Quiz 8: Audit Risk Assessment

Which of the following is not one of the risk assessment procedures auditors do in obtaining an understanding the entity? A)Discussions with management. B)Performing substantive procedures. C)Observing processes in action. D)Inspecting relevant documents.

Which of the following factors is not an indication of a significant risk? A)Fraud. B)Complex transactions. C)Related party transactions. D)Transactions within the normal course of business.

Which of the following is not a category of business risk? A)Audit risk. B)Operational risk. C)Compliance risk. D)Financial risk.

Which assertion is defined as: 'transactions and events that have been recorded or disclosed, have occurred and such transactions and events pertain to the entity'? A)Completeness. B)Occurrence. C)Accuracy. D)Cut-off.

Which assertion relates mainly to the possible understatement of financial statement balances through the omission of items that exist or of the effects of transactions that occurred? A)Existence. B)Rights and obligations. C)Completeness. D)Accuracy, valuation and allocation.

The importance of internal control to management and auditors has been recognised for many years.Which of the following is likely to be cited as a major factor contributing to this importance? A)The operations of the business entity have become so unwieldy that management must rely on the chief financial officer to effectively control operations. B)Checks and reviews protect against employee collusion and reduce the chance of employee fraud. C)Internal control procedures must be utilised to maintain accurate accounting records. D)It is impractical for auditors to audit most companies within economic fee limitations without relying on the client's system of internal controls.

Which of these is not one of the fundamental concepts in the COSO report's definition of internal control? A)Internal control is a guarantee. B)Internal control is a process. C)Internal control is affected by people. D)Internal control is geared to the achievement of objectives in the overlapping categories of financial reporting, compliance and operations.

ASA 315.A59 (ISA 315.A59) includes all of the following as components of internal control except: A)risk assessment process. B)information system. C)legal environment. D)control environment.

Essential to both management and auditors is a chain of evidence in the accounting system provided by coding, cross references, and documentation connecting account balances and other summary results with original data.This chain of evidence is referred to as the: A)control trail. B)audit trail. C)tracing trail. D)accounting trail.

Which of these is not a category of application controls? A)Output controls. B)Input controls. C)General controls. D)Processing controls.

Incompatible duties are those that allow an irregularity to be perpetrated: A)and concealed through collusive actions. B)by two or more employees. C)and concealed by a single employee. D)by accounting personnel.

Which of the following is incorrect concerning the segregation of duties within an organisation? A)All accounting records can generally be kept by the same person. B)The various steps involved in executing a transaction should be separated. C)The responsibility for executing a transaction, recording it and maintaining custody of resulting assets should be assigned to different individuals or departments. D)All of the above are correct statements.

Management is responsible for implementing effective controls to control risks identified in a risk assessment.Which of these would not be considered to impact on management's risk assessment? A)Expanding foreign exchange operations. B)Changing the external auditor. C)New personnel. D)New technology.

Which of the following is not generally considered one of the factors that make up the control environment? A)Board of directors. B)Audit committee. C)Organisational structure. D)Accounting package used.

A characteristic of management's philosophy and operating style is: A)being sufficiently skilled. B)exercising disciplinary action for violations of expected behaviour. C)the experience and stature of directors. D)the approach taken to monitoring business risks.

Which factor concerning boards of directors and audit committees would be considered least influential in its impact on the control environment? A)The sex of directors. B)Experience and stature of directors. C)The extent of director's involvement and scrutiny of management's activities. D)Independence from management.

Which of these is not an inherent limitation of an internal control structure? A)Collusion. B)Mistakes in judgement. C)Accounting override. D)Management override.

Restricting the use of the information system to particular authorised personnel by use of passwords is an example of: A)organisational controls. B)systems development and maintenance controls. C)data and procedural controls. D)access controls.

Which of these would be considered a limitation of internal controls? A)Internal control systems focus on routine transactions. B)Management participating in the supervision of operations. C)They compare actual performance with budgeted performance. D)All of the above.

The true statement is: A)Internal controls are more important when companies grow in size and complexity. B)Effective internal controls are able to provide absolute assurance for an entity's management and board. C)Auditors have a statutory legal obligation to report on internal controls within the entity. D)The control environment is the auditor's overall attitude, awareness and actions regarding internal control and its importance in the entity.

The least likely procedure to obtain an understanding of the internal control structure would be: A)confirming transactions. B)inspecting documents and records. C)enquiring of appropriate management. D)reviewing previous experience with the client.

A transaction walk-through review is most commonly associated with: A)documenting the understanding. B)tests of controls. C)substantive tests. D)procedures to obtain an understanding.

Which of the following is an example of how an auditor might document the understanding of internal control? A)Internal control questionnaire. B)Flow chart and narrative memoranda. C)Both of the above. D)None of the above.

Which of these is not a major advantage of the internal control questionnaire? A)It may be completed in a mechanical fashion. B)It reduces errors of omission. C)It provides guidance for less experienced staff. D)It is usually developed by experienced professionals.

Why is it important to obtain an understanding of the internal control system? A)Weak internal controls may increase the risk of material misstatement. B)To determine the level of inherent risk. C)Because strong internal controls indicate management integrity. D)All of the above.

A way to prevent unauthorised access to computer systems is: A)good access controls. B)strong firewalls. C)controls to detect attempts at unauthorised access. D)all of the above.

Flowcharts should depict all of the following except: A)the method of processing. B)the extent of segregation of duties. C)the audit procedures conducted. D)all operations performed in processing the class of transactions.

When the lower assessed level of control risk approach is used, the final assessment of control risk is made after completing: A)the procedures to obtain an understanding. B)the documentation of the understanding. C)all the planned tests of controls. D)all the above.

Which of these is one of the three components of audit risk? A)Control risk. B)Rejection risk. C)Acceptance risk. D)Deception risk.

Inherent risk is defined in terms of: A)the existing controls. B)the standard controls for the client's industry. C)a total absence of controls. D)an ideal set of controls.

The assessment of inherent risk requires consideration of matters that have a pervasive effect on the entity as a whole and matters that may affect only specific accounts.Which of the following is an example of a "pervasive effect" matter? A)Industry of operation. B)Susceptibility to misappropriation. C)Sensitivity of valuations to economic factors. D)All of the above.

For a particular assertion, control risk is the risk that: A)a material misstatement will occur in the accounting process. B)audit procedures will fail to detect a weak control system. C)control procedures will not detect a material misstatement that occurs. D)the prescribed control procedures will not be applied uniformly.

For a given assertion, the relationship between the level of detection risk (DR) and assessed control risk (CR) and inherent risk (IR) is shown correctly in which of the following, where + means increase, - means decrease: A)+DR if +CR and +IR. B)+DR if -CR and -IR. C)+DR if +CR and -IR. D)+DR if -CR and +IR.

If inherent risk and control risk are both assessed as low, detection risk will be: A)the same as audit risk. B)medium. C)high. D)low.

The control environment means management's overall attitude, awareness and actions regarding internal control and its importance in the entity.Identify and describe four factors that constitute part of the control environment.

List the fundamental concepts that are embodied in the definition of internal control as per the COSO report: …a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting and compliance.

Control activities are detailed policies and procedures that management establishes to help ensure that its directives are carried out.List the four different categories of control activities and give an example of each.