CPAExcl 3-Internal Control

Question 1

List the disadvantages of Internal Control Questionnaires (ICQs) to document the auditor’s understanding of internal controls.

Answer 1

1. These are generic and not tailored to any client specifically;
2. Irrelevant questions may annoy clients;
3. Client might conceal deficiencies by incorrect answers

Question 2

What is the purpose of performing a walkthrough?

Answer 2

Obtain some feedback as to whether the way the auditor has understood (and documented) the entity’s internal controls is consistent with the way the entity is actually processing such transactions.

Question 3

Identify 3 ways auditors might document their understanding of internal controls?

Answer 3

Flowcharts of transaction cycles;

Internal control questionnaires;

Narrative write-ups (memos)

Question 4

List the disadvantages of narratives (memos) to document the auditor’s understanding of internal controls.

Answer 4

Writing such a memo is rather unstructured, lacking a systematic approach;

It may be rather easy to overlook relevant internal control issues

Question 5

Define transaction cycle.

Answer 5

A group of essentially homogeneous transactions, that is, transactions of the same basic type.

Question 6

List the advantages of Internal Control Questionnaires (ICQs) to document the auditor’s understanding of internal controls.

Answer 6

Can have a standard form for many clients;

Deficiencies are easily indicated by “no” answers

Question 7

List the disadvantages of flowcharts to document the auditor’s understanding of internal controls.

Answer 7

Tedious and time consuming to initially prepare;

Might fail to recognize deficiencies by getting overly absorbed in details

Question 8

Identify 3 procedures an auditor might perform to obtain an understanding of internal controls?

Answer 8

1. Inquiry of appropriate personnel
2. Observation of client’s activities
3. Review entity’s documentation of internal controls

Question 9

List the advantages of using flowcharts to document the auditor’s understanding of internal controls.

Answer 9

1. Systematic approach with emphasis on important accounting records
2. Tailored to client
3. Fairly easy for others to review and understand
4. Easy to update from year to year

Question 10

List the advantages of narratives (memos) to document the auditor’s understanding of internal controls.

Answer 10

1. Tailored to client;
2. Can be as detailed or as general as desired;
3. Easy to prepare;
4. Easy to read

Question 11

Identify 2 reasons for assessing control risk at the maximum level.

Answer 11

1. The auditor believes that the design of internal control is ineffective; or
2. The auditor believes that reliance on internal control (and performing applicable tests of control) is not an efficient audit strategy compared to a wholly substantive audit approach

Question 12

Identify 3 inherent limitations of internal controls?

Answer 12

1. Cost of controls should not exceed expected benefits
2. Mistakes may occur due to carelessness, fatigue, misjudgments, etc.
3. Segregation of duties may break down due to collusion or management override of internal controls

Question 13

When should the auditor assess the design effectiveness of internal control?

Answer 13

In planning every audit under GAAS, as a basis for determining the nature, timing, and extent of further audit procedures.

Question 14

When should the auditor assess the operating effectiveness of internal control?

Answer 14

Whenever the auditor contemplates a reliance strategy (which means the same thing as “assessing control risk at less than the maximum level”) and only after performing the appropriate tests of control.

Question 15

Define “internal control.”

Answer 15

A process - effected by those charged with governance, management, and other personnel - designed to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations.

Question 16

Identify 3 risk assessment procedures that might be used by an auditor to obtain an understanding of the entity and its environment, including its internal control.

Answer 16

1. Inquiries of management and others;
2. Observation and inspection;
3. Analytical procedures.

Question 17

Define the term risk assessment procedures.

Answer 17

Procedures performed to obtain an understanding of the entity and its environment, including its internal control.

Question 18

What is meant by the term risk assessment?

Answer 18

The policies and procedures involving the identification, prioritization, and analysis of relevant risks as a basis for managing those risks.

Question 19

What is meant by the term control environment?

Answer 19

The policies and procedures that determine the overall control consciousness of the entity, sometimes called “the tone at the top.”

Question 20

What is meant by the term information and communication systems?

Answer 20

The policies and procedures related to the identification, capture, and exchange of information in a form and time frame that enable people to carry out their responsibilities.

Question 21

What are the three objectives of internal control as identified in the definition of internal control?

Answer 21

1. Reliability of financial reporting
2. Effectiveness and efficiency of operations
3. Compliance with applicable laws and regulations

Question 22

What is meant by the term control activities?

Answer 22

The policies and procedures that help ensure that management directives are carried out especially those related to (1) segregation of duties, (2) physical controls, (3) authorization of transactions, (4) performance reviews, and (5) information processing.

Question 23

Identify the five interrelated components of internal controls.

Answer 23

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information and Communication systems
5. Monitoring

Question 24

What is meant by the term monitoring (as it relates to internal controls)?

Answer 24

The policies and procedures involving the ongoing assessment of the effectiveness of internal control over time.

Question 25

List some examples of appropriate responses by the auditor to risks of material misstatement at the financial statement level.

Answer 25

Assign more experienced staff to the engagement; Provide closer supervision; Use specialists; Use more unpredictable audit procedures.

Question 26

Define the term significant risks.

Answer 26

Risks that the auditor believes require special audit consideration.

Question 27

What specific matters should the auditor document regarding the auditor's assessment of the risks of material misstatement?

Answer 27

1. The discussion with key members of the audit team about the risks of material fraud and errors; 2. The major elements of the understanding of the five components of internal control; 3. The assessment of the risks of material misstatement (at the financial statement and relevant assertion levels) and the basis for that assessment; and 4. The risks identified and the related controls the auditor evaluated

Question 28

What is the auditor's responsibility for assessing the risk of material misstatement?

Answer 28

The auditor should identify and assess the risks of material misstatement (1) at the financial statement level and (2) at the relevant assertion level related to classes of transactions, account balances, and disclosures.

Question 29

When must tests of control be performed?

Answer 29

When the auditor's risk assessment includes an "expectation of the operating effectiveness of controls." Note that this is frequently referred to as "relying" on internal control as a partial basis for the auditor's conclusions, or "assessing control risk at less than the maximum level."

Question 30

What is meant by the term deficiency in operation?

Answer 30

When a properly designed control does not operate as designed, or when the person performing the control does not have the authority or competence to effectively perform the control.

Question 31

What is meant by the term deficiency in design?

Answer 31

When a control necessary to meet the control objective is missing, or when the control objective is not always met, even if the control operates as designed.

Question 32

Define material weakness.

Answer 32

A deficiency (or combination of deficiencies) in internal control such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented or detected and corrected on a timely basis.

Question 33

Describe the auditor's requirements for communicating deficiencies in an entity's internal controls?

Answer 33

1. The auditor must communicate in writing the significant deficiencies (including material weaknesses) identified in the audit; 2. The auditor may choose to communicate lesser matters, too.

Question 34

Describe the timing of the required communication of significant deficiencies in internal control.

Answer 34

Under AICPA professional standards, written communication is required no later than 60 days after the audit report release date (including matters communicated orally during the audit).

Question 35

Define "significant deficiency."

Answer 35

A deficiency (or combination of deficiencies) in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

Question 36

When using the work of the internal audit function to obtain audit evidence, what three matters should the external auditor evaluate?

Answer 36

1. Objectivity—the internal audit function's organizational status and the objectivity of the internal auditors; 2. Competence of the internal auditors; and 3. Whether the internal audit function applies a "systematic and disciplined approach, including quality control."

Question 37

What are the two ways the external auditor might use the work of an internal audit function?

Answer 37

1. To obtain audit evidence; and | 2. To provide direct assistance

Question 38

When using the internal audit function to provide direct assistance, what two matters should the external auditor evaluate?

Answer 38

1. Objectivity—the internal audit function's organizational status and the objectivity of the internal auditors; and 2. Competence of the internal auditors.

Question 39

Why isn't a "systematic and disciplined approach, including quality control" a relevant consideration when the external auditor uses an internal audit function to provide direct assistance?

Answer 39

Because the work performed by the internal audit function is subject to the external auditor's direction, supervision, and review.

Question 40

List some examples of major transaction cycles.

Answer 40

1. Revenue/receipts; 2. Expenditures/disbursements; 3. Payroll; 4. Inventory (especially for manufactured inventory); 5. Fixed assets; 6. Investing/financing

Question 41

What is meant by the term transaction cycle.

Answer 41

A group of essentially homogeneous transactions, that is, transactions of the same type.

Question 42

List the 3 categories of incompatible functions associated with segregations of duties.

Answer 42

1. Authorization of transactions (execution function); 2. Accounting (recordkeeping function); 3. Access to assets (custody function)

Question 43

Why do auditors emphasize transaction cycles?

Answer 43

Control risk is generally constant within a particular category of transactions as all transactions are processed the same way. So, the transaction cycle is the highest level of aggregation for which control risk may be viewed as a constant.

Question 44

How should employee responsibilities be allocated to facilitate a proper segregation of duties in the revenue/receipts (sales transactions) cycle?

Answer 44

1. Independent employee should review customer statements 2. Credit to customers is granted by independent department 3. Returns are accounted for by independent clerk in shipping/receiving area

Question 45

Identify the objectives of internal control related to revenue/receipts (sales transactions).

Answer 45

1. Goods and services provided in accordance with management's orders 2. Terms of sale are in accordance with management's orders 3. Credit terms and limits are properly established 4. Deliveries of goods and services result in accurate and timely billings 5. Sales discounts and billings are in accordance with management's authorization

Question 46

Identify the key accounting documents in the revenue/receipts (sales) transaction cycle, each of which should be pre-numbered.

Answer 46

1. Sales invoices; 2. Shipping documents for outbound shipments; 3. Receiving documents for inbound shipments including sales returns.

Question 47

List 2 access controls applicable to the revenue/receipts (sales transactions) business process.

Answer 47

1. Computer passwords limit access | 2. Cash receipts are handled by someone without access to accounts receivable record keeping

Question 48

Describe management's role in the execution of transactions controls in revenue/receipts (sales).

Answer 48

1. Management should review terms of sale and note approval. 2. Management should establish general approval of sales within certain limits and specifically approve sales over those limits. 3. Management should approve all adjusting journal entries

Question 49

List access controls that can be used in the Cash Receipts business cycle.

Answer 49

1. Employees with access to cash should be bonded | 2. Access to cash receipts should be limited to those authorized

Question 50

List some procedures used to ensure segregation of duties in the Cash Receipts business cycle.

Answer 50

To ensure segregation of duties, the following activities should be handled separately (by separate individuals): 1. Opening mail, handling checks received, and preparing remittance listing 2. Making deposit (daily) 3. Applying payments received to customer accounts 4. Preparing bank reconciliation on a timely basis.

Question 51

What control mechanisms can be used to ensure the appropriate execution of transactions in the Cash Receipts business cycle?

Answer 51

1. Adjusting journal entries should be approved by management 2. Bank reconciliations should be reviewed by management

Question 52

List the internal control objectives related to the Cash Receipts business cycle.

Answer 52

1. Access to cash receipts records and accounts receivable records is limited to authorized personnel 2. Detailed cash and account balance records are reconciled with control accounts and bank statements monthly 3. All cash receipts are recorded in period received.

Question 53

What comparison techniques can be used by the auditor to ensure appropriateness of transactions in the Cash Receipts business cycle?

Answer 53

1. Initial cash receipts listing (remittance listing) compared to total recorded in cash receipts journal and to bank deposit 2. Cash accounts reconciled to bank statements by independent person

Question 54

Identify the objectives of internal control related to the expenditures/disbursements transaction cycle.

Answer 54

1. Disbursements are for authorized expenditures as approved by management. 2. Disbursements are recorded at the proper amounts and classifications. 3. The supporting accounting records are agreed to the general ledger accounts. 4. Any adjusting journal entries are authorized by management. 5. Access to cash and disbursement records is limited to authorized personnel.

Question 55

What is the difference between an accounts payable system and a vouchers payable system?

Answer 55

An accounts payable system aggregates payables to identify the total owed to any individual vendor. A vouchers payable system keeps track of individual transactions for which payment is owed without summarizing the totals by vendor.

Question 56

List 2 access controls applicable to the expenditures/disbursements transaction cycle.

Answer 56

1. Cash disbursement employees should be bonded; | 2. Access to cash disbursements or related documents should be limited to authorized personnel

Question 57

What comparison techniques can be used by the auditor to ensure appropriateness of transactions in the Expenditure business cycle?

Answer 57

1. Compare suppliers' monthly statements with recorded payables 2. Compare purchase order to receiving document to vendor's invoice.

Question 58

List some procedures used to ensure segregation of duties in the Expenditure business cycle.

Answer 58

1. Separate purchasing department 2. Purchasing personnel independent from receiving and recording 3. Bank reconciliations are prepared by someone not having other involvement in handling cash receipts, disbursements, or record-keeping.

Question 59

Describe management's role in the execution of transactions controls over cash disbursements in the expenditures/disbursements transaction cycle.

Answer 59

1. All adjusting entries approved by management; 2. Only authorized personnel should be able to place an order for goods and services on the entity's behalf; 3. The department requesting the purchase should approve the goods or services received before payment is made

Question 60

Identify 3 access controls applicable to the payroll transaction cycle.

Answer 60

1. Access to personnel files should be limited to authorized personnel. 2. Access to payroll checks should be limited to authorized personnel. 3. Personnel with access to payroll checks should be bonded.

Question 61

What comparisons should be made within the entity to ensure the appropriateness of payroll transactions?

Answer 61

1. Payroll information should be periodically matched to information in personnel files; 2. Payroll checks should be compared to entries on the payroll register; 3. Amounts on the payroll register should be agreed to the applicable general ledger accounts

Question 62

Describe management's role in the execution of transactions controls in the payroll transaction cycle.

Answer 62

1. Payroll should be reviewed and approved by a responsible official. 2. Computations should be verified by an independent person. 3. Overtime payments should be approved by management. 4. Payroll for management should be appropriately reviewed and approved.

Question 63

Identify the objectives of internal control in the fixed assets transaction cycle.

Answer 63

1. Transactions are recorded accurately in accordance with management's authorization. 2. Estimates used to record depreciation, etc. are reasonable and consistent over time. 3. Assets are safeguarded with appropriate property insurance is in force. 4. Supporting details records are properly maintained. 5. Management should approve any adjusting journal entries

Question 64

Identify the objectives of internal control in the investing/financing transaction cycle.

Answer 64

1. Transactions are recorded accurately in accordance with management's authorization. 2. Investment assets should be reasonably secure from loss. 3. Supporting detailed records should be maintained and compared to general ledger. 4. Management should approve any adjusting journal entries.

Question 65

Identify the objectives of internal control related to the production/manufacturing inventory transaction cycle.

Answer 65

1. Resources obtained and used are accurately recorded timely 2. Transfers of finished goods are accurately recorded 3. Related expenditures are appropriately classified 4. Access to inventory is restricted to authorized personnel 5. Comparisons are made of actual inventory to recorded amounts

Question 66

Describe management's role in the execution of transactions controls in the production/manufacturing inventory transaction cycle.

Answer 66

1. Acquisition and distribution of inventory should be in accordance with management's authorization; 2. Should establish general approval of transactions with specified limits and require specific approval for amounts over those limits; 3. Management should approve any adjusting journal entries.

Question 67

How should employee responsibilities be allocated to facilitate a proper segregation of duties in the production/manufacturing inventory transaction cycle.?

Answer 67

1. Separate authorization, bookkeeping (recording), and custody of inventory 2. Sales returns should be counted by receiving clerk, who prepares an appropriate receiving document.