Collected By : Ch. Yasir Chapter 07 - Internal Control Chapter 07 Internal Control Chapter 07 Internal Control True / False Questions or ne r.i nf o 1. Internal control is concerned with the reliability of financial information. TRUE Difficulty: Easy es c 2. The Foreign Corrupt Practices Act prohibits bribes to foreign corporate officials to obtain business. FALSE pl oy e Difficulty: Hard Difficulty: Easy .e m 3. Incompatible duties exist when an employee is in a position to perpetrate and conceal errors or fraud. TRUE w w 4. Internal auditors should preferably report to the chief accounting officer of the company. FALSE w Difficulty: Medium 5. Well-designed internal control will prevent all fraud by top management. FALSE Difficulty: Easy 1 7-2 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control 6. CPA firms may use written narratives to describe internal control in their audit working papers. TRUE Difficulty: Easy or ne r.i nf o 7. The auditors' communication of internal control significant deficiencies should be addressed only to senior management of the company. FALSE Difficulty: Easy Difficulty: Medium pl oy e es c 8. If the auditors' assessment of the design of internal control reveals that it cannot be relied upon, the auditors are not required to prepare any documentation of internal control for their working papers. FALSE w w Difficulty: Easy .e m 9. The relatively low number of types of transactions incurred by small firms makes the segregation of duties impossible. FALSE w 10. In a financial statement audit, CPAs are required to assess the operating effectiveness of most significant accounting oriented controls. FALSE Difficulty: Medium Multiple Choice Questions 2 7-3 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 11. Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee? A. Management's failure to renegotiate unfavorable long-term purchase commitments. B. Recurring operating losses that may indicate going concern problems. C. Evidence of a lack of objectivity by those responsible for accounting decisions. D. Management's current plans to reduce its ownership equity in the entity. or ne r.i Difficulty: Medium Source: AICPA es c 12. In assessing the objectivity of a client's internal auditors, the CPA would be most likely to consider internal auditor: A. Education levels. B. Experience. C. Organizational status within the company. D. Training and supervisory skills. pl oy e Difficulty: Medium w w .e m 13. In a financial statement audit performed following AICPA Professional Standards, how frequently must an auditor test operating effectiveness of controls that appear to function as they have in past years and on which the auditor wishes to rely upon in the current year? A. Monthly. B. Each audit. C. At least every second audit. D. At least every third audit. w Difficulty: Medium 3 7-4 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control or ne r.i nf o 14. After obtaining an understanding of internal control and arriving at a preliminary assessed level of control risk, an auditor decided to perform tests of controls. The auditor most likely decided that: A. Additional evidence to support a reduction in the assessed level of control risk is not available. B. An increase in the assessed level of control risk is justified for certain financial statement assertions. C. It would be efficient to perform tests of controls that would result in a reduction in planned substantive procedures. D. There were many internal control deficiencies that would allow misstatements to enter the accounting system. Difficulty: Hard Source: AICPA pl oy e es c 15. Which of the following is least likely to be evidence of operating effectiveness of controls? A. Cancelled supporting documents. B. Confirmations of accounts receivable. C. Records documenting usage of computer programs. D. Signatures on authorization forms. Difficulty: Hard w w w .e m 16. Which of the following is not ordinarily a procedure for documenting an auditor's understanding of internal control for planning purposes? A. Checklist. B. Flowchart. C. Questionnaire. D. Confirmation. Difficulty: Easy 4 7-5 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control 17. Tests of controls do not ordinarily address: A. By whom a control was applied. B. How a control was applied. C. The consistency with which a control was applied. D. The cost effectiveness of the way a control was applied. nf o Difficulty: Hard es c or ne r.i 18. Which is most likely when the assessed level of control risk increases? A. Change from performing substantive procedures at year-end to an interim date. B. Perform substantive procedures directed inside the entity rather than tests directed toward parties outside the entity. C. Use the maximum number of dual purpose tests. D. Use larger sample sizes for substantive procedures. Difficulty: Medium .e m pl oy e 19. Which of the following must the auditor communicate to the audit committee? A. Significant deficiencies and material weaknesses. B. Only significant deficiencies. C. Only material weaknesses. D. Neither significant deficiencies nor material weaknesses. Difficulty: Medium w w w 20. A client's internal control appears strong, but the CPA has elected not to perform any tests of controls. The planned assessed level of control risk is at what level? A. Zero. B. Low. C. Moderate. D. Maximum. Difficulty: Hard 5 7-6 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control 21. Which of the following would be least likely to be regarded as a test of a control? A. Tests of the additions to property by physical inspection. B. Comparisons of the signatures on cancelled checks to the authorized check signer list. C. Tests of signatures on purchase orders. D. Recalculation of payroll deductions. nf o Difficulty: Hard es c or ne r.i 22. Which of the following is not considered one of the five major components of internal control? A. Risk assessment. B. Segregation of duties. C. Control activities. D. Monitoring. Difficulty: Medium w w Difficulty: Easy .e m pl oy e 23. Which of the following statements is correct concerning the understanding of internal control needed by auditors? A. The auditors must understand the information system, not the accounting system. B. The auditors must understand monitoring and all preliminary accounting controls. C. The auditors must have a sufficient understanding to assess the risks of material misstatement. D. The auditors must understand the control environment, risk assessment, and all control activities. w 24. The effectiveness of controls is not generally tested by: A. Inspection of documents and reports. B. Performance of analytical procedures. C. Observation of the application of accounting policies and procedures. D. Inquiries of appropriate client personnel. Difficulty: Medium 6 7-7 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 25. On financial statement audits, it is required that the auditors obtain an understanding of internal control, including: A. Its operating effectiveness. B. Whether it has been implemented (placed in operation). C. Performing tests of controls for all material controls. D. Its ability to provide reasonable assurance. Difficulty: Medium es c or ne r.i 26. A significant deficiency: A. Differs from a material weakness in that it involves internal control over operations rather than internal control over financial reporting. B. Involves an amount of discovered misstatements greater than the amount used as the planning measure of materiality. C. Is identical to a material weakness except that it need not be communicated to those responsible for oversight of the company's financial reporting. D. Is less severe than a material weakness. pl oy e Difficulty: Medium w w .e m 27. This organization developed a set of criteria that provide management with a basis to evaluate controls not only over financial reporting, but also over the effectiveness and efficiency of operations and compliance with laws and regulations: A. Foreign Corrupt Practices Corporation. B. Committee of Sponsoring Organizations. C. Cohen Commission. D. Financial Accounting Standards Board. w Difficulty: Medium 7 7-8 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 28. Which of the following is most likely to be considered a risk assessment procedure relating to internal control? A. Confirm accounts receivable. B. Perform a test of a control relating to payroll. C. Take test counts of the year-end inventory. D. Trace a transaction through the information system relevant to financial reporting. Difficulty: Hard es c or ne r.i 29. Which statement is correct concerning the definition of internal control developed by the Committee of Sponsoring Organizations (COSO)? A. Its applicability is largely limited to internal auditing applications. B. It is recognized in the Statements on Auditing Standards. C. It emphasizes the effectiveness and efficiency of operations over the reliability of financial reporting. D. It suggests that it is important to view internal control as an end product as contrasted to a process or means to obtain an end. pl oy e Difficulty: Hard w w .e m 30. The definition of internal control developed by the Committee of Sponsoring Organizations (COSO) includes controls related to the reliability of financial reporting, the effectiveness and efficiency of operations, and: A. Compliance with applicable laws and regulations. B. Effectiveness of prevention of fraudulent occurrences. C. Safeguarding of entity equity. D. Incorporation of ethical business practice standards. w Difficulty: Medium 8 7-9 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 31. Which statement is correct concerning the relevance of various types of controls to a financial statement audit? A. An auditor may ordinarily ignore the consideration of controls when a substantive audit approach is used. B. Controls over the reliability of financial reporting are ordinarily most directly relevant to an audit, but other controls may also be relevant. C. Controls over safeguarding assets and liabilities are of primary importance, while controls over the reliability of financial reporting may also be relevant. D. All controls are ordinarily relevant to an audit. or ne r.i Difficulty: Hard es c 32. Which of the following is not a component of the control environment? A. Integrity and ethical values. B. Risk assessment. C. Commitment to competence. D. Organizational structure. pl oy e Difficulty: Medium w w .e m 33. Which of the following is not ordinarily considered a factor indicative of increased financial reporting risk when an auditor is considering a client's risk assessment policies? A. Salaried sales personnel. B. Implementation of a new information system. C. Rapid growth of the organization. D. Corporate restructuring. Difficulty: Medium w 34. The Sarbanes-Oxley Act of 2002 requires that the audit committee: A. Annually reassess control risk using information from the CPA firm. B. Be directly responsible for the appointment, compensation and oversight of the work of the CPA firm. C. Require that the company's CPA firm rotate the partner in charge of the audit. D. Review the level of management compensation. Difficulty: Medium 9 7-10 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 35. When tests of controls reveal that controls are operating as anticipated, it is most likely that the assessed level of control risk will: A. Be less than the preliminary assessed level of control risk. B. Equal the preliminary assessed level of control risk. C. Equal the actual control risk. D. Be less than the actual control risk. Difficulty: Hard es c or ne r.i 36. Under which circumstance is it likely that the extent of substantive procedures will be expanded beyond that anticipated in the audit plan? A. The auditors have determined that controls have been implemented (placed in operation) but, in accordance with the audit plan, have performed no tests of controls. B. Certain controls do not leave a trail of documentary evidence. C. Deviation rates were greater than zero and approached anticipated levels. D. The operating effectiveness of certain controls was found to be less than expected, although no material misstatements were identified. pl oy e Difficulty: Hard .e m 37. The provisions of the Foreign Corrupt Practices Act apply to: A. All U.S. corporations. B. All U.S. corporations that engage in foreign operations. C. All corporations that must file under the Securities Exchange Act of 1934. D. All U.S. partnerships and corporations. w w Difficulty: Medium w 38. If the auditors do notperform tests of controls for certain assertions: A. They have performed a substandard audit. B. They are not required to communicate significant deficiencies relating to those accounts to management and the board of directors. C. They must issue a qualified opinion. D. They must assess control risk at the maximum level for those assertions. Difficulty: Medium 10 7-11 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 39. During financial statement audits, the auditors' consideration of their clients' internal control is integral to both assess the risk of material misstatement and to: A. Assess inherent risk. B. Design further audit procedures. C. Assess compliance with the Foreign Corrupt Practices Act. D. Provide a reasonable basis for an opinion on compliance with applicable laws. Difficulty: Easy Difficulty: Medium pl oy e es c or ne r.i 40. Which of the following comes closest to outlining the auditors' responsibility for considering internal control in all financial statement audits? A. An understanding of the control environment, information and communication, risk assessment and monitoring is necessary; an understanding of control activities is only necessary for areas in which the auditor is performing tests of controls. B. The auditor must obtain an understanding of each of the five internal control components sufficient to assess the risks of material misstatement for the audit. C. When tests of controls have been performed, control risk must be assessed at a level less than the maximum. D. An understanding of the control environment is necessary, but no understanding of the other components is necessary unless control risk is to be assessed at a level less than the maximum. w w w .e m 41. Which of the following is not a primary procedure auditors use to obtain sufficient knowledge about the design of the relevant controls and to determine whether they have been implemented (placed in operation)? A. Previous experience with the entity. B. Inquiries of appropriate management personnel. C. Performance of substantive procedures. D. Inspection of document and records. Difficulty: Medium 11 7-12 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 42. A control deficiency that is less severe than a material weakness, but important enough to merit attention by those responsible for oversight of the company's financial reporting is referred to as a(n): A. Control deficiency. B. Inherent limitation. C. Reportable deficiency. D. Significant deficiency. or ne r.i Difficulty: Medium es c 43. For effective internal control, which of the following functions should not be assigned to the company's accounting department? A. Reconciling accounting records with existing assets. B. Recording financial transactions. C. Signing payroll checks. D. Preparing financial reports. pl oy e Difficulty: Medium w w w Difficulty: Hard .e m 44. Which of the following is not a responsibility that should be assigned to a company's internal audit department? A. Evaluating internal control. B. Approving disbursements. C. Reporting on the effectiveness of operating segments. D. Investigating potential merger candidates. 12 7-13 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 45. Which of the following is true about the auditors' consideration of internal control in a financial statement audit? A. The auditors must assess control risk at a level lower than the maximum. B. The auditors must prepare a flowchart description of internal control for their working papers. C. The auditors must obtain an understanding of the steps in processing major types of transactions. D. The auditors must perform tests of controls. or ne r.i Difficulty: Medium Difficulty: Medium pl oy e es c 46. Which of the following is an advantage of describing internal control through the use of a standardized questionnaire? A. Questionnaires highlight weaknesses in the system. B. Questionnaires are more flexible than other methods of describing internal control. C. Questionnaires usually identify situations in which internal control weaknesses are compensated for by other strengths in the system. D. Questionnaires provide a clearer and more specific portrayal of a client's system than other methods of describing internal control. w w .e m 47. Which of the following is least likely to be considered a risk assessment procedure relating to internal control? A. Counting marketable securities at year-end. B. Inquiries of client personnel. C. Inspecting documents and reports. D. Observing the application of specific controls. w Difficulty: Hard 13 7-14 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control 48. Which of the following is least likely to be considered a risk assessment procedure? A. Analytical procedures. B. Inspection of documents. C. Observation of the counting of inventory. D. Observation of the performance of certain accounting procedures. nf o Difficulty: Hard es c or ne r.i 49. Which of the following is not a factor that is considered a part of the client's overall control environment? A. The organizational structure. B. The information system. C. Management philosophy and operating style. D. Board of directors. Difficulty: Medium .e m pl oy e 50. Which of the following would be least likely to be considered a benefit of effective internal control? A. Eliminating all employee fraud. B. Restricting access to assets. C. Detecting ineffectiveness. D. Ensuring authorization of transactions. w w Difficulty: Medium w 51. After documenting the client's prescribed internal control, the auditors will often perform a walk-through of each transaction cycle. An objective of a walk-through is to: A. Verify that the controls have been implemented (placed in operation). B. Replace tests of controls. C. Evaluate the major strengths and weaknesses in the client's internal control. D. Identify weaknesses to be communicated to management in the management letter. Difficulty: Medium 14 7-15 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control 52. The major components of internal control include all of the following, except: A. Risk assessment. B. The control environment. C. Internal auditing. D. Control activities. nf o Difficulty: Medium es c or ne r.i 53. Which of the following is correct with respect to control deficiencies discovered during an audit? A. Auditors must communicate and recommend corrections relating to all material weaknesses in internal control to management. B. All material weaknesses in internal control should be reported to the audit committee. C. All such matters must be communicated to the audit committee and regulatory agencies. D. All control deficiencies are also significant deficiencies. Difficulty: Hard w w .e m pl oy e 54. After considering the client's internal control the auditors have concluded that it is well designed and is functioning as anticipated. Under these circumstances the auditors would most likely: A. Cease to perform further substantive procedures. B. Reduce substantive procedures in areas where the internal control was found to be effective. C. Increase the extent of anticipated analytical procedures. D. Perform all tests of controls to the extent outlined in the preplanned audit program. w Difficulty: Easy Source: AICPA 15 7-16 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 55. The use of fidelity bonds protects a company from embezzlement loses and also: A. Minimizes the possibility of employing persons with dubious records in positions of trust. B. Reduces the company's need to obtain expensive business interruption insurance. C. Allows the company to substitute the fidelity bonds for various parts of internal control. D. Protects employees who made unintentional errors from possible monetary damages resulting from such errors. or ne r.i Difficulty: Medium Source: AICPA es c 56. The independent auditors might consider the procedures performed by the internal auditors because: A. They are employees whose work must be reviewed during substantive testing. B. They are employees whose work might affect the independent auditors' work. C. Their work impacts upon the cost/benefit tradeoff in evaluating inherent limitations. D. Their degree of independence may be inferred by the nature of their work. pl oy e Difficulty: Medium Source: AICPA w w w Difficulty: Easy Source: AICPA .e m 57. In the consideration of internal control, the operating effectiveness of controls is tested by: A. Flowcharts verification. B. Tests of controls. C. Substantive procedures. D. Decision tables. 16 7-17 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 58. The auditors who become aware of an internal control significant deficiency are required to communicate this to the: A. Client's legal counsel. B. Compensation committee. C. Audit committee. D. Internal auditors. or ne r.i Difficulty: Medium Source: AICPA es c 59. A material weakness involves an amount that could result in a misstatement that is A. Smaller than inconsequential. B. Larger than inconsequential. C. Tolerable. D. Material. Difficulty: Medium .e m pl oy e 60. At least what level of probability of a material misstatement is required for a control deficiency to be considered a material weakness? A. More than remote. B. Probable. C. Reasonable possibility. D. Sufficient. w w Difficulty: Medium w 61. A situation in which the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect material misstatements on a timely basis is referred to as a: A. Control deficiency. B. Material weakness. C. Reportable condition. D. Significant deficiency. Difficulty: Medium 17 7-18 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 62. To provide for the greatest degree of independence in performing internal auditing functions, an internal auditor most likely should report to the: A. Financial vice-president. B. Corporate controller. C. Audit committee. D. Corporate stockholders. or ne r.i Difficulty: Medium Source: AICPA es c 63. Well-designed internal control that is functioning effectively is most likely to detect an fraud arising from: A. The fraudulent action of several employees. B. The fraudulent action of an individual employee. C. Informal deviations from the official organization chart. D. Management fraud. pl oy e Difficulty: Medium Source: AICPA .e m 64. The program flowcharting symbol representing a decision is a: A. Triangle. B. Circle. C. Rectangle. D. Diamond. w w Difficulty: Medium Source: AICPA w 65. Controls are not designed to provide assurance that: A. Transactions are executed in accordance with management's authorization. B. Fraud will be eliminated. C. Access to assets is permitted only in accordance with management's authorization. D. The recorded accountability for assets is compared with the existing assets at reasonable intervals. Difficulty: Medium Source: AICPA 18 7-19 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 66. The scope of substantive procedures as compared to the scope of tests of controls generally vary: A. In a parallel manner. B. Inversely. C. Directly. D. Equally. or ne r.i Difficulty: Medium Source: AICPA es c 67. Which of the following is least likely to be a factor that might indicate to an auditor that an identified risk of misstatement requires special audit consideration? A. Complex calculations are involved. B. The rate of technological change is moderate in the industry. C. The potential for fraud seems high. D. Various subjective methods of application of a key accounting policy exist. pl oy e Difficulty: Easy .e m 68. Which of the following audit tests would be regarded as a test of a control? A. Tests of the specific items making up the balance in a given general ledger account. B. Tests confirming receivables. C. Tests of the signatures on canceled checks to board of director's authorizations. D. Tests of the additions to property, plant, and equipment by physical inspection. w w Difficulty: Medium Source: AICPA w 69. If the independent auditors decide that the work performed by the internal auditors may have a bearing on their own procedures, they should consider the internal auditors': A. Competence and objectivity. B. Efficiency and experience. C. Independence and review skills. D. Training and supervisory skills. Difficulty: Medium Source: AICPA 19 7-20 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 70. In the consideration of internal control, the auditor is basically concerned that it provides reasonable assurance that: A. Management can not override the system. B. Operational efficiency has been achieved in accordance with management plans. C. Misstatements have been prevented or detected. D. Controls have not been circumvented by collusion. or ne r.i Difficulty: Medium Source: AICPA es c 71. Which of the following is least likely to be considered an appropriate response relating to risks the auditors identify at the financial statement level? A. Assign more experienced staff. B. Incorporate additional elements of unpredictability in the selection of audit procedures. C. Increase the scope of auditor procedures. D. Emphasize the need to remain neutral, rather than to exercise professional skepticism. pl oy e Difficulty: Easy .e m 72. In assessing the competence of a client's internal auditor, an independent auditor most likely would consider the A. Internal auditor's compliance with professional internal auditing standards. B. Client's policies that limit the internal auditor's access to management salary data. C. Evidence supporting a further reduction in the assessed level of control risk. D. Results of ratio analysis that may identify unusual transactions and events. w w Difficulty: Medium Source: AICPA w 73. Which of the following factors would most likely be considered an inherent limitation to an entity's internal control? A. The complexity of the information processing system. B. Human judgment in the decision making process. C. The ineffectiveness of the board of directors. D. The lack of management incentives to improve the control environment. Difficulty: Medium Source: AICPA 20 7-21 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 74. Proper segregation of duties reduces the opportunities to allow any employee to be in a position to both A. Journalize cash receipts and disbursements and prepare the financial statements. B. Monitor internal controls and evaluate whether the controls are operating as intended. C. Adopt new accounting pronouncements and authorize the recording of transactions. D. Record and conceal fraudulent transactions in the normal course of assigned tasks. or ne r.i Difficulty: Easy Source: AICPA es c 75. Which of the following is intended to detect deviations from prescribed controls? A. Substantive procedures specified by a standardized audit program. B. Tests of controls designed specifically for the client. C. Analytical procedures as set forth in an industry audit guide. D. Computerized analytical procedures tailored for the configuration of the computer equipment in use. pl oy e Difficulty: Medium Source: AICPA w w .e m 76. An auditor's purpose for performing tests of controls is to provide reasonable assurance that: A. Controls are operating effectively. B. The risk that the auditor may unknowingly fail to modify the opinion on the financial statements is minimized. C. Transactions are executed in accordance with management's authorization and access to assets is limited by a segregation of functions. D. Transactions are recorded as necessary to permit the preparation of the financial statements in conformity with generally accepted accounting principles. w Difficulty: Medium Source: AICPA 21 7-22 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 77. Of the following statements about internal control, which one is not valid? A. No one person should be responsible for the custodial responsibility and the recording responsibility for an asset. B. Transactions must be properly authorized before such transactions are processed. C. Because of the cost/benefit relationship, a client may apply control procedures on a test basis. D. Control activities reasonably insure that collusion among employees can not occur. or ne r.i Difficulty: Easy Source: AICPA es c 78. Tests of controls are most likely to be performed when: A. Controls seem weak and must be properly documented. B. Inadequate substantive procedures exist to restrict audit risk to an acceptable level. C. The auditor wishes to assess control risk at the maximum. D. The client's control environment appears weak. pl oy e Difficulty: Hard .e m 79. Which of the following would be least likely to be included in an auditor's tests of controls? A. Inspection. B. Observation. C. Inquiry. D. Analytical procedures. w w Difficulty: Medium Source: AICPA w 80. The internal control provisions of the Sarbanes-Oxley Act of 2002 apply to which companies in the United States: A. All companies. B. SEC registrants. C. Only those companies included in the Fortune 500. D. All nonpublic companies. Difficulty: Medium 22 7-23 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 81. An integrated audit performed under Section 404b of the Sarbanes-Oxley Act addresses financial statements and: A. Compliance with laws. B. Internal control over asset safeguarding. C. Internal control over financial reporting. D. Suitable criteria. Difficulty: Medium es c or ne r.i 82. A report on internal control performed in accordance with PCAOB Standard No. 2 includes an opinion on internal control for: A. The entire year. B. The prior quarter. C. The "as of date." D. The end of each quarter. Difficulty: Hard .e m pl oy e 83. When performing an audit of internal control under PCAOB requirements, auditors evaluate control: w w w A. Option A B. Option B C. Option C D. Option D Difficulty: Medium 23 7-24 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control nf o 84. When performing an internal control audit under PCAOB requirements, one or more material weaknesses in internal control that exist at year-end may result in what type of report(s): or ne r.i A. Option A B. Option B C. Option C D. Option D Difficulty: Hard .e m A. Option A B. Option B C. Option C D. Option D pl oy e es c 85. When performing an internal control audit under PCAOB standards, one or more material weaknesses in internal control that exist at year-end may result in what type of report(s): w w w Difficulty: Medium 24 7-25 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control Essay Questions nf o 86. Independent auditors should consider the work of internal auditors in their assessment of control risk. a. Are internal auditors independent of management? Explain. b. What is the difference between the primary objective of the independent auditors and that of internal auditors? Explain. c. Discuss the factors that should be considered by the independent auditors in deciding how much, if any, reliance should be placed on the work of the internal auditors. es c or ne r.i a. No. However, internal auditors may achieve independence from departments they evaluate by reporting to a senior officer or the board of directors. b. The independent auditors' objective is to express an opinion on the client's financial statements. The internal auditors' primary objective is to aid management in achieving the most efficient and effective administration of the business. c. In deciding the degree of reliance to be placed on the work of the internal auditors, the independent auditors should consider the competence and objectivity of the internal auditors, and evaluate their work. pl oy e Difficulty: Hard 87. Auditors are required to consider a client's internal control. a. Describe the two purposes of the auditors' consideration of a client's internal control. b. Even the best internal control has certain limitations. List three of those limitations. w w w .e m a. The auditors' consideration of their clients' internal control is integral to both (1) to assess the risks of material misstatement in the financial statements and (2) to design the nature, timing and extent of further audit procedures. b. The limitations of internal control include (only three required): Carelessness. Misunderstanding of instructions. Top management may override the system Collusion among employees may circumvent controls dependent upon segregation of duties. Cost considerations often limit the effectiveness of the design of the structure. Difficulty: Medium 25 7-26 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control 88. When considering a client's internal control, the auditors focus on its various characteristics. For each of the following characteristics indicate the auditors' responsibility under generally accepted auditing standards and the procedures used to meet that responsibility. a. The design of internal control. b. Controls have been implemented (placed in operation). c. The operating effectiveness of controls. w w w .e m Difficulty: Medium pl oy e es c or ne r.i nf o a. The auditors have a responsibility to obtain an understanding of internal control that is sufficient to plan the audit. An understanding of the design of the structure is obtained by inspecting control manuals, organization charts, and job descriptions, and by interviewing client personnel. b. The auditors have a responsibility to determine whether significant internal control policies and procedures are implemented (placed in operation) in every audit. The auditors may determine whether the controls have been implemented (placed in operation) by observation, inspection, and inquiry. Walk-through tests may also be used. c. The auditors have a responsibility to determine the operating effectiveness of controls that provide the basis for the auditors' assessment of control risk at levels below the maximum. The auditors use observation, inspection, inquiry, and reperformance to test the operating effectiveness of controls. 26 7-27 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 07 - Internal Control or ne r.i nf o 89. Assume that you have assessed inherent risk for an audit area at a very high level. While obtaining an understanding of internal control, you have determined that it appears to be very strong. Nonetheless, due to the large number of transactions involved, you have chosen not to test controls in the area. a. At what level will the planned assessed level of control risk be established? b. Describe the scope of tests of controls that will be performed. c. At what level will the assessed level of control risk be established? d. What must be documented in the working papers relating to internal control? e. At what level will detection risk be established? f. Describe the required scope of substantive procedures, if any. Make certain to discuss details of likely nature, timing and extent. pl oy e es c a. Maximum, High or Highest. b. None will be performed (because control risk is being assessed at the maximum level). c. Maximum, High or Highest d. Control risk assessed at maximum (or high or highest) level. The auditor need not document the reason for assessing control risk at the maximum (we delete points from scores of students who state that the auditor needs to document the reason). e. Minimum, low, or lowest f. Nature--External sources rather than internal Timing--Year-end testing rather than interim testing. Extent--Greatest extent w w w .e m Difficulty: Hard 27 7-28 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 10 Internal Control Multiple-Choice Questions Which of the following is responsible for establishing a private company’s internal control? a. Management. b. Auditors. c. Management and auditors. d. Committee of Sponsoring Organizations. 2. easy d Which of the following is not one of the three primary objectives of effective internal control? a. Reliability of financial reporting b. Efficiency and effectiveness of operations c. Compliance with laws and regulations d. Assurance of elimination of business risk. 3. (Public) easy b The Public Company Accounting Oversight Board states that reasonable assurance allows a: a. small likelihood of ineffective internal controls. b. remote likelihood that material misstatements will not be prevented or detected by internal control. c. likelihood that material misstatements will not be prevented or detected by internal control. d. high likelihood that material misstatements will not be prevented or detected by internal control. 4. easy c Two are: a. b. c. d. 5. easy a Internal controls can never be considered as absolutely effective because: a. their effectiveness is limited by the competency and dependability of employees. b. not all organizations have internal audit departments. c. controls are designed to prevent and detect only material misstatements. d. internal controls prevent separation of duties. or ne r.i es c pl oy e key concepts that underlie management’s design and implementation of internal control .e m costs and materiality. absolute assurance and costs. inherent limitations and reasonable assurance. collusion and materiality. w w w 6. easy d nf o 1. easy a A major control available in a small company, which might not be feasible in a big company, is: a. a wider segregation of duties. b. a voucher system. c. fewer transactions to process. d. the owner-manager’s personal interest and close relationship with personnel. 7. (Public) easy a Which of the following is responsible for establishing internal controls for a public company? a. Management. b. The PCAOB. c. Management and auditors. d. Committee of Sponsoring Organizations. 8. medium a Which of the following parties provides an assessment of the effectiveness of internal control over financial reporting for public companies? Arens/Elder/Beasley 28 Share By : Faisal Qureshi Collected By : Ch. Yasir a. b. c. d. Management Yes No Yes No Financial statement auditors Yes No Yes No An act of two or more employees to steal assets or misstate records is frequently referred to as: a. collusion. b. a material weakness. c. a control deficiency. d. a significant deficiency. 10. easy c When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be: a. tracing. b. vouching. c. performing a walk-through. d. testing controls. 11. (SOX) easy c Which section of the Sarbanes-Oxley Act requires management to issue an internal control report? a. 202 b. 203 c. 404 d. 408 12. (SOX) easy a Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements? a. A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. b. A statement that management and the board of directors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. c. A statement that management, the board of directors, and the external auditors are jointly responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting. d. A statement that the external auditors are solely responsible. es c pl oy e .e m When management is evaluating the design of internal control, management evaluates whether the control can do which of the following? w w w 13. (SOX) easy c or ne r.i nf o 9. easy a Detect material misstatements a. Yes b. No c. Yes d. No Correct material misstatements Yes No No Yes 14. (SOX) easy b Internal control reports issued by public companies must identify the framework used to evaluate the effectiveness of internal control. Which of the following is the most common framework in the U.S.? a. Effective Internal Control Framework - AICPA b. Internal Control - Integrated Framework - COSO c. Enterprise Internal Control - COSO d. Enterprise Internal Control - AICPA 15. (Public) When one material weakness is present at the end of the year, management of a public company Arens/Elder/Beasley 29 Share By : Faisal Qureshi Collected By : Ch. Yasir must conclude that internal control over financial reporting is: a. insufficient. b. inadequate. c. ineffective. d. inefficient. 16. (Public) easy a The auditor’s tests to understand the client’s internal controls might include which of the following types of procedures? a. b. c. d. Observation of employees Yes No Yes No Inquiries of personnel Yes No No Yes nf o easy c Which of management’s concerns with respect to implementing internal controls is the auditor primarily concerned? a. Efficiency of operations. b. Reliability of financial reporting. c. Effectiveness of operations. d. Compliance with applicable laws and regulations. 18. easy b Which of the following activities would be least likely to strengthen a company’s internal control? a. Separating accounting from other financial operations. b. Maintaining insurance for fire and theft. c. Fixing responsibility for the performance of employee duties. d. Carefully selecting and training employees. 19. (Public) medium c Management must disclose material weaknesses in internal control: a. whenever the weakness is deemed significant to a single class of transactions. b. whenever the weakness is significant to overall financial reporting objectives. c. if the weakness exists at the end of the year. d. only if the auditor identifies the weakness as significant. 20. easy b When auditing a private company, the auditor should obtain an understanding of internal control sufficient to: a. provide reasonable protection against client fraud and defalcations by client employees. b. assess control risk. c. provide a basis for suggestions to the client for improving the accounting system. d. provide a method for safeguarding assets, checking the accuracy and reliability of accounting data, promoting operational efficiency, and encouraging adherence to prescribed managerial policies. w w .e m pl oy e es c or ne r.i 17. easy b The initial presumption in the audit of a public company is that control risk is: a. low. b. moderate. c. high. d. low or moderate, but not high. 22. In the audit of a private company, the auditor will test controls when control risk is initially assessed at: w 21. (Public) medium a medium c a. b. c. Low Yes No Yes Moderate No No Yes High Yes Yes No Arens/Elder/Beasley 30 Share By : Faisal Qureshi Collected By : Ch. Yasir d. No Yes No The auditor’s study of a public company’s internal control is: a. required by GAAS. b. required by the AICPA. c. required by the Sarbanes-Oxley Act. d. recommended by the AICPA. 24. medium b The auditor’s consideration of a private company’s internal control is: a. required by GAAP. b. required by GAAS. c. required by the IRS. d. recommended by the SEC. 25. medium d Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the: a. adequacy of the computer system. b. proper implementation by management. c. ability of the internal audit staff to maintain it. d. competency and dependability of the people using it. 26. medium c Even with the most effectively designed internal control, the auditor must obtain audit evidence, beyond testing the controls, for every: a. transaction. b. financial statement account. c. material financial statement account. d. financial statement account that will be relied upon by third parties. 27. medium d The essence of an effectively controlled organization lies in the: a. effectiveness of its independent auditor. b. effectiveness of its internal auditor. c. attitude of its employees. d. attitude of its management. 28. (Public) medium c To issue a report on internal control over financial reporting for a public company, an auditor must: a. evaluate management’s assessment process. b. independently assess the design and operating effectiveness of internal control. c. evaluate management’s assessment process and independently assess the design and operating effectiveness of internal control. d. test controls over significant account balances. w w .e m pl oy e es c or ne r.i nf o 23. (Public) medium c w 29. (Public) medium a 30. Medium a Which of the stock exchanges require listed companies to have an audit committee composed entirely of independent directors? a. b. c. d. NYSE Yes No Yes No NASDAQ Yes No No Yes Which of the following factors may increase risks to an organization? a. Geographic dispersion of company operations Yes Presence of new information technologies Yes Arens/Elder/Beasley 31 Share By : Faisal Qureshi Collected By : Ch. Yasir b. c. d. No Yes No No No Yes Which of the following statements is correct with respect to separation of duties? a. Employees should not have temporary and permanent custody of assets. b. Employees who authorize transactions should not have custody of related assets. c. It is permissible to allow an employee to open cash receipts and record those receipts. d. Employees who authorize transactions should have recording responsibility for these transactions. 32. medium b Authorizations can be either general or specific. Which of the following is not an example of a general authorization? a. Automatic reorder points for raw materials inventory. b. A sales manager’s authorization for a sales return. c. Credit limits for various classes of customers. d. A sales price list for merchandise. 33. medium c The most important type of protective measure for safeguarding assets is: a. adequate separation of duties among personnel. b. proper authorization of transactions. c. the use of physical precautions. d. adequate documentation. 34. medium a Which of the following is correct with respect to the design and use of business documents? a. Not all documents used for internal purposes need to be prenumbered. b. Documents should be designed for single purposes only to avoid confusion in their use. c. Documents should be designed to be understandable only by those who use them. d. Documents designed for external use must be prenumbered. 35. (Public) medium a PCAOB Standard 2 requires auditors to evaluate the effectiveness of the audit committee’s oversight of the company’s: Efficiency of operations No No Yes Yes Internal control over financial reporting Yes Yes No No Which of the following is correct? a. Approval is a policy decision implemented by employees. b. Approval occurs as a matter of general policy and includes significant transactions only. c. Authorization is a policy decision for either a general class of transactions or specific transactions. d. Approval should be given by the employee responsible for recording the transaction. w w w 36. medium c External financial reporting Yes No Yes No .e m a. b. c. d. pl oy e es c or ne r.i nf o 31. medium b 37. medium a Which of the following principles is not necessary for the proper design and use of documents and records? a. Designed for a single use to increase efficiency of operations. b. Constructed in a manner that encourages correct preparation. c. Prepared at the time a transaction takes place. d. Designed for multiple uses to increase efficiency of operations. 38. medium b Narratives, flowcharts, and internal control questionnaires are three common methods of: a. testing the internal controls. b. documenting the auditor’s understanding of internal controls. Arens/Elder/Beasley 32 Share By : Faisal Qureshi Collected By : Ch. Yasir c. d. designing the audit manual and procedures. documenting the auditor’s understanding of a client’s organizational structure. _____ deal with ongoing or periodic assessment of the quality of internal control by management. a. Quality monitoring activities b. Monitoring activities c. Oversight activities d. Management activities 40. (Public) medium c Smaller public companies face challenges implementing effective internal control due to ______. a. a lack of expertise b. reduced importance c. limited resources d. limited available guidance 41. medium a Which of the following is not one of the levels of an absence of internal controls? a. Major deficiency. b. Material weakness. c. Significant deficiency. d. Control deficiency. 42. medium a Which of the following is the correct definition of “control deficiency?” a. A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis. b. A control deficiency exists if one or more deficiencies exist that adversely affect a company’s ability to prepare external financial statements reliably. c. A control deficiency exists if the design or operation of controls results in a more than remote likelihood that controls will not prevent or detect misstatements. d. A control deficiency exists if the design or operation of controls results in a more than probable likelihood that controls will prevent or detect misstatements. 43. medium c A(n) _______ deficiency exists if a necessary control is missing or not properly formulated. a. control b. significant c. design d. operating or ne r.i es c pl oy e .e m To determine if significant internal control deficiencies are material weaknesses, they must be evaluated on their: w w w 44. medium a nf o 39. medium b 45. medium d a. b. c. d. Likelihood Yes No Yes No Significance Yes No No Yes The purpose of an entity’s accounting information and communication system is to ______. a. b. c. d. Monitor transactions Yes No Yes No Record and process transactions Yes No No Yes Initiate transactions Yes No No Yes Arens/Elder/Beasley 33 Share By : Faisal Qureshi Collected By : Ch. Yasir A procedure that would most likely be used by an auditor in performing tests of control procedures that involve segregation of functions and that leave no transaction trail is: a. inspection. b. observation. c. reperformance. d. reconciliation. 47. medium b If the results of tests of controls support the design and operations of controls as expected, the auditor uses ____ control risk as the preliminary assessment. a. a lower b. the same c. a higher d. either a lower or higher 48. medium b Internal controls normally include procedures designed to provide reasonable assurance that: a. employees act with integrity when performing their assigned tasks. b. transactions are executed in accordance with management’s authorization. c. decision processes leading to management’s authorization of transactions are sound. d. collusive activities would be detected by segregation of employee duties. 49. medium d Which of the following is correct? a. A significant deficiency is always a material weakness. b. A control deficiency is always a material weakness. c. A material weakness is less significant that a control deficiency. d. A material weakness is always a significant deficiency. 50. medium d Which of the following is not a likely procedure to support the operating effectiveness of internal controls? a. Inquiry of client personnel. b. Observation of control-related activities. c. Reperformance of client procedures. d. Completing an internal control questionnaire. 51. (Public) medium a Before making the final assessment of internal control at the end of an integrated audit, the auditor must: .e m pl oy e es c or ne r.i nf o 46. medium b w w a. b. c. d. Test controls Yes No Yes No Perform substantive tests of details Yes No No Yes Significant deficiencies and material weaknesses in internal control of a public company must be reported to which of the following? a. The Public Company Accounting Oversight Board. b. Members of management who are responsible for the related area of the company. c. Audit committee of the company’s board of directors. d. The AICPA. 53. medium d Of the following statements about internal controls, which one is not valid? a. No one person should be responsible for the custodial responsibility and the recording responsibility for an asset. b. Transactions must be properly authorized before such transactions are processed. c. Because of the cost-benefit relationship, a client may apply controls on a test basis. d. Control procedures reasonably ensure that collusion among employees cannot occur. w 52. (Public) medium c Arens/Elder/Beasley 34 Share By : Faisal Qureshi Collected By : Ch. Yasir Which of the following best describes the inherent limitations that should be recognized by an auditor when considering the potential effectiveness of internal control? a. Procedures that depend on segregation of duties can be circumvented by collusion. b. Competent and honest client personnel provide an environment conducive to accounting control and provide absolute assurance that effective control will be achieved. c. Procedures designed to assure the execution and recording of transactions in accordance with proper authorizations are effective against irregularities perpetrated by management. d. The benefits expected to be derived from effective internal accounting control usually do not exceed the costs of such control. 55. medium c Which of the following is not one of the subcomponents of the control environment? a. Management’s philosophy and operating style. b. Organizational structure. c. Adequate separation of duties. d. Commitment to competence. 56. medium b It is important for the CPA to consider the competence of the clients’ personnel because their competence bears directly and importantly upon the: a. cost/benefit relationship of the system of internal control. b. achievement of the objectives of internal control. c. comparison of recorded accountability with assets. d. timing of the tests to be performed. 57. medium a Audit evidence concerning proper segregation of duties normally is best obtained by: a. direct personal observation of the employee who applies control procedures. b. making inquiries of co-workers about the employee who applies control procedures. c. preparation of a flowchart of duties performed and available personnel. d. inspection of third-party documents containing the initials of who applied control procedures. 58. medium b Proper segregation of functional responsibilities calls for separation of: a. authorization, execution, and payment. b. authorization, recording, and custody. c. custody, execution, and reporting. d. authorization, payment, and recording. 59. medium a Internal controls are not designed to provide reasonable assurance that: a. all frauds will be eliminated. b. transactions are executed in accordance with management’s authorization. c. access to assets is permitted only in accordance with management’s authorization. d. company personnel comply with applicable rules and regulations. w w .e m pl oy e es c or ne r.i nf o 54. medium a w 60. medium d 61. medium b Which of the following statements about auditor documentation of the client’s internal controls is correct? a. Documentation must include flow charts. b. Documentation must include procedural write-ups. c. No documentation is necessary although it is desirable. d. No one particular form of documentation is necessary. Significant deficiencies are matters that come to an auditor’s attention and should be communicated to an entity’s audit committee because they represent: a. material frauds perpetrated by high-level management. b. internal control deficiencies that could adversely affect a company’s ability to initiate, record, process, or report external financial statements reliably. c. flagrant violations of the entity’s documented conflict-of-interest policies. d. intentional attempts by client personnel to limit the scope of the auditor’s field work. Arens/Elder/Beasley 35 Share By : Faisal Qureshi Collected By : Ch. Yasir How must significant deficiencies and material weaknesses be communicated to those charged with governance? a. Either oral or written communication is acceptable. b. Oral communication is required. c. Written communication is required. d. Written communication is required for material weaknesses, but oral communication is allowed for significant deficiencies. 63. challenging a Which of the following statements, if any, is correct? a. The NASDAQ market requires listed companies to have audit committees that have only independent directors. b. The NASDAQ market requires listed companies to have audit committees that have a minority of the positions held by independent directors. c. The NASDAQ market recommends, but does not require, listed companies to have audit committees. d. The NASDAQ market recommends, but does not require, listed companies to have audit committees that have a minority of the positions held by independent directors. 64. (SOX) challenging a The Sarbanes-Oxley Act requires: a. all public companies to issue reports on internal controls. b. all public companies to define adequate internal controls. c. the auditor of public companies to design effective ICFR. d. the auditor of public companies to provide recommendations to correct material weaknesses. 65. challenging d When considering internal control, an auditor should be aware of the concept of reasonable assurance, which recognizes that the: a. segregation of incompatible functions is necessary to ascertain that internal control is effective. b. employment of competent personnel provides assurance that the objectives of internal control will be achieved. c. establishment and maintenance of internal control is an important responsibility of the management and not of the auditor. d. costs of internal control should not exceed the benefits expected to be derived from internal control. 66. challenging a The financial statements are not likely to correctly reflect GAAP if the: a. controls affecting the reliability of financial reporting are inadequate. b. company’s controls do not promote efficiency. c. company’s controls do not promote effectiveness. d. company’s control do not promote compliance with applicable rules and regulations. w w .e m pl oy e es c or ne r.i nf o 62. medium c w 67. challenging a 68. challenging The primary emphasis by auditors is on controls over: a. classes of transactions. b. account balances. c. both a and b, because they are equally important. d. both a and b, because they vary from client to client. d Compared to a public company, the most important difference in a nonpublic company in assessing control risk is the ability to assess control risk at _______ for any or all control-related objectives. a. low b. moderately low c. medium d. high 69. An auditor should consider two key issues when obtaining an understanding of a client’s Arens/Elder/Beasley 36 Share By : Faisal Qureshi Collected By : Ch. Yasir internal controls. These issues are: a. the effectiveness and efficiency of the controls. b. the frequency and effectiveness of the controls. c. the design and utilization of the controls. d. The implementation and efficiency of the controls. 70. challenging c The independent auditor should acquire an understanding of the internal audit function as it relates to the independent auditor’s study and evaluation of internal control because the: a. audit programs, working papers, and reports of internal auditors can often be used as a substitute for the work of the independent auditor’s staff. b. procedures performed by the internal audit staff may eliminate the independent auditor’s need for an extensive study and evaluation of internal control. c. work performed by internal auditors may be a factor in determining the nature, timing, and extent of the independent auditor’s procedures. d. understanding of the internal audit function is an important substantive test to be performed by the independent auditor. 71. challenging c To be effective, an internal audit department must be independent of: a. operating departments. b. the accounting department. c. both a and b. d. either a or b, but not both. 72. challenging d Hanlon Corp. maintains a large internal audit staff that reports directly to the chief financial officer. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably: a. eliminate tests of controls. b. increase the depth of the study and evaluation of administrative controls. c. avoid duplicating the work performed by the internal audit staff. d. place limited reliance on the work performed by the internal audit staff. 73. challenging d External financial statement auditors must obtain evidence regarding what attributes of an internal audit (IA) department if the external auditors intend to rely on IA’s work? a. Integrity b. Objectivity c. Competence d. All of the above es c pl oy e .e m When planning an audit, the auditor’s assessed level of control risk is: a. determined by using actuarial tables. b. calculated by using the audit risk model. c. an economic issue, trading off the costs of testing controls against the cost of testing balances. d. calculated by using the formulas provided in the AICPA’s auditing standards. w w 74. challenging c or ne r.i nf o challenging c When a compensating control exists, the absence of a key control: a. is no longer a concern because there is no longer a significant deficiency or material weakness. b. is still a major concern to the auditor. c. could cause a material loss, so it must be tested using substantive procedures. d. is magnified and must be removed from the sampling process and examined in its entirety. 76. challenging c After considering a client’s internal controls, an auditor has concluded that it is well designed and is functioning as intended. Under these circumstances the auditor would most likely: a. perform tests of controls to the extent outlined in the audit program. b. determine the control procedures that should prevent or detect errors and irregularities. c. not increase the extent of predetermined substantive tests. w 75. challenging a Arens/Elder/Beasley 37 Share By : Faisal Qureshi Collected By : Ch. Yasir d. determine whether transactions are recorded to permit preparation of financial statements in conformity with generally accepted accounting principles. To obtain an understanding of an entity’s control environment, an auditor should concentrate on the substance of management’s policies and procedures rather than their form because: 77. challenging a a. b. c. nf o d. management may establish appropriate policies and procedures but not act on them. the board of directors may not be aware of management’s attitude toward the control environment. the auditor may believe that the policies and procedures are inappropriate for that particular entity. the policies and procedures may be so weak that no reliance is contemplated by the auditor. 78. medium or ne r.i Essay Questions Describe each of the three broad objectives management typically has for internal control. With which of these objectives is the auditor primarily concerned? pl oy e es c Answer: The three objectives are: Reliability of financial reporting. Management has both a legal and professional responsibility to be sure that the information is fairly presented in according with reporting requirements such as GAAP. Efficiency and effectiveness of operations. Controls within an organization are meant to encourage efficient and effective use of its resources to optimize the company’s goals. Compliance with laws and regulations. Public and non-public organizations are required to follow many laws and regulations. Some relate to accounting only indirectly, such as environmental protection and civil rights laws. Others are closely related to accounting, such as income tax regulations and fraud. 79. medium .e m The auditor is primarily concerned with the objective of reliable financial reporting. Briefly describe the responsibilities of management and external auditors for internal controls. Answer: w w w Management is responsible for establishing and maintaining the entity’s internal controls. For public companies, management is also required by Section 404 to publicly report on the operating effectiveness of those controls. In contrast, the auditor’s responsibilities include understanding and testing internal control over financial reporting. For public company clients, the auditor is also required by Section 404 to issue an audit report on management’s assessment of its internal controls, including the auditor’s opinion on the operating effectiveness of those controls. 80. (Public) medium There are four steps in the auditor’s process of understanding internal control and assessing control risk for a public company. Step one is obtain and document an understanding of internal control: design and operation. What are the remaining three steps? Arens/Elder/Beasley 38 Share By : Faisal Qureshi Collected By : Ch. Yasir Answer: The remaining three steps are: Assess control risk. Design, perform, and evaluate tests of controls. Decide planned detection risk and substantive tests. 81. medium Certain principles dictate the proper design and use of documents and records. Briefly describe several of these principles. Answer: Management’s identification and analysis of risk is an ongoing process and is a critical component of effective internal control. An important first step is for management to identify factors that may increase risk. Identify at least five factors, observable by management, which may lead to increased risk in a typical business organization. pl oy e 82. medium es c nf o Documents should be prenumbered consecutively to facilitate control over missing documents and as an aid in locating documents when they are needed at a later date. Documents and records should be prepared at the time a transaction takes place, or as soon as possible thereafter, to minimize timing errors. Documents and records should be designed for multiple uses, when possible, to minimize the number of different forms. For example, a properly designed and used shipping document can be the basis for releasing goods from storage to the shipping department, informing billing of the quantity of goods to bill to the customer and the appropriate billing date, and updating the perpetual inventory records. Documents and records constructed in a manner that encourages correct preparation. This can be done by providing internal checks within the form or record. For example, a document might include instructions for proper routing, blank spaces for authorizations and approvals, and designated column spaces for numerical data. or ne r.i w w .e m Answer: There are many factors that may lead to increased risk in an organization. Some examples include: failure to meet prior objectives, decreasing quality of personnel, increasing geographic dispersion of company operations, increasing significance and complexity of core business processes, introduction of new information technologies, and entrance of new competitors. w 83. medium During a financial statement audit of a private company, three steps must be completed by the auditor before concluding that control risk is low. What are these steps? Answer: The three steps that must be completed by the auditor before concluding that control risk is low are: 1. obtaining an understanding of the control environment, risk assessment procedures, accounting information and communication system, and monitoring methods at a fairly detailed level; 2. identify specific controls that will reduce control risk and make an assessment of control risk; and 3. test the effectiveness of controls. Arens/Elder/Beasley 39 Share By : Faisal Qureshi Collected By : Ch. Yasir 84. medium What are the two primary factors that auditors consider in determining if an entity is auditable? Answer: The two primary factors are the integrity of management and the adequacy of accounting records. 85. medium Define the following terms: control deficiency, significant deficiency, and material weakness. Answer: A significant deficiency exists if one or more control deficiencies exist that results in more than a remote likelihood that a misstatement that is more than inconsequential will not be prevented or detected. A material weakness exists if a significant deficiency, by itself, or in combination with other significant deficiencies, results in a more than remote likelihood that internal control will not prevent or detect material financial statement misstatements. or ne r.i nf o A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis. Describe three inherent limitations of internal control. es c 86. medium The internal control framework developed by COSO includes five so-called “components” of internal control. Discuss each of these five components. .e m 87. medium pl oy e Answer: The effectiveness of internal controls depends on the competency and dependability of the people using it. Inherent limitations of internal control include: employee carelessness, lack of understanding, management override, and collusion. w w w Answer: Five components of internal control are: The control environment. The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management about control and its importance to the company. Risk assessment. This is management’s identification and analysis of risks relevant to the preparation of financial statements in accordance with GAAP. Information and communication. This is the set of manual and/or computerized procedures that identifies, assembles, classifies, analyzes, records, and reports a company’s transactions and maintains accountability for the related assets. Control activities. These are the policies and procedures that help ensure necessary actions are taken to address risks in the achievement of the company’s objectives. Monitoring. This is management’s ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and modified when needed. Arens/Elder/Beasley 40 Share By : Faisal Qureshi Collected By : Ch. Yasir Discuss what is meant by the term “control environment” and identify four control environment subcomponents that the auditor should consider. Answer: The control environment consists of the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about control and its importance to the entity. Subcomponents include integrity and ethical values, commitment to competence, board of directors or audit committee participation, management’s philosophy and operating style, organizational structure, assignment of authority and responsibility and human resource policies and practices. 89. challenging Describe the auditor’s responsibilities related to communications regarding internal control matters. nf o 88. medium 90. challenging es c or ne r.i Answer: The auditor must communicate significant deficiencies and material weaknesses in writing to those charged with governance as soon as they become aware of their existence. The communication is usually addressed to the audit committee and to management. Timely communications may provide management an opportunity to address control deficiencies before management’s report on internal control must be issued. In some instances, deficiencies can be corrected sufficiently early such that both management and the auditor can conclude that controls are operating effectively as of the balance sheet date. The text suggested a five-step approach to identify deficiencies, significant deficiencies, and material weaknesses. Describe this approach. pl oy e Answer: w w w .e m 1. Identify existing controls. Because deficiencies and material weaknesses are the absence of adequate controls, the auditor must first know which controls exist. 2. Identify the absence of key controls. Internal control questionnaires, flowcharts, and walkthroughs are useful tools to identify where controls are lacking and the likelihood of misstatement is therefore increased. 3. Consider the possibility of compensating controls. A compensating control is one elsewhere in the system that offsets the absence of a key control. When a compensating control exists, there is no longer a significant deficiency or material weakness. 4. Decide whether there is a significant deficiency or material weakness. The likelihood of misstatements and their materiality are used to evaluate if there are significant deficiencies or material weaknesses. 5. Determine potential misstatements that could result. This step is intended to identify specific misstatements that are likely to result because of the significant deficiency or material weakness. The importance of a significant deficiency or material weakness is directly related to the likelihood and materiality of potential misstatements. Arens/Elder/Beasley 41 Share By : Faisal Qureshi Collected By : Ch. Yasir 91. challenging Auditing standards related to the audits of private companies specify the extent to which auditors can rely on evidence about internal controls obtained in prior years. Briefly describe this guidance. Adequate separation of duties is an important control activity. Discuss the four general guidelines for separation of duties to prevent both intentional and unintentional misstatements that are of significance to auditors. or ne r.i 92. challenging nf o Answer: When auditors plan to use evidence about the operating effectiveness of internal control obtained in prior audits, SAS 110 requires them to test their effectiveness at least every third year. If auditors determine that a key control has been changed since it was last tested, they should test it in the current year. When there are a number of controls tested in prior audits that have not been changed, SAS 110 requires auditors to test some of those controls each year to ensure there is a rotation of controls testing throughout the three-year period. es c Answer: The general guidelines are: Custody of assets should be separated from accounting, Authorizing transactions should be separated from custody of related assets, Operational responsibility should be separated from record-keeping, and Duties within IT should be separated. Match seven of the terms (a-i) with the definitions provided below (1-7): a. Control environment b. Control activities c. Independent checks on performance d. Internal control e. Monitoring f. Separation of duties g. General authorization h. Specific authorization i. Risk assessment .e m 93. medium pl oy e Other Objective Answer Format Questions 1. Management’s ongoing and periodic assessment of the quality of internal control performance to determine that controls are operating as intended and modified when needed. g 2. Company-wide policies for the approval of all transactions within stated limits. a 3. The actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about control and its importance to the entity. f 4. Segregation of the following activities in an organization: custody of assets, accounting, authorization, and operational responsibility. w w w e Arens/Elder/Beasley 42 Share By : Faisal Qureshi Collected By : Ch. Yasir 5. Management’s identification and analysis of risks relevant to the preparation of financial statements in accordance with generally accepted accounting principles. b 6. Policies and procedures that help ensure necessary actions are taken to address risks in the achievement of the entity’s objectives. d 7. A process designed to provide reasonable assurance regarding the achievement of management’s objectives in the following categories: (1) reliability of financial reporting, (2) effectiveness and efficiency of operations, and (3) compliance with applicable laws and regulations. nf o i If, when obtaining an understanding of control activities of a relatively small client, the auditor identified no control activities, the auditor would probably set a high assessment of control risk. a. True b. False If, when obtaining an understanding of control activities of a relatively small client, the auditor identified no control activities, the auditor would probably determine the client were unauditable. a. True b. False or ne r.i 94. easy a 95. easy a When internal controls are effective, then substantive audit tests are more reliable; thus, the extent of substantive tests should be reduced. a. True b. False 97. easy b Auditors of private companies may rely on prior periods’ tests of controls for a period not to exceed four years. a. True b. False 98. easy a In an audit of a non-public company, the less control risk there is, the smaller the amount of planned substantive evidence that is required. a. True b. False pl oy e .e m As a client’s information system becomes more complex, it is likely that an auditor will decrease reliance on controls and increase substantive tests to support a control risk assessment. a. True b. False w w 99. easy b es c 96. easy b When a company designs and implements internal controls, cost of the controls is not a valid consideration. a. True b. False 101. (Public) easy a PCAOB Standard 2 requires auditors to perform walkthroughs to assist in understanding internal control. a. True b. False 102. easy b Adequate documents and records is a subcomponent of the control environment. a. True b. False w 100. easy b Arens/Elder/Beasley 43 Share By : Faisal Qureshi Collected By : Ch. Yasir For proper internal control, there should be adequate separation of duties. However, the extent of separation of duties considered “adequate” depends heavily on the size of the organization. a. True b. False 104. medium a In an audit of a non-public company, the auditor’s assessment of control risk and the extent of tests of controls are inversely related. a. True b. False 105. medium b Smaller companies usually have more extensive internal controls than larger companies which result in fewer frauds being committed at small companies. a. True b. False 106. (Public) medium a To issue an unqualified opinion on internal control over financial reporting, there must be no identified material weaknesses and no restrictions on the scope of the audit. a. True b. False 107. (SOX) medium a The Sarbanes-Oxley Act of 2002 requires that public companies issue an internal control report. a. True b. False 108. medium b The most important component of internal control is risk assessment. a. True b. False 109. medium a The primary emphasis by auditors when evaluating and testing internal control is on controls over classes of transactions rather than controls over account balances. a. True b. False 110. medium b When internal controls over a given financial statement account are assessed as highly effective, the auditor need not obtain audit evidence for that account beyond testing the controls. a. True b. False or ne r.i es c pl oy e .e m The chart of accounts is a control and is closely related to the controls related to adequate documents and records. a. True b. False w w 111. medium a nf o 103. easy a Auditing standards prohibit reliance on the work of internal auditors due to the lack of independence of the internal auditors. a. True b. False 113. medium a If an auditor wishes to rely on the work of internal auditors (IA), the auditor must obtain satisfactory evidence related to the IA’s competence, integrity, and objectivity. a. True b. False w 112. medium b Arens/Elder/Beasley 44 Share By : Faisal Qureshi Collected By : Ch. Yasir Procedures used to obtain an understanding of internal control are normally performed on fewer transactions than procedures used to test controls. a. True b. False 115. medium a For most uses, flowcharts are superior to narratives as a method of communicating the characteristics of internal control. a. True b. False 116. medium b When documenting their understanding of a client’s internal controls, auditors are required to use narratives. a. True b. False w w w .e m pl oy e es c or ne r.i nf o 114. medium a Arens/Elder/Beasley 45 Share By : Faisal Qureshi Collected By : Ch. Yasir Chapter 26 Internal Control nf o Multiple-Choice Questions The IIA Code of Ethics is based on all but which of the following ethical principles? a. Integrity. b. Independence. c. Competency. d. Confidentiality. 2. easy c Statements on Internal Auditing Standards are issued by the: a. AICPA. b. SEC. c. Internal Auditing Standards Boards. d. Auditing Standards Boards. 3. easy c Internal auditors are responsible to: a. the board of directors. b. management. c. both a and b. d. neither a nor b. 4. easy a Which of the following is not a similarity between external and internal auditors? a. Both must be independent of the company. b. Both must be competent. c. Both use similar methodologies in performing their work. d. Both consider risk and materiality in their work. es c pl oy e .e m External auditors consider internal auditors effective if they are: a. independent of the operating units being evaluated. b. competent and well trained. c. have performed relevant audit tests of the internal controls and financial statements. d. all of the above. w w 5. easy d or ne r.i 1. easy b Auditing standards _______ external auditors to use the internal auditors for direct assistance on the audit. a. discourage b. prohibit c. encourage d. permit 7. easy b The primary source of authoritative literature for doing government audits is the: a. Purple Book. b. Yellow Book. c. Green Book. d. Red Book. w 6. easy d Arens/Elder/Beasley 46 Share By : Faisal Qureshi Collected By : Ch. Yasir 8. easy c a When a state or local government agency receives federal financial assistance, it is subject to the audit requirements of: Yellow Book Yes No Yes Yes a. b. c. d. Single Audit Act Yes No Yes No OMB Circular A-133 No Yes Yes No Which of the following is not one of the broad categories of operational audits? a. Functional audits. b. Organizational audits. c. Single Audit Act audits. d. Special assignment audits. 10. easy d Which of the following groups could not be involved in an operational audit? a. CPA firms. b. Internal auditors. c. Government auditors. d. None of the above answers is correct; that is, all of the above could be involved. 11. easy b The IIA’s professional practice framework (including its code of ethics and International Standards for the Professional Practice of Internal Auditing) is commonly referred to as the: a. Blue Book. b. Red Book. c. Green Book. d. Yellow Book. 12. easy b The professional organization which is responsible for providing guidance for internal auditors is the: a. APA. b. IIA. c. ABA. d. AIA. or ne r.i es c pl oy e .e m The financial auditing standards of the Yellow Book are ______ the 10 GAAS of the AICPA. a. the same as b. quite different from c. incompatible with d. consistent with w w 13. easy d nf o 9. easy c Which of the following is not one of the three phases in an operational audit? a. Planning. b. Training and supervising employees. c. Evidence accumulation and evaluation. d. Reporting and follow-up. 15. medium a The correct title of the Yellow Book is: a. Government Auditing Standards. b. IIA Practice Standards. c. Statement of Responsibilities of Internal Auditing. d. Statement of Standards on Accounting and Review Services. 16. medium The Yellow Book recognizes that, because of the sensitivity of government activities and their public accountability, in government audits the thresholds of acceptable audit risk and tolerable w 14. easy b Arens/Elder/Beasley 47 Share By : Faisal Qureshi Collected By : Ch. Yasir misstatement compared to an audit of a commercial enterprise may be: a. equal. b. lower. c. higher. d. indeterminable. 17. medium b The Single Audit Act requires that an audit be conducted for recipients who receive total federal funds in any fiscal year of: a. $1,000,000 or more. b. $500,000 or more. c. $300,000 or more. d. $100,000 or more. 18. medium b An audit conducted in accordance with the Yellow Book must include an audit report that states the audit was performed in accordance with: a. GAAS. b. GAGAS. c. GASA. d. SAS. 19. medium d An audit designed to evaluate the efficiency and effectiveness of an organization or some part of an organization would not be called a(n): a. performance audit. b. management audit. c. operational audit. d. compliance audit. 20. medium c Which of the following is not one of the major differences between financial and operational auditing? a. The financial audit is oriented to the past, but an operational audit concerns performance for the future. b. The financial audit report is distributed to many readers, but the operational audit report goes to a few managers. c. Financial audits deal with the information on the financial statements, but operational audits are concerned with the information in the ledgers. d. Financial audits are limited to matters that directly affect the financial statements, but operational audits cover any aspect of efficiency and effectiveness. or ne r.i es c pl oy e .e m Before an operational audit for effectiveness can be performed, there must be: a. a financial audit by an independent auditor. b. a financial audit by an internal auditor. c. a review performed by either an independent or an internal auditor. d. specific criteria developed to define effectiveness. w w w 21. medium d nf o b 22. medium d Auditors involved in planning, performing, or reporting on audits under GAGAS must complete ____ hours of continuing professional education in each two-year period. a. 20 b. 40 c. 60 d. 80 23. medium b Which of the following statements regarding types of operational audits is false? a. A functional audit has the advantage of permitting specialization by auditors. b. An advantage of functional auditing is its ability to evaluate interrelated functions. c. The emphasis in an organizational audit is on how efficiently and effectively functions Arens/Elder/Beasley 48 Share By : Faisal Qureshi Collected By : Ch. Yasir d. interact. Special operational auditing assignments arise at the request of management. The two most important qualities for an operational auditor are: a. personality and appearance. b. independence and competence. c. competence and technical training. d. academic background and sufficient experience. 25. medium a Which of the following is not a difference between operational auditing and financial auditing? a. Both must be CPAs. b. Operational audit reports are usually of a restricted distribution while financial audit reports are widely distributed. c. Operational audits often cover non-financial issues while financial audits do not. d. None of the above is a difference. 26. medium c A typical objective of an operational audit is to determine whether an entity’s: a. internal control is adequately operating as designed. b. financial statements present fairly the results of operations. c. specific operating units are functioning efficiently and effectively. b. operational information is in accordance with generally accepted government auditing standards. 27. Which of the following can affect the independence of operational auditors? or ne r.i es c pl oy e Responsibilities Yes No No Yes Reporting Structure No No Yes Yes Which is not a purpose of an economy and efficiency audit? a. Whether the entity is acquiring, protecting, and using resources economically and efficiently. b. The causes of inefficiencies and uneconomical practices. c. Whether the entity has complied with laws and regulations concerning matters of economy and efficiency. d. Each of the above is a purpose. w w 28. challenging d a. b. c. d. .e m medium d nf o 24. medium b w 29. challenging d 30. challenging b A(n) _________ audit emphasizes how efficiently and effectively functions interact. a. operational b. compliance c. financial d. organizational Which of the following is not a purpose of a program audit as performed by government auditors? a. Determination of the extent to which the desired results established by the legislature are being achieved. b. Determination of the causes of inefficiencies in sponsored programs. c. Determination of the effectiveness of organizations, programs and activities. d. Determination as to whether the entity has complied with laws and regulations applicable to the program. Arens/Elder/Beasley 49 Share By : Faisal Qureshi Collected By : Ch. Yasir What distinguishes internal control evaluation and testing for financial and operational auditing? a. Purpose of the work. b. Scope of the work. c. Both a and b. d. Neither a nor b. 32. challenging c Of the many hours of continuing professional education required every two years, how many must be in subjects related to the government environment and government auditing for auditors involved in planning, performing and reporting on audits under GAGAS? a. 8 hours b. 16 hours c. 24 hours d. 32 hours 33. Challenging b To be effective, an internal audit department must report to: Operating departments Yes No Yes No a. b. c. d. Independence from the Audit Committee Yes No Yes No Competence Yes No No Yes .e m Essay Questions 35. easy The accounting department Yes No No Yes External financial statement auditors must obtain evidence regarding what attributes of an internal audit department if the external auditors intend to rely on the internal auditor’s work? pl oy e 34. challenging d es c a. b. c. d. or ne r.i nf o 31. challenging c What organization establishes auditing standards for internal auditors and what are those standards commonly called? w w Answer: w Auditing standards for internal auditors are established by the Internal Auditing Standards Board. They are commonly known as the “Red Book.” 36. medium What are several similarities between internal and external auditors? Answer: Both must be competent as auditors and remain objective in performing their work and reporting their results. Both follow a similar methodology in performing their audits, including planning and performing tests of controls and substantive tests. Both consider risk and materiality in deciding the extent of their tests and evaluating results. However, their decisions about materiality and risks may differ, because external users may have different needs than management or the board. Arens/Elder/Beasley 50 Share By : Faisal Qureshi Collected By : Ch. Yasir 37. medium External auditors typically consider internal auditors effective if they meet three criteria. What are these criteria? Answer: External auditors typically consider internal auditors effective if they are: Independent of the operating units being evaluated Competent and well-trained Have performed relevant audit tests of the internal controls and financial statements How do the risk and materiality thresholds change in a government audit compared to a financial statement audit of a public company? nf o 38. medium 39. medium or ne r.i Answer: The Yellow Book recognizes that in government audits the thresholds of acceptable audit risk and materiality may be lower than in an audit of a commercial enterprise. This is because of the sensitivity of government activities and their public accountability. Discuss each of the three phases of an operational audit. The Institute of Internal Auditors has established Ethical Principles for its members. List each of the principles. w w w 40. medium .e m pl oy e es c Answer: Planning. In the planning phase, the auditor must determine the scope of the engagement, staff the engagement, obtain background information about the organizational unit, understand internal control, and decide on the appropriate evidence to accumulate. Evidence accumulation and evaluation. In operational auditing, it is common to use documentation, client inquiry, and observation extensively, while confirmation and reperformance are used less extensively for most operational audits than for financial audits. Reporting and follow-up. The audit report is tailored to address the scope of the audit, findings, and recommendations and is typically sent only to management. When recommendations are made to management, follow-up is done to determine whether the recommended changes were made, and if not, why. 41. medium Answer: The IIA’s ethical principles are: Integrity. Objectivity. Confidentiality. Competency. Define internal auditing. Answer: According to the IIA: “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It Arens/Elder/Beasley 51 Share By : Faisal Qureshi Collected By : Ch. Yasir helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.” 42. medium Discuss three major differences between operational and financial auditing. 43. medium or ne r.i nf o Answer: Purpose of the audit. Financial auditing emphasizes whether historical information was correctly recorded, whereas operational auditing emphasizes effectiveness and efficiency. Distribution of the reports. For financial auditing, the report typically goes to many users of financial statements, such as stockholders and bankers, whereas operational audit reports are intended primarily for management. Inclusion of nonfinancial areas in operational auditing. Operational audits cover any aspect of efficiency and effectiveness in an organization, whereas financial audits are limited to matters that directly affect the fairness of financial statement presentations. Discuss each of the three broad categories (types) of operational audits. Operational auditing is the review of an organization for efficiency and effectiveness. Discuss what is meant by the terms “effectiveness” and “efficiency.” .e m 44. medium pl oy e es c Answer: Functional. A functional audit deals with auditing one or more functions (e.g., purchasing) in an organization. Organizational. An organizational audit deals with an entire organizational unit, such as a department, branch, or subsidiary. Special assignments. Special assignments audits arise at the request of management when there is a need to investigate a particular area, such as investigating the possibility of fraud in a division, or determining the cause of an ineffective EDP system. w w Answer: Effectiveness refers to the degree to which the organization’s objectives and goals are accomplished. Efficiency refers to the degree to which costs are reduced without reducing effectiveness. w 45. challenging Audit tests as required by the Single Audit Act must meet several specific objectives. One objective is to determine “whether the amounts reported as expenditures were for allowable services.” Identify three other specific objectives. Answer: Whether the records show that those who received services or benefits were eligible to receive them. Whether matching requirements, levels of effort, and earmarking limitations were met. Whether federal financial reports and claims for advances and reimbursements contain information that is supported by the books and records from which the basic financial statements have been prepared. Arens/Elder/Beasley 52 Share By : Faisal Qureshi Collected By : Ch. Yasir 46. challenging Whether amounts claimed or used for matching were determined in accordance with OMB Circular A-87 and OMB Circular A-102. The auditing standards of the Yellow Book are consistent with the ten generally accepted auditing standards of the AICPA. There are, however, important additions/modifications in the Yellow Book. For example, the Yellow Book recognizes that materiality and risk are lower due to the nature of the government enterprise. Discuss the other additions/modifications. In addition to an opinion on whether the financial statements are in accordance with GAAP, identify four other reports required by the OMB Circular A-133. es c 47. challenging or ne r.i nf o Answer: Quality control. Auditors of government entities must have an appropriate system of internal quality control and participate in an external quality control review program. Compliance auditing. The audit should be designed to provide reasonable assurance of detecting material misstatements resulting from noncompliance with provisions of contracts or grant agreements that have a material and direct effect on the financial statements. Reporting. The report on financial statements must describe the scope of the auditors’ testing of compliance with laws and regulations and internal controls and present the results of those tests, or refer to a separate report containing that information. Answer: The following reports are required: An opinion as to whether the schedule of federal awards is presented fairly in all material respects in relation to the financial statements as a whole. A report on internal control related to the financial statements and major programs. A report on compliance with laws, regulations, and the provisions of contracts or grant agreements, noncompliance with which could have a material effect on the financial statements. This report can be combined with the report on internal control. A schedule of findings and questioned costs. pl oy e .e m Other Objective Answer Format Questions Match seven of the terms (a-o) with the descriptions/definitions provided below (1-7): w w w 48. medium a. b. c. d. e. f. g. h. i. j. k. l. m. n. Compliance audit Economy and efficiency audit Effectiveness Efficiency Functional audit Government Auditing Standards Government audit Institute of Internal Auditors Operational auditing Organizational audit Program audit Single Audit Act Special assignment IIA Practice Standards Arens/Elder/Beasley 53 Share By : Faisal Qureshi Collected By : Ch. Yasir o. Statements on Internal Auditing Standards 1. The official title of the Yellow Book. m 2. A management request for an operational audit for a specific purpose, such as investigating the possibility of fraud in a division or making recommendations for reducing the cost of a manufactured product. b 3. A government audit to determine whether an entity is acquiring, protecting, and using its resources economically and efficiently and whether the entity has complied with laws and regulations concerning such matters. c 4. The degree to which the organization’s objectives are accomplished. i 5. The review of an organization for efficiency and effectiveness. l 6. Federal legislation that provides for a single coordinated audit to satisfy the audit requirements of all federal funding agencies. o 7. Statements issued by the Internal Auditing Standards Board of the IIA to provide authoritative interpretation of the IIA Practice Standards. or ne r.i nf o f Independence is a fundamental ethical principle for internal auditors. a. True b. False 50. easy b Current professional auditing standards prohibit external auditors from using internal auditors for direct assistance on external audits. a. True b. False 51. easy b Current professional auditing standards require external auditors to use internal auditors for direct assistance on external audits. a. True b. False pl oy e .e m The objectives of internal auditors are considerably broader than the objectives of external auditors. a. True b. False w w 52. easy a es c 49. easy b w 53. easy a For financial auditing, the audit report typically goes to many users of financial statements, whereas operational audit reports are intended primarily for management. a. True b. False 54. easy a Integrity is one of the IIA’s ethical principles. a. True b. False 55. easy b Operational audits are primarily geared toward compliance. a. True b. False 56. easy Effectiveness refers to the degree to which costs are reduced without reducing efficiency. a. True Arens/Elder/Beasley 54 Share By : Faisal Qureshi Collected By : Ch. Yasir b. 57. easy a Efficiency refers to the degree to which costs are reduced without reducing effectiveness. a. True b. False 58. easy b Internal auditing standards are included in the Yellow Book. a. True b. False 59. easy a Government auditing standards are included in the Yellow Book. a. True b. False 60. easy a Effectiveness is concerned with whether defined goals are achieved, whereas efficiency is concerned with whether the goals are achieved with a minimum use of resources. a. True b. False 61. easy b Operational audits may be performed by internal auditors and government auditors, but not by external auditors. a. True b. False Benchmarking is one source of evaluation criteria for completing an operational audit. a. True b. False or ne r.i es c 62. easy a False nf o b The two most important qualities for an internal auditor to possess are independence and competence. a. True b. False 64. easy b Program audits are primarily focused on inefficient uses of federal funds in sponsored programs. a. True b. False .e m The formal name of the Yellow Book is Government Auditing Standards. a. True b. False w w 65. easy a pl oy e 63. easy a w 66. medium a Professional guidelines for performing internal audits for companies are not as well-defined as for external audits. a. True b. False 67. medium b To help them remain independent of the operations they audit, internal auditors should report directly to the controller. a. True b. False 68. medium a An operational auditor may use “engineered standards” as evaluation criteria. a. True b. False 69. The Internal Auditing Standards Board issues Statements on Internal Auditing Standards. Arens/Elder/Beasley 55 Share By : Faisal Qureshi Collected By : Ch. Yasir a. b. True False 70. medium a Operational audits are often categorized as functional, organizational, or special assignments. a. True b. False 71. medium b Internal auditors should have the authority to require implementation of suggestions for improvement. a. True b. False 72. medium b The “Red Book” specifies all auditing standards issued by the U.S. General Accounting Office. a. True b. False 73. challenging a One disadvantage of functional auditing is the failure to evaluate interrelated functions. a. True b. False w w w .e m pl oy e es c or ne r.i nf o medium a Arens/Elder/Beasley 56 Share By : Faisal Qureshi