Homework answers / question archive / Documenting internal controls: 1

Documenting internal controls: 1

Accounting

Share With

---

Documenting internal controls:

1.is always handled through the use of checklists and preformatted questionnaires.

2.is done after internal controls are tested so that the results can be included in the documentation.

3.can be handled with a combination of narratives and flowcharts or logic diagrams.

4.is not done for smaller clients because of the risk of management override

 

If the auditor is able to collect evidence that IT general controls are strong, then the auditor can conclude that:

1.       application controls function properly and put the correct transactions on exception reports.

2.       software applications are more likely to operate consistently over time.

3.       IT transactions are adequately supported by source documents.

4.       the risk of batch totals failing to detect misstatements is low.

 

Which of the following is a good example of an IT application control over the occurrence of revenue transactions?

1.       Physical access to IT systems is limited only to specific personnel who work in the revenue cycle.

2.       The software application compares information on a sales invoice with information from the bill of lading to ensure that sales invoices are only prepared for actual shipments. Any exceptions are not processed and are set aside for manual follow-up.

3.       The software changes to the revenue program must be tested and authorized before they may be used with live data.

4.       Strong segregation of duties exists between IT operations and IT program development.

 

An auditor normally obtains an understanding of transaction-level controls by:

1.       conducting an interview with senior management.

2.       performing a system walkthrough.

3.       reading the prior year’s management letter.

4.       testing the entity’s risk assessment process.

 

In a good system of segregation of duties, which of the following duties should be segregated?

1.       Authorization of transactions, physical access to assets, and recording transactions.

2.       Authorization of transactions, physical access to assets, and management.

3.       Physical access to assets, recording of transactions, and consideration.

4.       Authorization of transactions, recording transactions, and management.

 

 

Which of the following represent a common categorization of control activities?

1.       Authorization controls, control over human error, informationprocessing controls, physical controls, and segregation of duties.

2.       Authorization controls, control over human error, informationprocessing controls, and segregation of duties.

3.       Authorization controls, information-processing controls, physical controls, and segregation of duties.

4.       Authorization controls, performance reviews, informationprocessing controls, physical controls, and segregation of duties.

 

 

 

The internal control component that addresses how an organization holds an individual accountable for his or her internal control responsibilities in pursuit of objectives is related to.

1.       the control environment.

2.       risk assessment.

3.       control activities.

4.       information and communication.

 

 

An entity’s risk assessment process:

1.       is designed to help an entity think about risk in the same way that an auditor thinks about risk.

2.       is established only if the entity is subject to unusually high risk.

3.       is the entity’s process for identifying and responding to business risks and the results of those risks.

4.       never allows management of an entity to decide to accept a risk without taking any action.

 

The objectives of internal control include:

1.       operations objectives, internal control objectives, and financial reporting objectives.

2.       operations objectives, control environment objectives, and financial reporting objectives.

3.       operations objectives, reporting objectives, and compliance objectives.

4.       isk assessment objectives, compliance objectives, and reporting objectives

 

It is important for an auditor to understand a public company’s system of internal control in order to:

1.       audit internal control over financial reporting.

2.       make a preliminary assessment of control risk.

3.       develop an audit strategy.

4.       All of these answer choices are correct

 

 

Internal control is defined as:

1.       the entity’s system to prevent, or detect and correct, misstatements in the financial statements.

2.       a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives related to operations, reporting, and compliance.

3.       a process, implemented by management, to ensure the integrity of the entity’s management information system.

4.       the entity’s system to ensure that management and those charged with governance of the entity have quality information for decision making

 

 

1.       What are the five components of internal control?

2.       Briefly explain the important aspects of a strong control environment.

3.       Explain the key elements of the client’s risk assessment process and how they interact with other components of internal control.

4.        What are the five common categories of control activities? Why is segregation of duties important when understanding internal control?

5.       Briefly explain the information and communication component of internal control.

6.       Develop several examples of monitoring activities that an auditor might expect to find in entity-level controls.

 

 

 

 

1.       Define internal control and describe the COSO framework.

2.       Explain and evaluate internal controls at the entity level.

3.       Explain and evaluate internal controls at the transaction level.

4.       Explain and evaluate information technology (IT) controls.

 

 

1.       Discuss Susan’s comment that they have already started the audit. What evidence have they gathered so far?

2.       Explain what work is being done with the spreadsheets of financial data. Give some specific examples for this client. How is this type of work relevant to different phases of the audit?

3.       When Susan is touring the client’s premises, she is taking notes of equipment and furniture she sees, especially anything that looks either newly purchased or older and unused. Explain why she is doing this.

 

Describe the general composition of an external audit team. Discuss whether a client’s internal auditors can be part of the external audit team? Provide examples of situations in which an auditor would use the work of a component auditor? List some key elements that would be included in any working paper document.

 

 

1.       Differentiate between the “occurrence” and “existence” assertions. How do both differ from “completeness”?

2.       List and describe the procedures for gathering audit evidence. At which stage(s) of the audit is each procedure appropriate?

3.       Differentiate between recalculation and reperformance, and provide an example of each.

4.       If an auditor does not have sufficient knowledge and skill in an area, the auditor can ask for the assistance of a specialist. Does this create a problem? Explain how an auditor knows if the specialist’s work is reasonable if the auditor is not also a specialist.

 

1.       Are financial statements considered statements of fact? Discuss in the context of management assertions.

2.       Explain why the quality of audit evidence is determined by the choice of audit procedure and the assertion most at risk of material misstatement.

3.       Discuss why an auditor must consider the reliability of audit evidence.

4.       Explain how inspecting a client’s tangible assets provides evidence about the completeness and existence assertions.

 

 

The working papers for a client contain both a permanent and a current file. The difference between the two files is that:

1.       the permanent file is kept by the audit partner in charge and cannot be altered after the first audit engagement is completed, but the current file can be updated.

2.       the copy of the permanent file must be sent to a regulator (PCAOB or State Board of Accountancy) and the current file is not.

3.       the permanent file includes documents that relate to the client and are relevant for more than one year’s audit, and the current file includes the details of work completed and evidence gathered that relate to the current year’s audit.

4.       the permanent file cannot be altered, but the current file can be altered.

 

 

 

 

 

Before the external auditors decide to use the work performed by the internal auditors, the external auditors must first assess:

1.       the size of the internal audit function relative to the client.

2.       the independence of the internal auditors.

3.       the supervision skills of the internal audit function.

4.       the competence and objectivity of the internal audit function

 

If a specialist is engaged to assist with the audit:

1.       it means the auditor does not have the requisite skill and knowledge to assess the item.

2.       it means the auditors should not have taken on the audit because they are not qualified.

3.       the PCAOB must be contacted and permission obtained before the specialist starts work.

4.       the auditor does not have to take responsibility for the fair presentation of the item in the financial statements

 

When an auditor inspects a tangible asset to support a balance in the client’s records, the auditor is gathering evidence to support the:

1.       completeness assertion.

2.       existence assertion.

3.       valuation and allocation assertion.

4.       rights and obligations assertion.

 

An external confirmation sent to a bank:

1.       requests information about the bank balances and loan amounts.

2.       requests information about interest rates paid on deposits and charged on loans.

3.       is relevant to the audit of interest revenue and expense.

4.       All of these answer choices are correct.

 

Which is generally the most reliable form of evidence?

1.       Internally generated evidence from the client’s IT system.

2.       Internally generated evidence based on discussions with upper management.

3.       Externally generated evidence held by the client.

4.       Externally generated evidence sent directly to the auditor.

 

The quantity of evidence that an auditor will gather:

1.       varies with the assessed risk of material misstatement.

2.       is the same for most audits because it has to be appropriate.

3.        depends on the size of the audit team.

4.       is the same for clients in the same industry

 

The three categories of management assertions are:

1.       journal entries, ledgers, and trial balances.

2.       journal entries, account balances, and financial statements.

3.       transactions, ledgers, and account balances.

4.       classes of transactions, account balances, and presentation and disclosure.

 

1.       Explain the procedures of vouching and tracing. Illustrate with an example in the context of the revenue process.

2.       What is a bank confirmation? Why is it an important confirmation?

3.       How is a positive confirmation different from a negative confirmation?

4.       Explain the audit procedure of reperformance. Illustrate with an example in the context of revenue transactions.

 

1.       Define management assertions about classes of transactions, account balances, and presentation and disclosure.

2.       Discuss the characteristics of audit evidence.

3.       Apply the procedures for gathering audit evidence, including the use of audit data analytics.

4.       Evaluate when it is appropriate for auditors to use the work of others.

 

 

What is the difference between liquidity and solvency? Why does this difference matter to an auditor? Explain, using examples, how you could use analytical procedures in assessing the risk of material misstatement of sales revenue? What are some possible explanations of a change in the gross profit margin? How could the auditor investigate which of these explanations is the most likely cause of the change in the ratio?

 

Explain the importance of the risk assessment phase of a financial statement audit? List and briefly explain the key factors the auditor would consider during risk assessment? When gaining an understanding of a client, an auditor will be interested in an entity’s relationships with both its suppliers and customers. What aspects of these relationships will the auditor be interested in and how would they affect the assessment of audit risk?

 

 

An audit committee of a publicly traded company should be composed of:

1.       executive and non-executive members of the board of directors.

2.       the CFO and two other board members who are also shareholders.

3.       the audit partner, the CFO, and a shareholder.

4.       members of the board of directors who are independent directors

 

Which of the following statements is false regarding related parties?

1.       Management should have controls in place for identifying related parties.

2.       Related party transactions do not have to be disclosed if they are conducted at “arm’s length.”

3.       A subsidiary company is considered a related party.

4.       The presence of related parties is considered a fraud risk factor

 

Analytical procedures:

1.       cannot be performed on interim data.

2.       are not affected by different accounting methods between the client and other members of the industry.

3.       must take into account seasonal variation in the client’s business.

4.       are only useful if the client’s variation from budget is low.

 

Common uses of analytical procedures include all of the following except:

1.       risk identification during the risk assessment stage.

2.       testing account balances derived from estimates during the risk response stage.

3.       overall assessment of financial statements at the final review stage of the audit.

4.       test of internal controls

 

Companies use profitability measures to assess performance and to:

1.       assess their ability to compete.

2.       maintain consistency in operations each month.

3.       measure their ability to pay short term debts on time.

4.       measure their ability to pay long term debts on time

 

 

 

When gaining an understanding of the client at the industry level, the auditor will:

1.       consider the level of demand for the goods provided by companies in the industry.

2.       determine if the client has centralized or decentralized operations.

3.        assess the amount of faulty goods the client returns to suppliers.

4.        determine if the client has a simple or complex capital structure

 

When gaining an understanding of the client’s sources of financing, the auditor:

1.       is not interested in debt covenants because most debt contracts are the same.

2.        ignores the relative reliance on debt versus equity funding because that is a management decision, not an audit issue.

3.        determines if the client is meeting principal and interest payments when they are due.

4.        determines if the client is writing off uncollectible accounts receivable.

 

When gaining an understanding of the client, the auditor will identify the geographic location of the client because:

1.       more centralized clients are harder to control.

2.       the auditor will only visit one location to assess processes and procedures. 

3.       the auditor may plan to use staff from affiliated offices to visit overseas locations.

4.       more decentralized clients are easier to control

 

When gaining an understanding of the client, the auditor will consider:

1.       related party identification.

2.       the appropriateness of the client’s system of internal controls to mitigate identified business risks.

3.       controls over the technology used to process and store data electronically.

4.       All of these answer choices are correct.

 

 

What are some of the risks associated with the use of IT? Explain the risks and develop an example of how they might be controlled?  What are two common sources of new application software? What risks are present when an entity introduces a new application and how might those risks be controlled?

 

 

1.       Why are liquidity ratios calculated? Develop an example of how a liquidity ratio might help the auditor in risk assessment.

2.       What is a trend analysis and why might an auditor use this form of analysis for risk assessment?

3.       Explain the factors that the auditor should consider when performing analytical procedures in the risk assessment process.

 

 

What is a PE ratio? Why is it important to auditors? Explain how internal performance reports may be used by auditors to assess the risk of material misstatement.  What is a debt covenant? Develop an example of why a debt covenant is important to assessing the risk of material misstatement.

 

1.       What is the purpose of gaining an understanding of a client?

2.       Explain how changing trends in an industry affect the inherent risk for an audit client, for example, in the energy industry. Illustrate with a few tangible examples.

3.       Give an example of an illegal act that could have a material but indirect effect on the financial statements.

a.        Apply procedures to gain an understanding of the client. 

b.      Explain how clients measure performance and how it impacts the auditor’s risk assessment.

c.       Demonstrate how auditors use analytical procedures when assessing risk, including the use of audit data analytics

 

a.       Explain the type of audit strategy planned by the audit team for gathering evidence about revenue recognition.

b.      Suppose during the interim testing of internal controls the team discovers a significant number of instances in which subscription revenue received in advance is recognized immediately as revenue. Analyze how the audit strategy will be impacted.

 

1.       Evaluate the inherent risks for inventory for Carl’s Computers. How would these risks affect the accounts?

2.       Identify strengths and weaknesses in the inventory control system.

3.       Comment on materiality for inventory at Carl’s Computers. Is inventory likely to be a material balance? Would all items of inventory be audited in the same way? Explain how the auditor would deal with these issues

 

Explain the relationship between planning materiality and performance materiality. Explain how setting a lower materiality level affects the number of items that are material and affects the decisions about the nature, extent, and timing of the audit procedures. Consider this statement, “Auditors should only use professional skepticism when considering fraud risk.” Do you agree or disagree with this statement? Support your position

 

Are all audits the same? Why might an audit change from year to year? How does the auditor’s assessment of planning materiality affect audit planning? What does an auditor consider when making the preliminary assessment of planning materiality? The quantitative materiality of an item is assessed relative to a particular benchmark. What are some of the choices for this benchmark, and what factors guide the auditor in this choice?

 

Why are there procedures governing the client acceptance or continuance decision? Explain why auditors do not accept every client? What is the purpose of the engagement letter? Are all engagement letters the same? Explain the relationship between the risk assessment, risk response, and reporting phases of an audit.

 

An example of an incentive or pressure that increases the risk of fraud is:

1.       the client operates in a highly competitive industry.

2.       the client has a history of reporting losses.

3.       a significant percentage of management pay is tied to earnings.

4.       All of these answer choices are correct

 

 

 

The audit strategy known as “reliance on controls approach”:

1.       is appropriate when internal controls are minimal.

2.       means the auditor will spend minimum effort testing the client’s system of internal controls.

3.       requires the auditor to conduct extensive control testing.

4.       means the auditor will conduct extensive year-end accountbalance testing