Chat with AI
Deck 7: Internal Control, Understanding the Clients Internal Control Over Financial Reporting and Auditing Design Effectiveness
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/68
Play
Full screen (f)
Deck 7: Internal Control, Understanding the Clients Internal Control Over Financial Reporting and Auditing Design Effectiveness
1
The cutoff assertion refers to the distinction between the company and its subsidiaries and related entities.
False
2
An ICFR audit is a stand-alone activity with its own objectives and requirements, and can therefore be conducted separately from the financial statement audit.
False
3
Risk assessment is important only for companies who report to the SEC.
False
4
"Tone at the top" refers to the:
A) thoroughness of policies for screening and electing the company's board of directors.
B) clarity of the company's written code of conduct which sets forth the expectations for personal ethical behavior to support the internal control structure.
C) environment in which management supports the internal control system by behaving ethically and making business decisions that emphasize its importance.
D) effectiveness of the company's internal audit function in monitoring the control environment.
A) thoroughness of policies for screening and electing the company's board of directors.
B) clarity of the company's written code of conduct which sets forth the expectations for personal ethical behavior to support the internal control structure.
C) environment in which management supports the internal control system by behaving ethically and making business decisions that emphasize its importance.
D) effectiveness of the company's internal audit function in monitoring the control environment.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
5
Auditors perform walkthroughs as an efficient way to gain an understanding of ICFR and assess design effectiveness.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
6
The Foreign Corrupt Practices Act prompted a definition of internal control that is broader than COSO's definition because COSO does not consider operating efficiency and effectiveness.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
7
Segregation of duties calls for separation of the development and operations responsibilities.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
8
When a client company's operations have expanded rapidly, auditors should be aware that existing systems may become strained and break down.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
9
Auditors' working papers must be in electronic format in order to protect their confidentiality.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following is not one of the operating benefits provided by a strong system of internal controls?
A) Streamlining accounting and financial information systems.
B) Improving the company's financial activities.
C) Identifying procedures that are not cost effective.
D) Isolating transactions that generate significant profits or losses.
A) Streamlining accounting and financial information systems.
B) Improving the company's financial activities.
C) Identifying procedures that are not cost effective.
D) Isolating transactions that generate significant profits or losses.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following statements is true regarding the evolution of definitions of internal control?
A) The definition initiated by the Foreign Corrupt Practices Act in 1977 and included in the auditing standards took a narrow view that was specific to financial reporting.
B) COSO's 1992 framework expanded the definition to include categories for the effectiveness and efficiency of operations and compliance with laws and regulations.
C) COSO's 1994 framework expanded the definition to include the safeguarding of assets.
D) All of the above.
A) The definition initiated by the Foreign Corrupt Practices Act in 1977 and included in the auditing standards took a narrow view that was specific to financial reporting.
B) COSO's 1992 framework expanded the definition to include categories for the effectiveness and efficiency of operations and compliance with laws and regulations.
C) COSO's 1994 framework expanded the definition to include the safeguarding of assets.
D) All of the above.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
12
Tracing deals with selecting a document and looking for the posting of the document in the accounting books and records.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
13
Within the ERM framework, the sequence of tasks is objective setting, event identification, risk assessment, and risk response.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
14
If an auditor determines that a client company's internal controls are producing reliable and complete financial information, the auditor will rely upon the internal control system and:
A) reduce the extent of controls testing in the interim phase of the financial statement audit.
B) reduce the planned substantive testing during the financial statement audit.
C) increase the amount of evidence collected during the financial statement audit.
D) increase the planned substantive testing during the financial statement audit.
A) reduce the extent of controls testing in the interim phase of the financial statement audit.
B) reduce the planned substantive testing during the financial statement audit.
C) increase the amount of evidence collected during the financial statement audit.
D) increase the planned substantive testing during the financial statement audit.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
15
that come from social engineering are the result of a lack of internal controls.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
16
Segregation of duties is easy to accomplish in a small-business setting because their operating structure and IT controls are less complex than larger organizations.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
17
Section 404 of the Sarbanes-Oxley Act of 2002 requires that ICFR effectiveness be audited by the PCAOB.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
18
If a company's system of ICFR is effective, auditors can rely upon the evidence that is produced by the system to reduce the extent of substantive testing on the audit.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
19
Auditors must understand the flow of transactions in order to identify likely sources of financial statement misstatements.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
20
Physical vaulting refers to the control procedure involving the capture of transactions that by-passed the firewall.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
21
For an auditor's report to conclude that ICFR is effective, the auditor must have confidence in the conclusion that the ICFR are effective in both design and operation. The applicable period of time pertaining to this conclusion is:
A) the last day of the fiscal year.
B) the end of the fiscal year and for a reasonable period of time prior to the fiscal year-end.
C) throughout the majority of the fiscal year.
D) throughout the entire fiscal year.
A) the last day of the fiscal year.
B) the end of the fiscal year and for a reasonable period of time prior to the fiscal year-end.
C) throughout the majority of the fiscal year.
D) throughout the entire fiscal year.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
22
Which of the following is not true regarding the performance of a walkthrough?
A) It is a type of ICFR consisting of a set of related procedures that are performed together for the purpose of identifying important control points or deficiencies in controls.
B) The auditor follows a transaction from origination through the processes and information systems until it is recorded in the accounting books.
C) It combines the audit procedures of tracing, inquiry, and observation.
D) It is an efficient way for an auditor to test the operating effectiveness of controls.
A) It is a type of ICFR consisting of a set of related procedures that are performed together for the purpose of identifying important control points or deficiencies in controls.
B) The auditor follows a transaction from origination through the processes and information systems until it is recorded in the accounting books.
C) It combines the audit procedures of tracing, inquiry, and observation.
D) It is an efficient way for an auditor to test the operating effectiveness of controls.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
23
Characteristics that drive a need for extensive audit documentation include:
A) the audit task is very straightforward and objective.
B) the management assertion related to the audit task involves a lot of risk.
C) the management assertion related to the audit task has been extensively tested by the company's internal auditors.
D) the audit task involves a conclusion that is self-evident.
A) the audit task is very straightforward and objective.
B) the management assertion related to the audit task involves a lot of risk.
C) the management assertion related to the audit task has been extensively tested by the company's internal auditors.
D) the audit task involves a conclusion that is self-evident.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
24
Which of the following is a compensating control for a lack of segregation of duties in a small business environment?
A) Collusion between an accountant and cashier.
B) Active involvement and oversight by the owner.
C) Cumulative access and authority of a super-user.
D) Requirement for an annual physical inventory count.
A) Collusion between an accountant and cashier.
B) Active involvement and oversight by the owner.
C) Cumulative access and authority of a super-user.
D) Requirement for an annual physical inventory count.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
25
Each of the following is a monitoring procedure from the COSO monitoring guidance except:
A) periodic evaluation and testing of controls by the internal auditors.
B) supervisory reconciliations and other reviews of controls.
C) analysis of and follow up on metrics that might identify control failures.
D) cumulative access and authority of a super-user.
A) periodic evaluation and testing of controls by the internal auditors.
B) supervisory reconciliations and other reviews of controls.
C) analysis of and follow up on metrics that might identify control failures.
D) cumulative access and authority of a super-user.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
26
Section 302 of the Sarbanes-Oxley Act requires the CEO and CFO of each public company to personally certify each annual and quarterly report issued to the SEC. These certifications indicate, among other things, that:
A) the signing officer has reviewed the report.
B) the financial statements do not contain any untrue statements or omissions of material facts.
C) the signing officer acknowledges responsibility for establishing and maintaining internal controls.
D) All of the above.
A) the signing officer has reviewed the report.
B) the financial statements do not contain any untrue statements or omissions of material facts.
C) the signing officer acknowledges responsibility for establishing and maintaining internal controls.
D) All of the above.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following describes management's responsibility for providing documentation for its assessment of the effectiveness of ICFR?
A) The documentation must follow strict SEC guidelines regarding its format and length.
B) The documentation must show the connection between significant financial statement accounts, management assertions, and controls.
C) The documentation must be updated monthly and updated via narrative reports.
D) All of the above are true.
A) The documentation must follow strict SEC guidelines regarding its format and length.
B) The documentation must show the connection between significant financial statement accounts, management assertions, and controls.
C) The documentation must be updated monthly and updated via narrative reports.
D) All of the above are true.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
28
Which of the following circumstances would not warrant special risk assessment attention?
A) New client personnel.
B) New product lines.
C) New information systems.
D) New audit firm.
A) New client personnel.
B) New product lines.
C) New information systems.
D) New audit firm.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
29
Which of the following is not an audit procedure used to gain an understanding of specific controls in ICFR?
A) Making inquiries of appropriate personnel.
B) Inspecting company records.
C) Confirming transactions with external parties.
D) Observing specific actions, behaviors, and procedures.
A) Making inquiries of appropriate personnel.
B) Inspecting company records.
C) Confirming transactions with external parties.
D) Observing specific actions, behaviors, and procedures.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
30
An auditor's work papers document all of the following except:
A) the procedures performed and evidence collected by the auditor.
B) the auditor's planning and performance of work.
C) the time required for company personnel to compile the records requested by the auditor.
D) conclusions reached by the auditor.
A) the procedures performed and evidence collected by the auditor.
B) the auditor's planning and performance of work.
C) the time required for company personnel to compile the records requested by the auditor.
D) conclusions reached by the auditor.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
31
In the U.S., the first legislation requiring management of public companies to maintain a system of internal controls was the:
A) Committee of Sponsoring Organizations (COSO) of the Treadway Commission Act.
B) Sarbanes-Oxley Act.
C) Foreign Corrupt Practices Act.
D) Public Company Accounting Oversight Board (PCAOB) Act.
A) Committee of Sponsoring Organizations (COSO) of the Treadway Commission Act.
B) Sarbanes-Oxley Act.
C) Foreign Corrupt Practices Act.
D) Public Company Accounting Oversight Board (PCAOB) Act.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following statements is true regarding the SEC's 2007 interpretive release to management for assessing and reporting on the effectiveness of ICFR?
A) Examples of specific management documentation are provided in the release.
B) If controls appropriately address risks, indicating design effectiveness, management tests the controls to assess operating effectiveness.
C) The overall system of ICFR may be deemed effective if one or only a few material misstatements are identified.
D) Management only needs to test those controls that are ineffective in the prevention of material misstatements in the financial statements.
A) Examples of specific management documentation are provided in the release.
B) If controls appropriately address risks, indicating design effectiveness, management tests the controls to assess operating effectiveness.
C) The overall system of ICFR may be deemed effective if one or only a few material misstatements are identified.
D) Management only needs to test those controls that are ineffective in the prevention of material misstatements in the financial statements.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
33
The management assertion that is concerned with the separation between fiscal years is the:
A) classification assertion.
B) valuation or allocation assertion.
C) completeness assertion.
D) cutoff assertion.
A) classification assertion.
B) valuation or allocation assertion.
C) completeness assertion.
D) cutoff assertion.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
34
The management assertion that is concerned with whether recorded transactions are real and actually happened is the:
A) occurrence assertion.
B) accuracy assertion.
C) completeness assertion.
D) cutoff assertion.
A) occurrence assertion.
B) accuracy assertion.
C) completeness assertion.
D) cutoff assertion.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
35
Tracing is a specific type of document inspection whereby the auditor verifies whether the document:
A) has been posted to the relevant accounting records.
B) is supported by appropriate source documents.
C) is mathematically accurate.
D) proves ownership of the underlying asset or liability.
A) has been posted to the relevant accounting records.
B) is supported by appropriate source documents.
C) is mathematically accurate.
D) proves ownership of the underlying asset or liability.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
36
Risks related to a company's business units or functions are:
A) activity-level risks.
B) external risks.
C) entity-level risks.
D) critical risks.
A) activity-level risks.
B) external risks.
C) entity-level risks.
D) critical risks.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following is not an entity-level control that monitors other controls?
A) The internal audit function.
B) The audit committee.
C) The code of conduct.
D) The self-assessment program.
A) The internal audit function.
B) The audit committee.
C) The code of conduct.
D) The self-assessment program.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
38
Which technique of ICFR documentation describes the activities performed and flow of documents using diagrams and symbols?
A) Narratives.
B) Job descriptions.
C) Questionnaires.
D) Flowcharts.
A) Narratives.
B) Job descriptions.
C) Questionnaires.
D) Flowcharts.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
39
A material weakness will always exist when a company has:
A) a decentralized structure and authority is shared in a system of matrix management.
B) an audit committee that provides ineffective oversight of financial reporting and ICFR.
C) a corporate culture with a strong emphasis on achieving profitability.
D) inexperienced workers serving in demanding positions.
A) a decentralized structure and authority is shared in a system of matrix management.
B) an audit committee that provides ineffective oversight of financial reporting and ICFR.
C) a corporate culture with a strong emphasis on achieving profitability.
D) inexperienced workers serving in demanding positions.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
40
The objective of an integrated audit is to report on ICFR and the financial statements of a public company. How does an auditor express these two opinions?
A) Issue a single report to include both opinions.
B) Issue two separate reports: one on ICFR and one on the financial statements.
C) Issue three separate reports: one on ICFR design effectiveness; one of ICFR operating effectiveness; and one on the financial statements.
D) Either a or
A) Issue a single report to include both opinions.
B) Issue two separate reports: one on ICFR and one on the financial statements.
C) Issue three separate reports: one on ICFR design effectiveness; one of ICFR operating effectiveness; and one on the financial statements.
D) Either a or
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
41
Which of the following is not a step in the process of program development?
A) Analysis and design.
B) Construction.
C) Testing and quality assurance.
D) Batch processing.
A) Analysis and design.
B) Construction.
C) Testing and quality assurance.
D) Batch processing.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
42
When a client company's systems rely heavily on IT, auditors will be concerned with the possibility that:
A) unauthorized program changes could result in a system that uniformly processes data in an unauthorized manner.
B) embedded controls are likely to be circumvented.
C) risk of material misstatement is likely to increase as the complexity of the client's IT system increases.
D) specialized IT knowledge on the audit engagement team is not necessary unless the client company engages in electronic commerce.
A) unauthorized program changes could result in a system that uniformly processes data in an unauthorized manner.
B) embedded controls are likely to be circumvented.
C) risk of material misstatement is likely to increase as the complexity of the client's IT system increases.
D) specialized IT knowledge on the audit engagement team is not necessary unless the client company engages in electronic commerce.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
43
Why is it necessary for an auditor to perform audit work after the "as of" date to which the opinion on ICFR applies?
A) Whistleblower information may become available after the end of the year.
B) Audit documentation is only prepared after the end of the year.
C) End-of-period financial reporting occurs after the end of the year.
D) IT systems may be changed after the end of the year.
A) Whistleblower information may become available after the end of the year.
B) Audit documentation is only prepared after the end of the year.
C) End-of-period financial reporting occurs after the end of the year.
D) IT systems may be changed after the end of the year.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
44
Event identification in the ERM Framework is primarily concerned with identifying:
A) opportunities and threats that impact the company's events and relationships.
B) the relevant economic and political sources of risk.
C) qualitative and quantitative techniques for assessing risk.
D) the acceptable level of residual risk.
A) opportunities and threats that impact the company's events and relationships.
B) the relevant economic and political sources of risk.
C) qualitative and quantitative techniques for assessing risk.
D) the acceptable level of residual risk.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
45
Each of the following is a control used to combat denial of service attacks except:
A) firewalls.
B) patches.
C) electronic vaulting.
D) cookie detection.
A) firewalls.
B) patches.
C) electronic vaulting.
D) cookie detection.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
46
Auditors should make inquiries about whether there is knowledge of fraud in the company. Such inquiries should be made of:
A) management.
B) the audit committee.
C) internal auditors.
D) All of the above.
A) management.
B) the audit committee.
C) internal auditors.
D) All of the above.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
47
Which of the following best describes an auditor's responsibility regarding whistleblower information?
A) The auditor must evaluate the effectiveness of the audit committee's processes for receiving and evaluating whistleblower information.
B) The auditor must establish a procedure for receiving tips and handling complaints from client personnel.
C) The auditor must complete a checklist identifying key points in the company's procedures for investigating whistleblower accusations.
D) The auditor must require the company to prepare a Form 8-K to report any whistleblower accusations to the SEC.
A) The auditor must evaluate the effectiveness of the audit committee's processes for receiving and evaluating whistleblower information.
B) The auditor must establish a procedure for receiving tips and handling complaints from client personnel.
C) The auditor must complete a checklist identifying key points in the company's procedures for investigating whistleblower accusations.
D) The auditor must require the company to prepare a Form 8-K to report any whistleblower accusations to the SEC.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
48
Application controls are part of the effectiveness of ITGC in that they are the controls that:
A) are specific to a single process or activity within the system but depend upon the validity of the ITGC environment.
B) occur at the entity-level to link the operation of automated and manual controls.
C) occur at the transaction-level to integrate the financial reporting aspects of a given activity.
D) are intended to enhance the access control limitations provided by passwords.
A) are specific to a single process or activity within the system but depend upon the validity of the ITGC environment.
B) occur at the entity-level to link the operation of automated and manual controls.
C) occur at the transaction-level to integrate the financial reporting aspects of a given activity.
D) are intended to enhance the access control limitations provided by passwords.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
49
Which of the following is not an important consideration for the auditor's assessment of audit committee effectiveness?
A) Independence of audit committee members from management.
B) The audit committee's oversight of external financial reporting and ICFR.
C) The audit committee's approval of the external auditors' approach to the audit.
D) The audit committee's responsiveness to issues raised by the external auditors.
A) Independence of audit committee members from management.
B) The audit committee's oversight of external financial reporting and ICFR.
C) The audit committee's approval of the external auditors' approach to the audit.
D) The audit committee's responsiveness to issues raised by the external auditors.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
50
Recurring financial activities that are reflected in the accounting records in the normal course of business are referred to as:
A) recurring events.
B) routine transactions.
C) common assertions.
D) entity-level controls.
A) recurring events.
B) routine transactions.
C) common assertions.
D) entity-level controls.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
51
Why will an auditor more extensively test controls for the completeness assertion on liability accounts than on asset accounts?
A) The risk of unrecorded liabilities is greater than the risk of unrecorded assets.
B) The completeness assertion is not applicable to asset accounts.
C) The liabilities account balances presented in the financial statements tend to be more complete than the asset accounts.
D) The most likely type of misstatement for liabilities is overstatements.
A) The risk of unrecorded liabilities is greater than the risk of unrecorded assets.
B) The completeness assertion is not applicable to asset accounts.
C) The liabilities account balances presented in the financial statements tend to be more complete than the asset accounts.
D) The most likely type of misstatement for liabilities is overstatements.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
52
Social engineering is the term used to describe:
A) policies defining employee's acceptable uses of the company's email system.
B) the behavior of someone who plans to circumvent controls by manipulating employees.
C) policies that address warning signals regarding the risk of circumvention of controls.
D) the network of computer assets and sensitive employee data.
A) policies defining employee's acceptable uses of the company's email system.
B) the behavior of someone who plans to circumvent controls by manipulating employees.
C) policies that address warning signals regarding the risk of circumvention of controls.
D) the network of computer assets and sensitive employee data.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
53
Which of the following is an example of a transaction-level ITGC?
A) Supervisory review and approval of supporting documents.
B) A corporate code of conduct.
C) Second-layer passwords that limit users to specifically approved individuals.
D) Programmed recalculations for checking accuracy of data files.
A) Supervisory review and approval of supporting documents.
B) A corporate code of conduct.
C) Second-layer passwords that limit users to specifically approved individuals.
D) Programmed recalculations for checking accuracy of data files.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
54
Which of the following is an example of an entity-level ITGC?
A) A corporate code of conduct.
B) Programmed recalculations for checking accuracy of data files.
C) User-identification and passwords requirements for system access.
D) Supervisory review and approval of supporting documents.
A) A corporate code of conduct.
B) Programmed recalculations for checking accuracy of data files.
C) User-identification and passwords requirements for system access.
D) Supervisory review and approval of supporting documents.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
55
Which of the following statements regarding Enterprise Risk Management (ERM) is not true?
A) ERM is broader than COSO's internal control framework.
B) ERM provides a logical and orderly way for management to identify, analyze, and manage all of the company's risks.
C) ERM focuses on objectives in the categories of planning, assessment, analysis, and compliance.
D) A good ERM system provides confidence that the company's actions taken to achieve business objectives will fit within acceptable parameters of risk.
A) ERM is broader than COSO's internal control framework.
B) ERM provides a logical and orderly way for management to identify, analyze, and manage all of the company's risks.
C) ERM focuses on objectives in the categories of planning, assessment, analysis, and compliance.
D) A good ERM system provides confidence that the company's actions taken to achieve business objectives will fit within acceptable parameters of risk.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
56
Following are procedures used by auditors to understand likely sources of misstatements: I. Identify controls that management has implemented to address potential misstatements.
II) Identify points within the process at which misstatements could arise.
III) Understand the flow of transactions.
The proper sequence of these steps is:
A) I, II, III.
B) III, II, I.
C) I, III, II.
D) III, I, II.
II) Identify points within the process at which misstatements could arise.
III) Understand the flow of transactions.
The proper sequence of these steps is:
A) I, II, III.
B) III, II, I.
C) I, III, II.
D) III, I, II.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
57
Each of the following represents a risk of relying on computerized information systems except:
A) unauthorized access.
B) inappropriate manual intervention.
C) reduction in circumvention of controls.
D) potential loss of data.
A) unauthorized access.
B) inappropriate manual intervention.
C) reduction in circumvention of controls.
D) potential loss of data.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
58
Segregation of duties within the IT world is most concerned with separating the functions of:
A) hiring systems personnel and acquiring/modifying hardware and software.
B) monitoring IT processes and overseeing third party service providers.
C) operating IT systems and IT development.
D) managing IT continuity programs and IT security.
A) hiring systems personnel and acquiring/modifying hardware and software.
B) monitoring IT processes and overseeing third party service providers.
C) operating IT systems and IT development.
D) managing IT continuity programs and IT security.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
59
Contingency controls are primarily concerned with:
A) batch processing.
B) recovery.
C) capacity planning.
D) end user computing.
A) batch processing.
B) recovery.
C) capacity planning.
D) end user computing.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
60
Backup controls for data files and hardware are examples of which classification of ITGC?
A) Security controls.
B) Information controls.
C) Continuity controls.
D) Application controls.
A) Security controls.
B) Information controls.
C) Continuity controls.
D) Application controls.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
61
In smaller companies where management's interaction with its controls provides the basis for its assessment of ICFR, management should provide documentation of how its interaction provided it with sufficient evidence. Appropriate documentation includes:
A) memos and emails with instructions and directions to and from management to company employees.
B) evidence of formal, direct testing and ongoing monitoring evaluations.
C) daily checklists and questionnaires indicating the extent of interaction and monitoring.
D) All of the above are appropriate for small companies as well as larger companies.
A) memos and emails with instructions and directions to and from management to company employees.
B) evidence of formal, direct testing and ongoing monitoring evaluations.
C) daily checklists and questionnaires indicating the extent of interaction and monitoring.
D) All of the above are appropriate for small companies as well as larger companies.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
62
According to the PCAOB Guidance for Auditors of Smaller Public Companies, which of the following important control characteristics is likely to exist in smaller companies?
A) Risk of management override.
B) Use of entity-level controls to achieve control objectives.
C) Limited opportunities for segregation of duties.
D) All of the above are important control characteristics existing in small company environments.
A) Risk of management override.
B) Use of entity-level controls to achieve control objectives.
C) Limited opportunities for segregation of duties.
D) All of the above are important control characteristics existing in small company environments.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
63
A client company has a small number of finance and IT personnel that supports a packaged financial reporting software system. The appropriate tests of controls could include auditor verification that:
A) the code in the packaged software cannot be changed by the user.
B) management override is not possible in this small environment.
C) outside professionals supplement the financial reporting function and provide an assessment of ICFR effectiveness.
D) entity-level controls are not relevant in this small environment.
A) the code in the packaged software cannot be changed by the user.
B) management override is not possible in this small environment.
C) outside professionals supplement the financial reporting function and provide an assessment of ICFR effectiveness.
D) entity-level controls are not relevant in this small environment.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following is not a COSO control activity?
A) Reconciliations.
B) Risk tolerance.
C) Reviews of operating performance.
D) Segregation of duties.
A) Reconciliations.
B) Risk tolerance.
C) Reviews of operating performance.
D) Segregation of duties.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
65
[Adapted from Wiley CPA Review] Dana, an auditor for the audit firm C&C,
recently finished up testing controls relating to management's assertion concerning
the completeness of sales transactions. In her audit work papers, Dana included the
following:
• "I inspected the entity's reports of prenumbered shipping documents that have not
been recorded in the sales journal"
• "In the course of my testing, I have found 0 items that have been sold but have not
recorded in the sales journal."
• "Since testing was performed without exception, I have determined that the controls
to address the completeness of sales transactions are operating effectively."
Which essential elements of AS 3's documentation requirements did Dana omit from
her documentation?
recently finished up testing controls relating to management's assertion concerning
the completeness of sales transactions. In her audit work papers, Dana included the
following:
• "I inspected the entity's reports of prenumbered shipping documents that have not
been recorded in the sales journal"
• "In the course of my testing, I have found 0 items that have been sold but have not
recorded in the sales journal."
• "Since testing was performed without exception, I have determined that the controls
to address the completeness of sales transactions are operating effectively."
Which essential elements of AS 3's documentation requirements did Dana omit from
her documentation?
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
66
The best way to determine whether internal controls and ERM systems are functioning is through:
A) communication with external users of accounting reports.
B) managing a strategic balance between data availability and information overload.
C) monitoring of day-to-day activities.
D) reporting of ethical violations.
A) communication with external users of accounting reports.
B) managing a strategic balance between data availability and information overload.
C) monitoring of day-to-day activities.
D) reporting of ethical violations.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
67
The portfolio view of ERM is one in which management reduces risks to acceptable levels by:
A) sharing risks with employees.
B) considering individual business unit risks and then aggregating those risks across the entity.
C) avoiding the use of third party service providers in all instances except those with the highest risk of business interruption.
D) terminating all entity activities that cause significant risk.
A) sharing risks with employees.
B) considering individual business unit risks and then aggregating those risks across the entity.
C) avoiding the use of third party service providers in all instances except those with the highest risk of business interruption.
D) terminating all entity activities that cause significant risk.
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
68
To which of the following accounts would the management assertion
"valuation" be relevant, and why? For any accounts to which it would not be relevant,
explain why.
Cash
Cash when foreign currency translation is involved
Gross amount of accounts receivable
Net amount of accounts receivable
"valuation" be relevant, and why? For any accounts to which it would not be relevant,
explain why.
Cash
Cash when foreign currency translation is involved
Gross amount of accounts receivable
Net amount of accounts receivable
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 68 flashcards in this deck.
