A(n) _______ deficiency exists if a necessary control is missing or not properly formulated

ACCT 411

Audit Standrds Prin

University of Washington - Seattle

Which of the following is not one of the three primary objectives of effective internal control?

Assurance of elimination of business risk

Which of management's assertions with respect to implementing internal controls is the auditor primarily concerned?

Reliability of financial reporting

consist of policies and procedures designed to provide reasonable assurance that the company achieves its objectives and goals.

Internal controls are not designed to provide reasonable assurance that:

all frauds will be detected.

Which of the following is responsible for establishing a private company's internal control?

Two key concepts that underlie management's design and implementation of internal control are:   

inherent limitations and reasonable assurance.

The PCAOB places responsibility for the reliability of internal controls over the financial reporting process on:

An act of two or more employees to steal assets and cover their theft by misstating the accounting records would be referred to as:

Sarbanes-Oxley requires management to issue an internal control report that includes two specific items. Which of the following is one of these two requirements?

A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting

When one material weakness is present at the end of the year, management of a public company must conclude that internal control over financial reporting is:

The auditors primary purpose in auditing the client's system of internal control over financial reporting is:

to evaluate the effectiveness of the company's internal controls over all relevant assertions in the financial statements.

Management must disclose material weaknesses in internal control in its audit report:

if the weakness exists at the end of the year.

In performing the audit of internal control over financial reporting the auditor emphasizes internal control over class of transactions because:

the accuracy of accounting system outputs depends heavily on the accuracy of inputs and processing.

Internal controls can never be regarded as completely effective. Even if company personnel could design an ideal system, its effectiveness depends on the:

competency and dependability of the people using it.

When considering internal controls, an important point to consider is that:

auditors are concerned with the client's internal controls over the safeguarding of assets if they affect the financial statements.

Of the following statements about internal controls, which one is least likely to be correct?

Control procedures reasonably ensure that collusion among employees cannot occur.

The Sarbanes-Oxley Act requires:

all public companies to issue reports on internal controls.

The financial statements may not correctly reflect accounting frameworks such as GAAP or IFRS if the:

controls affecting the reliability of financial reporting are inadequate.

The primary emphasis by auditors is on controls over:

An auditor should consider two key issues when obtaining an understanding of a client's internal controls. These issues are:

the design and operating effectiveness of the controls.

Reasonable assurance allows for:

low likelihood that material misstatements will not be prevented or detected by internal controls.

Which of the following is most correct regarding the requirements under Section 404 of the Sarbanes Oxley Act?

The audits of internal control and the financial statements provide reasonable assurance as to misstatements.

To issue a report on internal control over financial reporting for a public company, an auditor must:

evaluate management's assessment process and independently assess the design and operating effectiveness of internal control.

Which of the following activities would be least likely to strengthen a company's internal control?

Maintaining insurance for fire and theft

Which of the following components of the control environment define the existing lines of responsibility and authority?

Which of the following statements is most correct with respect to separation of duties?

Employees who authorize transactions should not have custody of related assets.

Authorizations can be either general or specific. Which of the following is not an example of a general authorization?

A sales manager's authorization for a sales return

Which of the following is correct with respect to the design and use of business documents?

Documents should be prenumbered consecutively to facilitate control over missing documents.

Which of the following best describes the purpose of control activities?

The policies and procedures that help ensure that necessary actions are taken to address risks to the achievement of the entity's objectives

Which of the following deal with ongoing or periodic assessment of the quality of internal control by management?

An audit procedure that would most likely be used by an auditor in performing tests of control procedures in which the segregation of functions and that leaves no "audit" trail is:

Internal controls normally include procedures designed to provide reasonable assurance that:

transactions are executed in accordance with management's authorization.

Which of the following is not one of the subcomponents of the control environment?

Adequate separation of duties

It is important for the CPA to consider the competence of the clients' personnel because their competence has a direct impact upon the:

achievement of the objectives of internal control.

Proper segregation of functional responsibilities calls for separation of:

authorization, recording, and custody.

Without an effective ________, the other components of the COSO framework are unlikely to result in effective internal control, regardless of their quality.

Which of the following groups establishes and maintains the company's internal controls?

If a company has an effective internal audit department:

it can reduce external audit costs by providing direct assistance to the external auditors.

To promote operational efficiency, the internal audit department would ideally report to:

Hanlon Corp. maintains a large internal audit staff that reports directly to the accounting department. Audit reports prepared by the internal auditors indicate that the system is functioning as it should and that the accounting records are reliable. An independent auditor will probably:

place limited reliance on the work performed by the internal audit staff.

External financial statement auditors must obtain evidence regarding what attributes of an internal audit (IA) department if the external auditors intend to rely on IA's work?

A) Integrity

B) Objectivity

C) Competence

D) All of the above

Answer:  D

To obtain an understanding of an entity's control environment, an auditor should concentrate on the substance of management's policies and procedures rather than their form because:

management may establish appropriate policies and procedures but not act on them.

When the auditor attempts to understand the operation of the accounting system by tracing a few transactions through the accounting system, the auditor is said to be:

performing a walk-through.

The purpose of phase 3 in the "process for understanding internal control and assessing control risk" is to:

design, perform and evaluate tests of controls.

Narratives, flowcharts, and internal control questionnaires are three common methods of:

documenting the auditor's understanding of internal controls.

When dealing with the documentation of internal control:

questionnaires offer useful checklists to remind the auditor of the many different types of internal controls that should exist.

Audit evidence regarding the separation of duties is normally best obtained by:

observation of employees applying control activities.

The person responsible for reconciling sales invoices to customer orders does not access to the company's master price list in order to correctly compute sales. This is an example of a(n):

You are performing the audit of internal control for Clifton Company. Which of the following would represent a material weakness in internal control?

The company's CFO was indicted for embezzling from the company.

The employee in charge of authorizing credit to the company's customers does not fully understand the concept of credit risk. This lack of knowledge would constitute:

a deficiency in operation of internal controls.

When assessing whether the financial statements are auditable, the auditor must consider:

that the integrity of management and the adequacy of accounting records are the two primary factors determining auditability.

Once auditors determine that entity level controls are designed and placed in the operation they:

make a preliminary assessment for each transaction-related audit objective for each major type of transaction.

Which of the following is the correct definition of "control deficiency"?

A control deficiency exists if the design or operation of controls does not permit company personnel to prevent or detect misstatements on a timely basis.

Which of the following deficiency exists if a necessary control is missing or not properly formulated?

The auditor must communicate:

both significant deficiencies and material weaknesses in internal control to those charged with governance.

Significant deficiencies and material weaknesses in internal control of a public company must be reported in writing to which of the following?

Audit committee of the company's board of directors and to management

Significant deficiencies are matters that come to an auditor's attention and should be communicated to an entity's audit committee because they represent:   

internal control deficiencies that could adversely affect a company's ability to initiate, record, process, or report external financial statements reliably.

How must significant deficiencies and material weaknesses be communicated to those charged with governance?

Written communication is required.

A five-step approach can be used to identify deficiencies, significant deficiencies, and material weaknesses. The first step in this approach is:

identify existing controls.

When assessing control risk:

many auditors use a control risk matrix to assist in the control risk assessment process.

When a compensating control exists, the absence of a key control:

is no longer a concern because there is no longer a significant deficiency or material weakness.

If the results of tests of controls support the design and operations of controls as expected, the auditor uses ________ control risk as the preliminary assessment.

An auditor is likely to use four types of procedures to support the operating effectiveness of internal controls. Which of the following would generally not be used?

Which of the following represents a correct statement regarding internal control testing?

The auditor uses control risk assessment and results of tests of controls to determine planned detection risk and the related substantive tests for the financial statement audit.

When determining what type of report to issue on internal control under Section 404:

a scope limitation requires the auditor to express a qualified opinion or a disclaimer of opinion on internal controls.

A control available in a small company, which may be necessitated because of lack of competent personnel, is:

the owner-manager's direct involvement in the control process.

When auditing a private company, the auditor should obtain an understanding of internal control sufficient to:

The auditor's consideration of a private company's internal control is:

Which of the following may represent the biggest challenge smaller public companies face in implementing effective internal control?

Which of the following is most correct for audits of non-public companies?

An audit of internal control is not required.

Which deficiency exists if a necessary control is missing or not properly implemented?

What is a deficiency in internal control?

What are types of control deficiencies?

What is a significant control deficiency?