ACC 4013 Chapter 5 Questions-answers PDF

Preview

Summary

Download ACC 4013 Chapter 5 Questions-answers PDF

Description

Chapter 5: Risk Assessment: Internal Control Evaluation Section 302 of the Sarbanes-Oxley Act ______. requires management to assess the risks it wishes to control makes managers responsible for establishing a control environment Obtaining an understanding of the information system relevant to financial reporting includes understanding ______. the nature of the underlying accounting records, information and accounts used to execute a transaction how the information system captures events and conditions other than transactions significant to the financial statements Common monitoring controls include ______. periodic evaluation of controls by internal audit supervisory review of controls self-assessments by boards regarding the effectiveness of their oversight True or false: To achieve the specific objectives of each of the three goals, the COSO framework defines five components of a properly designed internal control system that work independently of each other to support the system's overall effectiveness. False. An employee knowingly doing something to bypass the internal control system is an act of ______. deliberate circumvention According to professional standards, the audit team's evaluation of the sufficiency of management's control activities is ______. Always required. Gaining an understanding of internal controls should start by identifying ___ accounts and disclosures and their ___. Significant; relevant assertions Separation of duties ______. forces different people or departments to deal with different facets of transactions prevents incompatible responsibilities prevents fraud that do not involve collusion Section 302 of the Sarbanes-Oxley Act ______. allows managers to make their own judgments about the necessity of specific controls makes management responsible for monitoring, supervising and maintaining control activities is designed to ensure the proper "tone at the top" Common monitoring controls include ______. analysis of and follow up items that might by indicative of a control failure

quality assurance review of the internal audit department self-assessments by management regarding the tone they set Two or more people working together to circumvent the internal control system is called ___ and it cannot be prevented by separation of duties. Collusion When gaining an understanding of internal controls, assertions should ______. only be considered if they are relevant If the audit-team decides an entity-level control sufficiently reduces a specific risk ______. transaction-level controls related to that risk may not be needed Combinations of duties that place a single person in a position to create and conceal misstatements due to errors or frauds in their normal job are ___ responsibilities incompatible Flowcharts___ are easy to evaluate after they are completed can be helpful in identifying missing controls are time-consuming to construct Flowcharts___ should include narrative explanations should flow from left to right and top to bottom must be understandable to an audit supervisor Internal control questionnaires ______. are somewhat unique for each organization help the auditing team obtain evidence about the control environment can be useful in detecting internal control weaknesses Internal control questionnaires ______. make it less likely for the audit team to forget to cover an important point should be used in combination with other methods tend to be inflexible After understanding and documenting internal control, the audit team should be able to ______. make a preliminary assessment of control risk Controls that are pervasive to the internal control system and the reliability of the financial statements as a whole are called ______ - level controls. Entity

Comparing all customers' credit limits to the sum of their outstanding credit balance plus a potential sales transaction as a means of checking for potential over-limit conditions is an example of ______ testing. Exception When control activities do not lend themselves to automated testing, the audit team is likely to use audit to test the population. Sampling The preliminary assessment of control risk ______. may be made after understanding and documenting internal control includes identifying activities explicitly designed to support reliable financial statement reporting When testing controls, the audit team often uses ___about the existence of the activity and then corroborate the evidence by observing the control activities are actually being performed. Inquiry For all relevant assertions for each significant account and disclosure, the audit team begins by examining ___ -___ controls that are pervasive to the internal control system and reliability of the financial statements as a whole. Entity-level Under Sarbanes-Oxley, an audit of the internal control system over financial reporting is required and ______. must be integrated with the financial statement audit Using an automated test procedure designed to test all items in a population as a means to identify a violation of control activities is an example of testing Exception A key factor in audit sampling is that, for a sample to be considered , all items in a population must have an opportunity to be selected. Representative AS 2201 encourages the audit team to use the work of internal auditors but the audit team must evaluate their___and___ and perform some tests of their work. Competency Objectivity The four methods of testing controls are ___, ___, document examination and___. Inquiry Observation Reperformance

Procedures related to internal control in an integrated audit performed under AS 2201 are ______ than those in a GAAS audit for a nonpublic entity. Far more extensive The audit team's first step in gaining an understand of the client's internal control system should focus on ______. Entity-level controls True or false: For audits of internal control, the audit team must understand and evaluate internal controls for the entire period. False The audit team's focuses on threats to the integrity of the external financial reporting process by taking a ___ - ___ approach to evaluating the effectiveness of the internal control system over financial reporting. Top-down When a properly designed control is either ignored or inappropriately applied, a(n) ______ has occurred. Operating deficiency A deficiency that results in a reasonable possibility that a material misstatement would not be prevented or detected on a timely basis is a(n) ______. Material weakness A deficiency in internal controls that is less severe than a material weakness yet important enough to merit attention from those charged with governance is a(n) ___ Significant deficiency The focus of AS 2201 is to determine whether a(n) ____ exists at the end of the year being reported on. If it does, the entity's internal control over financial reporting cannot be considered effective. Material weakness A problem relating to either a necessary control that is missing or an existing control so poorly constructed that it fails to satisfy the control's objective is called a(n) ______. Design deficiency A material weakness is a deficiency that results in a(n) ___ that a material misstatement would not be prevented or detected on a timely basis. Reasonable possibility The magnitude of the potential misstatement that could occur and would not be detected on a timely basis is the primary difference between a(n) ______. material weakness and significant deficiency

When either the design or operation of the control under consideration does not allow the entity's management or employees to detect or prevent misstatements in a timely fashion an internal control exists. Deficiency Serious internal control deficiencies can be categorized as either ___ deficiencies or___ Significant; material weakness...