AUDITING & ASSURANCE PRINCIPLES

AT.112_Understanding the Entity’s Internal Control

LECTURE NOTES
Understanding The Entity’s Internal Control management has a written code of conduct and whether it
acts in a manner that supports the code.
Internal control is the process designed, implemented and
maintained by those charged with governance, Risk Assessment Process
management and other personnel to address risks that are
The entity’s risk assessment process refers to the entity’s
present between the entity and the accomplishment of its
process for identifying business risks relevant to financial
objectives. Its purpose is to address identified business
reporting objectives and deciding about actions to address
risks that threaten the achievement of the entity’s
those risks, and the results thereof. If that process is
objectives about:
appropriate to the circumstances, including the nature,
• the reliability of the entity’s financial reporting
size and complexity of the entity, it assists the auditor in
(auditor’s primary concern);
identifying ROMM. Whether the entity’s risk assessment
• the effectiveness and efficiency of its operations; and
process is appropriate is a matter of judgment.
• its compliance with applicable laws and regulations.
The auditor shall obtain an understanding of whether the
Internal control structure varies with an entity’s size and
entity has a process for:
complexity. Smaller entities may use less structured
a. Identifying business risks relevant to financial
means and simpler processes and procedures.
reporting objectives;
An understanding of internal control assists the auditor in b. Estimating the significance of the risks;
identifying types of potential misstatements and factors c. Assessing the likelihood of their occurrence; and
that affect the ROMM, and in designing the nature, timing, d. Deciding about actions to address those risks.
and extent of FAP (ToC and SP).
Information System and Communication
Components of Internal Control
Information and communication relates to the
The following are the components of an effective internal identification, capture, and exchange of information that
control: enables individuals to carry out their responsibilities. It
a. Control environment includes information system and communication relevant
b. Risk assessment process to financial reporting system which consists of the
c. Information system and communication procedures and records established to initiate, record,
d. Control activities process and report entity transactions (as well as events
e. Monitoring and conditions) and to maintain accountability for the
related assets, liabilities and equity.
Control Environment
Information system and communication consists of
Control environment is the governance and management infrastructure (physical and hardware components),
functions and the attitudes, awareness, and actions of software, people, procedures, and data.
those charged with governance and management
concerning the entity’s internal control and its importance The auditor shall obtain an understanding of the
in the entity. It is the foundation of internal control, and information system, including the related business
sets the tone of an organization that influences the control processes, relevant to financial reporting.
consciousness of its people. The auditor shall obtain an understanding of how the entity
The seven elements of the control environment are: communicates financial reporting roles and responsibilities
a. Communication and enforcement of integrity and and significant matters relating to financial reporting,
ethical values including:
b. Commitment to competence a. Communications between management and those
c. Human resource policies and practices charged with governance; and
d. Assignment of authority and responsibility b. External communications, such as those with
e. Management's philosophy and operating style regulatory authorities.
f. Participation of those charged with governance
Control Activities
g. Organizational structure
Control activities are policies and procedures of the entity
The auditor shall obtain an understanding of the control
that help ensure that management directives are carried
environment. As part of obtaining this understanding, the
out.
auditor shall evaluate whether:
a. Management, with the oversight of those charged with Examples of control activities include policies and
governance, has created and maintained a culture of procedures on:
honesty and ethical behavior; and • Authorization
b. The strengths in the control environment elements • Performance reviews
collectively provide an appropriate foundation for the • Information processing
other components of internal control, and whether • Physical controls
those other components are not undermined by control • Segregation of duties
environment weaknesses.
The auditor shall obtain an understanding of control
Relevant audit evidence may be obtained through a activities relevant to the audit.
combination of inquiries and other risk assessment
Control activities that are relevant to the audit are:
procedures such as corroborating inquiries through
• Those that are required to be treated as such, being
observation or inspection of documents. For example,
control activities that relate to significant risks and
through inquiries of management and employees, the
those that relate to risks for which substantive
auditor may obtain an understanding of how management
procedures alone do not provide sufficient appropriate
communicates to employees its views on business
audit evidence; or
practices and ethical behavior and considering whether

Page 1 of 6
• Those that are considered to be relevant in the Relevant Controls: Nature and Extent of the
judgment of the auditor, being those necessary in Auditor’s Understanding
order to assess the ROMM at the assertion level and
The auditor shall obtain an understanding of internal
design FAP responsive to assessed risks
control relevant to the audit, not all controls that relate to
Risks arising from, and control activities in, IT financial reporting are relevant to the audit. It is a matter
of the auditor’s professional judgment whether a control, is
In understanding the entity’s control activities, the auditor
relevant to the audit.
shall obtain an understanding of how the entity has
responded to risks arising from IT. This topic will be When obtaining an understanding of controls that are
discussed separately in “Auditing in a computerized relevant to the audit, the auditor shall evaluate the design
information system (CIS) environment.” of those controls and determine whether they have been
implemented, by performing procedures in addition to
Monitoring
inquiry of the entity’s personnel.
Monitoring is a process that assesses the effectiveness of
Design and Implementation of Relevant Controls
internal control performance over time. It includes
assessing the design and operation of controls on a timely Risk assessment procedures to obtain audit evidence about
basis and taking necessary corrective actions modified for the design and implementation of relevant controls may
changes in conditions. include:
• Inquiring of entity personnel
The types of monitoring activities are:
• Observing the application of specific controls.
• ongoing monitoring activities - often built into the
• Inspecting documents and reports.
normal recurring activities of an entity and include
• Tracing transactions through the information system
regular management and supervisory activities.
relevant to financial reporting.
• separate evaluations - often performed by internal
auditors or company employees and provide feedback Inquiry alone, however, is not sufficient for such purposes.
on the effectiveness of other internal control
processes. Evaluating the design of a control involves considering
• a combination of the two above. whether the control is capable of effectively preventing, or
detecting and correcting, material misstatements.
Internal auditing is often considered a highly effective Implementation of a control means that the control exists
monitoring control. and that the entity is using it. There is little point in
assessing the implementation of a control that is not
The auditor shall obtain an understanding of the major
effective, and so the design of a control is considered first.
activities that the entity uses to monitor internal control
An improperly designed control may represent a material
over financial reporting, including those related to those
weakness in the entity’s internal control.
control activities relevant to the audit, and how the entity
initiates corrective actions to its controls. Obtaining an understanding of an entity’s controls is not
sufficient to test their operating effectiveness (which is
Inter-relationship of Components of Internal Control
determined through test of controls), unless there is some
Internal control consists of five interrelated components automation that provides for the consistent operation of
designed to work together as a process in order to address the controls.
entity’s business risks and help it accomplish the it’s
Documentation
objectives.
The auditor shall document the key elements of each of
Inherent Limitations of Internal Control the internal control components, including the sources of
Internal control can only provide reasonable assurance information from which the understanding was obtained.
that the entity’s objectives are met because of the The auditor may document its understanding through any
following inherent limitations: or combination of the following techniques:
• Cost-benefit considerations a. Narratives – A narrative is a written description of a
• Human errors or mistakes client’s internal controls.
• Management override or circumvention b. Flowcharts – An internal control flowchart is a diagram
• Collusion among employees or outside parties of the client’s documents and their sequential flow in
• Usually directed only at routine transactions, rather the organization. Flowcharts have two advantages over
than non-routine transactions narratives: typically they are easier to read and easier
• May become inadequate due to changes in entity’s to update. It is unusual to use both a narrative and a
circumstances flowchart to describe the same system because both
Understanding Entity’s Internal Controls Through present the same information.
Transaction Cycles c. Internal Control Questionnaires (ICQ) – An ICQ asks a
series of questions about the controls in each audit
Transaction cycles refer to certain business processes, or
area as a means of identifying internal control
segments into which related transactions can be
deficiencies. Most questionnaires require a “yes” or a
conveniently grouped and for which specific accounting
“no” response, with “no” responses indicating potential
procedures and control activities are established by an
internal control deficiencies. The two main
entity's management.
disadvantages of questionnaires are their inability to
The common divisions of transaction cycles are: provide an overview of the system and their
• Revenue and receipt cycle inapplicability for some audits, especially smaller ones.
• Purchasing and disbursement cycle
Performing a Transaction Walkthrough Test
• Payroll and personnel cycle
• Production or conversion (Inventory and warehousing) Walkthrough test involves tracing a few transactions
cycle through the financial reporting system. This test is
• Investing and financing cycle normally done after the auditor has initially documented its
understanding of the transaction cycles and significant
Note that cycles have no beginning or end except at the
business processes. It should be done every year.
origin and final disposition of a company.

Page 2 of 6
The auditor shall perform walkthroughs to achieve the The auditor shall evaluate whether, on the basis of the
following objectives: audit work performed, the auditor has identified a material
• Confirm understanding, as identified in during process weakness in the design, implementation or maintenance of
documentation, of the flow of significant classes of internal control.
transactions within significant processes or sources
The types of material weaknesses in internal control that
and preparation of information resulting in significant
the auditor may identify when obtaining an understanding
disclosures, including how these transactions are
of the entity and its internal controls may include:
initiated, authorized, recorded, processed and
• ROMM that the auditor identifies and which the entity
reported: and
has not controlled, or for which the relevant control is
• Verify the identified “what can go wrongs” (WCGWs)
inadequate.
that have the potential to materially affect relevant
• A weakness in the entity’s risk assessment process
financial statement assertions related to significant
that the auditor identifies as material, or the absence
accounts and disclosures within each significant class
of a risk assessment process in those cases where it
of transactions.
would be appropriate for one to have been established.
What is a Material Weakness in Internal Control?
The auditor shall communicate material weaknesses in
Material weakness in internal control is deficiency, or a internal control identified during the audit on a timely basis
combination of deficiencies, in internal control over to management at an appropriate level of responsibility
financial reporting, such that there is a reasonable and with those charged with governance
possibility that a material misstatement of the company’s
What is Significant Deficiency in Internal Control?
annual or interim financial statements will not be
prevented or detected on a timely basis. Significant deficiency in internal control—A deficiency or
combination of deficiencies in internal control that, in the
Deficiency in internal control exists when:
auditor’s professional judgment, is of sufficient importance
a. A control is designed, implemented or operated in such
to merit the attention of those charged with governance.
a way that it is unable to prevent, or detect and
Significant deficiency is less severe than a material
correct, misstatements in the financial statements on a
weakness.
timely basis; or
b. A control necessary to prevent, or detect and correct,
- done -
misstatements in the financial statements on a timely
basis is missing.

MULTIPLE CHOICE
The Entity’s Internal Control a. Consists of the policies and procedures that help
1. The process designed and effected by those charged ensure that management directives are carried
with governance, management, and other personnel to out.
provide reasonable assurance about the achievement b. Includes the governance and management
of the entity’s objectives with regard to reliability of functions and the attitudes, awareness, and
financial reporting, effectiveness and efficiency of actions of those charged with governance and
operations and compliance with applicable laws and management concerning the entity’s internal
regulations. control and its importance in the entity.
a. Internal Control c. Administrative control c. Is the entity’s process for identifying business risks
b. Accounting control d. Control environment relevant to financial reporting objectives and
deciding about actions to address those risks, and
2. Which of the following is not true of internal control as
the results thereof.
defined by Committee of Sponsoring Organizations of
d. Consists of the procedures and records established
the Treadway Commission (COSO) – Integrated
to initiate, record, process, and report entity
Framework?
transactions (as well as events and conditions) and
a. it is a process that includes all elements of internal
to maintain accountability for the related assets,
control working together.
liabilities, and equity.
b. it includes all the people in the organization.
c. it starts at the top of the organization in setting a 6. Which of the following factors are included in an
tone. entity’s control environment?
d. it is narrower than internal control over financial a b c d
reporting. Commitment to competence Yes Yes No Yes
Integrity and ethical values Yes No Yes Yes
3. The primary responsibility for designing, implementing
Organizational structure No Yes Yes Yes
and maintaining internal control, and the tone of
Human resources policies
internal control typically originates, rests with
and procedures Yes No Yes Yes
a. Internal auditors c. The external auditor
b. The CFO d. The management/TCWG 7. Management philosophy and operating style most
likely would have a significant influence on an entity's
4. What is management’s primary purpose of effective
control environment when
internal control in an organization?
a. The internal auditor reports directly to
a. Obtaining high-quality data for making good
management.
business decisions providing reasonable assurance
b. Management is dominated by one individual.
that the entity’s objectives are achieved.
c. Accurate management job descriptions delineate
b. Completion of a successful audit for the entity.
specific duties.
c. Shareholder involvement in the company’s
d. The audit committee actively oversees the financial
success.
reporting process.
d. Obtaining profitability and financial strength.
Components of Internal Control
5. Control environment component of internal control

Page 3 of 6
8. An auditor should consider the competence of a client's 16. An auditor obtains evidence of the internal control over
employees because their competence bears directly the accounting system by all of the following except:
and importantly on the a. walkthroughs of the accounting system.
a. Cost benefit relationship of internal control. b. making inquiries of banks and attorneys.
b. Achievement of the objectives of internal control. c. reviewing system flowcharts.
c. Comparison of recorded accountability with assets d. taking plant and operational tours.
on hand.
17. Which of the following is not useful for obtaining an
d. Timing of the tests to be performed.
understanding of internal controls?
9. Control activities constitute one of the five components a. Make inquiries of the client’s personnel.
of internal control. Control activities do not encompass b. Examine documents and records.
a. Performance reviews. c. Read industry trade magazines and re-
b. Information processing. performance of internal control.
c. Physical controls and authorization procedures. d. Observe client activities and operations.
d. An internal audit function.
Understanding Relevant Controls
10. Proper segregation of functional responsibilities calls 18. PSAs require the auditor to obtain understanding of the
for separation of the functions of entity’s internal control structure
a. Authorization, execution, and recording. a. For first time audit clients.
b. Authorization, execution, and payment. b. For every audit.
c. Custody, execution, and reporting. c. Whenever the auditor wishes or sees necessary.
d. Authorization, payment, and recording. d. Sufficient to find any frauds that may exist.
11. Controls that enhance the reliability of the financial 19. Which of the following is not a reason that the auditor
statements may be classified as prevention controls must gain an understanding of the client’s internal
and detection controls. Which of the following is control system?
primarily a detection control? a. to better understand the client, its risks, and how
a. Separation of duties between recording cash it manages those risks.
receipts and depositing cash. b. to assess control risk and identify the types of
b. Bank accounts are reconciled monthly by persons financial statement misstatements that are most
independent of cash recording and cash custody. likely to occur affecting relevant financial
c. The human resources department authorizes the statement assertions.
hiring of only those persons for accounting c. to plan direct tests of account balances to
positions that meet the written job requirements determine if misstatements have occurred.
specified by the corporate controller. d. all are reasons why auditors must gain an
d. An accounting manual, accompanied by a detailed understanding of the client’s internal control
chart of accounts, carefully and clearly describes system.
each type of transaction affecting the entity. 20. Reasons to evaluate internal control would not include
12. A component of COSO’s internal control system a. basis for planning the audit.
concerns the process that provides feedback on the b. determining the nature, timing, and extent of
effectiveness of the other components of internal substantive procedures.
control. This component is called: c. basis for type of opinion to be rendered.
a. Information & communication c. Monitoring d. formulating constructive suggestions for
b. Control activities d. Risk assessment improvements.
21. An auditor should consider two key issues when
13. An entity's ongoing monitoring activities often include obtaining an understanding of a client’s internal
a. Periodic audits by the audit committee. controls. These issues are:
b. Reviewing the purchasing function. a. the effectiveness and efficiency of the controls.
c. The audit of the annual financial statements. b. the frequency and effectiveness of the controls.
d. Control risk assessment in conjunction with c. the design (by considering whether the control,
quarterly reviews. individually or in combination with other controls,
Inherent Limitations of Internal Control is capable of effectively preventing or detecting
14. The following are the inherent limitations of internal and correcting, material misstatements) and
control, except utilization (by tracing transactions through the
a. Employees’ collusion c. Errors by personnel information system relevant to financial reporting)
b. Management override d. Incompatible duties of the controls.
d. The implementation and efficiency of the controls.
15. When considering internal control, an auditor must be
22. To obtain an understanding of an entity’s control
aware of the concept of reasonable assurance, which
environment, an auditor should concentrate on the
recognizes that
substance of management’s policies and procedures
a. Employment of competent personnel provides
rather than their form because:
assurance that the objectives of internal control
a. management may establish appropriate policies
will be achieved.
and procedures but not act on them.
b. Establishment and maintenance of internal control
b. the board of directors may not be aware of
is an important responsibility of the management
management’s attitude toward the control
and not of the auditor.
environment.
c. Cost of internal control procedures should not
c. the auditor may believe that the policies and
exceed the benefits expected to be derived from
procedures are inappropriate for that particular
the control.
entity.
d. Segregation of incompatible functions is necessary
d. the policies and procedures may be so weak that
to ascertain that the control procedures are
no reliance is contemplated by the auditor.
effective.
23. When auditing a company, the auditor should obtain
Procedures to Understand Internal Controls an understanding of internal control sufficient to:

Page 4 of 6
 a. provide reasonable protection against client fraud information systems until it is reflected in the
and defalcations by client employees. company's financial report.
b. assess control risk. c. This procedure may be treated as part of tests of
c. provide a basis for suggestions to the client for control.
improving the accounting system. d. This procedure is performed to evaluate the
d. provide a method for safeguarding assets, effectiveness of the design of controls and
checking the accuracy and reliability of accounting determine (confirm) whether the controls are
data, promoting operational efficiency, and implemented (placed in operation) by the client.
encouraging adherence to prescribed managerial
28. Which of the following best represents a walk-through?
policies.
a. The controller reviews the bank reconciliation
Documentation of Internal Control prepared by the accountant and its resulting
24. Which of the following is not a medium that can journal entries.
normally be used by an auditor to record information b. The auditor walks the production line to find
concerning a client's internal control policies and inefficiencies in the inventory process and reports
procedures? them to management.
a. Narrative memorandum. c. Flowchart. c. The controller takes a sample of write-offs to
b. Procedures manual. d. Questionnaire. ensure they have been adequately documented
25. Which of the following statements about auditor and recorded.
documentation of the client’s internal controls is d. The auditor traces three purchasing transactions
correct? from the purchase order to the financial statement
a. Documentation must include flow charts. for observation and understanding.
b. Documentation must include procedural write-ups. 29. In considering internal control, what is the purpose of
c. No documentation is necessary although it is a transaction walk through?
desirable. a. To assure that employees are performing assigned
d. No one particular form of documentation is functions accurately.
necessary, and the extent of documentation may b. To confirm the auditor's understanding of the
vary. internal control structure.
26. The auditor's review of the client's internal control is c. To select documents for detailed tests of controls.
documented in order to substantiate d. To verify the results of the auditor's sampling plan.
a. Conformity of the accounting records with GAAP.
b. Compliance with generally accepted auditing Deficiency in Internal Control
standards. 30. During the audit the independent auditor identified the
c. Adherence to requirements of management. existence of a weakness in the client's internal control
d. The fairness of the financial statement and communicated this finding in writing to the client's
presentation. senior management and those charged with
governance. The auditor should
Performing a Walkthrough Test a. Consider the weakness a scope limitation and
27. Which of the following statements is incorrect about therefore disclaim an opinion.
walk-through tests? b. Consider the effects of the condition on the audit.
a. The nature and extent of walk-through tests c. Suspend all audit activities pending directions from
performed by the auditor are such that they alone the client's audit committee.
would provide sufficient appropriate audit evidence d. Withdraw from the engagement.
to support a control risk assessment which is less
than high. - now do your STD-
b. A procedure that involves tracing a transaction
from its origination through the company's

SELF-TEST DRILL (STD)

1. When evaluating a client's system of internal control to 4. An effective system of internal control
determine whether the necessary procedures are a. Eliminates risks and potential loss to the
prescribed and have been implemented satisfactorily, organization
an auditor must b. Can prevent collusion among employees
a. Develop questionnaires and checklists. c. Can reduce the cost of an external audit
b. Obtain an understanding of internal control. d. Cannot be circumvented by management
c. Perform tests of internal control procedures.
5. Which of the following statements about internal
d. Evaluate administrative policies.
control is correct?
2. The quality of an organization's internal controls a. Properly maintained internal controls reasonably
affects assure that collusion among employees cannot
a. the reliability of financial data. occur.
b. the ability of management to make good decisions. b. Establishing and maintaining internal control is the
c. the ability to sustain an effective business. internal auditor's responsibility.
d. all of the above. c. Exceptionally strong control allows the auditor to
3. Which of management’s concerns with respect to eliminate substantive tests of details.
implementing internal controls is the auditor primarily d. The cost benefit relationship should be considered
concerned? in designing internal controls.
a. Efficiency of operations. 6. When assessing the client which of the following
b. Reliability of financial reporting, i.e., the entity’s factors is considered pervasive and creates both an
ability to process and summarize financial data. attitude and culture that affects the client‘s reporting
c. Effectiveness of operations. system, the process of recording transactions, and the
d. Compliance with applicable laws and regulations. process of making estimates and adjustments.
a. The control environment.

Page 5 of 6
 b. Audit testing of processes and controls. b. a commitment to financial reporting competencies.
c. Design and operation of controls. c. an independent, active, and knowledgeable audit
d. Inherent and control risk. committee.
7. The essence of an effectively controlled organization d. all of the above.
lies in the: 14. Physical controls to safeguard assets would include:
a. effectiveness of its independent auditor. a. hiring only trustworthy cashiers
b. effectiveness of its internal auditor. b. segregation of duties
c. attitude of its employees. c. locks on the warehouse doors
d. attitude of its management. d. safety audits on the production-line
8. Incompatible duties most likely would not be
15. A proper segregation of duties requires
considered an inherent limitation of the potential
a. An individual maintaining custody of an asset be
effectiveness of an entity’s internal control.
entitled to access the accounting records for the
Mistakes in judgment most likely would not be asset.
considered an inherent limitation of the potential b. An individual authorizing a transaction records it
effectiveness of an entity’s internal control. c. An individual recording a transaction not compare
Collusion among employees most likely would not be the accounting record of the asset with the asset
considered an inherent limitation of the potential itself
effectiveness of an entity’s internal control. d. An individual authorizing a transaction maintain a
a. first statement is not correct; the second and third custody of the asset that resulted from a
statements are correct. transaction
b. all above statements are correct. 16. Which of the following components of an entity’s
c. first statement is correct; the second and third internal control structure includes the development of
statements are not correct. employee promotion and training policies?
d. second statement is correct; the first and third a. Control environment c. Control activities
statements are not correct. b. Information & communication d. Monitoring

9. Internal control procedures are not designed to provide 17. Which of the following is not done by an auditor when
reasonable assurance that obtaining an understanding of an entity's internal
a. Transactions are executed in accordance with controls?
management's authorization. a. Identify the types of potential misstatements that
b. Irregularities (frauds) will be eliminated. can occur.
c. Access to assets is permitted only in accordance b. Consider the operating effectiveness of the internal
with management's authorization. controls.
d. The recorded accountability for assets is compared c. Design substantive tests.
with the existing assets at reasonable intervals. d. Consider factors that affect the risk of material
misstatements.
10. _____ deal with ongoing or periodic assessment of the
18. The primary objective of procedures performed to
quality of internal control by management.
obtain an understanding of internal control is to
a. Quality monitoring activities
provide an auditor with
b. Monitoring activities
a. Evidential matter to use in reducing detection risk.
c. Oversight activities
b. Knowledge necessary to plan the audit.
d. Management activities
c. A basis from which to modify tests of controls.
11. Which statement is correct concerning the relevance of d. Information necessary to prepare flowcharts.
various types of controls to a financial audit? 19. Which of the following will an auditor perform to better
a. An auditor may ordinarily ignore a consideration of understand a client's internal control over accounting
controls when a substantive audit approach is systems?
taken. a. An auditor will re-test subsequent year working
b. Controls over the reliability of financial reporting papers.
are ordinarily most directly relevant to an audit, b. An auditor will review previous year working
but other controls may also be relevant. papers.
c. Controls over safeguarding of assets and liabilities c. An auditor will copy previous year working papers.
are of primary importance, while controls over the d. An auditor will re-draft subsequent year working
reliability of financial reporting may also be papers.
relevant.
20. A secondary purpose of the auditor's consideration of
d. All controls are ordinarily relevant to an audit.
internal control is to provide
12. The auditor observes client employees in order to a. A basis for constructive suggestions about
a. Prepare a flowchart. improvements in internal control structure.
b. Update information contained in the organization b. A basis for assessing control risk.
and procedure manuals. c. An assurance that the records and documents have
c. Corroborate the information obtained during the been maintained in accordance with existing
initial review of the system. company policies and procedures.
d. Determine the extent of compliance with quality d. A basis for the determination of the resultant
control standards. extent of the tests to which auditing procedures
13. A company with a strong control environment are to be restricted.
demonstrates which of the following:
a. a culture of high integrity and ethics. ☺ - end - ☺

Page 6 of 6