Once key controls are put in place to avoid material misstatements, the auditor evaluates their

Recommended textbook solutions

Operations Management: Sustainability and Supply Chain Management

12th EditionBarry Render, Chuck Munson, Jay Heizer

1,698 solutions

Human Resource Management

15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine

249 solutions

Human Resource Management

15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine

249 solutions

Human Resource Management

15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine

249 solutions

Reports accepting responsibility for establishing and maintaining adequate ICFR are issued by _____ of public companies

management

In order for the external auditor to complete an audit of the ICFR, management must present written assessment regarding the ______.

completeness of financial transactions
effectiveness of the entity's ICFR
effectiveness of Internal Audit
completeness of the control system

effectiveness of the entity's ICFR

Because each audit provides information relevant to the other, the auditor must integrate the audits of ______.

ICFR

compliance with state wage laws

Board of Directors' minutes

financial statements

ICFR, financial statements

Audit evidence supporting effective internal control must be obtained at the level of ______.

substantial completion
absolute assurance
reasonable assurance
risk-based assurance

reasonable assurance

True or false: The COSO definition of ICFR includes reasonable assurance regarding the safeguarding of assets.

True

True or false: Auditors of publicly traded companies must issue a report that accepts responsibility for establishing and maintaining adequate ICFR.

False

Compared to the objectives listed in the COSO definition, the PCAOB's objectives of internal control are ______ specific.

less
more
equally

more

In order for the external auditor to complete an audit of ICFR, management must ______.

accept responsibility for the effectiveness of ICFR

accept responsibility for preparation of the financial statements

present documentation of remediation of control deficiencies of last year's audit

evaluate the effectiveness of ICFR

accept responsibility for the effectiveness of ICFR

evaluate the effectiveness of ICFR

True or false: The audit of Internal Control over Financial Reporting (ICFR) must be completed prior to the audit of the financial statements.

False

To provide reasonable assurance, a control system, ______.

must be perfect and not allow any material misstatements

must prevent fraud and most material misstatements

must prevent all large errors from occurring

allows for a remote likelihood of material misstatement

-

The fact that no system of internal controls is perfect and that there is a remote likelihood that material misstatement will not be prevented or detected in a timely matter even with effective controls is the concept of ______ assurance.

reasonable

The COSO definition of ICFR is designed to provide ______ assurance regarding the reliability of financial reporting and GAAP financial statement presentation.

reasonable

A control deficiency exists when the _____ or _____ of a control does not allow management or employees to prevent or detect misstatements on a timely basis.

design, operation

Match them:
CEO and CFO
Board and mgmt

with:
Implementation of effective internal control system
Reliability of ICFR and preparation of financial statement

CEO and CFO:
Reliability of ICFR and preparation of financial statement

Board and mgmt:
Implementation of effective internal control system

Classification of control deficiencies include ______ deficiencies.

design

prevention

material

operation

design and operation

A material weakness is a deficiency or combination of deficiencies in ICFR such that there is a(n) ______ possibility that a material financial statement misstatement ill not be prevented or detected on a timely basis.

significant
remote
reasonable
absolute

reasonable

A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a(n) ____ deficiency.

significant

In judging the significance of a control deficiency, management and auditors must consider two dimensions, the
______and _____ of misstatements that could result from the deficiencies.

likelihood, magnitude

The difference between a control deficiency, a significant deficiency, and a material weakness is determined solely based on ______.

auditor judgment
likelihood
magnitude
management judgment

magnitude

A deficiency in ICFR, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis is defined as a(n) _____ _____ by the PCAOB.

material weakness

Material weakness
Significant deficiency
Control deficiency

Match with

Report to Mgmt
Report to audit committee and to mgmt
Report externally, to audit committee, and to mgmt

Material weakness:
Report externally, to audit committee, and to management

Significant deficiency:
Report to the audit committee and to mgmt

Control deficiency:
Report to mgmt

A deficiency or combination of deficiencies in ICFR that is less severe than a material weakness yet important enough to merit attention is a ______ deficiency.

remote
significant
reasonable
possible

significant

According to FASB ASC Topic, "Contingencies", the likelihood of an event is a "reasonable possibility" if it is ______.

of significant magnitude

remotely probable

reasonably possible

probable

reasonable possible
probable

A control issue does not rise to the level of control deficiency if the likelihood is ______.

reasonably possible
likely
probable
remote

remote

Management's assessment of the entity's ICFR must be based on ______.

prior year's deficiencies

the PCAOB framework

a framework consistent with industry peers

a recognized control framework

a recognized control framework

In assessing financial reporting risks, management must evaluate ______.

other pervasive elements of ICFR

entity-level controls

planned controls

internal audit department management

other pervasive elements of ICFR

entity-level controls

When considering financial reporting risks, management should generally include _____ business units.

all

only the smallest

only the largest

the two major business

all

In assessing material weaknesses in ICFR management must ______.

centralize processing of controls

evaluate evidence about the operating effectiveness of ICFR

identify financial reporting risks and related controls

consider which locations to include in the evaluation

notify the auditor of locations to include in the evaluation

evaluate evidence about the operating effectiveness of ICFR

identify financial reporting risks and related controls

consider which locations to include in the evaluation

The evaluation of the operating effectiveness of a control considers whether the person performing the control ______.

has the necessary level of experience with the company to perform the control effectively

has the necessary competence to perform the control effectively

is in a management or non-management position

has the necessary authority to perform the control effectively

has the necessary competence to perform the control effectively

has the necessary authority to perform the control effectively

Evidence on the operating effectiveness of a control may be obtained from ______.

both direct testing and ongoing monitoring

direct testing of the control only

ongoing monitoring only

neither direct testing nor ongoing monitoring

both direct testing and ongoing monitoring

The risk that a misstatement could result in a material misstatement of the financial statements is called a(n) _____ _____ risk.

financial reporting

The approach followed by management in choosing which locations to include in its assessment of internal control is a function of ______.

entity-level controls

when the locations were previously assessed

the number and size of existing locations

financial reporting risks at the locations

entity-level controls

financial reporting risks at the locations

If management finds any significant control deficiencies or material weaknesses, they should be reported to the ______.

board of directors

SEC

internal auditor

external auditor

audit committee

external auditor

audit committee

The evaluation of the _____ effectiveness of a control considers whether the person performing the control possesses the necessary authority and competence to perform the control effectively.

operating

Direct tests of controls

Ongoing monitoring

Match With

Performed by objective individuals

Performed by people using controls

Direct tests of controls:
Performed by objective individuals

Ongoing monitoring:
Performed by people using controls

When it comes to ICFR documentation management should ______.

focus on controls deemed adequate to address financial reporting risk

identify and document every control in a process

document all of the the business processes impacting ICFR

focus on controls deemed adequate to address financial reporting risk

True or false: In planning an integrated audit, the auditor should design separate tests of controls to accomplish the objectives of the audit of ICFR and the audit of financial statements.

False

Management's internal control assessment process involves special consideration of ______.

hiring practices

internal audit procedures

service organizations

safeguarding assets

service organizations

safeguarding assets

In evaluating the risk of material misstatement due to fraud and the risk of management override of controls, the auditor should consider controls ______.

related to significant management estimates

that increase incentives for management to inappropriately manage financial results

over related party transactions

related to significant management estimates

over related party transactions

Management's documentation of ICFR ______.

must be in electronic form

may exist in any form

must be in machine readable format

must be in hard copy form

may exist in any form

AS 2201 specifies that the "size and complexity of the company, its business processes and business units, ______ affect(s) the way in which the company achieves many of its control objectives."

should not

always

may

may

If a misstatement is detected by substantive procedures, the auditor should consider whether the control deficiency might affect the ______ on the audit of ICFR.

opinion

f a control deficiency is a material weakness, management must disclose it in its assessment of the effectiveness of ICFR, including ______.

the nature of the material weakness(es)

the cost of management's current plans for remediating the weakness

its impact on the entity's financial reporting and its ICFR

management's current plans, if any, for remediating the weakness

the nature of the material weakness(es)

its impact on the entity's financial reporting and its ICFR

management's current plans, if any, for remediating the weakness

In evaluating the risk of material misstatement due to fraud and the risk of management override of controls, the auditor should consider controls over _____.

journal entries and adjustments made in the period-end financial close

recurring transactions that are recorded monthly

significant, unusual transactions resulting in unusual journal entries

journal entries and adjustments made in the period-end financial close

significant, unusual transactions resulting in unusual journal entries

If the work of others is to be used, the auditor should assess the ______ and ______ of the persons whose work will be used.

objectivity, competence

Which of the following statements is correct?

The way a company achieves its control objectives is not affected by company size and complexity.

A small, less-complex company may achieve control objectives differently than a large company.

An auditor should not consider the size of the company when considering the company's internal control effectiveness.

A small, less-complex company may achieve control objectives differently than a large company.

Which of the following statements are true about the financial statement and ICFR audits?

Work must be planned to achieve both objectives.

Tests of controls should be done separately for the audits.

They must be performed at different times.

They have different objectives.

Work must be planned to achieve both objectives.

They have different objectives.

A major premise of AS 2201 is that _____ _____ underlines the entire audit of ICFR.

risk assessment

The auditor _____ use the work performed by internal auditors, entity personnel, and third parties hired by management or the audit committee.

can
cannot
should
must

can

Entity-level controls that require specific evaluation by the auditor are the _____.

interim financial reporting process

management compensation and evaluation processes

period-end financial reporting process

control environment

period-end financial reporting process

control environment

When evaluating the control environment, the auditor should assess whether _____.

management's philosophy and operating style promote effective ICFR

management understands and exercises oversight responsibility over financial reporting and internal control

sound integrity and ethical values are developed and understood

management's philosophy and operating style promote effective ICFR

sound integrity and ethical values are developed and understood

Due to the nature of spreadsheets, when an entity uses many of them as part of period-end closing financial statement preparation, there is a(n) _____ risk that controls over spreadsheets will not be effective.

decreased
minimal
increased

increased

To identify significant accounts and disclosures and their relevant assertions, the auditor assesses risk factors including _____.

reporting complexities

volume of activity

related party transactions

gains from asset disposals

changes from prior periods

reporting complexities

volume of activity

related party transactions

changes from prior periods

The auditor must test the effectiveness of _____ _____ controls because they can have a pervasive effective on the entity's ability to meet the COSO control criteria.

Entity Level

When evaluating the control environment, the auditor should assess whether ______.

the audit committee's philosophy and operating style promote effective ICFR

sound integrity and ethical values are developed and understood

the board understands and exercises oversight responsibility over financial reporting and internal control

sound integrity and ethical values are developed and understood

the board understands and exercises oversight responsibility over financial reporting and internal control

The best way to identify potential sources of misstatements is often _____.

identifying controls management has implemented to address misstatements

performing walkthroughs

using professional judgment to assess management's controls

testing entity-level controls

performing walkthroughs

The auditor's evaluation of the period-end financial reporting process should consider _____.

the extent of IT involvement

only the outputs of the processes used to produce financial statements

the number of locations involved

management oversight of the process

the extent of IT involvement

the number of locations involved

management oversight of the process

To identify significant accounts and disclosures and their relevant assertions, the auditor assesses risk factors including _____.

range of values

nature of the disclosure

account size and composition

target earnings per share

susceptibility to misstatement

nature of the disclosure

account size and composition

susceptibility to misstatement

The auditor ______ need to test all controls.

does
does not

does not

To perform a(n) _____ the auditor traces a transaction from origination all the way to its reflection in the entity's financial statements.

walkroughs

Controls that are important to the auditor's conclusion about whether the entity's controls sufficiently address the assessed risk of misstatement are often referred as ______ controls.

key

Once key controls have been identified, the auditor starts with evaluating their _____ effectiveness, which may also provide some evidence about _____ effectiveness.

design, operating

Tests of controls for ______ effectiveness include procedures such as inquiry, documentation inspection, observation and reperformance of the application of the control.

operating

Which of the following statements are correct regarding the timing of tests of controls?

Controls over significant nonroutine transactions must be tested continually throughout the year.

Some controls may operate after the "as of" date specified in the management report.

The auditor may obtain evidence about the operating effectiveness of a control at an interim date.

Some controls may operate after the "as of" date specified in the management report.

The auditor may obtain evidence about the operating effectiveness of a control at an interim date.

When deciding on the extent of testing, the auditor should consider the _____.

timing of the audit

other audit evidence

frequency of operation

importance of the control

nature of the control

frequency of operation

importance of the control

nature of the control

Which of the following statements are correct?

Auditors must evaluate whether to test preventive controls, detective controls or a combination of both.

When testing, auditors should focus on key controls.

Auditors must make decisions regarding which locations to test based on the presence of entity-level controls and financial reporting risk.

Identifying controls to be tested is an objective task that requires little professional judgment

Auditors must evaluate whether to test preventive controls, detective controls or a combination of both.

When testing, auditors should focus on key controls.

Auditors must make decisions regarding which locations to test based on the presence of entity-level controls and financial reporting risk

Which of the following statements is correct?

A single set of audit procedures should be used to test both the design and operating effectiveness of controls.

Evidence about the operating effectiveness of controls should never be based on procedures used to test design effectiveness.

Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness.

Audit procedures to test and evaluate the design effectiveness of controls might also provide some evidence about operating effectiveness.

A benchmarking strategy allows the auditor to _____.

rely on industry benchmarks for effectiveness of control

compare results to other clients within the firm

rely on previously tested automated control

compare to controls at other locations within the organization

rely on previously tested automated control

The audit of internal control uses ______ extensively, but it does not provide sufficient evidence to support the operating effectiveness of a control.

inquiry

inspection

reperformance

walkthrough

inquiry

The auditor must perform tests of controls over a period of time that is adequate to determine whether the significant controls were ______ as of the date indicated in management's report.

documented completely

operating effectively

designed effectively

operating effectively

When compared to automated controls, manual controls should be subjected to _____ testing.

less extensive

more extensive

the same level of

more extensive

If the results for testing a particular control were favorable in the prior year, and no changes were made to the control, the auditor might assess risk ______ testing this year.

lower and increase

higher and increase

lower and reduce

higher and reduce

lower and reduce

Which of the following statements are correct?

The severity of a control deficiency depends on its likelihood and magnitude.

Auditors are required to evaluate the severity of each control deficiency.

The assessment of the significance of a control deficiency depends on whether or not a misstatement has occurred.

The severity of a control deficiency depends on its likelihood and magnitude.

Auditors are required to evaluate the severity of each control deficiency.

If the auditor determines that a deficiency might prevent prudent officials in the conduct of their own affairs from concluding they have reasonable assurance that transactions are recorded as necessary to prepare financial statements in accordance with GAAP, the auditor should treat the deficiency as indication of a(n) ______ _____.

material weakness

If a material weakness cannot be corrected and/or properly tested before the "as of" date, ______.

both management and the auditor should issue a report that the ICFR is not operating effectively.

Written representations from management related to the audit of ICFR include management ______.

reliance on the work of the auditor in forming its assessment of ICFR effectiveness

responsibility for establishing and maintaining effective ICFR

conclusion about the effectiveness of the entity's ICFR as of a specified date

disclosure to the audit committee of all design and operational deficiencies

responsibility for establishing and maintaining effective ICFR

conclusion about the effectiveness of the entity's ICFR as of a specified date

The severity of a control deficiency depends on ______.

likelihood & number of misstatements

number of misstatements & magnitude

likelihood & magnitude

likelihood & magnitude

Factors that affect whether the magnitude of a misstatement might result in a(n) _____ _____ include (1) the financial statement amounts or total of transactions exposed to the deficiency and the (2) volume of transactions involved or expected.

material weakness

Audit documentation related to the audit of internal controls must include ______.

the extent of reliance on work performed by others

the evaluation of deficiencies discovered

the scope of testing

a discussion of PCAOB documentation standards

the extent of reliance on work performed by others

the evaluation of deficiencies discovered

the scope of testing

If one or more unremediated material weaknesses is identified, the auditor issues a(n) ______ opinion on the entity's internal control.

disclaimer of
qualified
unqualified
adverse

adverse

When an entity has a material weakness, it should take steps to correct it, which is referred to as _____.

remediation

If the auditor fails to obtain written representations from management, the auditor ______ opinion of ICFR.

cannot issue an unqualified

must issue an adverse

must disclaim an

cannot issue an unqualified

The auditor's report on the effectiveness of internal control must ______.

be issued as a separate report from the financial statement audit report

provide an opinion on whether the entity maintained effective ICFR throughout the financial statement audit period

contain the basis of the auditor's opinion

be addressed to the shareholders and board of directors

be addressed to the shareholders and board of directors

contain the basis of the auditor's opinion

Unless a longer period of time is required, PCAOB standards require the auditor to retain audit documentation for the ICFR and financial statement audit for ______ years.

5
10
7
3

...

After auditing the effectiveness of an entity's internal control, an auditor issues a(n) ______ ______ if the entity's internal control is designed and operating effectively in all material respects.

unqualified opinion

The phrase "All material respects" means that the entity's ICFR ______.

is free of any material weakness

has prevented and/or detected all material errors

does not have any significant deficiencies

is free of any material weakness

The presence of a material weakness in ICFR at the end of the period necessitates a(n) ______ assessment by management and a(n) ______ opinion by the auditor.

qualified, qualified

qualified, adverse

adverse, qualified

adverse, adverse

adverse, adverse

If the scope of the auditor's work is limited because of circumstances beyond the control of management or the auditor, the auditor's option are to ______.

withdraw from the engagement

disclaim an opinion

issue an adverse opinion

issue an unqualified opinion

withdraw from the engagement

disclaim an opinion

An unqualified opinion regarding the effectiveness of the entity's ICFR provides ______ assurance that the entity's controls are designed and operating effectively in all material respects as of the balance sheet date.

limited
reasonable
absolute

reasonable

True or false: If the auditor determines that elements of management's annual report on ICFR are incomplete or improperly presented, the auditor cannot issue a report on ICFR.

False

When the auditor issues an adverse opinion on internal control, ______ be issued on the financial statement audit.

an adverse opinion must

an unqualified opinion may

at least a qualified opinion must

a disclaimer of opinion must

an unqualified opinion may

The auditor's report on the effectiveness of internal control must ______.

provide an opinion on effective ICFR as of the specified date

contain the basis of management's opinion on the effectiveness of ICFR

have the same date as the financial statement audit report

be addressed to the management of the company

provide an opinion on effective ICFR as of the specified date

have the same date as the financial statement audit report

If circumstances beyond the control of management or the auditor limit the ____ of the auditor's work, the auditor should disclaim an opinion or withdraw from the engagement.

scope

The auditor's treatment of a(n) _____ event depends on whether the event reveals information about a material weakness that existed at the end of the reporting period or about a new condition that did not exist at the end of the reporting period.

subsquent

If the auditor determines that elements of management's annual report on ICFR are incomplete or improperly presented, the auditor should ______.

issue an adverse opinion

modify management's report so that it is complete and correct

disclaim an opinion

include an explanatory paragraph in the audit report

include an explanatory paragraph in the audit report

If the auditor believes that additional management information in its report of ICFR contains a material misstatement of fact the auditor should immediately ______.

discuss the matter with management

consult his or her legal counsel

notify the audit committee in writing

discuss the matter with management

The auditor has a responsibility to report on any changes in internal control that might affect financial reporting between the ______ and the date of the auditor's report.

date of the audit of ICFR

end of the reporting period

beginning of the reporting period

date of audit testing

end of the reporting period

If management remediates a material weakness after the "as of" date the auditor _____.

can provide an interim opinion regarding ICFR

should go back and revise the opinion originally issued as part of the audit

must make the entity wait until the following year to receive a clean opinion regarding ICFR

can provide an interim opinion regarding ICFR

Management may include additional information in its report on ICFR. In regards to such information the auditor should ______.

disclaim an opinion

only express an opinion the information includes a material misstatement of fact

always express an opinion

disclaim an opinion

In addition to material weaknesses and significant deficiencies, the auditor should communicate, in writing, to management all _____ deficiencies identified during the audit.

control

If management remediates a material weakness after the "as of" date, the auditor can provide a(n) _____ opinion

interim

If the auditor discovers fraud involving senior management while auditing ICFR, the auditor must communicate the matter directly to the _____.

appropriate law enforcement agency

internal audit department

appropriate regulatory agency

audit committee

audit committee

When companies use service organizations to process transactions, _____.

both management and the auditor must consider the service organization activities

the auditor cannot express an opinion about the effectiveness of operating controls

the service organization is considered part of the information and communication component of the entity's ICFR

an audit only can only be expressed if the auditor performs tests of controls at the service organization

both management and the auditor must consider the service organization activities

the service organization is considered part of the information and communication component of the entity's ICFR

Prior to the issuance of the auditor's report on ICFR, the auditor must communicate in writing to both management and the audit committee identified _____.

material weaknesses
control deficiencies
compensating controls
significant deficiencies

material weaknesses

significant deficiencies

AS5 defines policies and procedures that "provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposal of the entity's assets that could have a material effect on the financial statements as the _____ of assets.

safeguarding

The auditor's written communication about control deficiencies may indicate _____.

only that no significant deficiencies were noted during an audit of internal controls

only that no material weaknesses were identified

both that no material weaknesses were identified and no significant deficiencies were noted

only that no material weaknesses were identified

Programs that allow the auditor to perform tests on computer files and databases are referred to as GAS or _____ _____ ____.

Generalized Audit Software

Evidence about the operating effectiveness of controls at service organizations that are to relevant to management's assessment and the auditor's opinion ______

must be obtained from a service auditor's report on the design and operating effectiveness of of controls in operation at the service organization

must be obtained by performing tests of the user organization's controls over the activities of the service organization

must be obtained by performing tests of controls at the service organization

may be obtained by performing tests of obtaining a service auditor's report

may be obtained by performing tests of obtaining a service auditor's report

The failure of a preventive control (such as inventory tags) to safeguard assets ______ result in a significant deficiency or material weakness.

will always
may or may not
will never

may or may not

Which of the following was developed so that auditors could conduct computer-assisted audit techniques in different IT environments?

Generalized audit software

Customized audit software

Accounting software packages

IT customized software

Generalized audit software

Advantages of GAS include ______

limited IT expertise is required

ease of use

auditing can be done as the entity processes data

entire populations can be examined

limited IT expertise is required

ease of use

entire populations can be examined

If a significant deficiency of material weakness exists because of the audit committee's ineffective oversight, the auditor must communicate the specific deficiency or weakness, in writing, directly to the _____.

company CEO

appropriate regulatory agency

internal audit department

board of directors

board of directors

When auditors want to perform specific audit tasks, _____audit software is generally written.

custom

Test data can be used to check ______.

arithmetic calculations

data validation controls

the exclusion of transactions in records, files and reports

error detection routines

arithmetic calculations

data validation controls

error detection routines

Disadvantages of GAS include ______

it requires advance programming skills

data that is audited must be available in electronic form

it provides limited ability to verify programming logic

the time required to develop the application is usually short

data that is audited must be available in electronic form

it provides limited ability to verify programming logic

When an entity's computer system is not compatible with the auditor's GAS, the auditor should ____.

write custom audit software

not use software to conduct testing

rely on the entity's computer software

write custom audit software

Test data _____.

ensures the accuracy of computer processing of transactions

should include both valid and invalid data

is a time-effective method of testing

is not used to test processing-logic controls

ensures the accuracy of computer processing of transactions

should include both valid and invalid data

What should auditor do if there is material misstatement?

How do you prevent material misstatement?

How does auditor evaluate internal controls?

Which characteristics would concern an auditor about the risk of material misstatement?