees may circumvent controls dependent upon segregation of duties Cost considerations often limit the effectiveness of the design of the structure Difficulty: Medium 7-46 Chapter07 - InternalControl 88 When considering a client's internal control, the auditors focus on its various characteristics For each of the following characteristics indicate the auditors' responsibility under generally accepted auditing standards and the procedures used to meet that responsibility a The design ofinternalcontrol b Controls have been implemented (placed in operation) c The operating effectiveness of controls a The auditors have a responsibility to obtain an understanding ofinternalcontrol that is sufficient to plan the audit An understanding of the design of the structure is obtained by inspecting control manuals, organization charts, and job descriptions, and by interviewing client personnel b The auditors have a responsibility to determine whether significant internalcontrol policies and procedures are implemented (placed in operation) in every audit The auditors may determine whether the controls have been implemented (placed in operation) by observation, inspection, and inquiry Walk-through tests may also be used c The auditors have a responsibility to determine the operating effectiveness of controls that provide the basis for the auditors' assessment ofcontrol risk at levels below the maximum The auditors use observation, inspection, inquiry, and reperformance to test the operating effectiveness of controls Difficulty: Medium 7-47 Chapter07 - InternalControl 89 Assume that you have assessed inherent risk for an audit area at a very high level While obtaining an understanding ofinternal control, you have determined that it appears to be very strong Nonetheless, due to the large number of transactions involved, you have chosen not to test controls in the area a At what level will the planned assessed level ofcontrol risk be established? b Describe the scope of tests of controls that will be performed c At what level will the assessed level ofcontrol risk be established? d What must be documented in the working papers relating to internal control? e At what level will detection risk be established? f Describe the required scope of substantive procedures, if any Make certain to discuss details of likely nature, timing and extent a Maximum, High or Highest b None will be performed (because control risk is being assessed at the maximum level) c Maximum, High or Highest d Control risk assessed at maximum (or high or highest) level The auditor need not document the reason for assessing control risk at the maximum (we delete points from scores of students who state that the auditor needs to document the reason) e Minimum, low, or lowest f Nature External sources rather than internal Timing Year-end testing rather than interim testing Extent Greatest extent Difficulty: Hard 7-48 ... Medium 7- 24 Chapter 07 - Internal Control 14 After obtaining an understanding of internal control and arriving at a preliminary assessed level of control risk, an auditor decided to perform tests of. .. Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing internal control 7- 10 Chapter 07 - Internal Control 47 Which of the following is least... an auditor's understanding of internal control for planning purposes? A Checklist B Flowchart C Questionnaire D Confirmation 7- 3 Chapter 07 - Internal Control 17 Tests of controls not ordinarily