Study Unit 5: questions Flashcards

1
Q

is incompatible duties considered inherent limitations?

A

NO, The performance of incompatible duties, is a failure to assign different people the functions of authorization, recording, and asset custody, not an inevitable limitation of internal control. Segregation of duties is a category of control activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the limitation inherent to internal control in regards to cost?

A

The cost of an entity’s internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In an audit of financial statements, an auditor’s primary consideration regarding an internal control is whether the control

A

Affects management’s financial statement assertions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Internal control is a process designed to provide reasonable assurance regarding the achievement of the entity’s objectives. It can provide reasonable assurance regarding:

A

(1) reliability of financial reporting,
(2) compliance with applicable laws and regulations, and (3) effectiveness and efficiency of operations. Because of inherent limitations, however, no system can be designed to eliminate all fraud (AU-C 315).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internal controls are designed to provide reasonable assurance that

A

Material errors or fraud will be prevented, or detected and corrected, within a timely period by employees in the course of performing their assigned duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An auditor uses the knowledge provided by the understanding of internal control and the assessed risks of material misstatement primarily to

A

Determine the nature, timing, and extent of substantive procedures for financial statement assertions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with

A

Knowledge necessary for audit planning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Responsibility for the performance of each duty must be fixed. True or False?

A

True: Effective internal control may be obtained by decentralization of responsibilities and duties. Fixing the responsibility for each performance or duty makes it easier to trace problems to the person(s) responsible and hold them accountable for their actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The control environment is the foundation for all other control components. It provides discipline and structure, sets the tone of the organization, and influences the control consciousness of employees. Its components include:

A

(1) participation of those charged with governance,
(2) integrity and ethical values,
(3) organizational structure,
(4) management’s philosophy and operating style,
(5) assignment of authority and responsibility,
(6) human resource policies and practices, and
(7) commitment to competence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The control environment may decrease the effectiveness of control activities when

A

Management has substantial incentives for meeting earnings projections. The control environment may reduce the effectiveness of other components of internal control. For example, when the nature of management incentives increases the risks of material misstatement of financial statements, the effectiveness of control activities may be reduced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A proper segregation of duties requires that an individual

A

Recording a transaction not compare the accounting record of the asset with the asset itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a specific transaction authorization?

A

A specific transaction authorization is applicable to a unique decision. A general authorization establishes criteria and authorizes the routine making of decisions subject to the criteria. Approving a detailed construction budget for a warehouse is a one-time decision.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

After obtaining an understanding of the entity and its environment, including its internal control, the auditor assesses

A

Control risk and inherent risk to determine the acceptable level of detection risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

In an audit of financial statements in accordance with generally accepted auditing standards, an auditor should

A

The auditor should document

(1) the understanding of the entity and its environment and the components of internal control,
(2) the sources of information regarding the understanding, and
(3) the risk assessment procedures performed. The form and extent of the documentation are influenced by the nature and complexity of the entity’s controls (AU-C 315).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In all audits, the auditor should obtain an understanding of the components of internal control to identify and assess the RMMs and to design further audit procedures. An understanding is obtained by performing risk assessment procedures to evaluate the design of controls relevant to the audit and determine whether they have been implemented. Risk assessment procedures performed to obtain evidence about the design and implementation of relevant controls include

A

(1) inquiries,
(2) observation of the application of specific controls,
(3) inspection of documents and reports, and
(4) tracing transactions. Inquiries alone are not sufficient.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

For the audit of a nonissuer, the primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with

A

Knowledge necessary to plan the audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

As part of understanding internal control relevant to the audit of a non issuer, an auditor does not need to

A

Obtain knowledge about the operating effectiveness of internal control.

18
Q

An auditor should obtain an understanding of an entity’s information system, including

A

Process used to prepare significant accounting estimates.The auditor should obtain an understanding of the information system, including (1) the classes of significant transactions; (2) the ways those transactions are initiated, authorized, recorded, processed, corrected, transferred to the general ledger, and reported; (3) the accounting records, whether electronic or manual; (4) how significant events and conditions other than transactions are captured; (5) the financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures; and (6) controls over journal entries (AU-C 315 and AS No. 12).

19
Q

Is an auditor required to search for significant deficiencies in internal control?

A

NO, in an audit, the auditor is not obligated to search for significant deficiencies or material weaknesses

20
Q

The understanding (1) evaluates the design of relevant controls and (2) determines whether they have been implemented. This knowledge is used to :

A

(1) identify the types of potential misstatements,
(2) identify the factors that affect the risks of material misstatements, and
(3) design further audit procedures.

21
Q

The auditor’s understanding of internal control is documented to substantiate

A

Compliance with generally accepted auditing standards.

22
Q

A conceptually logical approach to the auditor’s consideration of relevant controls consists of the following four steps:
Determine whether the relevant controls are capable of preventing, or detecting and correcting, material misstatements and have been implemented.
Evaluate the operating effectiveness of relevant controls.
Assess the risks of material misstatement.
Design further audit procedures.
What is the most logical order in which these four steps are performed?

A

Evaluate the design of relevant controls and determine whether they have been implemented,
Assess the RMMs,
Design further audit procedures, and
Test controls.

23
Q

The ultimate purpose of understanding internal control is to contribute to the auditor’s evaluation of the risk that

A

Material misstatements may exist in the financial statements. The understanding of internal control assists the auditor to (1) identify types of potential misstatements; (2) consider factors that affect the RMMs; and (3) design the nature, timing, and extent of further audit procedures (AU-C 315 and AS No. 12).

24
Q

Which of the following factors is least likely to affect the extent of the auditor’s understanding of the entity’s internal controls?
A. The inherent limitations of an audit.
B. The amount of time budgeted to complete the engagement.
C. The nature of specific relevant controls.
D. The size and complexity of the entity.

A

The amount of time budgeted to complete the engagement.

25
Q

Decision tables differ from program flowcharts in that decision tables emphasize

A

Logical relationships among conditions and actions.

26
Q

What is a decision table?

A

A decision table identifies the contingencies considered in the description of a problem and the appropriate actions to be taken relative to those contingencies. Decision tables are logic diagrams presented in matrix form. Unlike flowcharts, they do not present the sequence of the actions described.

27
Q

The normal sequence of documents and operations on a well-prepared systems flowchart is

A

Top to bottom and left to right.

28
Q

When documenting internal control, the independent auditor sometimes uses a systems flowchart, which can best be described as a

A

Symbolic representation of a system or series of sequential processes.

29
Q

What is encryption?

A

Encryption technology converts data into a code. Encoding data before transmission over communications lines makes it more difficult for someone with access to the transmission to understand or modify its contents.

30
Q

What is a hot site?

A

A hot site is a service facility that is fully operational and is promptly available in the case of a power outage or disaster.

31
Q

Misstatements in a batch computer system caused by incorrect programs or data may not be detected immediately because

A

Transactions in a batch computer system are grouped together, or batched, prior to processing. Batches may be processed either daily, weekly, or even monthly. Thus, considerable time may elapse between the initiation of the transaction and the discovery of an error.

32
Q

What is a hash total?

A

The hash total is a control total without a defined meaning, such as the total of employee numbers or invoice numbers, that is used to verify the completeness of data.

33
Q

What is a check digit verification?

A

Check digit verification is used to identify incorrect identification numbers. The digit is generated by applying an algorithm to the ID number. During input, the check digit is recomputed by applying the same algorithm to the entered ID number.

34
Q

What is a firewall?

A

A firewall separates an internal from an external network (e.g., the Internet) and prevents passage of specific types of traffic. It identifies names, Internet Protocol (IP) addresses, applications, etc., and compares them with programmed access rules.

35
Q

What is a trojan horse?

A

A Trojan horse is a computer program, for example, a game, that appears friendly but that actually contains an application destructive to the computer system.

36
Q

The use of message encryption software

A

Increases system processing costs. Encryption software uses a fixed algorithm to manipulate plain text and an encryption key (a set of random data bits used as a starting point for the application of the algorithm) to introduce variation. The machine instructions necessary to encrypt and decrypt data require additional processing. As a result, processing costs increase.

37
Q

So that the essential control features of a client’s computer system can be identified and evaluated, the auditor of a nonissuer must, at a minimum, have

A

A sufficient understanding of the entire computer system. The audit should be performed by a person having adequate technical training and proficiency as an auditor. That auditor is required to obtain a sufficient understanding of internal control to plan the audit and determine the nature, timing, and extent of tests to be performed. Hence, the auditor should have the training and proficiency that are necessary to understand controls relevant to the computer system.

38
Q

The firewall system that limits access to a computer by routing users to replicated Web pages is

A

A proxy server. A proxy server maintains copies of web pages to be accessed by specified users. Outsiders are directed there, and more important information is not available from this access point.

39
Q

What is a validity check?

A

Validity checks test identification numbers or transaction codes for validity by comparison with items already known to be correct or authorized. For example, a validity check may identify a transmission for which the control field value did not match a pre-existing record in a file.

40
Q

The online data entry control called preformatting is

A

The display of a document with blanks for data items to be entered by the terminal operator. To avoid data entry errors in online systems, a preformatted screen approach may be used. It is a screen prompting approach that involves the display on a monitor of a set of boxes for entry of specified data items. The format may even be in the form of a copy of a transaction document. This technique is best suited to conversion of data from a source document.

41
Q

What are local area networks? LAN

A

Local area networks are privately owned networks that provide high speed communication among nodes. They are usually restricted to limited areas, such as a particular floor of an office building.