Deck 7: Understanding and Testing the Clients System of Internal Controls

A) a key control objective.
B) the control environment.
C) mitigation of audit risk.
D) financial statement assertions.

A) fictitious or duplicate transactions are not included in the books of an organization.
B) correct amounts are assigned to transactions.
C) transactions are recorded in the correct accounting period.
D) transactions are charged and allocated to the correct general ledger account.

A) human error that results in a breakdown in internal control
B) collusion by two or more individuals to circumvent a control
C) a control within a software program being overridden or disabled
D) changing audit risk parameters

A) management's philosophy and operating style
B) communication and enforcement of integrity and ethical values
C) commitment to competence
D) participation by those charged with governance

A) poor internal controls.
B) human error.
C) unethical behaviour.
D) audit risk.

A) a control within a software program being overridden or disabled
B) human error that results in a breakdown in internal control
C) collusion by two or more individuals to circumvent a control
D) all of the above

A) cut-off
B) presentation and disclosure
C) completeness
D) existence

A) there will be an increased reliance on substantive tests of transactions and account balances.
B) control risk will also be high.
C) the organization is more likely to achieve its strategic and operating objectives.
D) the organization is less likely to achieve its strategic and operating objectives.

A) processes
B) culture
C) systems
D) all of the above

A) posting
B) classification and understandability
C) valuation
D) timeliness

A) Internal control is a very broad concept.
B) Internal control eliminates the possibility of fraud and error.
C) Internal control encompasses all of the elements of an organization.
D) Internal control provides reasonable assurance about the achievement of the entity's objectives.

A) timely
B) real
C) valued
D) posted

A) efficiency.
B) classified.
C) recorded.
D) timely.

A) participation by those charged with governance
B) commitment to competence
C) segregation of duties
D) both a and b

A) authorization for access to computer programs.
B) segregating incompatible duties.
C) reviews of actual performance versus budgets.
D) periodic counting and comparison with amounts shown on control records.

A) They include management's philosophy and operating style.
B) They are policies and procedures that help make sure management's directives are carried out.
C) They help guarantee that necessary actions are taken to address risks impacting the achievement of the organization's objectives.
D) They have various objectives and are applied at various organizational and functional levels.

A) the signature of the goods by the warehouse receiver on a receiving report or a bill of lading
B) a credit check by the credit manager
C) automatic pricing of sales invoices using a master price file
D) none of the above

A) assesses the likelihood of their occurrence.
B) decides upon actions to manage them.
C) estimates their significance.
D) all of the above.

A) detective controls not being in place.
B) amounts being posted to the wrong accounting period.
C) transactions being classified and coded to incorrect accounts.
D) all of the above.

A) information processing controls
B) physical controls
C) authorization controls
D) segregation of incompatible duties

A) monitoring of controls.
B) the control environment.
C) audit committees.
D) the information system.

A) set the tone of an entity.
B) set the foundation for all other components of internal control.
C) refer to the policies and procedures that help make sure management's directives are carried out.
D) influence the control consciousness of employees.

A) a review of entity-level controls.
B) a review of the internal control system.
C) establishing audit risk.
D) none of the above.

A) monitoring controls.
B) the control environment.
C) internal controls.
D) the risk assessment process.

A) internal control activities.
B) documentation controls.
C) monitoring of controls.
D) none of the above.

A) Data files and critical applications are regularly backed up in offsite locations.
B) Program changes are subject to formal change management procedures.
C) Policies exist to ensure departing employees are denied access to software programs and databases.
D) All the above items belonged in the "controls to prevent unauthorized access to data" section of the program.

A) audit risk.
B) inherent risk.
C) control risk.
D) detection risk.

A) detective controls.
B) preventive controls.
C) entity-level controls.
D) transaction-level controls.

A) entity level controls
B) transaction-level controls
C) both a and b
D) none of the above

A) evaluations or observations made by the external auditors.
B) management's approach to correcting known significant deficiencies on a timely basis.
C) both a and b.
D) none of the above.

A) the extent to which performance of control activities relies on IT.
B) the extent to which controls included in the organization's policies are being applied.
C) whether adequate safeguards are in place to prevent unauthorized access to or destruction of documents, records and assets.
D) all of the above.

A) the susceptibility of an assertion to a material misstatement, assuming there are no related controls.
B) the risk that the auditor's testing procedures will not be effective in detecting a material misstatement.
C) the risk that a client's system of internal controls will not prevent or detect a material misstatement.
D) none of the above.

A) their independence
B) their professional judgment
C) their due care
D) none of the above

A) internal control
B) entity-level control
C) detective control
D) preventive control

A) Reconciliation of totals where input totals are compared to the output totals.
B) Output is printed to a secure printer where access is limited.
C) Reasonable checks: actual data is compared to expected data for reasonableness.
D) None of the above.

A) the persuasiveness of the evidence produced by the control
B) the degree to which the auditors intend to rely on the control as a basis for limiting their substantive tests
C) how often the control is performed
D) all of the above

A) dollar unit sampling.
B) random sampling.
C) attribute sampling.
D) haphazard sampling.

A) a reliable trail of program changes exists.
B) a programmed control can be matched to a defined program within an application.
C) the application is stable.
D) all of the above.

A) management level reviews of actual performance versus budgets
B) credit manager following up on an exception report showing sales made to a customer who has exceeded their credit limit
C) sales invoices are automatically priced using the information in the price master file
D) a bank reconciliation

A) information technology general controls.
B) automated controls.
C) manual controls.
D) all of the above.

A) entity-level controls
B) detective controls
C) tests of controls
D) preventive controls

A) to support the automated parts of the business in the functioning of the controls in place.
B) to prevent or detect misstatements in the financial statements.
C) both a and b.
D) none of the above.

A) based on the premise that a computer will continue to perform any given procedures in exactly the same way until such time as the program is changed.
B) an audit testing strategy that can be used to carry forward the benefit of certain application controls testing into future audit periods.
C) both a and b.
D) none of the above.

A) identify all potentially significant errors.
B) completely and accurately capture all data.
C) are performed on a consistent and regular basis.
D) all of the above.

A) generally rely on the client's IT applications in some way.
B) support the ongoing functioning of the programmed aspects of preventive and detective controls.
C) can be classified as program change controls or logical access controls.
D) do not rely on the client's IT environment for their operation.

A) preventive control.
B) test of controls.
C) detect control.
D) substantive procedure.

A) are the easiest to test.
B) provide the most efficient and effective audit evidence.
C) provide no assurance that the controls operated effectively throughout the period of reliance.
D) provide the least efficient and effective audit evidence.

A) Preventing errors during processing should not be an important objective of every accounting system.
B) Preventive controls can be applied to each transaction during normal processing to avoid errors occurring.
C) To be effective, controls over transactions should only include detective controls.
D) The purpose of preventive controls is to discover fraud or errors that may have occurred during transaction processing.

A) The less frequently a control is performed, the more testing the auditor needs to perform to be satisfied the control is operating effectively.
B) When other controls related to a particular objective are also in place and are tested, the level of assurance that might be needed from any one control is not as high as if the auditor were relying solely on a single control.
C) The less frequently a control is performed, the less testing the auditor needs to perform to be satisfied the control is operating effectively.
D) The results of the tests in prior audits and the current audit to date affect the perception of risk.

A) the accounts receivable clerk does not have access to the cash payments application.
B) regular and timely back-ups of data.
C) program change forms must be authorized by the IT manager.
D) all of the above.

A) detective controls
B) physical controls
C) internal controls
D) entity-wide controls

A) processing controls
B) output controls
C) input controls
D) general controls

A) account coding on purchase orders being checked by the computer to a table of valid account numbers
B) quarterly reviews of credit balances in accounts receivable to determine their causes
C) amounts are not able to be paid to employees without first matching a valid tax file number to the employee master file
D) none of the above