Auditing Chapter 6

59 terms by eleazar123 

Create a new folder

Advertisement Upgrade to remove ads

6-1) What are management's incentives for establishing and maintaining strong internal control? What are the auditor's main concerns with internal control?

Strong internal controls ensure that assets and records are properly safeguarded. Management also needs a control system that generates reliable information for decision making. If the information system does not generate reliable information, management may be unable to make informed decisions about issues such as product pricing, cost of production, and profit information.
The auditor uses the understanding of the entities internal control to identify the types of potential misstatements, ascertain factors that affect the risk of material misstatement, and design tests of controls and substantive procedures. The auditors understanding of internal control is a major factor in determining the overall audit strategy.

6-2) Describe the five components of internal control.

Benefits:
o Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data
o Enhancement of the timeliness, availability, and accuracy of information
o Facilitation of additional analysis of information
o Enhancement of the ability to monitor the performance of the entity activities and its policies and procedures
o Reduction in the risk that controls will be circumvented
o Enhancement of the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems
Risks:
o Reliance on systems or programs that inaccurately process data, process inaccurate data, or both
o Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions
o Unauthorized changes to data in master files
o Unauthorized changes to systems or programs
o Failure to make necessary changes to systems or programs
o Inappropriate manual intervention
o Potential loss of data

6-3) Describe the five components of internal control.

Components of Internal Control:
o The control environment: sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. The control environment includes the attitudes, awareness, policies, and actions of management and the board of directors concerning the entity's internal control and its importance in the entity.
o The entity's risk assessment process: How management identifies risks relevant to the preparation of financial statements that are fairly presented in conformity with GAAP, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them.
o The information system and related business processes relevant to financial reporting and communication: includes the accounting system, consists of the procedures, whether automated or manual, and records established to initiate, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities, and equity. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.
o Control activities: policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities, whether automated or manual, have various objectives and are applied at various organizational and functional levels.
o Monitoring of controls: A process to assess the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions.

6-4) What are the factors that affect the control environment?

Factors affecting the control environment:
o Communication and enforcement of integrity and ethical values
o A commitment to competence
o Participation of those charged with governance
o Management's philosophy and operating style
o Organizational structure
o Assignment of authority and responsibility
o Human resource policies and practices

6-5) What are the major differences between a substantive strategy and a reliance strategy when the auditor considers when the auditor considers internal control in planning an audit?

Substantive strategy- the auditor has decided not to rely on the entity's controls and instead use substantive procedures as the main source of evidence about the assertions in the financial statements.
Reliance Strategy- the auditor intends to rely on the entity's controls. If a reliance strategy is followed, the auditor may need a more detailed understanding of internal control to develop a preliminary or "planned" assessment of control risk.

6-6) Why must the auditor obtain an understanding of internal control?

The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This understanding includes knowledge about the design of relevant controls and whether they have been placed in operation by the entity. The auditor uses this knowledge to:
o Identify the types of potential misstatement
o Pinpoint the factors that affect the risk of material misstatement
o Design tests of controls and substantive procedures

6-7) What is meant by the concept of reasonable assurance in terms of internal control? What are the inherent limitations of internal control?

Reasonable assurance recognizes that the cost of an entity's internal control system should not exceed the benefits that are expected to be derived.
The effectiveness of any internal control system is subject to certain inherent limitations:
o Management override of internal control
o Personnel errors or mistakes
o Collusion

6-8) List the tools that can document the understanding of internal control.

Tools that can document the understanding of internal control:
o The entity's procedures manuals and organizational charts
o Narrative description
o Internal control questionnaires
o Flowcharts

6-9) What are the requirements under auditing standards for documenting the assessed level of control risk?

The auditor's assessment of the level of control risk can be documented using:
o Structured working paper
o Internal control questionnaire
o A memorandum

6-10) What factors should the auditor consider when substantive procedures are to be completed at an interim date? If the auditor conducts substantive procedures at an interim date, what audit procedures would normally be completed for the remaining period?

Factors to consider when substantive procedures are to be completed at an interim date:
o The control environment and other relevant controls
o The availability of information at a later date that is necessary for the auditor's procedures
o The objective of the substantive procedure
o The assessed risk of material misstatement
o The nature of the class of transactions or account balance and relevant assertions
o The ability of the auditor to reduce the risk that misstatements existing at the periods end are not detected by performing appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period
Substantive procedures conducted in the remaining period include comparing the year-end account balance with the interim account balance. It might also involve conducting analytical procedures or reviewing related journals and ledgers for large or unusual transactions.

6-11) What is the auditor's responsibility for communicating control deficiencies that are severe enough to be considered significant deficiencies or material weaknesses.

The auditor MUST communicate in writing, any discovered significant deficiencies and material weaknesses to management and those charged with governance.

Chapter 6: Internal Control in a Financial Statement
6-1) What are management's incentives for establishing and maintaining strong internal control? What are the auditor's main concerns with internal control?

Strong internal controls ensure that assets and records are properly safeguarded. Management also needs a control system that generates reliable information for decision making. If the information system does not generate reliable information, management may be unable to make informed decisions about issues such as product pricing, cost of production, and profit information.
The auditor uses the understanding of the entities internal control to identify the types of potential misstatements, ascertain factors that affect the risk of material misstatement, and design tests of controls and substantive procedures. The auditors understanding of internal control is a major factor in determining the overall audit strategy.

6-2) What are the potential benefits and risks to an entity's internal control from information technology?

Benefits:
o Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data
o Enhancement of the timeliness, availability, and accuracy of information
o Facilitation of additional analysis of information
o Enhancement of the ability to monitor the performance of the entity activities and its policies and procedures
o Reduction in the risk that controls will be circumvented
o Enhancement of the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems
Risks:
o Reliance on systems or programs that inaccurately process data, process inaccurate data, or both
o Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions
o Unauthorized changes to data in master files
o Unauthorized changes to systems or programs
o Failure to make necessary changes to systems or programs
o Inappropriate manual intervention
o Potential loss of data

6-3) Describe the five components of internal control.

Components of Internal Control:
o The control environment: sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. The control environment includes the attitudes, awareness, policies, and actions of management and the board of directors concerning the entity's internal control and its importance in the entity.
o The entity's risk assessment process: How management identifies risks relevant to the preparation of financial statements that are fairly presented in conformity with GAAP, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them.
o The information system and related business processes relevant to financial reporting and communication: includes the accounting system, consists of the procedures, whether automated or manual, and records established to initiate, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities, and equity. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.
o Control activities: policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities, whether automated or manual, have various objectives and are applied at various organizational and functional levels.
o Monitoring of controls: A process to assess the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions.

6-4) What are the factors that affect the control environment?

Factors affecting the control environment:
o Communication and enforcement of integrity and ethical values
o A commitment to competence
o Participation of those charged with governance
o Management's philosophy and operating style
o Organizational structure
o Assignment of authority and responsibility
o Human resource policies and practices

6-5) What are the major differences between a substantive strategy and a reliance strategy when the auditor considers when the auditor considers internal control in planning an audit?

Substantive strategy- the auditor has decided not to rely on the entity's controls and instead use substantive procedures as the main source of evidence about the assertions in the financial statements.
Reliance Strategy- the auditor intends to rely on the entity's controls. If a reliance strategy is followed, the auditor may need a more detailed understanding of internal control to develop a preliminary or "planned" assessment of control risk.

6-6) Why must the auditor obtain an understanding of internal control?

The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This understanding includes knowledge about the design of relevant controls and whether they have been placed in operation by the entity. The auditor uses this knowledge to:
o Identify the types of potential misstatement
o Pinpoint the factors that affect the risk of material misstatement
o Design tests of controls and substantive procedures

6-7) What is meant by the concept of reasonable assurance in terms of internal control? What are the inherent limitations of internal control?

Reasonable assurance recognizes that the cost of an entity's internal control system should not exceed the benefits that are expected to be derived.
The effectiveness of any internal control system is subject to certain inherent limitations:
o Management override of internal control
o Personnel errors or mistakes
o Collusion

6-8) List the tools that can document the understanding of internal control.

Tools that can document the understanding of internal control:
o The entity's procedures manuals and organizational charts
o Narrative description
o Internal control questionnaires
o Flowcharts

6-9) What are the requirements under auditing standards for documenting the assessed level of control risk?

The auditor's assessment of the level of control risk can be documented using:
o Structured working paper
o Internal control questionnaire
o A memorandum

6-10) What factors should the auditor consider when substantive procedures are to be completed at an interim date? If the auditor conducts substantive procedures at an interim date, what audit procedures would normally be completed for the remaining period?

Factors to consider when substantive procedures are to be completed at an interim date:
o The control environment and other relevant controls
o The availability of information at a later date that is necessary for the auditor's procedures
o The objective of the substantive procedure
o The assessed risk of material misstatement
o The nature of the class of transactions or account balance and relevant assertions
o The ability of the auditor to reduce the risk that misstatements existing at the periods end are not detected by performing appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period
Substantive procedures conducted in the remaining period include comparing the year-end account balance with the interim account balance. It might also involve conducting analytical procedures or reviewing related journals and ledgers for large or unusual transactions.

6-11) What is the auditor's responsibility for communicating control deficiencies that are severe enough to be considered significant deficiencies or material weaknesses.

The auditor MUST communicate in writing, any discovered significant deficiencies and material weaknesses to management and those charged with governance.

6-12) An auditor's primary consideration regarding an entity's internal controls is whether they

Affect the financial statement assertions

6-13) Which of the following statements about internal control is correct?

The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.

6-14) Which of the following is not a component of an entity's internal control system?

Control risk

6-15) In which of the following situations would an auditor most likely use a reliance strategy?

A client receives sales orders, bills customers, and receives payment based only on information generated from its IT system- no paper trail is generated

6-16)After obtaining an understanding of an entity's internal control system, an auditor may set control risk at the maximum level for some assertions because he or she

Believes the internal controls are unlikely to be effective

6-17) Regardless of the assessed level of control risk, an auditor would perform some

Substantive procedures to restrict detection risk for significant transaction classes.

6-18) Assessing control risk below maximum involves all of the following except

Concluding that controls are ineffective.

6-19)Which of the following audit techniques would be most likely to provde an auditor with the most assurance about the effectiveness of the operation of a control?

Reperformance of the control by the auditor

6-20) Audit evidence concerning proper segregation of duties ordinarily is best obtained by

Inspection of documents prepared by a third party, but which contain the initials of those applying client controls

6-21) Reports by the service organization's auditor typically

Assess whether the service organization's controls are suitably designed and operating effectively

6-22) Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent

Significant deficiencies in the design or operation of the internal control.

6-23) An auditor's flowchart of a client's accounting system is a diagrammatic representation that depicts the auditor's

Understanding of the system.

6-24) An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus?

General controls

6-1) What are management's incentives for establishing and maintaining strong internal control? What are the auditor's main concerns with internal control?

Strong internal controls ensure that assets and records are properly safeguarded. Management also needs a control system that generates reliable information for decision making. If the information system does not generate reliable information, management may be unable to make informed decisions about issues such as product pricing, cost of production, and profit information.
The auditor uses the understanding of the entities internal control to identify the types of potential misstatements, ascertain factors that affect the risk of material misstatement, and design tests of controls and substantive procedures. The auditors understanding of internal control is a major factor in determining the overall audit strategy.

6-2) What are the potential benefits and risks to an entity's internal control from information technology?

Benefits
o Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data
o Enhancement of the timeliness, availability, and accuracy of information
o Facilitation of additional analysis of information
o Enhancement of the ability to monitor the performance of the entity activities and its policies and procedures
o Reduction in the risk that controls will be circumvented
o Enhancement of the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems
Risks
o Reliance on systems or programs that inaccurately process data, process inaccurate data, or both
o Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions
o Unauthorized changes to data in master files
o Unauthorized changes to systems or programs
o Failure to make necessary changes to systems or programs
o Inappropriate manual intervention
o Potential loss of data

6-3) Describe the five components of internal control.

Components of Internal Control
o The control environment: sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. The control environment includes the attitudes, awareness, policies, and actions of management and the board of directors concerning the entity's internal control and its importance in the entity.
o The entity's risk assessment process: How management identifies risks relevant to the preparation of financial statements that are fairly presented in conformity with GAAP, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them.
o The information system and related business processes relevant to financial reporting and communication: includes the accounting system, consists of the procedures, whether automated or manual, and records established to initiate, record, process, and report entity transactions and to maintain accountability for the related assets, liabilities, and equity. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting.
o Control activities: policies and procedures that help ensure that management directives are carried out, for example, that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities, whether automated or manual, have various objectives and are applied at various organizational and functional levels.
o Monitoring of controls: A process to assess the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions.

6-4) What are the factors that affect the control environment?

Factors affecting the control environment
o Communication and enforcement of integrity and ethical values
o A commitment to competence
o Participation of those charged with governance
o Management's philosophy and operating style
o Organizational structure
o Assignment of authority and responsibility
o Human resource policies and practices

6-5) What are the major differences between a substantive strategy and a reliance strategy when the auditor considers when the auditor considers internal control in planning an audit?

Substantive strategy- the auditor has decided not to rely on the entity's controls and instead use substantive procedures as the main source of evidence about the assertions in the financial statements.
Reliance Strategy- the auditor intends to rely on the entity's controls. If a reliance strategy is followed, the auditor may need a more detailed understanding of internal control to develop a preliminary or "planned" assessment of control risk.

6-6) Why must the auditor obtain an understanding of internal control?

The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This understanding includes knowledge about the design of relevant controls and whether they have been placed in operation by the entity. The auditor uses this knowledge to
o Identify the types of potential misstatement
o Pinpoint the factors that affect the risk of material misstatement
o Design tests of controls and substantive procedures

6-7) What is meant by the concept of reasonable assurance in terms of internal control? What are the inherent limitations of internal control?

Reasonable assurance recognizes that the cost of an entity's internal control system should not exceed the benefits that are expected to be derived.
The effectiveness of any internal control system is subject to certain inherent limitations
o Management override of internal control
o Personnel errors or mistakes
o Collusion

6-8) List the tools that can document the understanding of internal control.

Tools that can document the understanding of internal control
o The entity's procedures manuals and organizational charts
o Narrative description
o Internal control questionnaires
o Flowcharts

6-9) What are the requirements under auditing standards for documenting the assessed level of control risk?

The auditor's assessment of the level of control risk can be documented using
o Structured working paper
o Internal control questionnaire
o A memorandum

6-10) What factors should the auditor consider when substantive procedures are to be completed at an interim date? If the auditor conducts substantive procedures at an interim date, what audit procedures would normally be completed for the remaining period?

Factors to consider when substantive procedures are to be completed at an interim date
o The control environment and other relevant controls
o The availability of information at a later date that is necessary for the auditor's procedures
o The objective of the substantive procedure
o The assessed risk of material misstatement
o The nature of the class of transactions or account balance and relevant assertions
o The ability of the auditor to reduce the risk that misstatements existing at the periods end are not detected by performing appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period
Substantive procedures conducted in the remaining period include comparing the year-end account balance with the interim account balance. It might also involve conducting analytical procedures or reviewing related journals and ledgers for large or unusual transactions.

6-11) What is the auditor's responsibility for communicating control deficiencies that are severe enough to be considered significant deficiencies or material weaknesses.

The auditor MUST communicate in writing, any discovered significant deficiencies and material weaknesses to management and those charged with governance.

6-12) An auditor's primary consideration regarding an entity's internal controls is whether they

Affect the financial statement assertions

6-13) Which of the following statements about internal control is correct?

The cost-benefit relationship is a primary criterion that should be considered in designing an internal control system.

6-14) Which of the following is not a component of an entity's internal control system?

Control risk

6-15) In which of the following situations would an auditor most likely use a reliance strategy?

A client receives sales orders, bills customers, and receives payment based only on information generated from its IT system- no paper trail is generated

6-16)After obtaining an understanding of an entity's internal control system, an auditor may set control risk at the maximum level for some assertions because he or she

Believes the internal controls are unlikely to be effective

6-17) Regardless of the assessed level of control risk, an auditor would perform some

Substantive procedures to restrict detection risk for significant transaction classes.

6-18) Assessing control risk below maximum involves all of the following except

Concluding that controls are ineffective.

6-19)Which of the following audit techniques would be most likely to provde an auditor with the most assurance about the effectiveness of the operation of a control?

Reperformance of the control by the auditor

6-20) Audit evidence concerning proper segregation of duties ordinarily is best obtained by

Inspection of documents prepared by a third party, but which contain the initials of those applying client controls

6-21) Reports by the service organization's auditor typically

Assess whether the service organization's controls are suitably designed and operating effectively

6-22) Significant deficiencies are matters that come to an auditor's attention that should be communicated to an entity's audit committee because they represent

Significant deficiencies in the design or operation of the internal control.

6-23) An auditor's flowchart of a client's accounting system is a diagrammatic representation that depicts the auditor's

Understanding of the system.

6-24) An auditor anticipates assessing control risk at a low level in an IT environment. Under these circumstances, on which of the following controls would the auditor initially focus?

General controls

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set