Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Auditing and Assurance Services, 16e (Arens/Elder/Beasley)
Chapter 12 Assessing Control Risk and Reporting on Internal Controls
12.1 Learning Objective 12-1
1) When the auditor attempts to understand the operation of the accounting system by tracing a
few transactions through the accounting system, the auditor is said to be
A) tracing.
B) vouching.
C) performing a walkthrough.
D) testing controls.
2) For financial statement audits, auditors need to understand controls that are relevant to the
audit in order to
A) identify and assess the risks of material misstatements.
B) perform preliminary analytical procedures.
C) detect fraud.
D) assess inherent risk.
3) Narratives, flowcharts, and internal control questionnaires are three common methods of
A) testing the internal controls.
B) documenting the auditor's understanding of internal controls.
C) designing the audit manual and procedures.
D) documenting the auditor's understanding of a client's organizational structure.
4) When dealing with the documentation of internal control,
A) in a narrative, most questions simply require a "yes" or "no" response.
B) questionnaires offer useful checklists to remind the auditor of the many different types of
internal controls that should exist.
C) questionnaires and flowcharts should not be used together.
D) flowcharts fail to show the segregation of duties in the company.
5) Which type of evidence is not used by the auditor to obtain an understanding of the design
and implementation of internal control?
A) inquiry
B) observation
C) confirmation
D) inspection
6) Walkthroughs combine observation, inspection, and inquiry to assure that the controls
designed by management have been implemented.
7) A narrative should describe the disposition of every document and record in the system.
8) Flowcharts are harder to read aad update than narratives.
9) When documenting their understanding of a client's internal controls, auditors are required to
use narratives.
12.2 Learning Objective 12-2
1) When making a preliminary assessment of control risk, the starting point for most auditors is
A) IT assessment controls.
B) assessment of entity level controls.
C) transaction-related controls.
D) fraud controls.
2) You are performing the audit of internal control for Clifton Company. Which of the following
would represent a material weakness in internal control?
A) The company's audit committee has experienced unusual turnover of members.
B) The company's CFO was indicted for embezzling from the company.
C) Bank reconciliations are done monthly.
D) The CEO retired after twenty years of service to the company.
3) The employee in charge of authorizing credit to the company's customers does not fully
understand the concept of credit risk. This lack of knowledge would
A) constitute a deficiency in operation of internal controls.
B) constitute a deficiency in design of internal controls.
C) constitute a deficiency of management.
D) not constitute a deficiency.
4) When assessing whether the financial statements are auditable, the auditor must consider
A) that the integrity of management and the adequacy of accounting records are the two primary
factors determining auditability.
B) that the integrity of management and the adequacy of risk management are the two primary
factors determining auditability.
C) that if all of the transaction information is available only in electronic form without a visible
audit trail, the company cannot be audited.
D) the control risk before determining if the entity is auditable.
5) Once auditors determine that entity level controls are designed and placed in the operation,
they
A) make a preliminary assessment for each transaction-related audit objective for each major
type of transaction.
B) make a preliminary assessment of control risk.
C) obtain an understanding of the design and implementation of internal control.
D) prepare audit documentation in order to express their opinion on the company's internal
control system.
6) Which of the following is the correct definition of "control deficiency"?
A) A control deficiency exists if the design or operation of controls does not permit company
personnel to prevent or detect misstatements on a timely basis.
B) A control deficiency exists if one or more deficiencies exist that adversely affect a company's
ability to prepare external financial statements reliably.
C) A control deficiency exists if the design or operation of controls results in a more than remote
likelihood that controls will not prevent or detect misstatements.
D) A control deficiency exists if the design or operation of controls results in a more than
probable likelihood that controls will prevent or detect misstatements.
7) Which deficiency exists if a necessary control is missing or not properly implemented?
A) control
B) significant
C) design
D) operating
8) To determine if significant internal control deficiencies are material weaknesses, they must be
evaluated on their
A)
Likelihood
Significance
Yes
Yes
B)
Likelihood
Significance
No
No
C)
Likelihood
Significance
Yes
No
D)
Likelihood
Significance
No
Yes
9) The auditor should identify and include only ________ controls since they will be sufficient to
achieve the transaction-related audit objectives and will also provide audit efficiency.
A) key
B) significant
C) material
D) compensating
10) Before making the final assessment of internal control at the end of an audit, the auditor must
A)
Test controls
Perform substantive tests
Yes
Yes
B)
Test controls
Perform substantive tests
No
No
C)
Test controls
Perform substantive tests
Yes
No
D)
Test controls
Perform substantive tests
No
Yes
11) When identifying audit objectives and existing controls,
A) audit objectives are identified for classes of transactions, account balances, and presentation
and disclosure.
B) the auditor identifies controls to satisfy each objective.
C) it is helpful for the auditor to use the five control activities as reminders of controls.
D) all of the above
12) A(n) ________ control is a control elsewhere in the system that offsets the absence of a key
control.
A) significant
B) alternate
C) design
D) compensating
13) A ________ exists if one or more control deficiencies exist that are less severe than a
material weakness, but are important enough to merit attention by those responsible for oversight
of the company's financial reporting.
A) potential misstatement
B) significant weakness
C) significant deficiency
D) fraud symptom
14) A five-step approach can be used to identify deficiencies, significant deficiencies, and
material weaknesses. The first step in this approach is
A) identify the absence of key controls.
B) consider the possibility of compensating controls.
C) determine potential misstatements that could result.
D) identify existing controls.
15) When assessing control risk,
A) many auditors use actuarial tables to assist in the control risk assessment process.
B) each control can be used to satisfy only one audit objective.
C) many auditors use a control risk matrix to assist in the control risk assessment process.
D) all controls, including key controls, should be considered.
16) When a compensating control exists, the absence of a key control
A) is no longer a concern because there is no longer a significant deficiency or material
weakness.
B) is still a major concern to the auditor.
C) could cause a material loss, so it must be tested using substantive procedures.
D) is magnified and must be removed from the sampling process and examined in its entirety.
17) You are the audit manager for a new audit client. Your staff auditors are unsure of what
constitutes a control deficiency. Discuss the terms control deficiency, design deficiency, and
operating deficiency.
18) The text suggested a five-step approach to identify deficiencies, significant deficiencies, and
material weaknesses. Describe this approach.
19) The assessment of control risk is the measure of the auditor's expectation that internal
controls will prevent material misstatements from occurring or detect and correct them if they
have occurred.
20) Key controls are not sufficient to achieve the transaction-related audit objectives.
21) A design deficiency exists if the person performing the control is not qualified.
22) A significant internal control deficiency is always considered a material weakness.
23) In some cases, management can correct deficiencies and material weaknesses before the
auditor does significant testing, which may permit a reduction in control risk.
12.3 Learning Objective 12-3
1) If the results of tests of controls support the design and operations of controls as expected, the
auditor uses ________ control risk as the preliminary assessment.
A) a lower
B) the same
C) a higher
D) either a lower or higher
2) An auditor is likely to use four types of procedures to support the operating effectiveness of
internal controls. Which of the following would generally not be used?
A) make inquiries of appropriate client personnel
B) examine documents, records, and reports
C) reperform client procedures
D) inspect design documents
3) Which of the following represents a correct statement regarding internal control testing?
A) When auditors plan to use evidence about the operating effectiveness of internal control
contained in prior audits, auditing standards require tests of the controls' effectiveness at least
every other year.
B) The greater the risk, the less audit evidence the auditor should obtain that controls are
operating effectively.
C) The auditor uses control risk assessment and results of tests of controls to determine planned
detection risk and the related substantive tests for the financial statement audit.
D) Testing of internal controls can only be performed by the auditor at the end of the fiscal year.
4) An auditor traces the sales prices to the authorized price list in effect at the date of the
transaction. Which of the following procedures has the auditor performed?
A) inquiry
B) observation
C) reperformance
D) examination
5) Tests of controls
A) are the procedures used to test the effectiveness of controls in support of a reduced assessed
control risk.
B) are used to support the ending balances in the balance sheet and income statement accounts.
C) are performed at the end of the audit.
D) are designed to detect fraud.
6) Which of the following is an accurate statement relating to the extent of procedures?
A) If an auditor wants a lower assessed control risk than the preliminary assessed control risk,
the number of controls tested increases while the extent of the tests for each control decrease.
B) The extent of testing depends on the frequency of the operation of the controls.
C) All controls must be tested only at year-end.
D) The frequency of testing is the same for both manual and computer controls.
7) When testing manual or automated controls,
A) automated controls are always subject to random error or manipulation.
B) automated controls cannot be altered by making a change to the software application.
C) when there are effective general controls and automated application controls, the auditor will
need to select a larger sample size of transactions to verify.
D) the extent of testing depends on whether it is a manual or automated control.
8) Which of the following is true regarding the relationship between tests of controls and
procedures to obtain an understanding?
A) In obtaining an understanding of internal control, the procedures to obtain an understanding
are applied to all controls identified during that phase.
B) Tests of controls are applied only when the assessed control risk has not been satisfied by the
procedures to obtain an understanding.
C) Procedures to obtain an understanding are performed only on one or a few transactions.
D) All of the above are correct.
