Deck 7: Understanding and Testing the Clients System of Internal Controls

A) poor internal controls.
B) human error.
C) unethical behaviour.
D) audit risk.

A) cut-off
B) presentation
C) completeness
D) existence

A) efficiency.
B) classified.
C) recorded.
D) timely.

A) processes
B) culture
C) systems
D) all of the above

A) valuation
B) allocation
C) classification
D) presentation

A) a control within a software program being overridden or disabled
B) human error that results in a breakdown in internal control
C) collusion by two or more individuals to circumvent a control
D) all of the above

A) Internal control is a very broad concept.
B) Internal control eliminates the possibility of fraud and error.
C) Internal control encompasses all of the elements of an organization.
D) Internal control provides reasonable assurance about the achievement of the entity's objectives.

A) Internal controls encompass all of the elements of an organization.
B) Internal controls support the achievement of an organization's objectives.
C) Internal controls don't have to be understood if a totally substantive approach is adopted.
D) Internal controls comprise a key component of audit risk assessment.

A) human error that results in a breakdown in internal control
B) collusion by two or more individuals to circumvent a control
C) a control within a software program being overridden or disabled
D) changing audit risk parameters

A) posting
B) classification
C) valuation
D) timeliness

A) timely
B) real
C) valued
D) posted

A) there will be an increased reliance on substantive tests of transactions and account balances.
B) control risk will also be high.
C) the organization is more likely to achieve its strategic and operating objectives.
D) the organization is less likely to achieve its strategic and operating objectives.

A) fictitious or duplicate transactions are not included in the books of an organization.
B) correct amounts are assigned to transactions.
C) transactions are recorded in the correct accounting period.
D) transactions are charged and allocated to the correct general ledger account.

A) human error
B) collusion between two or more employees
C) lack of knowledge of internal controls
D) overriding of a control within a software program

A) the susceptibility of an assertion to a material misstatement, assuming there are no related controls.
B) the risk that the auditor's testing procedures will not be effective in detecting a material misstatement.
C) the risk that a client's system of internal controls will not prevent or detect a material misstatement.
D) none of the above

A) audit risk.
B) inherent risk.
C) control risk.
D) detection risk.

A) authorization for access to computer programs.
B) segregating incompatible duties.
C) reviews of actual performance versus budgets.
D) periodic counting and comparison with amounts shown on control records.

A) management's philosophy and operating style
B) communication and enforcement of integrity and ethical values
C) commitment to competence
D) participation by those charged with governance

A) evaluations or observations made by the external auditors.
B) management's approach to correcting known significant deficiencies on a timely basis.
C) both a and b
D) none of the above

A) They include management's philosophy and operating style.
B) They are policies and procedures that help make sure management's directives are carried out.
C) They help guarantee that necessary actions are taken to address risks impacting the achievement of the organization's objectives.
D) They have various objectives and are applied at various organizational and functional levels.

A) detective controls.
B) preventive controls.
C) entity-level controls.
D) transaction-level controls.

A) their independence
B) their professional judgment
C) their due care
D) none of the above

A) information processing controls
B) physical controls
C) authorization controls
D) segregation of incompatible duties

A) participation by those charged with governance
B) commitment to competence
C) segregation of duties
D) both a and b

A) monitoring of controls.
B) the control environment.
C) audit committees.
D) the information system.

A) a key control objective.
B) the control environment.
C) mitigation of audit risk.
D) financial statement assertions.

A) internal control activities.
B) documentation controls.
C) monitoring of controls.
D) none of the above

A) assesses the likelihood of their occurrence.
B) decides upon actions to manage them.
C) estimates their significance.
D) all of the above

A) a review of entity-level controls.
B) a review of the internal control system.
C) establishing audit risk.
D) none of the above

A) entity level controls
B) transaction-level controls
C) both a and b
D) none of the above

A) monitoring controls.
B) the control environment.
C) internal controls.
D) the risk assessment process.

A) the extent to which performance of control activities relies on IT.
B) the extent to which controls included in the organization's policies are being applied.
C) whether adequate safeguards are in place to prevent unauthorized access to or destruction of documents, records and assets.
D) all of the above

A) set the tone of an entity.
B) set the foundation for all other components of internal control.
C) refer to the policies and procedures that help make sure management's directives are carried out.
D) influence the control consciousness of employees.

A) generally rely on the client's IT applications in some way.
B) support the ongoing functioning of the programmed aspects of preventive and detective controls.
C) can be classified as program change controls or logical access controls.
D) do not rely on the client's IT environment for their operation.

A) are the easiest to test.
B) provide the most efficient and effective audit evidence.
C) provide no assurance that the controls operated effectively throughout the period of reliance.
D) provide the least efficient and effective audit evidence.

A) the signature of the goods by the warehouse receiver on a receiving report or a bill of lading
B) a credit check by the credit manager
C) automatic pricing of sales invoices using a master price file
D) none of the above

A) to support the automated parts of the business in the functioning of the controls in place.
B) to prevent or detect misstatements in the financial statements.
C) both a and b
D) none of the above

A) dollar unit sampling.
B) random sampling.
C) attribute sampling.
D) haphazard sampling.

A) detective controls not being in place.
B) amounts being posted to the wrong accounting period.
C) transactions being classified and coded to incorrect accounts.
D) all of the above

A) processing controls
B) output controls
C) input controls
D) general controls

A) Reconciliation of totals where input totals are compared to the output totals.
B) Output is printed to a secure printer where access is limited.
C) Reasonable checks: actual data is compared to expected data for reasonableness.
D) none of the above

A) The less frequently a control is performed, the more testing the auditor needs to perform to be satisfied the control is operating effectively.
B) When other controls related to a particular objective are also in place and are tested, the level of assurance that might be needed from any one control is not as high as if the auditor were relying solely on a single control.
C) The less frequently a control is performed, the less testing the auditor needs to perform to be satisfied the control is operating effectively.
D) The results of the tests in prior audits and the current audit to date affect the perception of risk.

A) detective controls
B) physical controls
C) internal controls
D) entity-wide controls

A) preventive control.
B) test of controls.
C) detect control.
D) substantive procedure.

A) Data files and critical applications are regularly backed up in offsite locations.
B) Program changes are subject to formal change management procedures.
C) Policies exist to ensure departing employees are denied access to software programs and databases.
D) All the above items belonged in the "controls to prevent unauthorized access to data" section of the program.

A) Preventing errors during processing should not be an important objective of every accounting system.
B) Preventive controls can be applied to each transaction during normal processing to avoid errors occurring.
C) To be effective, controls over transactions should only include detective controls.
D) The purpose of preventive controls is to discover fraud or errors that may have occurred during transaction processing.

A) the persuasiveness of the evidence produced by the control
B) the degree to which the auditors intend to rely on the control as a basis for limiting their substantive tests
C) how often the control is performed
D) all of the above

A) information technology general controls.
B) automated controls.
C) manual controls.
D) all of the above

A) the accounts receivable clerk does not have access to the cash payments application.
B) regular and timely back-ups of data.
C) program change forms must be authorized by the IT manager.
D) all of the above

A) account coding on purchase orders being checked by the computer to a table of valid account numbers
B) quarterly reviews of credit balances in accounts receivable to determine their causes
C) amounts are not able to be paid to employees without first matching a valid tax file number to the employee master file
D) none of the above

A) identify all potentially significant errors.
B) completely and accurately capture all data.
C) are performed on a consistent and regular basis.
D) all of the above

A) management level reviews of actual performance versus budgets
B) credit manager following up on an exception report showing sales made to a customer who has exceeded their credit limit
C) sales invoices are automatically priced using the information in the price master file
D) a bank reconciliation

A) internal control
B) entity-level control
C) detective control
D) preventive control