Increase the extent of substantive testing in areas where the control structure is strong.. Reduce the extent of both substantive tests and tests of controls in areas where the controls
Trang 1CHAPTER 6 MULTIPLE CHOICE
b 1 In general, a material weakness in internal control may be defined as a condition in which
material errors or irregularities may occur and not be detected within a timely period by
a An independent auditor during tests of controls
b Employees in the normal course of performing their assigned functions
c Management when reviewing interim financial statements and reconciling account balances
d Outside consultants who issue a special-purpose report on internal control structure
(AICPA ADAPTED)
b 2 Internal control procedures are not designed to provide reasonable assurance that
a Transactions are executed in accordance with management's authorization
b Irregularities will be eliminated
c Access to assets is permitted only in accordance with management's authorization
d The recorded accountability for assets is compared with the existing assets at reasonable intervals
(AICPA ADAPTED)
c 3 Which of the following is the correct order for performing the auditing procedures A through C
below?
A = Tests of controls
B = Preparation of a flowchart depicting the client's internal control structure
C = Substantive tests
ABC
ACB
BAC
a 4 A secondary purpose of the auditor's consideration of internal control is to provide
a A basis for constructive suggestions about improvements in internal control structure
b A basis for assessing control risk
c An assurance that the records and documents have been maintained in accordance with existing company policies and procedures
d A basis for the determination of the resultant extent of the tests to which auditing procedures are
c 5 When considering internal control, an auditor must be aware of the concept of reasonable
assurance, which recognizes that
Employment of competent personnel provides assurance that the objectives of internal control will be achieved
Establishment and maintenance of internal control is an important responsibility of the management and not of the auditor
Cost of internal control procedures should not exceed the benefits expected to be derived from the control
Segregation of incompatible functions is necessary to ascertain that the control procedures are effective
(AICPA ADAPTED)
37
Trang 2b 6 After considering a client's internal control, an auditor has concluded that the system is well
designed and is functioning as anticipated Under these circumstances, the auditor would most likely
a Cease to perform further substantive tests
b Not increase the extent of planned substantive tests
c Increase the extent of anticipated analytical procedures
d Perform all tests of controls to the extent outlined in the preplanned audit program
(AICPA ADAPTED)
c 7 The primary purpose of the auditor's consideration of internal control is to provide a basis for Determining whether procedures and records that are concerned with the safeguarding of assets are reliable
Constructive suggestions to clients concerning deficiencies in internal control
Determining the nature, timing, and extent of audit tests to be applied
b 8 The purpose of tests of controls is to provide reasonable assurance that the
Accounting treatment of transactions and balances is valid and proper
Control procedures are functioning as intended
Entity has complied with disclosure requirements of GAAP
Entity has complied with requirements of quality control (AICPA ADAPTED)
b 9 The auditor's review of the client's internal control is documented in order to substantiate
a Conformity of the accounting records with GAAP
b Compliance with generally accepted auditing standards
c Adherence to requirements of management
d The fairness of the financial statement presentation (AICPA ADAPTED)
d 10 After consideration of a client's internal control, an auditor might decide to
a Increase the extent of substantive testing in areas where the control structure is strong
b Reduce the extent of tests of controls in areas where the controls are strong
c Reduce the extent of both substantive tests and tests of controls in areas where the controls are strong
d Increase the extent of substantive testing in areas where the controls are weak
(AICPA ADAPTED)
a 11 After documenting internal control in an audit engagement, the auditor may perform tests on
a Those controls that the auditor plans to rely on
b Those controls in which deficiencies were identified
c Those controls that have a material effect on the financial statement balances
d A random sample of the controls that were reviewed (AICPA ADAPTED)
a 12 The auditor is examining copies of sales invoices only for the initials of the person responsible for
checking the extensions This is an example of a
a Test of controls
b Substantive test
c Dual-purpose test
38
Trang 4b 13 In an auditor's consideration of internal control, the completion of a questionnaire is most closely
associated with which of the following?
a Separation of duties
b Understanding the system
c Flowchart accuracy
b 14 The reliance placed on substantive tests in relation to control risk varies in a relationship that is
ordinarily
Parallel
Inverse
Direct
c 15 The auditor observes client employees in order to
a Prepare a flowchart
b Update information contained in the organization and procedure manuals
c Corroborate the information obtained during the initial review of the system
d Determine the extent of compliance with quality control standards (AICPA ADAPTED)
c 16 A consideration of internal control made during an audit is usually not sufficient to express an
opinion on an entity's controls because
Weaknesses in the system may go unnoticed during the audit engagement
A consideration of internal control is not necessarily made during an audit engagement
Only those controls on which an auditor intends to rely are reviewed, tested, and evaluated
a 17 An auditor's report on internal control of a publicly held company would ordinarily be of least
use to
a Shareholders
b Officers
c Directors
a 18 The accountant's report expressing an opinion on an entity's internal controls should state that the
a Establishment and maintenance of internal control is the responsibility of management
b Objectives of the client's internal controls are being met
c Consideration of the internal controls was conducted in accordance with generally accepted auditing standards
d Inherent limitations of the client's internal controls were examined (AICPA ADAPTED)
d 19 The accountant's report expressing an opinion on an entity's internal controls would not include a
a Description of the scope of the engagement
b Specific date that the report covers rather than a period of time
c Brief explanation of the broad objectives and inherent limitations of internal control
d Statement that the entity's internal controls are consistent with that of the prior year after giving
a 20 A CPA's consideration of internal control in an audit
a Is generally more limited than that made in connection with an engagement to express an opinion
on internal control
Trang 5b Is generally more extensive than that made in connection with an engagement to express an opinion on internal control
c Will generally be identical to that made in connection with an engagement to express an opinion
on internal control
d Will generally result in the CPA expressing an opinion on the internal control
(AICPA ADAPTED)
c 21 The auditor who becomes aware of reportable conditions is required to communicate this to the
a Audit committee and client's legal counsel
b Board of directors and internal auditors
c Senior management and board of directors
d Internal auditors and senior management (AICPA ADAPTED)
d 22 Which of the following is not a purpose of an auditor's attempt to understand internal control
when a client processes accounting information by computer?
Determine the extent to which the computer is used in significant accounting applications
Understand the flow of transactions in the system
Comprehend the basic structure of accounting control
Identify the controls that can be relied on when designing substantive tests of details
(AICPA ADAPTED)
d 23 Which of the following is likely to be of least importance to an auditor when assessing control
risk in a company that processes data by computer?
The segregation of duties within the computer department
The control over source documents
The documentation maintained for accounting applications
The cost-benefit ratio of data processing operations (AICPA ADAPTED)
b 24 In considering a client's internal control structure in a computer environment, the auditor will
encounter general controls and application controls Which of the following is an application control?
Organization charts
Hash total
Systems flowcharts
a 25 Auditing by testing the input and output of a computer system i.e., auditing "around" the
computer instead of the computer software itself will
a Not detect program errors that do not appear in the output sampled
b Detect all program errors, regardless of the nature of the output
c Provide the auditor with the same type of evidence
d Not provide the auditor with confidence in the results of the auditing procedures
(AICPA ADAPTED)
Trang 6b 26 Smith Corporation has numerous customers A customer file is kept on disk Each customer file
contains the name, address, credit limit, and account balance The auditor wishes to test this file
to determine whether credit limits are being exceeded The best procedure for the auditor to follow would be to
Develop test data that would cause some account balances to exceed the credit limit and determine if the system properly detects such situations
Develop a program to compare credit limits with account balances and print out the details of any account with a balance exceeding its credit limit
Request a printout of all account balances so they can be manually checked against the credit limits Request a printout of a sample of account balances so they can be individually checked against the credit
a 27 Which of the following methods of testing application controls utilizes software prepared by the
auditors and applied to the client's data?
a Parallel simulation
b Integrated test facility
c Test data
c 28 The test–data method is used by auditors to test the
Accuracy of input data
Validity of the output
Procedures contained within the program
Normalcy of distribution of test data (AICPA ADAPTED)
c 29 Which of the following is true of generalized audit software?
They can be used only in auditing on-line computer systems
They can be used on any computer without modification
They each have their own characteristics, which the auditor must carefully consider before using in a given audit situation
They enable the auditor to perform all manual compliance test procedures less expensively
(AICPA ADAPTED)
d 30 Assume that an auditor estimated that 10,000 checks were issued during the accounting period If
an application control that performs a limit check for each check request is to be subjected to the auditor's test–data approach, the sample should include:
a Approximately 1,000 test items
b A number of test items determined by the auditor to be sufficient under the circumstances
c A number of test items determined by the auditor's reference to the appropriate sampling tables
d 31 PC DOS, MS DOS, and AppleDOS are examples of
a Application software
b Generalized audit software
c Database management systems
d Operating software
Trang 7c 32 Which of the following is not an example of a computer-assisted audit technique?
a Integrated test data
b Audit modules
c Disk operating systems
d Audit hooks
c 33 Which of the following statements most likely represents a disadvantage for an entity that
maintains computer data files rather than manual files?
a It's usually more difficult to detect transposition errors
b Transactions are usually authorized before they are executed and recorded
c It's usually easier for unauthorized persons to access and alter the files
d Random error is more common when similar transactions are processed in different ways
b 34 Transaction authorization within an organization may be either specific or general An example of
specific transaction authorization is the
a Setting of automatic reorder points
b Approval of a construction budget for a new warehouse
c Establishment of a customer's credit limits
a 35 Proper segregation of functional responsibilities calls for separation of the functions of
a Authorization, execution, and recording
b Authorization, execution, and payment
c Custody, execution, and reporting
d Authorization, payment, and recording (AICPA ADAPTED)
b 36 An auditor should consider the competence of a client's employees because their competence
bears directly and importantly on the
a Cost-benefit relationship of internal control
b Achievement of the objectives of internal control
c Comparison of recorded accountability with assets on hand
a 37 Which of the following elements is not a part of an entity's internal controls?
a Control risk
b Control activities
c The accounting system
d 38 Which of the following statements about internal control is correct?
a Properly maintained internal controls reasonably assure that collusion among employees cannot occur
b Establishing and maintaining internal control is the internal auditor's responsibility
c Exceptionally strong control allows the auditor to eliminate substantive tests of details
d The cost-benefit relationship should be considered in designing internal controls
(AICPA ADAPTED)
Trang 8b 39 Which of the following is not done by an auditor when obtaining an understanding of an entity's
internal controls?
a Identify the types of potential misstatements that can occur
b Consider the operating effectiveness of the internal controls
c Design substantive tests
d Consider factors that affect the risk of material misstatements (AICPA ADAPTED)
c 40 Which of the following audit tests would be a test of controls?
a Tests of the specific items making up the balance in a financial statement account
b Comparing inventory prices to vendors' invoices
c Comparing signatures on canceled checks to board of directors' authorizations
d Tests of the additions to property, plant, and equipment by physical inspections
(AICPA ADAPTED)
c 41 The sequence of steps in gathering evidence as the basis of the auditor's opinion is:
a Substantive tests, documentation of control structure, and tests of controls
b Documentation of control structure, substantive tests, and tests of controls
c Documentation of control structure, tests of controls, and substantive tests
d Tests of controls, documentation of control structure, and substantive tests
(AICPA ADAPTED)
c 42 Which of the following procedures is essential to determining whether necessary control activities
were prescribed and are being followed?
a Developing questionnaires and checklists
b Evaluating the entity's procedures for risk assessment
c Documenting and testing controls
d Observing employees and making inquiries (AICPA ADAPTED)
b 43 Evidence about segregation of duties is best obtained by
a Inspecting documents that contain the initials of who performed control activities
b Direct personal observation of employees who perform control activities
c Preparing a flowchart of who performs the duties
d Making inquiries of coworkers about the employee who performs the duties
(AICPA ADAPTED)
a 44 An auditor's flowchart of a client's internal controls is a diagram depicting the auditor's
a Understanding of the internal controls
b Program for tests of controls
c Documentation of having considered the internal controls
d Understanding of the types of irregularities that are probable (AICPA ADAPTED)
a 45 An auditor is required to communicate significant deficiencies in internal control to
a Audit committee of the board of directors
b Creditors and board of directors
c Board of directors and internal auditors
d Internal auditors and senior management (AICPA ADAPTED)
Trang 9b 46 An auditor has concluded that a client's internal controls are well designed and functioning as
expected Under these circumstances the auditor would most likely
a Cease to perform further substantive tests
b Not increase the extent of planned substantive tests
c Increase the extent of planned analytical procedures
d Perform all tests of controls to the extent outlined in the audit program (AICPA ADAPTED)
b 47 Reportable conditions are matters that come to an auditor's attention and that should be
communicated to an entity's audit committee because they represent
a Material irregularities or illegal acts perpetrated by management
b Significant deficiencies in the design or operation of internal control
c Flagrant violations of the entity's documented conflict-of-interest policies
d Intentional attempts by client personnel to limit the scope of the auditor's work
(AICPA ADAPTED)
d 48 Which of the following statements best describes a weakness often associated with computers?
a Computer equipment is more subject to systems error than manual processing is subject to human error
b Computer equipment processes and records similar transactions in a similar manner
c Control activities for detecting invalid and unusual transactions are less effective than manual control activities
d Functions that would normally be separated in a manual system are combined in a computer
b 49 Accounting functions that are normally considered incompatible in a manual system are often
combined by computer software This necessitates an application control that prevents
unapproved
a Access to the computer library
b Revisions to existing software
c Usage of software
b 50 When software or files can be accessed from on-line servers, users should be required to enter
a A parity check
b A personal identification code
c A self-diagnosis test
d An echo check
b 51 An auditor's consideration of a company's computer control activities has disclosed the following
four circumstances Indicate which circumstance constitutes a significant deficiency in internal control
a Computer operators do not have access to the complete software support documentation
b Computer operators are closely supervised by programmers
c Programmers are not authorized to operate computers
d Only one generation of backup files is stored in an off-premises location (AICPA ADAPTED)
Trang 10a 52 A control feature requires the computer to send signals to the printer to activate the print
mechanism for each character The print mechanism, just prior to printing, sends a signal back to the computer verifying that the proper print position has been activated This type of hardware control is referred to as a/an
a Echo check
b Validity check
c Signal check
d 53 In a computer system, hardware controls are designed to
a Arrange data in a logical sequence for processing
b Correct errors in software
c Monitor and detect errors in source documents
d Detect and control errors arising from use of equipment (AICPA ADAPTED)
b 54 The primary objective of procedures performed to obtain an understanding of internal control is
to provide an auditor with
a Evidential matter to use in reducing detection risk
b Knowledge necessary to plan the audit
c A basis from which to modify tests of controls
d Information necessary to prepare flowcharts (AICPA ADAPTED)
SHORT ANSWER
1 Describe what is meant by reportable conditions
Answer:
Reportable conditions are significant deficiencies in internal control discovered during an audit that could adversely affect the entity’s ability to record, process, summarize, and report financial data
2 Explain the purpose of the COSO report and what objectives it achieves
Answer:
The COSO Report defines internal control as “a process effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations.”
3 What are the three phases of an entity’s internal controls that must be considered by an auditor?
Answer:
i Obtain an understanding of how management has designed policies and procedures for the control environment, risk assessment, the control activities, information and communication, and monitoring
ii Assess control risk for the policies and procedures that have been placed in operation iii Determine the nature, timing, and extent of substantive tests