ch5

Student: ___________________________________________________________________________

1. An audit team's responsibility would not include

A. Designing client's internal controls.

B. Documentation of understanding of a client's internal controls.
C. Communicating internal control deficiencies.
D. Assessing the effectiveness a client's internal controls.
2. The appropriate separation of duties does not include

A. Authorization to execute transactions.

B. Recording of transactions.
C. Custody of assets involved in the transactions.
D. Data preparation.
3. A set of characteristics that helps to define a seriousness about employees' attitudes about the control
activities in a company is referred to as

A. Management assertions.
B. The control environment.
C. Control risk assessment.
D. Functional responsibilities.
4. Control activities intended to ensure that transactions are recorded in the right period are designed to
achieve the ASB assertion of

A. Occurrence.
B. Accuracy.
C. Valuation or allocation.
D. Cutoff.
5. Sound internal control can described as separating all of the following duties and responsibilities except for

A. Transaction authorization.
B. Recordkeeping.
C. Custody of, or direct access to, assets.
D. Hiring of employees.
6. After obtaining an understanding of the entity's internal control and assessing control risk, an auditor of a
non public company decided not to perform additional tests of controls. The auditor most likely concluded
that the

A. Additional evidence to support a further reduction in control risk was not cost beneficial.
B. Assessed level of inherent risk exceeded the assessed level of control risk.
C. Internal control structure was properly designed and justifiably may be relied on.
D. Evidence obtainable through tests of controls would not support an increased level of control risk.
7. Regardless of the assessed level of control risk, an auditor of a non public company would perform some

A. Tests of controls to determine the effectiveness of internal control policies.

B. Analytical procedures to verify the design of internal control activities.
C. Substantive tests to restrict detection risk for significant transaction classes.
D. Dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.
8. The "obtaining an understanding" work phase (Phase 1) of internal control evaluation would not give
auditors an overall acquaintance with the client's

A. Control environment.
B. Information and communication system.
C. Control activity effectiveness.
D. Monitoring activities.
9. Which of the following is an Information Technology General Control?

A. Check digit.
B. Run-to-run totals.
C. Distribution of computerized output.
D. Separation of duties in the IT department.
10. Control strengths and weaknesses should be documented in audit documentation, sometimes called

A. Questionnaires, narratives, and flowcharts.

B. Bridge working papers.
C. Communications of significant deficiencies.
D. Internal control letters.
11. The internal control in small business is highly dependent on the

A. Separation of functional responsibilities.

B. Complexity of the client's internal controls.
C. Owner-manager's competence, ethics and integrity.
D. Bonding of employees.
12. Which of the following is not an input control activity?

A. Reasonableness tests.
B. Record counts.
C. Financial totals.
D. Hash totals.
13. A sales clerk enters a customer's six-number customer account. The computer program uses the first five
numbers to calculate a sixth number. This resulting number is then compared to the sixth number entered
by the sales clerk. This is an example of a

A. A valid character test.

B. Missing data test.
C. Reasonableness test.
D. Check digit.
14. Which of the following is the least important audit reason for the auditor's obtaining an understanding of a
company's internal control?

A. To serve as a basis for constructive suggestions.

B. To plan subsequent substantive tests.
C. To identify types of potential misstatements.
D. To consider factors that affect the risk of material misstatement.
15. Tracing bills of lading to sales invoices provides evidence that

A. Shipments to customers were invoiced.

B. Shipments to customers were recorded as sales.
C. Recorded sales were shipped.
D. Invoiced sales were recorded as sales.
16. Which of the following client internal control activities is not usually performed in the treasurer's
department?

A. Verifying the accuracy of checks and vouchers.

B. Controlling the mailing of checks to vendors.
C. Approving vendors' invoices for payment.
D. Canceling payment vouchers when paid.
17. Which of the following audit procedures most likely would provide an auditor with the most assurance
about the effectiveness of the operation of an entity's internal control?

A. Confirmation with outside parties.

B. Inquiry of client personnel.
C. Successful re-performance of the control procedure.
D. Observation of client personnel.
18. When obtaining an understanding of an entity's internal control in a financial statement audit, an auditor is
not obligated to

A. Determine whether the control activities have been placed in operation.

B. Perform procedures to understand the design of the internal control system.
C. Document the understanding of the company's internal control system.
D. Search for significant deficiencies in the operation of the internal control system.
19. After obtaining an understanding of a client's financial reporting control activities, the auditor would next

A. Test the client's control activities.

B. Assess the control risk.
C. Document the understanding obtained.
D. Plan the remainder of the audit work.
20. If auditors assess control risk at the maximum level, they will tend to

A. Perform a great deal of additional tests of controls.

B. Perform a great deal of substantive testing during the audit.
C. Perform substantive tests at an interim date.
D. Perform more audit procedures using internal evidence.
21. The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the

A. Factors that raise doubts about the auditability of the financial statements.
B. Operating effectiveness of internal control policies and procedures.
C. Risk that material misstatements exist in the financial statements.
D. Possibility that the nature and extent of substantive tests may be reduced.
22. When the audit team increases the planned assessed level of control risk because certain control activities
were determined to be ineffective, the audit team would most likely increase the

A. Extent of tests of details.

B. Level of inherent risk.
C. Extent of tests of controls.
D. Level of detection risk.
23. In computer systems, the information technology general controls (ITGC) would not include

A. Processing control activities.

B. Separation of various computer system functions.
C. Documentation of the data processing system.
D. Control over physical access to computer hardware.
24. When auditing financial statements of a private company, the minimum work an auditor must perform in
connection with a company's internal control is best described by which of the following statements:

A. Perform exhaustive tests of accounting controls and evaluate the company's control system
effectiveness.
B. Determine whether the company's control policies are designed well enough to prevent material errors.
C. Prepare auditing working papers documenting the understanding of the company's internal control.
D. Design procedures to search for significant deficiencies in the actual operation of the company's internal
control.
25. Which of the following would likely be classified as a material weakness?

A. Absence of appropriate separation of duties.

B. Absence of appropriate reviews and approvals of transactions.
C. Evidence of failure of control activities.
D. Ineffective oversight of the financial reporting process by the company's audit committee.
26. If a control total were to be computed on each of the following data items, which would best be identified
as a hash total for a payroll IS application?

A. Hours worked.
B. Total debits and total credits.
C. Net pay.
D. Department numbers.
27. Generally accepted auditing standards (GAAS) give auditors considerable discretion to decide the amount
of work required to satisfy auditing standards guiding internal control evaluation and related audit planning.
Which of the descriptions below best expresses the minimum amount of work permitted by GAAS for
nonpublic companies?

ADo not obtain an understanding of client environment, accounting, or control activities. Do not document
. the decision to assess control risk at maximum. Perform 100% substantive audit on all financial statement
transactions and balances.
BObtain an understanding of client environment, accounting, and control activities. Document the decision
. to assess control risk at maximum. Perform an extensive but not 100% substantive audit on financial
statement transactions and balances.
CObtain an understanding of client environment, accounting, and control activities, and perform detail
. tests of controls. Document the decision to assess control risk below the maximum. Perform restricted
substantive audit on financial statement transactions and balances, considering the control risk assessment.
DObtain an understanding of client environment, accounting, and control activities, and perform detail tests
. of controls. Document the decision to assess control risk at zero. Perform no substantive audit on financial
statement transactions and balances, since zero control risk means that no errors or fraud can reach the
accounts.
28. Proper separation of duties reduces the opportunities to allow persons to be in positions to both

A. Journalize entries and prepare financial statements.

B. Record cash receipts and cash disbursements.
C. Establish internal controls and authorize transactions.
D. Perpetuate and conceal errors and fraud.
29. In an audit of financial statements, an auditor's primary consideration regarding an internal control policy
or activity is whether the policy or activity

A. Reflects management's philosophy and operating style.

B. Affects management's financial statement assertions.
C. Provides adequate safeguards over access to assets.
D. Enhances management's decision making processes.
30. Which of the following is a step in an auditor's decision to assess control risk at below the maximum?

A Apply analytical procedures to both financial data and nonfinancial information to detect conditions that
. may indicate weak controls.
B. Perform tests of details of transactions and account balances to identify potential errors and fraud.
C. Identify specific internal control policies and activities that are likely to detect or prevent material
misstatements.
D. Document that the additional audit effort to perform tests of controls exceeds the potential reduction in
substantive testing.
31. Which of the following is not an objective of internal controls over financial reporting as defined by the
Sarbanes-Oxley Act?

APolicies and procedures that pertain to the maintenance of records that in reasonable detail accurately and
. fairly reflect the transactions and dispositions of the assets of the registrant.
BPolicies and procedures that provide reasonable assurance that transactions are recorded as necessary to
. permit preparation of financial statements in accordance with generally accepted accounting principles,
and receipts and expenditures of the registrant are being made only in accordance with authorizations of
management and directors of the registrant.
C. Policies and procedures that provide reasonable assurance regarding the compliance with applicable laws
and regulations.
DPolicies and procedures that provide reasonable assurance regarding prevention or timely detection of
. unauthorized acquisition, use or disposition of the registrant's assets that could have a material effect on
the financial statements.
32. Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity's internal controls?

A. Incompatible duties.
B. Management override.
C. Mistakes in judgment.
D. Collusion among employees.
33. As part of understanding the internal control, an auditor is not required to

A. Consider factors that affect the risk of material misstatement.

B. Ascertain whether internal control policies and activities have been placed in operation.
C. Identify the types of potential misstatements that can occur.
D. Obtain knowledge about the operating effectiveness of the client's internal control activities.
34. The primary objective of procedures performed to obtain an understanding of the entity's internal control is
to provide an auditor with

A. Knowledge necessary for audit planning.

B. Evidential matter to use in assessing inherent risk.
C. A basis for modifying tests of controls.
D. An evaluation of the consistency of application of management's policies.
35. The overall attitude and awareness of an entity's board of directors concerning the importance of the client's
internal control usually is reflected in its

A. Computer-based control activities.

B. System of separation of duties.
C. Control environment.
D. Safeguards over access to assets.
36. After obtaining an understanding of the internal controls and assessing control risk on the audit of a non
public company, an auditor decided to perform tests of controls. The auditor most likely decided that

A. It would be efficient to perform tests of controls that would result in a reduction in planned substantive
tests.
B. Additional evidence to support a further reduction in control risk is not available.
C. An increase in the assessed level of control risk is justified for certain financial statement assertions.
D. There were many internal control weaknesses that could allow errors to enter the accounting system.
37. In an audit of financial statements of a non public company in accordance with generally accepted auditing
standards, an auditor is required to

A. Document the auditor's understanding of the entity's internal control.

B. Search for significant deficiencies in the operation of the internal controls.
C. Perform tests of controls to evaluate the effectiveness of the entity's accounting system.
D. Determine whether control activities are suitably designed to prevent or detect material misstatements.
38. In testing control activities, an auditor ordinarily selects from a variety of techniques, including

A. Inquiry and analytical procedures.

B. Reperformance and observation.
C. Comparison and confirmation.
D. Inspection and verification.
39. Assessing control risk at below the maximum level most likely would involve

A. Performing more extensive substantive tests with larger sample sizes than originally planned.
B. Reducing inherent risk for most of the assertions relevant to significant account balances.
C. Changing the timing of substantive tests by omitting interim-date testing and performing the tests at year
end.
D. Identifying specific internal control structure policies and procedures relevant to specific assertions.
40. A report on internal control effectiveness by the management team of public companies is required by

A. The Sarbanes-Oxley Act of 2002.

B. The PCAOB.
C. The AICPA.
D. Only auditors are required to report on internal control effectiveness.
41. Management's report on internal controls must include each of the following except

A. A statement that management is responsible for establishing and maintaining adequate internal control
over financial reporting.
B. A statement identifying the framework management uses to evaluate the effectiveness of the company's
internal control.
C. A statement providing management's assessment of the effectiveness of the company's internal control.
D. A statement providing management's evaluation of the company's control environment.
42. Which of the following areas can external auditors rely on internal auditors' work in auditing internal
controls?

A. Evaluation of the auditing environment.

B. Limited documentation and testing of internal control activities.
C. All testing of the operating effectiveness of internal control activities.
D. As the principle evidence for the external auditors' opinion.
43. The most important fundamental component of an entity's internal control is
Refer To: 05-43

A. Effectiveness and efficiency of operations.

B. People who operate the control system.
C. Reliability of financial reporting.
D. Compliance with applicable laws and regulations.
44. The primary purpose for obtaining an understanding of a non public audit client's internal control is to
Refer To: 05-43

A. Provide a basis for making constructive suggestions in a management letter.

B. Determine the nature, timing, and extent of tests to be performed in the audit.
C.Obtain sufficient appropriate audit evidence to afford a reasonable basis for an opinion on the financial
statements under examination.
D. Provide information for a communication of internal control-related matters to management.
45. Effectiveness of audit procedures would be reduced by
Refer To: 05-43

A. Selecting larger sample sizes for audit.

B. Performing audit procedures at the fiscal year-end date, as opposed to the interim period.
C. Deciding to obtain external evidence instead of internal evidence.
D. Performing procedures during the interim period, as opposed to at the fiscal year-end date.
46. Financial totals can be used for
Refer To: 05-43

A. Input controls.
B. Processing controls.
C. Output controls.
D. All of the above.
47. Which of the following is an application control?
Refer To: 05-43

A. Locked doors to the central server.

B. Change controls over new programs.
C. Backup controls.
D. An output control department that ensures that reports go to authorized recipients.
48. Which of the following is a preventive control?
Refer To: 05-43

A. A reconciliation of a bank account.

B. Internal auditors recalculating a sample of payroll entries.
C. Separation of duties between the payroll and personnel departments.
D. Use of hash totals for the payroll input sheet.
49. In most audits of large entities, control risk assessment contributes to audit efficiency, which means that
Refer To: 05-43

A. The cost of substantive procedures will exceed the cost of control evaluation work.
B. Auditors will be able to reduce the cost of substantive procedures by an amount more than the control
evaluation costs.
C. The cost of control evaluation work will exceed the cost of substantive procedures.
D. Auditors will be able to reduce the cost of substantive procedures by an amount less than the cost of tests
of controls.
50. Which of the following is a device designed to help the audit team obtain evidence about the accounting
and control activities of an audit client?
Refer To: 05-43

A. A narrative memorandum describing the control system.

B. An internal control questionnaire.
C. A flowchart of the documents and procedures used by the company.
D. All of the above.
51. A bridge workpaper shows the connection between
Refer To: 05-43

A. Control evaluation findings and subsequent audit procedures.

B. Management objectives and accounting system procedures.
C. Management objectives and entity control activities.
D. Financial statement assertions and tests of controls.
52. Tests of controls in a GAAS audit are required for
Refer To: 05-43

A. Obtaining evidence about the financial statement assertions.

B. Accomplishing control over the occurrence of recorded transactions.
C. Applying analytical procedures to financial statement balances.
D. Obtaining evidence about the operating effectiveness of client control activities.
53. A client's financial control activity is
Refer To: 05-43

A. An action taken by auditors to obtain evidence.

BAn action taken by client personnel for the purpose of preventing, detecting, and correcting errors and
. frauds in transactions to eliminate or mitigate risks identified by the company.
C. A method for recording, summarizing, and reporting financial information.
D. The functioning of the board of directors in support of its audit committee.
54. When planning an audit of internal controls under AS 5, the audit team should
Refer To: 05-43

A. Identify significant accounts, locations, and assertions.

B. Conduct a walkthrough of the internal control process.
C. Make inquiries of employees regarding the existence of control activities.
D. Re-perform control activities performed by client employees to determine their effectiveness.
55. A material weakness is a situation in which
Refer To: 05-43

A. It is probable that an immaterial financial statement misstatement would not be detected on a timely
basis
B. There is a remote likelihood that a material misstatement would be detected on a timely basis.
C. It is reasonably possible that a material misstatement would not be detected on a timely basis.
D. It is reasonably possible that an immaterial misstatement would not be detected on a timely basis.
56. Totals of amounts in computer-recorded data fields that are not usually added but are used only for data
processing control purposes are called
Refer To: 05-43

A. Record totals.
B. Hash totals.
C. Processing data totals.
D. Field totals.
57. Which of the following does not accurately summarize auditors' requirements regarding internal control?

Refer To: 05-43

A. Option A
B. Option B
C. Option C
D. Option D
58. AS 5 requires auditors of public companies to audit internal controls over
Refer To: 05-43

A. Operations.
B. Compliance with regulations.
C. Financial reporting.
D. All of the above.
59. AS 5 requires auditors of public companies to report on:

Refer To: 05-43

A. Option A
B. Option B
C. Option C
D. Option D
60. AS 5 requires auditors to test
Refer To: 05-43

A. Operating effectiveness only.

B. Design effectiveness only.
C. Both operating and design effectiveness.
D. Neither operating nor design effectiveness.
61. Which of the following would probably not be considered an indication of a material weakness?
Refer To: 05-43

A. Evidence of a material misstatement.

B. Ineffective oversight by the audit committee.
C. An immaterial fraud committed by senior management.
D. Overproduction by the manufacturing plant.
62. Which report would not be appropriate for a public accounting firm to provide on financial reporting
controls?
Refer To: 05-43

A. Unqualified—no material weaknesses found.

B. Disclaimer of opinion—unable to perform all necessary procedures.
C. Disclaimer of opinion—significant deficiencies exist.
D. Adverse—material weaknesses exist.
63. The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate the
Refer To: 05-43

A. Authorization of transactions from the custody of related assets.

B. Operational responsibility from the record-keeping responsibility.
C. Human resources function from the controllership function.
D. Administrative controls from the internal accounting controls.
64. Which of the following statements is not true with respect to the auditors' report on internal control over
financial reporting?
Refer To: 05-43

A. The report will be dated as of the balance sheet date.

B. The report will express an opinion on the effectiveness of internal control over financial reporting.
C. If one or more material weaknesses exist, the auditor will issue an adverse opinion.
D. The report may be presented with the report on the entity's financial statements as a combined report.
65. If the auditors encounter a significant scope limitation in evaluating a public company's internal control
over financial reporting, which of the following types of opinions on the effectiveness of the company's
internal control over financial reporting would be appropriate?
Refer To: 05-43

A. Unqualified opinion or adverse opinion.

B. Qualified opinion or adverse opinion.
C. Unqualified opinion or disclaimer of opinion.
D. Disclaimer of opinion.
66. Which of the following information would be included in the introductory paragraph of the auditors' report
on internal control over financial reporting if the report is presented separately from the auditors' report on
the entity's financial statements?
Refer To: 05-43

A. The fact that the auditors conducted an audit of the entity's financial statements.
B. The definition of a material weakness in internal control over financial reporting.
C. Statements identifying the responsibility of the auditors and management for internal control over
financial reporting.
D. A reference to the auditors' report and opinion on the entity's financial statements.
 Question also found in Study Guide
67. Which of the following is not one of COSO's objectives for internal controls?

A. Efficiency and effectiveness of operations.

B. Reliability of financial reporting.
C. Maximization of profit.
D. Compliance with applicable laws and regulations.
68. Which of the following is not one of the elements of the control environment?

A. Process for recording transactions and preparing financial statements.

B. Presence of an internal auditing function.
C. A company's organizational structure.
D. Methods of assigning authority and responsibility.
69. Which of the following would not be considered a control activity?

A. Assessment of control risk

B. Performance reviews
C. Physical controls
D. Information processing controls
70. An edit test that checks data fields to see if any are blank when they must contain data is called a

A. Valid sign test.

B. Missing data test.
C. Limit test.
D. Valid character test.
71. An action taken to prevent, detect, and correct errors and frauds in transactions is referred to as a

A. Control objective.
B. Risk assessment.
C. Dual-purpose test.
D. Control activity.
72. Accounting for the numerical sequence of shipping documents is a control procedure designed to achieve
the internal control objective of

A. Validity.
B. Completeness.
C. Accounting.
D. Accuracy.
73. Auditors obtain an understanding of the internal control through all of the following, except

A. Previous experience with the company.

B. Responses to inquiries directed to client personnel.
C. A substantive testing audit plan.
D. A "walk-through" of one or more transactions.
74. The most efficient means of gathering evidence about the internal control is to conduct a formal interview
with knowledgeable managers and

A. Write a narrative description of each important control.

B. Prepare a flowchart illustrating the internal control.
C. Prepare a well indexed file of audit documentation.
D. Use an internal control questionnaire.
75. The five internal control components do not include

A. Control activities.
B. Risk assessment.
C. Monitoring.
D. Control risk.
76. A computerized accounting system would not include which of the following among the processing control
activities?

A. Limit and reasonableness tests.

B. File and operator controls.
C. Master file changes.
D. Run-to-run total.
77. Significant deficiencies are defined as conditions that

A. Could adversely affect the organization's ability to initiate, record, process, and report financial data in
the financial statements.
B. Results in a reasonable possibility that a material misstatement exists in financial statements.
C Exists when the design or operation of a control does not allow the company's management or employees
. to detect or prevent misstatements in a timely fashion.
D Relates to either a necessary control that is missing or an existing control that is so poorly designed that it
. fails to satisfy the control's objective.
78. AS 5 requires the audit team to do all the following except

A. Evaluate the severity of each control deficiency that comes to his or her attention.
B. Document the process used to determine significant accounts and disclosures and major classes of
transactions.
C. Test all internal controls in the company.
D. AS 5 requires all the above.
79. Below are the nine ASB management assertions.

Match shipping documents with sales invoices before__

1. Occurrence a sale is recorded.__

Balance total of individual customers' receivables__

2. Classification with the control account.__

__
3. Accuracy Sales manager approves taking discounts.__

4. Allocation Computer check for billing the quantity shipped, list__

or valuation price, and total.__

Account for numerical sequence of pre-numbered__

5. Completeness shipping documents.__
80. For each of the descriptions below, match the correct control, A to G.

Programmed tests to ensure that illogical__

1. sequence tests conditions do not occur.__

Test that checks data fields for appropriate plus or__

2. missing data tests minus.__

__
3. check digit Test that checks data fields to see if any are blank.__

An extra number tagged on to the end of a basic__

4. valid sign test identification.__

5. limit/ Test that can check for missing documents in a__

reasonableness tests prenumbered series.__
Question also Found in Study Guide
81. The primary reason for conducting an evaluation of a company's internal control is to provide a basis for
communicating significant deficiencies.

True False
82. The audit task of control risk assessment involves finding out what the company does to prevent, detect,
and correct errors and fraud.

True False
83. The audit team is responsible for the client's internal control.

True False
84. The attitudes of managers and directors are probably the most pervasive influences on the control
environment.

True False
85. The most important feature of an internal control system is the people who make the system work.

True False
86. A control activity is an action taken to prevent, detect, and correct errors and frauds in transactions.

True False
87. The COSO report indicates that internal control should be considered a process, not an end in itself.

True False
88. Auditors of public companies do not need to determine the quality of a client's internal control; they only
need to know enough to plan the audit work.

True False
89. The primary reason to evaluate internal control is to formulate constructive suggestions for improvement.

True False
90. The most efficient means of gathering evidence about a client's internal control is to prepare a flowchart of
the system.

True False
91. The strengths and weaknesses of a control system should be documented in bridge working papers
connecting the control evaluation to subsequent audit procedures.

True False
92. Auditors do not need to perform tests of controls audit procedures on internal control weaknesses just to
prove the weaknesses actually exist.

True False
93. To reduce the final control risk assessment to a low level, auditors need only to determine the required
degree of compliance with the control policies and procedures.

True False
94. Auditors perform tests of control activities to determine how the company's controls actually functioned
during the period under audit.

True False
95. Control systems generally provide absolute assurance that the objectives of internal control are satisfied.

True False
96. Dual-purpose audit tests are procedures that produce both control and substantive evidence.

True False
97. The key person in the internal control system of a small business is the independent auditor.

True False
98. Evaluation of internal control systems on a nonpublic entity should not be subject to cost/benefit
considerations.

True False
99. Tests of controls consist of procedures designed to produce evidence of how effectively the client's controls
work in practice.

True False
100.Auditors can stop the assessment of control risk for nonpublic entities for either effectiveness or efficiency
reasons.

True False
101.PCAOB Auditing Standard No. 5 only applies to public companies.

True False
102.The auditor's opinion on internal control under AS 5 relates only to controls existing at the end of the year.

True False
103.Auditors should begin their evaluation of internal controls over financial reporting on a bottom-up basis—
starting with the account level assertion and working up to entity-level controls.

True False
Questions also Found in Study Guide
104._____________________________ _____________________________ are the set of policies and
procedures that are designed to insure that transactions are recorded properly.

________________________________________
105._____________________________ _____________________________ in internal control are matters the
auditors believe should be communicated to the clients' audit committee.

________________________________________
106.The audit team is responsible for designing an evaluation of _____________________________ internal
control systems, and _____________________________ the control _____________________________
of that system.

________________________________________
107.The COSO report identifies the objectives to be achieved by internal control as (1) effectiveness and
efficiency of _____________________________, (2) reliability of _____________________________
_____________________________, and (3) compliance with _____________________________ and
_____________________________.

________________________________________
108._____________________________ _____________________________ are specific actions taken by a
client's management and employees to help ensure that management directives are carried out.

________________________________________
109._____________________________ _____________________________ to assets and important records,
documents, and blank forms should be limited to authorized personnel only in a well controlled company.

________________________________________
110.Internal control systems generally provide _____________________________ assurance that the
objectives of internal control are satisfied.

________________________________________
111.In connection with control activities used in a client's internal control system, a
_____________________________ _____________________________ is a tally of the number of
transactions submitted at a particular time and it is used to determine whether the proper number was
processed in a data conversion or computer accounting application.

________________________________________
112.Control activities in a computerized accounting system may be classified into two types--
_____________________________ controls and _____________________________ controls.

________________________________________
113.Significant deficiencies in internal control also include the more serious condition called a
_____________________________ _____________________________.

________________________________________
114.To reduce the control risk level to a low level, auditors must determine (1) the
_____________________________ _____________________________ of company compliance with
control policies, and (2) the _____________________________ _____________________________ of
company compliance.

________________________________________
115.Auditors perform _____________________________ _____________________________
_____________________________ to determine how well the company's controls actually functioned
during the period under audit.

________________________________________
116.The concept of _____________________________ _____________________________ recognizes that
the cost of an entity's internal control should not exceed the benefits that are expected to be derived.

________________________________________
117.In gathering evidence about the client's internal control, auditors may use a
(n) _____________________________ _____________________________
_____________________________, which is a checklist of internal control related questions.

________________________________________
118._____________________________ _____________________________
_____________________________ reduce opportunities for a person to be in a position to perpetrate and
conceal errors and frauds when performing their normal duties.

________________________________________
119.A(n) _____________________________ _____________________________
_____________________________ is a single procedure that produces both control and substantive
evidence.

________________________________________
120.A(n) _____________________________ _____________________________ is an extra number, precisely
calculated, that is tagged onto the end of a basic identification number such as an employee number.

________________________________________
121.Computerized checks to see whether data values exceed or fall below some predetermined limit are called
limit or _____________________________ _____________________________.

________________________________________
122.Techniques used to check errors in accounting data in computer based accounting systems can
be categorized as _____________________________ _____________________________,
_____________________________ _____________________________, and
_____________________________ _____________________________.

________________________________________
123.A material weakness results in a _____________________________ _____________________________
that a _____________________________ _____________________________ would not be prevented or
detected on a timely basis.

________________________________________
124.What is the difference between an information technology general control and an information technology
application control?

125.What is the difference between an internal control's design effectiveness and its operating effectiveness?

126.List several elements of a company's control environment.

127.List and explain briefly the phases of an internal control evaluation.

128.What are some of the problems in establishing an internal control system in small business?
129.The Sunny Company is computerizing its accounting function. It would like to separate the duties of
the systems analyst, programmer, and computer operator by hiring three different people for these jobs.
However, they can only afford to hire two people.
Required: A. Briefly describe the functions of the systems analyst, programmer, and computer operator.
B. If Sunny Company can afford only two positions, which two of the three would you combine into one
job? Explain.

130.Explain the different opinions that auditors can issue for an entity's internal control over financial reporting.

131.Auditors are required to obtain a sufficient understanding of an entity's internal control. This understanding
is required by the performance principle of GAAS.
Required: A. What are some of the goals (purposes) for conducting an evaluation of an entity's internal
control?
B. What audit work is required for an auditor to assess control risk below the "maximum" level?
C. Should auditors always try to obtain enough evidence to assess control risk below the "maximum" level?
Explain.

132.What are the six steps auditors of public companies should use to audit internal control over financial
reporting (ICOFR)?
133.What constitutes a material weakness?

134.What is the difference between a significant deficiency and a material weakness?

Question is also Found in Study Guide

135.Each of the five cases illustrates specific control activities from a client's revenue cycle (accounts
receivable/sales). For each of the procedures, (a) identify which management assertions apply, and (b) what
potential category of errors and frauds can be prevented.
 ch5 Key
1. An audit team's responsibility would not include

A. Designing client's internal controls.

B. Documentation of understanding of a client's internal controls.
C. Communicating internal control deficiencies.
D. Assessing the effectiveness a client's internal controls.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #1

2. The appropriate separation of duties does not include

A. Authorization to execute transactions.

B. Recording of transactions.
C. Custody of assets involved in the transactions.
D. Data preparation.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #2

3. A set of characteristics that helps to define a seriousness about employees' attitudes about the control
activities in a company is referred to as

A. Management assertions.
B. The control environment.
C. Control risk assessment.
D. Functional responsibilities.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #3
4. Control activities intended to ensure that transactions are recorded in the right period are designed to
achieve the ASB assertion of

A. Occurrence.
B. Accuracy.
C. Valuation or allocation.
D. Cutoff.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #4

5. Sound internal control can described as separating all of the following duties and responsibilities except
for

A. Transaction authorization.
B. Recordkeeping.
C. Custody of, or direct access to, assets.
D. Hiring of employees.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #5

6. After obtaining an understanding of the entity's internal control and assessing control risk, an auditor
of a non public company decided not to perform additional tests of controls. The auditor most likely
concluded that the

A. Additional evidence to support a further reduction in control risk was not cost beneficial.
B. Assessed level of inherent risk exceeded the assessed level of control risk.
C. Internal control structure was properly designed and justifiably may be relied on.
D. Evidence obtainable through tests of controls would not support an increased level of control risk.

AICPA

AACSB: Analytic
AICPA BB: Resource Management
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Hard
Louwers - Chapter 05 #6
7. Regardless of the assessed level of control risk, an auditor of a non public company would perform
some

A. Tests of controls to determine the effectiveness of internal control policies.

B. Analytical procedures to verify the design of internal control activities.
C. Substantive tests to restrict detection risk for significant transaction classes.
D. Dual purpose tests to evaluate both the risk of monetary misstatement and preliminary control risk.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #7

8. The "obtaining an understanding" work phase (Phase 1) of internal control evaluation would not give
auditors an overall acquaintance with the client's

A. Control environment.
B. Information and communication system.
C. Control activity effectiveness.
D. Monitoring activities.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #8

9. Which of the following is an Information Technology General Control?

A. Check digit.
B. Run-to-run totals.
C. Distribution of computerized output.
D. Separation of duties in the IT department.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #9
10. Control strengths and weaknesses should be documented in audit documentation, sometimes called

A. Questionnaires, narratives, and flowcharts.

B. Bridge working papers.
C. Communications of significant deficiencies.
D. Internal control letters.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #10

11. The internal control in small business is highly dependent on the

A. Separation of functional responsibilities.

B. Complexity of the client's internal controls.
C. Owner-manager's competence, ethics and integrity.
D. Bonding of employees.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #11

12. Which of the following is not an input control activity?

A. Reasonableness tests.
B. Record counts.
C. Financial totals.
D. Hash totals.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #12
13. A sales clerk enters a customer's six-number customer account. The computer program uses the first
five numbers to calculate a sixth number. This resulting number is then compared to the sixth number
entered by the sales clerk. This is an example of a

A. A valid character test.

B. Missing data test.
C. Reasonableness test.
D. Check digit.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #13

14. Which of the following is the least important audit reason for the auditor's obtaining an understanding of
a company's internal control?

A. To serve as a basis for constructive suggestions.

B. To plan subsequent substantive tests.
C. To identify types of potential misstatements.
D. To consider factors that affect the risk of material misstatement.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Comprehension
Difficulty: Medium
Louwers - Chapter 05 #14

15. Tracing bills of lading to sales invoices provides evidence that

A. Shipments to customers were invoiced.

B. Shipments to customers were recorded as sales.
C. Recorded sales were shipped.
D. Invoiced sales were recorded as sales.

Original

AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Decision Making
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #15
16. Which of the following client internal control activities is not usually performed in the treasurer's
department?

A. Verifying the accuracy of checks and vouchers.

B. Controlling the mailing of checks to vendors.
C. Approving vendors' invoices for payment.
D. Canceling payment vouchers when paid.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #16

17. Which of the following audit procedures most likely would provide an auditor with the most assurance
about the effectiveness of the operation of an entity's internal control?

A. Confirmation with outside parties.

B. Inquiry of client personnel.
C. Successful re-performance of the control procedure.
D. Observation of client personnel.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #17

18. When obtaining an understanding of an entity's internal control in a financial statement audit, an auditor
is not obligated to

A. Determine whether the control activities have been placed in operation.

B. Perform procedures to understand the design of the internal control system.
C. Document the understanding of the company's internal control system.
D. Search for significant deficiencies in the operation of the internal control system.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #18
19. After obtaining an understanding of a client's financial reporting control activities, the auditor would
next

A. Test the client's control activities.

B. Assess the control risk.
C. Document the understanding obtained.
D. Plan the remainder of the audit work.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #19

20. If auditors assess control risk at the maximum level, they will tend to

A. Perform a great deal of additional tests of controls.

B. Perform a great deal of substantive testing during the audit.
C. Perform substantive tests at an interim date.
D. Perform more audit procedures using internal evidence.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Easy
Louwers - Chapter 05 #20

21. The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the

A. Factors that raise doubts about the auditability of the financial statements.
B. Operating effectiveness of internal control policies and procedures.
C. Risk that material misstatements exist in the financial statements.
D. Possibility that the nature and extent of substantive tests may be reduced.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #21
22. When the audit team increases the planned assessed level of control risk because certain control
activities were determined to be ineffective, the audit team would most likely increase the

A. Extent of tests of details.

B. Level of inherent risk.
C. Extent of tests of controls.
D. Level of detection risk.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #22

23. In computer systems, the information technology general controls (ITGC) would not include

A. Processing control activities.

B. Separation of various computer system functions.
C. Documentation of the data processing system.
D. Control over physical access to computer hardware.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #23

24. When auditing financial statements of a private company, the minimum work an auditor must perform
in connection with a company's internal control is best described by which of the following statements:

A. Perform exhaustive tests of accounting controls and evaluate the company's control system
effectiveness.
B. Determine whether the company's control policies are designed well enough to prevent material
errors.
C. Prepare auditing working papers documenting the understanding of the company's internal control.
D. Design procedures to search for significant deficiencies in the actual operation of the company's
internal control.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #24
25. Which of the following would likely be classified as a material weakness?

A. Absence of appropriate separation of duties.

B. Absence of appropriate reviews and approvals of transactions.
C. Evidence of failure of control activities.
D. Ineffective oversight of the financial reporting process by the company's audit committee.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Hard
Louwers - Chapter 05 #25

26. If a control total were to be computed on each of the following data items, which would best be
identified as a hash total for a payroll IS application?

A. Hours worked.
B. Total debits and total credits.
C. Net pay.
D. Department numbers.

AICPA

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #26
27. Generally accepted auditing standards (GAAS) give auditors considerable discretion to decide the
amount of work required to satisfy auditing standards guiding internal control evaluation and related
audit planning. Which of the descriptions below best expresses the minimum amount of work permitted
by GAAS for nonpublic companies?

ADo not obtain an understanding of client environment, accounting, or control activities. Do not
. document the decision to assess control risk at maximum. Perform 100% substantive audit on all
financial statement transactions and balances.
BObtain an understanding of client environment, accounting, and control activities. Document the
. decision to assess control risk at maximum. Perform an extensive but not 100% substantive audit on
financial statement transactions and balances.
CObtain an understanding of client environment, accounting, and control activities, and perform detail
. tests of controls. Document the decision to assess control risk below the maximum. Perform restricted
substantive audit on financial statement transactions and balances, considering the control risk
assessment.
DObtain an understanding of client environment, accounting, and control activities, and perform detail
. tests of controls. Document the decision to assess control risk at zero. Perform no substantive audit on
financial statement transactions and balances, since zero control risk means that no errors or fraud can
reach the accounts.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #27

28. Proper separation of duties reduces the opportunities to allow persons to be in positions to both

A. Journalize entries and prepare financial statements.

B. Record cash receipts and cash disbursements.
C. Establish internal controls and authorize transactions.
D. Perpetuate and conceal errors and fraud.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #28
29. In an audit of financial statements, an auditor's primary consideration regarding an internal control
policy or activity is whether the policy or activity

A. Reflects management's philosophy and operating style.

B. Affects management's financial statement assertions.
C. Provides adequate safeguards over access to assets.
D. Enhances management's decision making processes.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #29

30. Which of the following is a step in an auditor's decision to assess control risk at below the maximum?

A.Apply analytical procedures to both financial data and nonfinancial information to detect conditions
that may indicate weak controls.
B. Perform tests of details of transactions and account balances to identify potential errors and fraud.
C. Identify specific internal control policies and activities that are likely to detect or prevent material
misstatements.
D. Document that the additional audit effort to perform tests of controls exceeds the potential reduction
in substantive testing.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #30
31. Which of the following is not an objective of internal controls over financial reporting as defined by the
Sarbanes-Oxley Act?

APolicies and procedures that pertain to the maintenance of records that in reasonable detail accurately
. and fairly reflect the transactions and dispositions of the assets of the registrant.
BPolicies and procedures that provide reasonable assurance that transactions are recorded as necessary to
. permit preparation of financial statements in accordance with generally accepted accounting principles,
and receipts and expenditures of the registrant are being made only in accordance with authorizations
of management and directors of the registrant.
C. Policies and procedures that provide reasonable assurance regarding the compliance with applicable
laws and regulations.
DPolicies and procedures that provide reasonable assurance regarding prevention or timely detection of
. unauthorized acquisition, use or disposition of the registrant's assets that could have a material effect
on the financial statements.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #31

32. Which of the following most likely would not be considered an inherent limitation of the potential
effectiveness of an entity's internal controls?

A. Incompatible duties.
B. Management override.
C. Mistakes in judgment.
D. Collusion among employees.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Comprehension
Difficulty: Hard
Louwers - Chapter 05 #32

33. As part of understanding the internal control, an auditor is not required to

A. Consider factors that affect the risk of material misstatement.

B. Ascertain whether internal control policies and activities have been placed in operation.
C. Identify the types of potential misstatements that can occur.
D. Obtain knowledge about the operating effectiveness of the client's internal control activities.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #33
34. The primary objective of procedures performed to obtain an understanding of the entity's internal
control is to provide an auditor with

A. Knowledge necessary for audit planning.

B. Evidential matter to use in assessing inherent risk.
C. A basis for modifying tests of controls.
D. An evaluation of the consistency of application of management's policies.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #34

35. The overall attitude and awareness of an entity's board of directors concerning the importance of the
client's internal control usually is reflected in its

A. Computer-based control activities.

B. System of separation of duties.
C. Control environment.
D. Safeguards over access to assets.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #35

36. After obtaining an understanding of the internal controls and assessing control risk on the audit of a non
public company, an auditor decided to perform tests of controls. The auditor most likely decided that

A. It would be efficient to perform tests of controls that would result in a reduction in planned
substantive tests.
B. Additional evidence to support a further reduction in control risk is not available.
C. An increase in the assessed level of control risk is justified for certain financial statement assertions.
D. There were many internal control weaknesses that could allow errors to enter the accounting system.

AICPA

AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #36
37. In an audit of financial statements of a non public company in accordance with generally accepted
auditing standards, an auditor is required to

A. Document the auditor's understanding of the entity's internal control.

B. Search for significant deficiencies in the operation of the internal controls.
C. Perform tests of controls to evaluate the effectiveness of the entity's accounting system.
D. Determine whether control activities are suitably designed to prevent or detect material
misstatements.

AICPA

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #37

38. In testing control activities, an auditor ordinarily selects from a variety of techniques, including

A. Inquiry and analytical procedures.

B. Reperformance and observation.
C. Comparison and confirmation.
D. Inspection and verification.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #38

39. Assessing control risk at below the maximum level most likely would involve

A. Performing more extensive substantive tests with larger sample sizes than originally planned.
B. Reducing inherent risk for most of the assertions relevant to significant account balances.
C. Changing the timing of substantive tests by omitting interim-date testing and performing the tests at
year end.
D. Identifying specific internal control structure policies and procedures relevant to specific assertions.

AICPA

AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Bloom's: Comprehension
Difficulty: Hard
Louwers - Chapter 05 #39
40. A report on internal control effectiveness by the management team of public companies is required by

A. The Sarbanes-Oxley Act of 2002.

B. The PCAOB.
C. The AICPA.
D. Only auditors are required to report on internal control effectiveness.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #40

41. Management's report on internal controls must include each of the following except

A. A statement that management is responsible for establishing and maintaining adequate internal
control over financial reporting.
B. A statement identifying the framework management uses to evaluate the effectiveness of the
company's internal control.
C. A statement providing management's assessment of the effectiveness of the company's internal
control.
D. A statement providing management's evaluation of the company's control environment.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Communication
Difficulty: Medium
Louwers - Chapter 05 #41

42. Which of the following areas can external auditors rely on internal auditors' work in auditing internal
controls?

A. Evaluation of the auditing environment.

B. Limited documentation and testing of internal control activities.
C. All testing of the operating effectiveness of internal control activities.
D. As the principle evidence for the external auditors' opinion.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #42
43. The most important fundamental component of an entity's internal control is
Refer To: 05-43

A. Effectiveness and efficiency of operations.

B. People who operate the control system.
C. Reliability of financial reporting.
D. Compliance with applicable laws and regulations.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #43

44. The primary purpose for obtaining an understanding of a non public audit client's internal control is to
Refer To: 05-43

A. Provide a basis for making constructive suggestions in a management letter.

B. Determine the nature, timing, and extent of tests to be performed in the audit.
C. Obtain sufficient appropriate audit evidence to afford a reasonable basis for an opinion on the
financial statements under examination.
D. Provide information for a communication of internal control-related matters to management.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #44

45. Effectiveness of audit procedures would be reduced by

Refer To: 05-43

A. Selecting larger sample sizes for audit.

B. Performing audit procedures at the fiscal year-end date, as opposed to the interim period.
C. Deciding to obtain external evidence instead of internal evidence.
D. Performing procedures during the interim period, as opposed to at the fiscal year-end date.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Application
Difficulty: Easy
Louwers - Chapter 05 #45
46. Financial totals can be used for
Refer To: 05-43

A. Input controls.
B. Processing controls.
C. Output controls.
D. All of the above.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #46

47. Which of the following is an application control?

Refer To: 05-43

A. Locked doors to the central server.

B. Change controls over new programs.
C. Backup controls.
D. An output control department that ensures that reports go to authorized recipients.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #47

48. Which of the following is a preventive control?

Refer To: 05-43

A. A reconciliation of a bank account.

B. Internal auditors recalculating a sample of payroll entries.
C. Separation of duties between the payroll and personnel departments.
D. Use of hash totals for the payroll input sheet.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #48
49. In most audits of large entities, control risk assessment contributes to audit efficiency, which means that
Refer To: 05-43

A. The cost of substantive procedures will exceed the cost of control evaluation work.
B. Auditors will be able to reduce the cost of substantive procedures by an amount more than the control
evaluation costs.
C. The cost of control evaluation work will exceed the cost of substantive procedures.
D. Auditors will be able to reduce the cost of substantive procedures by an amount less than the cost of
tests of controls.

Original

AACSB: Analytic
AICPA BB: Resource Management
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #49

50. Which of the following is a device designed to help the audit team obtain evidence about the accounting
and control activities of an audit client?
Refer To: 05-43

A. A narrative memorandum describing the control system.

B. An internal control questionnaire.
C. A flowchart of the documents and procedures used by the company.
D. All of the above.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #50

51. A bridge workpaper shows the connection between

Refer To: 05-43

A. Control evaluation findings and subsequent audit procedures.

B. Management objectives and accounting system procedures.
C. Management objectives and entity control activities.
D. Financial statement assertions and tests of controls.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #51
52. Tests of controls in a GAAS audit are required for
Refer To: 05-43

A. Obtaining evidence about the financial statement assertions.

B. Accomplishing control over the occurrence of recorded transactions.
C. Applying analytical procedures to financial statement balances.
D. Obtaining evidence about the operating effectiveness of client control activities.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #52

53. A client's financial control activity is

Refer To: 05-43

A. An action taken by auditors to obtain evidence.

B An action taken by client personnel for the purpose of preventing, detecting, and correcting errors and
. frauds in transactions to eliminate or mitigate risks identified by the company.
C. A method for recording, summarizing, and reporting financial information.
D. The functioning of the board of directors in support of its audit committee.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #53

54. When planning an audit of internal controls under AS 5, the audit team should
Refer To: 05-43

A. Identify significant accounts, locations, and assertions.

B. Conduct a walkthrough of the internal control process.
C. Make inquiries of employees regarding the existence of control activities.
D. Re-perform control activities performed by client employees to determine their effectiveness.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #54
55. A material weakness is a situation in which
Refer To: 05-43

A. It is probable that an immaterial financial statement misstatement would not be detected on a timely
basis
B. There is a remote likelihood that a material misstatement would be detected on a timely basis.
C. It is reasonably possible that a material misstatement would not be detected on a timely basis.
D. It is reasonably possible that an immaterial misstatement would not be detected on a timely basis.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #55

56. Totals of amounts in computer-recorded data fields that are not usually added but are used only for data
processing control purposes are called
Refer To: 05-43

A. Record totals.
B. Hash totals.
C. Processing data totals.
D. Field totals.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #56
57. Which of the following does not accurately summarize auditors' requirements regarding internal
control?

Refer To: 05-43

A. Option A
B. Option B
C. Option C
D. Option D

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #57

58. AS 5 requires auditors of public companies to audit internal controls over

Refer To: 05-43

A. Operations.
B. Compliance with regulations.
C. Financial reporting.
D. All of the above.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #58
59. AS 5 requires auditors of public companies to report on:

Refer To: 05-43

A. Option A
B. Option B
C. Option C
D. Option D

Original

AACSB: Communication
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #59

60. AS 5 requires auditors to test

Refer To: 05-43

A. Operating effectiveness only.

B. Design effectiveness only.
C. Both operating and design effectiveness.
D. Neither operating nor design effectiveness.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #60

61. Which of the following would probably not be considered an indication of a material weakness?
Refer To: 05-43

A. Evidence of a material misstatement.

B. Ineffective oversight by the audit committee.
C. An immaterial fraud committed by senior management.
D. Overproduction by the manufacturing plant.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Comprehension
Difficulty: Medium
Louwers - Chapter 05 #61
62. Which report would not be appropriate for a public accounting firm to provide on financial reporting
controls?
Refer To: 05-43

A. Unqualified—no material weaknesses found.

B. Disclaimer of opinion—unable to perform all necessary procedures.
C. Disclaimer of opinion—significant deficiencies exist.
D. Adverse—material weaknesses exist.

Original

AACSB: Communication
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #62

63. The purpose of separating the duties of hiring personnel and distributing payroll checks is to separate
the
Refer To: 05-43

A. Authorization of transactions from the custody of related assets.

B. Operational responsibility from the record-keeping responsibility.
C. Human resources function from the controllership function.
D. Administrative controls from the internal accounting controls.

AICPA adapted

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Easy
Louwers - Chapter 05 #63

64. Which of the following statements is not true with respect to the auditors' report on internal control over
financial reporting?
Refer To: 05-43

A. The report will be dated as of the balance sheet date.

B. The report will express an opinion on the effectiveness of internal control over financial reporting.
C. If one or more material weaknesses exist, the auditor will issue an adverse opinion.
D. The report may be presented with the report on the entity's financial statements as a combined report.

Original

AACSB: Communication
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #64
65. If the auditors encounter a significant scope limitation in evaluating a public company's internal control
over financial reporting, which of the following types of opinions on the effectiveness of the company's
internal control over financial reporting would be appropriate?
Refer To: 05-43

A. Unqualified opinion or adverse opinion.

B. Qualified opinion or adverse opinion.
C. Unqualified opinion or disclaimer of opinion.
D. Disclaimer of opinion.

Original

AACSB: Communication
AICPA BB: Legal
AICPA FN: Research
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #65

66. Which of the following information would be included in the introductory paragraph of the auditors'
report on internal control over financial reporting if the report is presented separately from the auditors'
report on the entity's financial statements?
Refer To: 05-43

A. The fact that the auditors conducted an audit of the entity's financial statements.
B. The definition of a material weakness in internal control over financial reporting.
C. Statements identifying the responsibility of the auditors and management for internal control over
financial reporting.
D. A reference to the auditors' report and opinion on the entity's financial statements.

Original

AACSB: Communication
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Hard
Louwers - Chapter 05 #66

Question also found in Study Guide

Louwers - Chapter 05
67. Which of the following is not one of COSO's objectives for internal controls?

A. Efficiency and effectiveness of operations.

B. Reliability of financial reporting.
C. Maximization of profit.
D. Compliance with applicable laws and regulations.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #67

68. Which of the following is not one of the elements of the control environment?

A. Process for recording transactions and preparing financial statements.

B. Presence of an internal auditing function.
C. A company's organizational structure.
D. Methods of assigning authority and responsibility.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #68

69. Which of the following would not be considered a control activity?

A. Assessment of control risk

B. Performance reviews
C. Physical controls
D. Information processing controls

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #69
70. An edit test that checks data fields to see if any are blank when they must contain data is called a

A. Valid sign test.

B. Missing data test.
C. Limit test.
D. Valid character test.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #70

71. An action taken to prevent, detect, and correct errors and frauds in transactions is referred to as a

A. Control objective.
B. Risk assessment.
C. Dual-purpose test.
D. Control activity.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #71

72. Accounting for the numerical sequence of shipping documents is a control procedure designed to
achieve the internal control objective of

A. Validity.
B. Completeness.
C. Accounting.
D. Accuracy.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Comprehension
Difficulty: Easy
Louwers - Chapter 05 #72
73. Auditors obtain an understanding of the internal control through all of the following, except

A. Previous experience with the company.

B. Responses to inquiries directed to client personnel.
C. A substantive testing audit plan.
D. A "walk-through" of one or more transactions.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #73

74. The most efficient means of gathering evidence about the internal control is to conduct a formal
interview with knowledgeable managers and

A. Write a narrative description of each important control.

B. Prepare a flowchart illustrating the internal control.
C. Prepare a well indexed file of audit documentation.
D. Use an internal control questionnaire.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #74

75. The five internal control components do not include

A. Control activities.
B. Risk assessment.
C. Monitoring.
D. Control risk.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Easy
Louwers - Chapter 05 #75
76. A computerized accounting system would not include which of the following among the processing
control activities?

A. Limit and reasonableness tests.

B. File and operator controls.
C. Master file changes.
D. Run-to-run total.

Original

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #76

77. Significant deficiencies are defined as conditions that

A. Could adversely affect the organization's ability to initiate, record, process, and report financial data
in the financial statements.
B. Results in a reasonable possibility that a material misstatement exists in financial statements.
C Exists when the design or operation of a control does not allow the company's management or
. employees to detect or prevent misstatements in a timely fashion.
D Relates to either a necessary control that is missing or an existing control that is so poorly designed
. that it fails to satisfy the control's objective.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #77

78. AS 5 requires the audit team to do all the following except

A. Evaluate the severity of each control deficiency that comes to his or her attention.
B. Document the process used to determine significant accounts and disclosures and major classes of
transactions.
C. Test all internal controls in the company.
D. AS 5 requires all the above.

Original

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #78
79. Below are the nine ASB management assertions.

Match shipping documents with sales invoices before1

1. Occurrence a sale is recorded.

Balance total of individual customers' receivables2

2. Classification with the control account.

4
3. Accuracy Sales manager approves taking discounts.

4. Allocation Computer check for billing the quantity shipped, list3

or valuation price, and total.

Account for numerical sequence of pre-numbered5

5. Completeness shipping documents.
AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Hard
Louwers - Chapter 05 #79

80. For each of the descriptions below, match the correct control, A to G.

Programmed tests to ensure that illogical5

1. sequence tests conditions do not occur.

Test that checks data fields for appropriate plus or4

2. missing data tests minus.

2
3. check digit Test that checks data fields to see if any are blank.

An extra number tagged on to the end of a basic3

4. valid sign test identification.

5. limit/ Test that can check for missing documents in a1

reasonableness tests prenumbered series.
AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Application
Difficulty: Hard
Louwers - Chapter 05 #80

Question also Found in Study Guide

Louwers - Chapter 05
81. The primary reason for conducting an evaluation of a company's internal control is to provide a basis for
communicating significant deficiencies.

FALSE
Louwers - Chapter 05 #81

82. The audit task of control risk assessment involves finding out what the company does to prevent, detect,
and correct errors and fraud.

TRUE
Louwers - Chapter 05 #82

83. The audit team is responsible for the client's internal control.

FALSE
Louwers - Chapter 05 #83

84. The attitudes of managers and directors are probably the most pervasive influences on the control
environment.

TRUE
Louwers - Chapter 05 #84

85. The most important feature of an internal control system is the people who make the system work.

TRUE
Louwers - Chapter 05 #85

86. A control activity is an action taken to prevent, detect, and correct errors and frauds in transactions.

TRUE
Louwers - Chapter 05 #86

87. The COSO report indicates that internal control should be considered a process, not an end in itself.

TRUE
Louwers - Chapter 05 #87

88. Auditors of public companies do not need to determine the quality of a client's internal control; they
only need to know enough to plan the audit work.

FALSE
Louwers - Chapter 05 #88

89. The primary reason to evaluate internal control is to formulate constructive suggestions for
improvement.

FALSE
Louwers - Chapter 05 #89
90. The most efficient means of gathering evidence about a client's internal control is to prepare a flowchart
of the system.

FALSE
Louwers - Chapter 05 #90

91. The strengths and weaknesses of a control system should be documented in bridge working papers
connecting the control evaluation to subsequent audit procedures.

TRUE
Louwers - Chapter 05 #91

92. Auditors do not need to perform tests of controls audit procedures on internal control weaknesses just to
prove the weaknesses actually exist.

TRUE
Louwers - Chapter 05 #92

93. To reduce the final control risk assessment to a low level, auditors need only to determine the required
degree of compliance with the control policies and procedures.

FALSE
Louwers - Chapter 05 #93

94. Auditors perform tests of control activities to determine how the company's controls actually functioned
during the period under audit.

TRUE
Louwers - Chapter 05 #94

95. Control systems generally provide absolute assurance that the objectives of internal control are satisfied.

FALSE
Louwers - Chapter 05 #95

96. Dual-purpose audit tests are procedures that produce both control and substantive evidence.

TRUE
Louwers - Chapter 05 #96

97. The key person in the internal control system of a small business is the independent auditor.

FALSE
Louwers - Chapter 05 #97

98. Evaluation of internal control systems on a nonpublic entity should not be subject to cost/benefit
considerations.

FALSE
Louwers - Chapter 05 #98
99. Tests of controls consist of procedures designed to produce evidence of how effectively the client's
controls work in practice.

TRUE
Louwers - Chapter 05 #99

100. Auditors can stop the assessment of control risk for nonpublic entities for either effectiveness or
efficiency reasons.

TRUE
Louwers - Chapter 05 #100

101. PCAOB Auditing Standard No. 5 only applies to public companies.

TRUE
Louwers - Chapter 05 #101

102. The auditor's opinion on internal control under AS 5 relates only to controls existing at the end of the
year.

TRUE
Louwers - Chapter 05 #102

103. Auditors should begin their evaluation of internal controls over financial reporting on a bottom-up
basis—starting with the account level assertion and working up to entity-level controls.

FALSE
Louwers - Chapter 05 #103

Questions also Found in Study Guide

Louwers - Chapter 05

104. _____________________________ _____________________________ are the set of policies and

procedures that are designed to insure that transactions are recorded properly.

Control activities
Louwers - Chapter 05 #104

105. _____________________________ _____________________________ in internal control are matters

the auditors believe should be communicated to the clients' audit committee.

Significant deficiencies
Louwers - Chapter 05 #105

106. The audit team is responsible for designing an evaluation of _____________________________

internal control systems, and _____________________________ the control
_____________________________ of that system.

existing, assessing, risk

Louwers - Chapter 05 #106
107. The COSO report identifies the objectives to be achieved by internal control as (1) effectiveness and
efficiency of _____________________________, (2) reliability of _____________________________
_____________________________, and (3) compliance with _____________________________ and
_____________________________.

operations, financial reporting, laws, regulations

Louwers - Chapter 05 #107

108. _____________________________ _____________________________ are specific actions taken by a

client's management and employees to help ensure that management directives are carried out.

Control activities
Louwers - Chapter 05 #108

109. _____________________________ _____________________________ to assets and important

records, documents, and blank forms should be limited to authorized personnel only in a well controlled
company.

Physical access
Louwers - Chapter 05 #109

110. Internal control systems generally provide _____________________________ assurance that the
objectives of internal control are satisfied.

reasonable
Louwers - Chapter 05 #110

111. In connection with control activities used in a client's internal control system, a
_____________________________ _____________________________ is a tally of the number of
transactions submitted at a particular time and it is used to determine whether the proper number was
processed in a data conversion or computer accounting application.

record count
Louwers - Chapter 05 #111

112. Control activities in a computerized accounting system may be classified into two types--
_____________________________ controls and _____________________________ controls.

general, application
Louwers - Chapter 05 #112

113. Significant deficiencies in internal control also include the more serious condition called a
_____________________________ _____________________________.

material weakness
Louwers - Chapter 05 #113
114. To reduce the control risk level to a low level, auditors must determine (1) the
_____________________________ _____________________________ of company compliance with
control policies, and (2) the _____________________________ _____________________________ of
company compliance.

required degree, actual degree

Louwers - Chapter 05 #114

115. Auditors perform _____________________________ _____________________________

_____________________________ to determine how well the company's controls actually functioned
during the period under audit.

tests of controls
Louwers - Chapter 05 #115

116. The concept of _____________________________ _____________________________ recognizes that

the cost of an entity's internal control should not exceed the benefits that are expected to be derived.

reasonable assurance
Louwers - Chapter 05 #116

117. In gathering evidence about the client's internal control, auditors may use a
(n) _____________________________ _____________________________
_____________________________, which is a checklist of internal control related questions.

internal control questionnaire

Louwers - Chapter 05 #117

118. _____________________________ _____________________________

_____________________________ reduce opportunities for a person to be in a position to perpetrate
and conceal errors and frauds when performing their normal duties.

Separation of duties
Louwers - Chapter 05 #118

119. A(n) _____________________________ _____________________________

_____________________________ is a single procedure that produces both control and substantive
evidence.

dual-purpose test
Louwers - Chapter 05 #119

120. A(n) _____________________________ _____________________________ is an extra number,

precisely calculated, that is tagged onto the end of a basic identification number such as an employee
number.

check digit
Louwers - Chapter 05 #120
121. Computerized checks to see whether data values exceed or fall below some predetermined limit are
called limit or _____________________________ _____________________________.

reasonableness tests
Louwers - Chapter 05 #121

122. Techniques used to check errors in accounting data in computer based accounting systems can
be categorized as _____________________________ _____________________________,
_____________________________ _____________________________, and
_____________________________ _____________________________.

input controls, processing controls, output controls

Louwers - Chapter 05 #122

123. A material weakness results in a _____________________________

_____________________________ that a _____________________________
_____________________________ would not be prevented or detected on a timely basis.

reasonable possibility, material misstatement

Louwers - Chapter 05 #123

124. What is the difference between an information technology general control and an information
technology application control?

An information technology general control is used to help control the entire computing environment
for an organization. For example, most organizations require password access to log into the computing
environment. An information technology application control is a computerized control procedure that
is designed to accomplish some type of control objective within a company's overall system of internal
control. For example, a company's accounts receivable system may have an application control that
automatically checks a customer's credit limit before a new sales order is approved. In order to function
properly, an information technology application level technology control is dependent on effective
information technology general controls.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #124

125. What is the difference between an internal control's design effectiveness and its operating effectiveness?

Design effectiveness determines whether the controls over financial reporting, if operating effectively,
would be expected to prevent or detect errors or fraud that could result in a material financial
misstatement. Operating effectiveness is whether the control is operating as designed and whether
the person performing the control possesses the necessary authority and qualifications to perform the
control effectively.

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #125
126. List several elements of a company's control environment.

Some of the elements of a control environment include:

* Management's philosophy and operating style.
* Company organization structure.
* Functioning of the board of directors, particularly its audit committee.
* Methods of assigning authority and responsibility.
* Management's monitoring methods, including internal auditing.
* Personnel policies and practices.
* External influences.

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #126

127. List and explain briefly the phases of an internal control evaluation.

Phase 1: Understanding and document the client's internal control structure. This phase includes a
general knowledge of the control environment, including the identification of entity level controls. In
addition, the auditor should gain an understanding of the flow of transactions through the accounting
system and document this understanding using a questionnaire, narrative descriptions and perhaps
flowcharts.
Phase 2: Assessing the control risk on a preliminary basis. At this point of the process, the strengths and
weaknesses of the system are analyzed and should be documented in a bridge workpaper. A preliminary
assessment of internal controls is completed. At this point, a decision is made as to which controls are
going tested and a required degree of compliance is determined.
Phase 3: Performing tests of controls audit procedures and reassess control risk. When the audit team
determines that a specific control activity could have a significant effect in reducing control risk to
a low level for a specific assertion, they perform test of that control activity to obtain specific audit
evidence about the effectiveness of the design or operation of that control activity. At this point, the
actual degree of compliance is compared with the required degree of compliance. The audit team then
must determine the final assessment of control risk and then determine whether any changes to the
substantive testing plan must be made.

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Risk Analysis
Bloom's: Comprehension
Difficulty: Medium
Louwers - Chapter 05 #127
128. What are some of the problems in establishing an internal control system in small business?

Internal control problems in small business would include:

A. Separation of functional responsibilities would be difficult because of the small number of
employees.
B. The owner manager has to assume a greater role to oversee and supervise authorization,
recordkeeping, and custodial functions.
C. The owner manager must be diligent, competent, and have a high degree of integrity.

AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Medium
Louwers - Chapter 05 #128

129. The Sunny Company is computerizing its accounting function. It would like to separate the duties of
the systems analyst, programmer, and computer operator by hiring three different people for these jobs.
However, they can only afford to hire two people.
Required: A. Briefly describe the functions of the systems analyst, programmer, and computer operator.
B. If Sunny Company can afford only two positions, which two of the three would you combine into
one job? Explain.

A. A systems analyst evaluates the existing system and designs new or improved data processing.
This includes outlining the system and providing guidelines for the programmer. The programmer
flowcharts, codes, and documents the application. The computer operator operates the computer based
on written instructions.
B. It would be best to combine the functions of the systems analyst and programmer. The programmer
has intimate knowledge of the program. The programmer could write code that could be used during
computer operations to manipulate data or assets for his or her benefit. Therefore, the worst situation
would be to combine the functions of the programmer and computer operator. Another possibility
would be to combine the responsibilities of the systems analyst and computer operator. Though this may
not be as severe a problem, the systems analyst may still have special knowledge about the program and
programming.

AACSB: Technology
AICPA BB: Leveraging Technology
AICPA FN: Leveraging Technology
Bloom's: Application
Difficulty: Hard
Louwers - Chapter 05 #129
130. Explain the different opinions that auditors can issue for an entity's internal control over financial
reporting.

Auditors can issue the following opinions for an audit of an entity's internal control over financial
reporting:
• Unqualified. No material weaknesses exist.
• Disclaimer. The audit team cannot perform all of the procedures considered necessary and therefore
cannot issue an opinion.
• Adverse opinion. One or more material weaknesses exist.

AACSB: Communication
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #130

131. Auditors are required to obtain a sufficient understanding of an entity's internal control. This
understanding is required by the performance principle of GAAS.
Required: A. What are some of the goals (purposes) for conducting an evaluation of an entity's internal
control?
B. What audit work is required for an auditor to assess control risk below the "maximum" level?
C. Should auditors always try to obtain enough evidence to assess control risk below the "maximum"
level? Explain.

A. The audit team has two primary reasons for conducting an evaluation of an entity's internal control.
First, Sarbanes-Oxley requires an audit of the effectiveness of internal control that is an integrated part
of the financial statement audit for publicly traded companies. The second reason for evaluating an
entity's internal control is to comply with the performance principle of GAAS: To assess the risk of
material misstatement to give the auditors a basis for planning the audit and determining the nature,
timing, and extent of audit procedures for the substantive audit plan. The audit team assesses control
risk.
B. If auditors assess control risk as "maximum" or 100 percent (i.e., poor control), they will tend to
perform a great deal of substantive procedures with large sample sizes (extent), at or near the entity's
fiscal year end (timing), using procedures designed to obtain high-quality external evidence (nature).
On the other hand, if auditors assess control risk as "low," usually around 10 to 20 percent (i.e.,
effective control), they can perform fewer substantive procedures with smaller sample sizes (extent),
at an interim date before the entity's fiscal year end (timing), using a mixture of procedures designed to
obtain high-quality external evidence and lower-quality internal evidence (nature). Of course, auditors
may assess control risk between "low" and "maximum" (e.g., "moderate," "high," or "slightly below
maximum") and adjust the substantive procedures accordingly.
C. No. here may be occasions when the audit team chooses to test everything substantively rather than
relying on internal controls to reduce substantive testing. For example, for fixed assets, there are usually
a small number of very material transactions. Testing controls would not be efficient if the audit team is
going to examine every transaction anyway.

AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Hard
Louwers - Chapter 05 #131
132. What are the six steps auditors of public companies should use to audit internal control over financial
reporting (ICOFR)?

1. Planning the engagement

2. Using a top-down approach to gain an understanding
3. Testing controls
4. Evaluating control deficiencies
5. Wrapping up: forming an opinion on the effectiveness of internal control over financial reporting
6. Reporting on internal control

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #132

133. What constitutes a material weakness?

A material weakness in internal control is defined as a deficiency, or combination of deficiencies,

that results in a reasonable possibility that a material misstatement would not be prevented or detected
on a timely basis. The following circumstances should be regarded as strong indicators that a material
weakness exists:
• Restatement of previously issued financial statements to reflect the correction of a misstatement.
• Evidence of material misstatements (caught by the audit team) that were not prevented or detected by
the client's internal controls.
• Ineffective oversight of the financial reporting process by the entity's audit committee.
• Indication of fraud (either material or immaterial) by senior management.

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #133

134. What is the difference between a significant deficiency and a material weakness?

The difference between a significant deficiency and a material weakness is the (1) likelihood and (2)
materiality that a potential (or actual) misstatement would not be detected on a timely basis.

AACSB: Analytic
AICPA BB: Legal
AICPA FN: Research
Bloom's: Knowledge
Difficulty: Medium
Louwers - Chapter 05 #134

Question is also Found in Study Guide

Louwers - Chapter 05
135. Each of the five cases illustrates specific control activities from a client's revenue cycle (accounts
receivable/sales). For each of the procedures, (a) identify which management assertions apply, and (b)
what potential category of errors and frauds can be prevented.

AACSB: Analytic
AICPA BB: Critical Thinking
AICPA FN: Risk Analysis
Bloom's: Application
Difficulty: Hard
Louwers - Chapter 05 #135
 ch5 Summary
Category # of
Questions
AACSB: Analytic 73
AACSB: Communication 6
AACSB: Technology 13
AICPA BB: Critical Thinking 7
AICPA BB: Legal 70
AICPA BB: Leveraging Technology 13
AICPA BB: Resource Management 2
AICPA FN: Decision Making 1
AICPA FN: Leveraging Technology 13
AICPA FN: Research 55
AICPA FN: Risk Analysis 23
Bloom's: Application 21
Bloom's: Communication 1
Bloom's: Comprehension 6
Bloom's: Knowledge 64
Difficulty: Easy 20
Difficulty: Hard 17
Difficulty: Medium 55
Louwers - Chapter 05 139