Chapter 6 Performing an Int

Chapter 6: Performing an Integrated Audit

Student: ___________________________________________________________________________

1. A company with a strong control environment demonstrates a culture of high integrity and ethics.

True False

2. The requirement to report on internal control placed on public companies resulted from one particular type of

internal control breakdown: front line employees of some major public companies overrode their control

systems and issued misleading financial statements.

True False

3. During the course of the audit, the auditor should continually gather and update information on business risk,

including the identification of any fraud risk factors noted during preliminary audit planning.

True False

4. The auditor should not attempt to analyze potential management motivations to misstate account balances

since auditor is an accounting expert and not expected to perform behavioral assessments.

True False

5. Substantive procedures performed by the auditor will include procedures to address fraud risks.

True False

6. Recent research by COSO reinforces the concept that the control environment is not a very important factor

associated with fraud

True False

7. A material weakness in internal control is a deficiency in the design or operation of the control that adversely

affects the company’s ability to initiate, record, process or report external financial data reliably in accordance

with GAAP.

True False

8. The concept of reasonable assurance regarding controls recognizes that the benefits of internal controls

should not exceed the cost.

True False

9. The auditor is required to report material weaknesses in internal control to the audit committee.

True False

10. In an integrated audit both management and the auditor are required to report on the fairness of the internal

control of the company.

True False

11. The purpose of tests of controls is to determine that account balances are properly stated.

True False

12. The purpose of the auditor consideration of the strength of internal controls is to determine the nature, extent

and timing of substantive testing.

True False

13. Pervasive controls are those that affect the processing of specific computer applications of the client.

True False

14. In an integrated audit the auditor is responsible to only form an opinion on the fairness of the financial

statements.

True False

15. If the auditor finds material weaknesses in the internal controls of the client a qualified report would be

issued.

True False

16. The auditor’s report on the internal controls and the financial statements of the client are required to be

reported in the same report.

True False

17. The major changes in guidance since the original issuance of AS 2 include encouragement to both

management and auditors to implement a top down, risk-based approach.

True False

18. Internal control reporting must be based on evidence of both the design and the operation of internal

controls.

True False

19. In an integrated audit the auditor is required to issue two separate reports. One on the fairness of the internal

controls and a second on the fairness of the financial statements.

True False

20. In an integrated audit the auditor is required to issue a report expressing an opinion on management’s

assessment of the effectiveness of controls.

True False

21. If management’s report on internal control indicates one or more material weaknesses, the auditor would

express an adverse opinion on the internal controls.

True False

22. If management’s report on internal control indicates a material weakness, the auditor would express a

qualified opinion on the internal controls.

True False

23. The auditor is responsible to understand the controls of the client and to test all of its controls in the process

of evaluating the strength of the internal control system.

True False

24. Controls of the client that the auditor expects to depend upon in reducing substantive testing must be tested.

True False

25. A risk-based approach to an integrated audit requires auditors to consider the materiality of account

balances and processes along with the risks that the account balance may be misstated

True False

26. Controls for all assertions need not be tested if the auditor believes that a misstatement related to a particular

assertion would not be material.

True False

27. The direct tests of account balances are determined, in large part, by the specific nature of the identified

control deficiencies.

True False

28. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial

reporting that is more severe than a material weakness.

True False

29. In evaluating the strength of internal control in determining the nature, timing and extent of substantive

audit evidence to collect the auditor must form their own independent assessment. Audit evidence cannot be

reduced based upon the work of the internal auditor.

True False


audit evidence to collect the auditor must form their own independent assessment. Audit evidence can be

reduced based upon the effectiveness of management’s monitoring controls.

True False

31. The assessment of internal control is at the end of the client’s reporting period. There is often an opportunity

to correct a deficiency before the end of the year if it is identified early enough.

True False

32. If the auditor finds material weaknesses in the internal controls of the client an adverse report would be

issued.

True False

33. The size of the account (materiality) influences, but does not totally dictate, whether substantive testing

should be performed.`

True False

34. To some extent, the external auditor can rely on some of the company‘s evaluation and/or testing of

controls, particularly work performed by a competent and independent internal audit function.

True False

35. The external auditor can never rely to any extent on some of the company‘s evaluation and/or testing of

controls, even when performed by a competent and independent internal audit function.

True False

36. No matter how low control risk is assessed, some substantive testing of account balances must be conducted

for material account balances.

True False

37. Under AS 5, the auditor’s objective in an audit of internal control over financial reporting is to express an

opinion on the effectiveness of the company’s internal control over financial reporting.

True False

38. In an integrated audit the auditor conducts their audit of the internal controls of the company in accordance

with the standards of COSO, which requires reasonable assurance of maintenance in material respects.

True False

39. In an integrated audit an unqualified opinion on the internal controls over financial reporting can be issued

by the auditor if no misstatements are found in the financial statement audit.

True False

40. Management is responsible to document the COSO control elements, especially the control environment,

risk analysis, and monitoring.

True False

41. The financial competencies needed by an organization are directly correlated with the complexity of

transactions in which the company engages and the size of the company.

True False

42. Once a company establishes that it has effective internal control over processes, monitoring can be effective

by assuring that any changes made to the processes are fully documented and tested and that controls have not

deteriorated.

True False

43. Regardless of the level of assessed control risk, the auditor must conduct some substantive procedures for

material account balances.

True False

44. In the risk-based audit approach the control environment serves as the first line of defense in mitigating the

risks that a company has to manage.

True False

45. Management’s evaluation of internal controls often presents opportunities to improve both the quality of

controls and the efficiency of processing.

True False

46. A company with a strong control environment demonstrates which of the following:

A. a culture of high integrity and ethics.

B. a commitment to financial reporting competencies.

C. an independent, active, and knowledgeable audit committee.

D. all of the above.


material account balances. These procedures may include which of the following.

A. input from the audit team‘s brainstorming analysis regarding potential for fraud.

B. the size of the account balance.

C. how IT affects the company's flow of transactions.


48. Research has found that the most fraudulent financial reporting, such as misleading reporting was

perpetrated by which of the following.

A. lower-level employees.

B. external auditors.

C. internal auditors.

D. senior management.

49. The auditor considers internal control in order to determine

A. the nature, timing and extent of substantive testing to perform.

B. inherent risk in an account balance.

C. an acceptable level of control risk for an account balance.

D. Both B and C.

50. For the auditor to assess control risk for account balances at less than the maximum

A. no significant weaknesses must have occurred.

B. the internal auditor must test and evaluate some of the controls.

C. the external auditor must test and evaluate some of the controls.

D. management must test and evaluate some of the controls.

51. Under what circumstance is it appropriate for the auditor to rely on the work of an internal auditor?

A. It is never acceptable for the external auditor to rely upon the work of the internal auditor.

B. The external auditor may relay on certain of the work of the internal auditor after making a comprehensive

assessment of the auditor and his/her work.

C. The external auditor may rely on the work of the internal auditor if he/she is also a CPA.

D. There is no restriction in relying upon the work of internal auditors.

52. The risk-based audit approach requires the auditor to identify

A. account balances or related disclosures that might be materially misstated.

B. potential causes of the misstatement.

C. important processes that may affect one or more account balances.


53. An adverse report on internal controls is rendered when the auditor finds

A. a significant weakness in the internal controls of the client.

B. a material weakness in the internal controls of the client.

C. a deficiency in operation of the internal controls of the client.

D. all of the above would result in an adverse opinion.

54. The amount of direct testing to be performed by the auditor is directly related to

A. audit risk

B. business risk.

C. subjectivity of account balances.

D. both B and C.

55. The amount of direct testing to be performed by the auditor is inversely related to

A. audit risk.

B. enterprise risk.

C. subjectivity of accounting process.

D. materiality of account balance.

56. If the auditor assesses control risk dealing with account balances as being weak, the effect on residual risk is

to

A. reduce residual risk.

B. increase residual risk.

C. no effect on residual risk.

D. either A or B depending upon presence or absence of significant deficiencies.

57. In evaluating the extent to which the external auditor can rely on the work of the internal auditor, which of

the following factors would the external auditor consider?

A. The independence of the function from management.

B. The design and comprehensiveness of the internal audit testing approach.

C. The documentation of the internal audit testing.

D. All would be considered.

58. If the auditor finds a material weakness in the controls of the client, it represents a deficiency in the design

or operation of a control

A. that adversely affects the company’s ability to initiate, record, process, or report external financial data

reliably in accordance with GAAP.

B. that negatively affects the company’s ability to initiate, record, process, or report external financial data


C. that results in a remote possibility that a material misstatement of the annual or interim financial statements

will not be prevented or detected.

D. that results in a reasonable possibility that a material misstatement of the annual or interim financial

statements will not be prevented or detected.

59. In planning the audit, auditors assess control risk for

A. each relevant assertion.

B. important classes of transactions.

C. significant account balances.


60. When would the auditor issue an unqualified opinion on the internal controls of a client?

A. No material weaknesses in internal controls are found.

B. No significant deficiencies in internal controls are found.

C. No errors are found in the account balances of the client.

D. Either A or B.

61. Which assertions and controls must be tested by the auditor?

A. All controls and assertions must be tested.

B. A sample of controls and assertions must be tested.

C. Material controls and assertions must be tested.

D. The majority of controls and assertions of the client must be tested.

62. In examining controls for transactions and events, which of the following assertions would be included:

A. occurrence.

B. completeness.

C. valuation.

D. all are included.

63. Which of the following is not correct about the performance of tests of controls?

A. Tests of controls must be performed for every account.

B. Some tests of controls must be performed to rely upon controls to reduce substantive testing.

C. The work of the internal auditor can be used to reduce substantive testing.

D. All of the above are correct.

64. In evaluating residual risk of account balances, tests of controls by the auditor involves the assessment of

A. the design of controls.

B. the operation of controls.

C. the strength of the control environment.

D. all of the above

65. In assessing internal controls the auditor is suppose to apply the concept of reasonable assurance, which

indicates that

A. there should be a clear separation of duties between personnel who authorize, record, and hold assets.

B. the costs of a control should not exceed its benefits.

C. testing of the controls should provide assurance that they work most of the time.

D. testing of the controls should provide reasonable assurance that they are working properly.

66. Which of the following statements about internal control is not correct?

A. The costs of the control should not exceed the benefits.

B. The auditor’s assessment of detection risk is inversely related to the assessment of control risk.

C. Stronger internal controls result in an increase in the number of required substantive audit procedures.

D. Management is responsible for the maintenance of internal control.

67. When assessing the client which of the following factors is considered pervasive and creates both an attitude

and culture that affects the client‘s reporting system, the process of recording transactions, and the process of

making estimates and adjustments.

A. The control environment.

B. Audit testing of processes and controls.

C. Design and operation of controls.

D. Inherent and control risk.

68. Segregation of duties deals with the segregation of which functions?

A. Recording and physical custody of assets.

B. Authorizing and recording assets.

C. Authorizing, recording, and physical custody of assets.

D. Authorizing, recording, physical custody, and access to assets.

69. If the auditor’s assessment of audit risk is low (e.g., 1% rather than 5%), what is the effect on the amount of

direct testing performed by the auditor?

A. Increase in direct testing.

B. Decrease in direct testing

C. No change in direct testing.

D. Direct testing is not needed.

70. If the auditor’s assessment of an account balance is material, what is the effect on the amount of direct

testing performed by the auditor?





71. If the auditor’s assessment of an internal control is that it is effective, what is the effect on the amount of



B. decrease in direct testing



72. Large public company audited financial statements are required to be accompanied by:

A. management’s report on internal control over financial reporting.

B. an external audit report on the financial statements and the effectiveness of internal control over financial

reporting.

C. the internal auditor’s report on the financial statements.

D. both A and B.

E. all of the above.

73. Control deficiencies result when there are deficiencies in the design or operation of controls and may result

in

A. reportable deficiencies.

B. significant deficiencies.

C. material weaknesses.

D. either B or C.


74. In an integrated audit the auditor must test the controls of all material processes of the client unless

A. substantive testing would be more effective and efficient.

B. the controls were in place last year.

C. there have been changes to the controls during the year.

D. the design of the control would not prevent material misstatements.

75. Even though there was a material weakness in internal control, management of the company issues an

unqualified report. What types of report(s) would the auditor issue?

A. An adverse opinion on management’s assessment of internal control and in their report on internal control.

B. An unqualified opinion on management’s assessment of internal control and an adverse opinion in their

report on internal control.

C. An unqualified opinion on management’s assessment of internal control and in their report on internal

control.

D. An adverse opinion on management’s assessment of internal control and an unqualified report on internal

control.

76. In an integrated audit the auditor’s report on internal control does not require the statement that

A. the audit was conducted in accordance with AICPA auditing standards.

B. management is responsible for maintaining effective internal control.

C. used COSO’s internal control framework.

D. a reasonable basis exists for their opinion.

77. Which of the following factor(s) is considered by the auditor in evaluating the potential for residual risk

remaining in an account balance or class of transactions?

A. Sources of potential misstatement.

B. Extent of potential misstatement.

C. Type of potential misstatement.

D. All of the above should be considered.

78. Which of the following is not one of the phases in planning an integrated audit?

A. identifying and assessing business risk.

B. documenting all controls.

C. assessing fraud risk.

D. determining the most efficient manner in which to conduct an integrated audit.

79. Ultimately, the starting point of the integrated audit should be to understand all of the following except

A. the risks that the business faces in meeting its objectives, with a focus on the objective of accurate financial

reporting

B. the incentives that may motivate management or other employees to misstate the financial statements

C. the risks inherent in important business processes

D. the results of direct account substantive testing

80. The auditor could assess control risk for an account at the maximum when

A. immaterial control deficiencies exists in the account.

B. significant control deficiencies exists in an account.

C. material weaknesses exists in an account.

D. both A and B.

81. In an integrated audit, the amount of direct testing of account balances is inversely related to

A. subjectivity of estimates.

B. riskiness of the account.

C. effectiveness of internal control.

D. materiality of the account.

82. The types of opinion on internal control that may be issued are

A. Unqualified.

B. Qualified.

C. Adverse.

D. Either A or C.

E. All of the above.

83. Indicate the proper sequence of steps in planning an integrated audit:

1. Consider the Possibility of Account Misstatements.

2. Complete Preliminary Analytical Procedures.

3. Identify Controls to Test.

4. Update Information about Various Risks.

5. Understand the Client’s Internal Controls.

A. 4, 2, 3, 5, 1

B. 4, 1, 2, 5, 3

C. 1, 4, 5, 2, 3

D. 1, 4, 2, 5, 3

84. The probability that an account balance might be misstated after processes are complete and internal

controls have been applied is

A. residual risk.

B. business risk.

C. audit risk.

D. control risk.

85. Direct testing examines

A. Controls.

B. Processes.

C. Account balances.

D. Both A and C.

86. Reporting requirements

Discuss the reporting requirements of an integrated audit under Sarbanes Oxley Act for both management and

the auditor.


Discuss elements that should be included in the auditor’s unqualified report.

88. Planning an integrated audit

Discuss the different steps and phases that are required in planning an integrated audit.

89. Changes in guidance

What are the major changes in guidance since the original issuance of AS 2.

90. Integrated Audit

The framework for audit evidence in an integrated audit contains several key elements for the auditor to

consider. Identify and discuss these key elements.

91. Identifying audit work

What are the fundamental questions that the auditor must address to determine the optimal amount of audit

work.

92. Risk-based audit approach

In conducting an integrated audit, discuss the potential effect of management’s monitoring controls on the

auditor’s determination of the amount of direct testing of account balances that may be needed.

Chapter 6: Performing an Integrated Audit Key

1. A company with a strong control environment demonstrates a culture of high integrity and ethics.

TRUE

2. The requirement to report on internal control placed on public companies resulted from one particular type of

internal control breakdown: front line employees of some major public companies overrode their control

systems and issued misleading financial statements.

FALSE

3. During the course of the audit, the auditor should continually gather and update information on business risk,

including the identification of any fraud risk factors noted during preliminary audit planning.

TRUE

4. The auditor should not attempt to analyze potential management motivations to misstate account balances

since auditor is an accounting expert and not expected to perform behavioral assessments.

FALSE

5. Substantive procedures performed by the auditor will include procedures to address fraud risks.

TRUE

6. Recent research by COSO reinforces the concept that the control environment is not a very important factor

associated with fraud

FALSE

7. A material weakness in internal control is a deficiency in the design or operation of the control that adversely

affects the company’s ability to initiate, record, process or report external financial data reliably in accordance

with GAAP.

FALSE

8. The concept of reasonable assurance regarding controls recognizes that the benefits of internal controls

should not exceed the cost.

FALSE

9. The auditor is required to report material weaknesses in internal control to the audit committee.

TRUE

10. In an integrated audit both management and the auditor are required to report on the fairness of the internal

control of the company.

TRUE

11. The purpose of tests of controls is to determine that account balances are properly stated.

FALSE

12. The purpose of the auditor consideration of the strength of internal controls is to determine the nature, extent

and timing of substantive testing.

TRUE

13. Pervasive controls are those that affect the processing of specific computer applications of the client.

FALSE

14. In an integrated audit the auditor is responsible to only form an opinion on the fairness of the financial

statements.

FALSE

15. If the auditor finds material weaknesses in the internal controls of the client a qualified report would be

issued.

FALSE

16. The auditor’s report on the internal controls and the financial statements of the client are required to be

reported in the same report.

FALSE

17. The major changes in guidance since the original issuance of AS 2 include encouragement to both

management and auditors to implement a top down, risk-based approach.

TRUE

18. Internal control reporting must be based on evidence of both the design and the operation of internal

controls.

TRUE

19. In an integrated audit the auditor is required to issue two separate reports. One on the fairness of the internal

controls and a second on the fairness of the financial statements.

FALSE

20. In an integrated audit the auditor is required to issue a report expressing an opinion on management’s

assessment of the effectiveness of controls.

TRUE

21. If management’s report on internal control indicates one or more material weaknesses, the auditor would

express an adverse opinion on the internal controls.

TRUE

22. If management’s report on internal control indicates a material weakness, the auditor would express a

qualified opinion on the internal controls.

FALSE

23. The auditor is responsible to understand the controls of the client and to test all of its controls in the process

of evaluating the strength of the internal control system.

FALSE

24. Controls of the client that the auditor expects to depend upon in reducing substantive testing must be tested.

TRUE

25. A risk-based approach to an integrated audit requires auditors to consider the materiality of account

balances and processes along with the risks that the account balance may be misstated

TRUE

26. Controls for all assertions need not be tested if the auditor believes that a misstatement related to a particular

assertion would not be material.

TRUE

27. The direct tests of account balances are determined, in large part, by the specific nature of the identified

control deficiencies.

TRUE

28. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial

reporting that is more severe than a material weakness.

FALSE


audit evidence to collect the auditor must form their own independent assessment. Audit evidence cannot be

reduced based upon the work of the internal auditor.

FALSE


audit evidence to collect the auditor must form their own independent assessment. Audit evidence can be

reduced based upon the effectiveness of management’s monitoring controls.

TRUE

31. The assessment of internal control is at the end of the client’s reporting period. There is often an opportunity

to correct a deficiency before the end of the year if it is identified early enough.

TRUE

32. If the auditor finds material weaknesses in the internal controls of the client an adverse report would be

issued.

TRUE

33. The size of the account (materiality) influences, but does not totally dictate, whether substantive testing

should be performed.`

TRUE

34. To some extent, the external auditor can rely on some of the company‘s evaluation and/or testing of

controls, particularly work performed by a competent and independent internal audit function.

TRUE

35. The external auditor can never rely to any extent on some of the company‘s evaluation and/or testing of

controls, even when performed by a competent and independent internal audit function.

FALSE

36. No matter how low control risk is assessed, some substantive testing of account balances must be conducted

for material account balances.

TRUE

37. Under AS 5, the auditor’s objective in an audit of internal control over financial reporting is to express an

opinion on the effectiveness of the company’s internal control over financial reporting.

TRUE

38. In an integrated audit the auditor conducts their audit of the internal controls of the company in accordance

with the standards of COSO, which requires reasonable assurance of maintenance in material respects.

FALSE

39. In an integrated audit an unqualified opinion on the internal controls over financial reporting can be issued

by the auditor if no misstatements are found in the financial statement audit.

FALSE

40. Management is responsible to document the COSO control elements, especially the control environment,

risk analysis, and monitoring.

TRUE

41. The financial competencies needed by an organization are directly correlated with the complexity of

transactions in which the company engages and the size of the company.

TRUE

42. Once a company establishes that it has effective internal control over processes, monitoring can be effective

by assuring that any changes made to the processes are fully documented and tested and that controls have not

deteriorated.

TRUE


material account balances.

TRUE

44. In the risk-based audit approach the control environment serves as the first line of defense in mitigating the

risks that a company has to manage.

TRUE

45. Management’s evaluation of internal controls often presents opportunities to improve both the quality of

controls and the efficiency of processing.

TRUE

46. A company with a strong control environment demonstrates which of the following:

A. a culture of high integrity and ethics.

B. a commitment to financial reporting competencies.

C. an independent, active, and knowledgeable audit committee.



material account balances. These procedures may include which of the following.

A. input from the audit team‘s brainstorming analysis regarding potential for fraud.

B. the size of the account balance.

C. how IT affects the company's flow of transactions.


48. Research has found that the most fraudulent financial reporting, such as misleading reporting was

perpetrated by which of the following.

A. lower-level employees.

B. external auditors.

C. internal auditors.

D. senior management.

49. The auditor considers internal control in order to determine

A. the nature, timing and extent of substantive testing to perform.

B. inherent risk in an account balance.

C. an acceptable level of control risk for an account balance.

D. Both B and C.

50. For the auditor to assess control risk for account balances at less than the maximum

A. no significant weaknesses must have occurred.

B. the internal auditor must test and evaluate some of the controls.

C. the external auditor must test and evaluate some of the controls.

D. management must test and evaluate some of the controls.

51. Under what circumstance is it appropriate for the auditor to rely on the work of an internal auditor?

A. It is never acceptable for the external auditor to rely upon the work of the internal auditor.

B. The external auditor may relay on certain of the work of the internal auditor after making a comprehensive

assessment of the auditor and his/her work.

C. The external auditor may rely on the work of the internal auditor if he/she is also a CPA.

D. There is no restriction in relying upon the work of internal auditors.

52. The risk-based audit approach requires the auditor to identify

A. account balances or related disclosures that might be materially misstated.

B. potential causes of the misstatement.

C. important processes that may affect one or more account balances.


53. An adverse report on internal controls is rendered when the auditor finds

A. a significant weakness in the internal controls of the client.

B. a material weakness in the internal controls of the client.

C. a deficiency in operation of the internal controls of the client.

D. all of the above would result in an adverse opinion.

54. The amount of direct testing to be performed by the auditor is directly related to

A. audit risk

B. business risk.

C. subjectivity of account balances.

D. both B and C.

55. The amount of direct testing to be performed by the auditor is inversely related to

A. audit risk.

B. enterprise risk.

C. subjectivity of accounting process.

D. materiality of account balance.

56. If the auditor assesses control risk dealing with account balances as being weak, the effect on residual risk is

to

A. reduce residual risk.

B. increase residual risk.

C. no effect on residual risk.

D. either A or B depending upon presence or absence of significant deficiencies.

57. In evaluating the extent to which the external auditor can rely on the work of the internal auditor, which of

the following factors would the external auditor consider?

A. The independence of the function from management.

B. The design and comprehensiveness of the internal audit testing approach.

C. The documentation of the internal audit testing.

D. All would be considered.

58. If the auditor finds a material weakness in the controls of the client, it represents a deficiency in the design

or operation of a control

A. that adversely affects the company’s ability to initiate, record, process, or report external financial data


B. that negatively affects the company’s ability to initiate, record, process, or report external financial data


C. that results in a remote possibility that a material misstatement of the annual or interim financial statements

will not be prevented or detected.

D. that results in a reasonable possibility that a material misstatement of the annual or interim financial

statements will not be prevented or detected.

59. In planning the audit, auditors assess control risk for

A. each relevant assertion.

B. important classes of transactions.

C. significant account balances.


60. When would the auditor issue an unqualified opinion on the internal controls of a client?

A. No material weaknesses in internal controls are found.

B. No significant deficiencies in internal controls are found.

C. No errors are found in the account balances of the client.

D. Either A or B.

61. Which assertions and controls must be tested by the auditor?

A. All controls and assertions must be tested.

B. A sample of controls and assertions must be tested.

C. Material controls and assertions must be tested.

D. The majority of controls and assertions of the client must be tested.

62. In examining controls for transactions and events, which of the following assertions would be included:

A. occurrence.

B. completeness.

C. valuation.

D. all are included.

63. Which of the following is not correct about the performance of tests of controls?

A. Tests of controls must be performed for every account.

B. Some tests of controls must be performed to rely upon controls to reduce substantive testing.

C. The work of the internal auditor can be used to reduce substantive testing.

D. All of the above are correct.

64. In evaluating residual risk of account balances, tests of controls by the auditor involves the assessment of

A. the design of controls.

B. the operation of controls.

C. the strength of the control environment.

D. all of the above

65. In assessing internal controls the auditor is suppose to apply the concept of reasonable assurance, which

indicates that

A. there should be a clear separation of duties between personnel who authorize, record, and hold assets.

B. the costs of a control should not exceed its benefits.

C. testing of the controls should provide assurance that they work most of the time.

D. testing of the controls should provide reasonable assurance that they are working properly.

66. Which of the following statements about internal control is not correct?

A. The costs of the control should not exceed the benefits.

B. The auditor’s assessment of detection risk is inversely related to the assessment of control risk.

C. Stronger internal controls result in an increase in the number of required substantive audit procedures.

D. Management is responsible for the maintenance of internal control.

67. When assessing the client which of the following factors is considered pervasive and creates both an attitude

and culture that affects the client‘s reporting system, the process of recording transactions, and the process of

making estimates and adjustments.

A. The control environment.

B. Audit testing of processes and controls.

C. Design and operation of controls.

D. Inherent and control risk.

68. Segregation of duties deals with the segregation of which functions?

A. Recording and physical custody of assets.

B. Authorizing and recording assets.

C. Authorizing, recording, and physical custody of assets.

D. Authorizing, recording, physical custody, and access to assets.

69. If the auditor’s assessment of audit risk is low (e.g., 1% rather than 5%), what is the effect on the amount of






70. If the auditor’s assessment of an account balance is material, what is the effect on the amount of direct

testing performed by the auditor?





71. If the auditor’s assessment of an internal control is that it is effective, what is the effect on the amount of



B. decrease in direct testing



72. Large public company audited financial statements are required to be accompanied by:

A. management’s report on internal control over financial reporting.

B. an external audit report on the financial statements and the effectiveness of internal control over financial

reporting.

C. the internal auditor’s report on the financial statements.

D. both A and B.


73. Control deficiencies result when there are deficiencies in the design or operation of controls and may result

in

A. reportable deficiencies.

B. significant deficiencies.

C. material weaknesses.

D. either B or C.


74. In an integrated audit the auditor must test the controls of all material processes of the client unless

A. substantive testing would be more effective and efficient.

B. the controls were in place last year.

C. there have been changes to the controls during the year.

D. the design of the control would not prevent material misstatements.

75. Even though there was a material weakness in internal control, management of the company issues an

unqualified report. What types of report(s) would the auditor issue?

A. An adverse opinion on management’s assessment of internal control and in their report on internal control.

B. An unqualified opinion on management’s assessment of internal control and an adverse opinion in their

report on internal control.

C. An unqualified opinion on management’s assessment of internal control and in their report on internal

control.

D. An adverse opinion on management’s assessment of internal control and an unqualified report on internal

control.

76. In an integrated audit the auditor’s report on internal control does not require the statement that

A. the audit was conducted in accordance with AICPA auditing standards.

B. management is responsible for maintaining effective internal control.

C. used COSO’s internal control framework.

D. a reasonable basis exists for their opinion.

77. Which of the following factor(s) is considered by the auditor in evaluating the potential for residual risk

remaining in an account balance or class of transactions?

A. Sources of potential misstatement.

B. Extent of potential misstatement.

C. Type of potential misstatement.

D. All of the above should be considered.

78. Which of the following is not one of the phases in planning an integrated audit?

A. identifying and assessing business risk.

B. documenting all controls.

C. assessing fraud risk.

D. determining the most efficient manner in which to conduct an integrated audit.

79. Ultimately, the starting point of the integrated audit should be to understand all of the following except

A. the risks that the business faces in meeting its objectives, with a focus on the objective of accurate financial

reporting

B. the incentives that may motivate management or other employees to misstate the financial statements

C. the risks inherent in important business processes

D. the results of direct account substantive testing

80. The auditor could assess control risk for an account at the maximum when

A. immaterial control deficiencies exists in the account.

B. significant control deficiencies exists in an account.

C. material weaknesses exists in an account.

D. both A and B.

81. In an integrated audit, the amount of direct testing of account balances is inversely related to

A. subjectivity of estimates.

B. riskiness of the account.

C. effectiveness of internal control.

D. materiality of the account.

82. The types of opinion on internal control that may be issued are

A. Unqualified.

B. Qualified.

C. Adverse.

D. Either A or C.

E. All of the above.

83. Indicate the proper sequence of steps in planning an integrated audit:

1. Consider the Possibility of Account Misstatements.

2. Complete Preliminary Analytical Procedures.

3. Identify Controls to Test.

4. Update Information about Various Risks.

5. Understand the Client’s Internal Controls.

A. 4, 2, 3, 5, 1

B. 4, 1, 2, 5, 3

C. 1, 4, 5, 2, 3

D. 1, 4, 2, 5, 3

84. The probability that an account balance might be misstated after processes are complete and internal

controls have been applied is

A. residual risk.

B. business risk.

C. audit risk.

D. control risk.

85. Direct testing examines

A. Controls.

B. Processes.

C. Account balances.

D. Both A and C.


Discuss the reporting requirements of an integrated audit under Sarbanes Oxley Act for both management and

the auditor.

Management is responsible to issue a report assessing the effectiveness of the company’s internal controls over

financial reporting.

The auditor is responsible to issue three reports:

1) express an opinion on management’s assertion of the effectiveness of the company’s internal controls over

financial reporting.

2) express an opinion about the effectiveness of the company’s internal controls over financial reporting.

3) express an opinion on the fairness of the financial statements in accordance with GAAP.


Discuss elements that should be included in the auditor’s unqualified report.

The auditors unqualified report should contain the following elements:

-The internal control report is contained in the same report that contains the opinion on the financial statements.

An acceptable alternative is to issue two reports: one on the financial statements and the other on internal

controls. However, if separate reports are issued, each report must refer to the other report.

-The auditor provides an opinion on the effectiveness of internal control in the context of agreed upon criteria,

that is, the COSO Internal Control, Integrated Framework.

-The auditor recognizes and conveys to users that there are limitations of internal control that can affect its

effectiveness in the future.

88. Planning an integrated audit

Discuss the different steps and phases that are required in planning an integrated audit.

The planning of an integrated audit consists of five phases:

Phase 1 & 2

Update Information about Various Risks.

Consider the Possibility of Account Misstatements.

Complete Preliminary Analytical Procedures.

Understand the Client’s Internal Controls.

Phase 3 & 4

Identify controls to test.

Make a plan to test the controls and execute that plan.

Consider the results of control testing.

Conduct substantive audit tests.

89. Changes in guidance

What are the major changes in guidance since the original issuance of AS 2.

* Encouragement to both management and auditors to implement a top-down, risk-based approach.

* Clarity in the definition of material weakness that there should be a reasonable possibility that a material

misstatement could occur in an account balance because of the control deficiency.

* Recognition that the external auditor can rely on the work of management in assessing internal controls,

particularly on work performed by a competent and independent internal audit function.

* Additional emphasis on the need to document the auditor’s reasoning process linking control deficiencies to

specific tests of account balances.

* Increased focus on improving audit efficiency by encouraging greater reliance on effective internal controls in

reducing the amount of substantive tests of account.

90. Integrated Audit

The framework for audit evidence in an integrated audit contains several key elements for the auditor to

consider. Identify and discuss these key elements.

* The quality of internal control affects the reliability of financial statement data.

* The control environment is pervasive and affects the process of recording transactions, making estimates, and

making adjusting entries.

* If the control environment is strong and the controls over transaction processing, adjusting, and estimating are

good, then both management and the auditor would have a high degree of confidence that the financial accounts

are fairly stated and financial disclosures are adequate.

* A potential for misstatements exists in inputting, processing, estimating, or adjusting account balances.

* There is always a need to perform some substantive testing of material account balances, but the nature,

timing, and extent of that testing will depend on the quality of internal controls.

* The auditor’s evidence is based on testing internal controls, testing transactions, and substantive tests of

account balances, including substantive analytical procedures and direct tests of account balances.

91. Identifying audit work

What are the fundamental questions that the auditor must address to determine the optimal amount of audit

work.

How much assurance can be obtained regarding audit risk when internal control is present and working?

If control activities within major processes are working properly throughout the year, what is the residual risk

that remains that an account balance can still be misstated?

What is the risk that the auditor’s evaluation of internal controls might be incorrect?

Which account balances contain more than an acceptable amount of risk that a material misstatement could

occur?

How would a misstatement in a material account balance most likely occur?

What are the most effective substantive tests of account balances to determine whether there is a misstatement

in the account balance?

92. Risk-based audit approach

In conducting an integrated audit, discuss the potential effect of management’s monitoring controls on the

auditor’s determination of the amount of direct testing of account balances that may be needed.

Monitoring is the process by which the organization determines whether its other control procedures are

operating effectively. Section 404 of SOX requires that organizations have a monitoring component to their

internal control system.

The amount of direct testing of account balances by the auditor depends upon the thoroughness of

management’s assessment process, i.e., the adequacy of their controls and of their testing and documentation of

those controls, including for example the strength of the internal control department.The auditor is allowed to

rely upon the work performed within the organization so long as certain conditions are met. The auditor has to

independently determine which controls need to be tested and to take samples based on their planning

parameters, audit sampling principles, and the independence and reliability of management’s tests. The level of

direct testing by the auditor can be greatly reduced and even eliminated on some accounts. However, the auditor

has to test and evaluate management’s assessment process and perform enough of their own work to be able to

make an independent decision in gathering sufficient competent evidential matter to support their conclusion

that only a low level of residual risk remains in account balances and the financial statements.

Chapter 6 Performing an Int

Documents