Auditing Chapter 5

Study online at quizlet.com/_2opebg

1. After obtaining an understanding of a client's financial reporting control activities, the C. document the understanding
auditor would next obtained.

A. test the client's control activities.

B. assess the final control risk.

C. document the understanding obtained.

D. plan the remainder of the audit work.

2. After obtaining an understanding of the entity's internal control and assessing control risk, A. additional evidence to support a
an auditor of a non-public company decided not to perform additional tests of controls. The further reduction in control risk was
auditor most likely concluded that the not cost beneficial.

A. additional evidence to support a further reduction in control risk was not cost beneficial.

B. assessed level of inherent risk exceeded the assessed level of control risk.

C. internal control structure was properly designed and justifiably may be relied on.

D. evidence obtainable through tests of controls would not support an increased level of
control risk.
3. The appropriate separation of duties does not include D. data preparation.

A. authorization to execute transactions.

B. recording of transactions.

C. custody of assets involved in the transactions.

D. data preparation.
4. An auditor is concerned about a policy of management override as a limitation of internal B. Verifying that approved spending
control. Which of the following tests would best assess the validity of the auditor's concern? limits are not exceeded

A. Matching purchase orders to accounts payable

B. Verifying that approved spending limits are not exceeded

C. Tracing sales orders to the revenue account

D. Reviewing minutes of board meeting

5. An auditor is evaluating a client's internal controls. Which of the following situations would C. Two employees, who work in
be the most difficult internal control issue for an auditor to detect? different departments, are
circumventing an internal control.
A. The accounting staff neglects the control, due to increased transactions to be processed.

B. The technology department writes a program that does not properly implement the
control, due to a lack of understanding.

C. Two employees, who work in different departments, are circumventing an internal control.

D. Someone erroneously disables edit checks in a software program designed to identify

control exceptions.
6. An audit team's responsibility would not include A. designing client's internal controls.

A. designing client's internal controls.

B. documentation of understanding of a client's internal controls.

C. communicating internal control deficiencies.

D. assessing the effectiveness a client's internal controls.

7. Control activities intended to ensure that transactions are recorded in the right period are D. cutoff.
designed to achieve the ASB assertion of

A. occurrence.

B. accuracy.

C. valuation or allocation.

D. cutoff.
8. Control strengths and weaknesses should be documented in audit documentation, B. bridge working papers.
sometimes called

A. questionnaires, narratives, and flowcharts.

B. bridge working papers.

C. communications of significant deficiencies.

D. internal control letters.

9. Each of the following types of controls is considered to be an entity-level control, except C. regarding the company's annual
those stockholder meeting.

A. relating to the control environment.

B. pertaining to the company's risk assessment process.

C. regarding the company's annual stockholder meeting.

D. addressing policies over significant risk management practices.

10. Generally accepted auditing standards (GAAS) give auditors considerable
discretion to decide the amount of work required to satisfy auditing
standards guiding internal control evaluation and related audit planning.
Which of the descriptions below best expresses the minimum amount of
work permitted by GAAS for nonpublic companies?
B. Obtain an understanding of client environment,
accounting, and control activities. Document the
decision to assess control risk at maximum. Perform
an extensive but not 100% substantive audit on
financial statement transactions and balances.

A. Do not obtain an understanding of client environment, accounting, or

control activities. Do not document the decision to assess control risk at
maximum. Perform 100% substantive audit on all financial statement
transactions and balances.

B. Obtain an understanding of client environment, accounting, and control

activities. Document the decision to assess control risk at maximum.
Perform an extensive but not 100% substantive audit on financial statement
transactions and balances.

C. Obtain an understanding of client environment, accounting, and control

activities, and perform detail tests of controls. Document the decision to
assess control risk below the maximum. Perform restricted substantive audit
on financial statement transactions and balances, considering the control
risk assessment.

D. Obtain an understanding of client environment, accounting, and control

activities, and perform detail tests of controls. Document the decision to
assess control risk at zero. Perform no substantive audit on financial
statement transactions and balances, since zero control risk means that no
errors or fraud can reach the accounts.
11. If a control total were to be computed on each of the following data items, D. Department numbers
which would best be identified as a hash total for a payroll IT application?

A. Hours worked

B. Total debits and total credits

C. Net pay

D. Department numbers
12. If auditors assess control risk at the maximum level, they will tend to B. perform a great deal of substantive testing during
the audit.
A. perform a great deal of additional tests of controls.

B. perform a great deal of substantive testing during the audit.

C. perform substantive tests at an interim date.

D. perform more audit procedures using internal evidence.

13. In computer systems, the information technology general controls (ITGC) would not A. processing control activitie
include

A. processing control activities.

B. separation of various computer system functions.

C. appropriate documentation of the data processing system.

D. control over physical access to computer hardware.

14. The internal control in small business is highly dependent on the C. owner-manager's competence, as well
as his/her ethics and integrity.
A. separation of functional responsibilities.

B. complexity of the client's internal controls.

C. owner-manager's competence, as well as his/her ethics and integrity.

D. bonding of employees.
15. Obtaining an understanding of an internal control involves evaluating the design of the B. implemented.
control and determining whether the control has been

A. authorized.

B. implemented.

C. tested.

D. monitored.
16. The "obtaining an understanding" work phase (Phase 1) of internal control evaluation C. control activity effectiveness.
would not give auditors an overall acquaintance with the client's

A. control environment.

B. information and communication system.

C. control activity effectiveness.

D. monitoring activities.
17. Proper separation of duties reduces the opportunities to allow persons to be in D. perpetrate a fraud and then conceal it
positions to both in the books.

A. journalize entries and prepare financial statements.

B. record cash receipts and cash disbursements.

C. establish internal controls and authorize transactions.

D. perpetrate a fraud and then conceal it in the books.

18. Regardless of the assessed level of control risk, an auditor of a non-public company would C. substantive tests to
perform some restrict detection risk for
significant transaction
A. tests of controls to determine the effectiveness of internal control policies. classes.

B. analytical procedures to verify the design of internal control activities.

C. substantive tests to restrict detection risk for significant transaction classes.

D. dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control
risk.
19. A sales clerk enters a customer's six-number customer account. The computer program uses the D. check digit.
first five numbers to calculate a sixth number. This resulting number is then compared to the sixth
number entered by the sales clerk. This is an example of a

A. a valid character test.

B. missing data test.

C. reasonableness test.

D. check digit.
20. A set of characteristics that helps to define a seriousness about employees' attitudes about the B. the control environment.
control activities in a company is referred to as

A. management assertions.

B. the control environment.

C. control risk assessment.

D. functional responsibilities.
21. Sound internal control can be described as separating all of the following duties and D. hiring of employees.
responsibilities except for

A. transaction authorization.

B. recordkeeping.

C. custody of, or direct access to, assets.

D. hiring of employees.
22. Tracing bills of lading to sales invoices provides evidence that A. shipments to customers
were invoiced.
A. shipments to customers were invoiced.

B. shipments to customers were recorded as sales.

C. recorded sales were shipped.

D. invoiced sales were recorded as sales.

23. The ultimate purpose of assessing control risk is to contribute to the auditor's C. risk that material misstatements exist in the
evaluation of the financial statements.

A. factors that raise doubts about the auditability of the financial statements.

B. operating effectiveness of internal control policies and procedures.

C. risk that material misstatements exist in the financial statements.

D. possibility that the nature and extent of substantive tests may be reduced.
24. When an auditor plans to rely on controls that have changed since they were last A. Test the operating effectiveness of such
tested, which of the following courses of action would be most appropriate? controls in the current audit.

A. Test the operating effectiveness of such controls in the current audit.

B. Document that reliance and proceed with the original audit strategy.

C. Inquire of management as to the effectiveness of the controls.

D. Report the reliance in the report on internal controls.

25. When auditing financial statements of a private company, the minimum work an C. Prepare auditing working papers that
auditor must perform in connection with a company's internal control is best document the auditor's understanding of the
described by which of the following statements. company's internal control.

A. Perform exhaustive tests of accounting controls and evaluate the company's

control system effectiveness.

B. Determine whether the company's control policies are designed well enough to
prevent material misstatements.

C. Prepare auditing working papers that document the auditor's understanding of

the company's internal control.

D. Design procedures to search for significant deficiencies in the actual operation

of the company's internal control.
26. When obtaining an understanding of an entity's internal control in a financial D. search for significant deficiencies in the
statement audit at a non-public company, an auditor is not obligated to operation of the internal control system.

A. determine whether the control activities have been placed in operation.

B. perform procedures to understand the design of the internal control system.

C. document the understanding of the company's internal control system.

D. search for significant deficiencies in the operation of the internal control system.
27. When the audit team increases the planned assessed level of control risk because certain A. extent of substantive tests of
control activities were determined to be ineffective, the audit team would most likely details.
increase the

A. extent of substantive tests of details.

B. level of inherent risk.

C. extent of tests of controls.

D. level of detection risk.

28. Which of the following activities performed by a department supervisor most likely would D. Approving a summary of hours
help in the prevention or detection of a payroll fraud? each employee worked during the
pay period
A. Distributing paychecks directly to department store employees

B. Setting the pay rate for departmental employees

C. Hiring employees and authorizing them to be added to payroll

D. Approving a summary of hours each employee worked during the pay period
29. Which of the following audit procedures most likely would provide an auditor with the C. Successful re-performance of the
most assurance about the effectiveness of the operation of an entity's internal control? control activity

A. Confirmation with outside parties

B. Inquiry of client personnel

C. Successful re-performance of the control activity

D. Observation of client personnel

30. Which of the following client internal control activities is not usually performed in the C. Approving vendors' invoices for
treasurer's department? payment

A. Verifying the accuracy of checks and vouchers

B. Controlling the mailing of checks to vendors

C. Approving vendors' invoices for payment

D. Canceling payment vouchers when paid

31. Which of the following factors is most likely to affect the extent of the documentation of B. The degree to which information
the auditor's understanding of a client's system of internal controls? technology is used in the accounting
function
A. The industry and the business and regulatory environments in which the client operates

B. The degree to which information technology is used in the accounting function

C. The relationship between management, the board of directors, and external

stakeholders

D. The degree to which the auditor intends to use internal audit personnel to perform
substantive tests
32. Which of the following is a definition of control risk? A. The risk that a material misstatement will not be prevented or
detected on a timely basis by the client's internal controls.
A. The risk that a material misstatement will not be prevented or
detected on a timely basis by the client's internal controls.

B. The risk that the auditor will not detect a material

misstatement.

C. The risk that the auditor's assessment of internal controls will

be at less than the maximum level.

D. The susceptibility of material misstatement assuming there are

no related internal controls, policies, or procedures.
33. Which of the following is a factor in the control environment? D. Management's philosophy and operating style

A. Segregation of duties

B. Information processing

C. Performance reviews

D. Management's philosophy and operating style

34. Which of the following is an Information Technology General D. Separation of duties in the IT department
Control?

A. Check digit

B. Run-to- run totals

C. Distribution of computerized output

D. Separation of duties in the IT department

35. Which of the following is not a component of internal controls? C. Inherent risk

A. Control environment

B. Control activities

C. Inherent risk

D. Monitoring
36. Which of the following is not an input control activity? A. Reasonableness tests

A. Reasonableness tests

B. Record counts

C. Financial totals

D. Hash totals
37. Which of the following is the best way to compensate for the lack of D. Allowing for greater management oversight of
adequate segregation of duties in a small organization? incompatible activities

A. Disclosing lack of segregation of duties to the external auditors during

the annual review

B. Replacing personnel every three or four years

C. Requiring accountants to pass a yearly background check

D. Allowing for greater management oversight of incompatible activities

38. Which of the following is the least important audit reason for the auditor's A. To serve as a basis for constructive suggestions
obtaining an understanding of a company's internal control?

A. To serve as a basis for constructive suggestions

B. To plan subsequent substantive tests

C. To identify types of possible misstatements that may occur

D. To consider factors that may affect the risk of material misstatement

39. Which of the following outcomes is a likely benefit of information B. Enhanced timeliness of information
technology used for internal control?

A. Processing of unusual or nonrecurring transactions

B. Enhanced timeliness of information

C. Potential loss of data

D. Recording of unauthorized transactions

40. Which of the following payroll control activities would most effectively D. Require employees to have their direct supervisors
ensure that payment is made only for work performed? approve their timecards.

A. Require all employees to record arrival and departure by using the time
clock.

B. Have a payroll clerk recalculate all time cards.

C. Require all employees to sign their time cards.

D. Require employees to have their direct supervisors approve their

timecards.
41. Which of the following procedures is considered a test of controls? C. An auditor interviews and observes appropriate
personnel to determine segregation of duties.
A. An auditor reviews the entity's check register for unrecorded liabilities.

B. An auditor evaluates whether a general journal entry was recorded at

the proper amount.

C. An auditor interviews and observes appropriate personnel to determine

segregation of duties.

D. An auditor reviews the audit work papers to ensure proper sign-off.

42. Which of the following should an auditor do when control risk is assessed C. Document the assessment
at the maximum level?

A. Perform fewer substantive tests of details

B. Perform more tests of controls

C. Document the assessment

D. Document the control structure more extensively

43. Which of the following statements best describes why an auditor would C. Testing the operating effectiveness of the relevant
use only substantive procedures to evaluate specific relevant assertions controls would not be efficient.
and risks?

A. The relevant internal control components are not well documented.

B. The internal auditor already has tested the relevant controls and found
them effective.

C. Testing the operating effectiveness of the relevant controls would not

be efficient.

D. The cost of substantive procedures will exceed the cost of testing the
relevant controls.
44. Which of the following statements is correct regarding internal control? B. An inherent limitation to internal control is the fact
that controls can be circumvented by management
A. A well-designed internal control environment ensures the achievement override.
of an entity's control objectives.

B. An inherent limitation to internal control is the fact that controls can be

circumvented by management override.

C. A well-designed and operated internal control environment should

detect collusion perpetrated by two people.

D. Internal control is a necessary business function and should be

designed and operated to detect all errors and fraud.
45. Which of the following would most likely be classified as a material D. Ineffective oversight of the financial reporting
weakness? process by the company's audit committee

A. Absence of appropriate separation of duties

B. Absence of appropriate reviews and approvals of transactions

C. Evidence of failure of control activities

D. Ineffective oversight of the financial reporting process by the

company's audit committee